Efficient Length Doubling From Tweakable Block Ciphers

  • Yu Long Chen imec-COSIC, KU Leuven
  • Atul Luykx imec-COSIC, KU Leuven, Belgium; Department of Computer Science, University of California, Davis One Shields Ave, Davis, California 95616
  • Bart Mennink Digital Security Group, Radboud University, Nijmegen; CWI, Amsterdam
  • Bart Preneel imec-COSIC, KU Leuven
Keywords: length doubler, LDT, tweakable block ciphers, authenticated encryption


We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.
How to Cite
Chen, Y., Luykx, A., Mennink, B., & Preneel, B. (2017). Efficient Length Doubling From Tweakable Block Ciphers. IACR Transactions on Symmetric Cryptology, 2017(3), 253-270. https://doi.org/10.13154/tosc.v2017.i3.253-270