On the Construction of Variable-Input-Length Ciphers

Authors: Mihir Bellare and Phillip Rogaway

Reference: Fast Software Encryption, 6th International Workshop, FSE'99 . Lecture Notes in Computer Science, Springer-Verlag, 1999. (To appear)

Abstract: Whereas a block cipher enciphers messages of some one particular length (the blocklength), a variable-input-length cipher takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the problem of constructing such objects, and provides a practical solution. Our VIL mode of operation makes a variable-input-length cipher from any block cipher. The method is demonstrably secure in the provable-security sense of modern cryptography: we give a quantitative security analysis relating the difficulty of breaking the constructed (variable-input-length) cipher to the difficulty of breaking the underlying block cipher.

Paper available as PostScript or gzipped-PostScript, or PDF.

Rogaway's home page.