Towards Tight Security Of Cascaded Lrw2

The Cascaded LRW2 tweakable block cipher was introduced by Landecker et al. at CRYPTO 2012, and proven secure up to 2(2n/3) queries. There has not been any attack on the construction faster than the generic attack in 2(n) queries. In this work we initiate the quest towards a tight bound. We first present a distinguishing attack in 2n(1/2)2(3n/4) queries against a generalized version of the scheme. The attack is supported with an experimental verification and a formal success probability analysis. We subsequently discuss non-trivial bottlenecks in proving tight security, most importantly the distinguisher's freedom in choosing the tweak values. Finally, we prove that if every tweak value occurs at most 2(n/4) times, Cascaded LRW2 is secure up to 2(3n/4) queries.