Jim, Since you're addressing "this thread" today, here's more. This is an idea of mine that's somewhat related to the cascade question. It's very simple to code; my version of a block cipher cascade. Choose a block cipher, block 2^(m+n) bits, key K bits Make a 2^m x 2^m data array with elements size 2^n bits Use a different key for each of the 3 * 2^m block cipher iterations Encrypt 2^m rows Encrypt 2^m columns Encrypt 2^m rows Done Block size = 2^(m+m+n) Key size = 3 * 2^m * K A real-life example - DES 2^6 bits, m = 3, n = 3 ==> 8 x 8 array of bytes Block size = 512 bits - perfect for disk sectors Key size = 1344 bits - more than plenty At the extreme you could ( especially in HW ) make n = 0. Block size = 4096 bits Key size = 10752 bits 3DES is the m = 0 case. Speed should be comparable to 3DES. Roughly, anyway. It's easy to generalize it to multiple dimensions - to what end I'm not sure. It's also easy to think of things you might do to data as it winds its way through, like array element rotations and row or column rotates, shuffles or swaps. Again, unnecessary? You could repeat more times to grow the key: -|-|-. You could do diagonals: -\|/- , instead of: -|- to improve(?) the mixing. Yada yada yada... Intuitively it looks like a reasonable way to expand an existing block cipher: the block is large, the key is large and a single bit change in the input is nicely avalanched to the output array. It looks stronger than a simple cascade. Maybe you could even expand the expanded cipher. Or start with a very small, more easily-studied cipher and iterate the expansion to the desired size... I don't know if these are relevant or if there are easy answers to these but, what the hell. My questions are : Where are the problems? How many of the key bits are unwarranted? Are useful properties of the base cipher true of the expanded cipher? Can an expansion be iterated with any useful results? Regards, Mike