Lai-Massey Scheme and Quasi-Feistel Networks
نویسندگان
چکیده
We introduce the notion of quasi-Feistel network, which is generalization of the Feistel network, and contains the Lai-Massey scheme as an instance. We show that some of the works on the Feistel network, including the works of Luby-Rackoff, Patarin, Naor-Reingold and Piret, can be naturally extended to our setting. This gives a new proof for theorems of Vaudenay on the security of the Lai-Massey scheme, and also introduces for Lai-Massey a new construction of pseudorandom permutation, analoguous to the construction of Naor-Reingold using pairwise independent permutations. Also, we prove the birthday security of (2b − 1)and (3b − 2)-round unbalanced quasi-Feistel networks with b branches against CPA and CPCA attacks, respectively. This answers an unsolved problem pointed out by Patarin et al.
منابع مشابه
The Pseudorandomness of Many-Round Lai-Massey Scheme
In this paper we prove beyond-birthday-bound for the (strong) pseudorandomness of many-round Lai-Massey scheme. Motivated by Hoang and Rogaway’s analysis of generalized Feistel networks, we use the coupling technology from Markov chain theory and prove that for any > 0, with enough rounds, the Lai-Massey scheme is indistinguishable from a uniform random permutation by any computationally unbo...
متن کاملOn Lai-Massey and quasi-Feistel ciphers
We introduce a newnotion called a quasi-Feistel cipher, which is a generalization of the Feistel cipher, and contains the Lai–Massey cipher as an instance. We show that most of the works on the Feistel cipher can be naturally extended to the quasi-Feistel cipher. From this, we give a new proof for Vaudenay’s theorems on the security of the Lai–Massey cipher, and also we introduce for Lai–Massey...
متن کاملPseudorandomness Analysis of the Lai-Massey Scheme
At Asiacrypt’99, Vaudenay modified the structure in the IDEA cipher to a new scheme, which they called as the Lai-Massey scheme. It is proved that 3-round Lai-Massey scheme is sufficient for pseudorandomness and 4-round Lai-Massey scheme is sufficient for strong pseudorandomness. But the author didn’t point out whether three rounds and four rounds are necessary for the pseudorandomness and stro...
متن کاملImpossible Differential Cryptanalysis on Lai - Massey Scheme Rui
© 2014 ETRI Journal, Volume 36, Number 6, December 2014 http://dx.doi.org/10.4218/etrij.14.0113.1335 The Lai-Massey scheme, proposed by Vaudenay, is a modified structure in the International Data Encryption Algorithm cipher. A family of block ciphers, named FOX, were built on the Lai-Massey scheme. Impossible differential cryptanalysis is a powerful technique used to recover the secret key of b...
متن کاملOn Generalized Feistel Networks
We prove beyond-birthday-bound security for most of the well-known types of generalized Feistel networks: (1) unbalanced Feistel networks, where the n-bit to m-bit round functions may have n ̸= m; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where n-bit to n-bit round functions are used t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007