Random Feistel Schemes : security in m 2 3 n / 4 for ≥ 6 rounds
نویسنده
چکیده
This paper is a continuation of the work initiated in [2] by M. Luby andC. Rackoff on Feistel schemes used as pseudorandom permutation generators.The aim of this paper is to study the qualitative improvements of “strong pseu-dorandomness” of the Luby-Rackoff construction when the number of roundsincrease. We prove that for 6 rounds (or more), the success probability of thedistinguisher is reduced from O( m22n)(for 3 or 4 rounds) to at most O( m423n + m222n).(Here m denotes the number of cleartext or ciphertext queries obtained by theenemy in a dynamic way, and 2n denotes the number of bits of the cleartextsand ciphertexts). Note: This paper is the extended version of the paper “About Feistel Schemeswith Six (or more) Rounds” published at FSE’98, except that all the results abouthomogenous generator are now in an another specific paper (called “HomogenousPermutations. Random Feistel schemes are never homogenous”).
منابع مشابه
Luby-Rackoff: 7 Rounds are Enough for 2 Security
In [3] M. Luby and C. Rackoff have proved that 3-round random Feistel schemes are secure against all adaptative chosen plaintext attacks when the number of queries is m ¿ 2. Moreover, 4-round random Feistel schemes are also secure against all adaptative chosen plaintext and chosen ciphertext attacks when m ¿ 2. It was shown later that these bounds are tight for 3 and 4 rounds (see [9] or [1]). ...
متن کاملSecurity of balanced and unbalanced Feistel Schemes with Linear Non Equalities
In this paper we will study 2 security results “above the birthday bound” related to secret key cryptographic problems. 1. The classical problem of the security of 4, 5, 6 rounds balanced Random Feistel Schemes. 2. The problem of the security of unbalanced Feistel Schemes with contracting functions from 2n bits to n bits. This problem was studied by Naor and Reingold [14] and by [32] with a pro...
متن کاملSecurity of Feistel Schemes with New and Various Tools
We combine the H Coe cients technique and the Coupling technique to improve security bounds of balanced Feistel schemes. For q queries and round functions of n−bits to n−bits, we nd that the CCA Security of 4 + 2r rounds Feistel schemes is upperbounded by 2q r+3 ( 4q 2n ) r+1 2 + q(q−1) 2·22n . This divides by roughly 1.5 the number of needed rounds for a given CCA Security, compared to the pre...
متن کاملGeneric Attacks on Alternating Unbalanced Feistel Schemes
Generic attacks against classical (balanced) Feistel schemes, unbalanced Feistel schemes with contracting functions and unbalanced Feistel schemes with expanding functions have been studied in [12], [4], [15], [16]. In this paper we study schemes where we use alternatively contracting random functions and expanding random functions. We name these schemes “Alternating Unbalanced Feistel Schemes”...
متن کاملSecurity of Random Feistel Schemes with 5 or More Rounds
We study cryptographic attacks on random Feistel schemes. We denote by m the number of plaintext/ciphertext pairs, and by k the number of rounds. In their famous paper [3], M. Luby and C. Rackoff have completely solved the cases m ¿ 2: the schemes are secure against all adaptive chosen plaintext attacks (CPA-2) when k ≥ 3 and against all adaptive chosen plaintext and chosen ciphertext attacks (...
متن کامل