Security Analysis of Key-Alternating Feistel Ciphers

We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudorandom round functions are of the form Fi(x⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to query in a black-box way. Interestingly, our results can be seen as a generalization of traditional results à la Luby-Rackoff in the sense that we can derive results for this model by simply letting the number of queries of the adversary to the public random functions Fi be zero in our general bounds. We make an extensive use of the coupling technique. In particular (and as a result of independent interest), we improve the analysis of the coupling probability for balanced Feistel schemes previously carried out by Hoang and Rogaway (CRYPTO 2010).