How to Encipher Messages on a Small Domain

We analyze the security of the Thorp shuffle, or, equivalently, a maximally unbalanced Feistel network. Roughly said, the Thorp shuffle on N cards mixes any N 1 ? 1/r of them in $O(r\lg N)$ steps. Correspondingly, making O(r) passes of maximally unbalanced Feistel over an n-bit string ensures CCA-security to 2 n(1 ? 1/r) queries. Our results, which employ Markov-chain techniques, enable the construction of a practical and provably-secure blockcipher-based scheme for deterministically enciphering credit card numbers and the like using a conventional blockcipher.

[1]  T. Spies Feistel Finite Set Encryption Mode , 2008 .

[2]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[3]  Ueli Maurer,et al.  The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations , 2003, EUROCRYPT.

[4]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[5]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[6]  Moni Naor,et al.  On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract) , 1997, STOC '97.

[7]  Ben Morris The mixing time of the thorp shuffle , 2005, STOC '05.

[8]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[9]  Johan Håstad,et al.  The square lattice shuffle , 2006, Random Struct. Algorithms.

[10]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[11]  P. Diaconis,et al.  Strong uniform times and finite random walks , 1987 .

[12]  Stephen M. Rudich,et al.  Limits on the provable consequences of one-way functions , 1983, STOC 1983.

[13]  E. Thorp Nonrandom Shuffling with Applications to the Game of Faro , 1973 .

[14]  Jacques Patarin,et al.  Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[15]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[16]  H. Kesten Probability on discrete structures , 2004 .

[17]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[18]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[19]  Jacques Patarin,et al.  Generic Attacks on Feistel Schemes , 2001, ASIACRYPT.

[20]  Artur Czumaj,et al.  Fast Generation of Random Permutations via Networks Simulation , 1996, ESA.

[21]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[22]  Stefan Lucks,et al.  Faster Luby-Rackoff Ciphers , 1996, FSE.

[23]  P. Diaconis,et al.  SHUFFLING CARDS AND STOPPING-TIMES , 1986 .

[24]  Anand Desai,et al.  Concrete Security Characterizations of PRFs and PRPs: Reductions and Applications , 2000, ASIACRYPT.

[25]  P. Diaconis,et al.  Trailing the Dovetail Shuffle to its Lair , 1992 .

[26]  P. Diaconis Group representations in probability and statistics , 1988 .

[27]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[28]  Ben Morris The mixing time for simple exclusion , 2004, math/0405157.

[29]  Laurent Saloff-Coste,et al.  Random Walks on Finite Groups , 2004 .

[30]  Bruce Schneier,et al.  Unbalanced Feistel Networks and Block Cipher Design , 1996, FSE.

[31]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.

[32]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[33]  Ravi Montenegro,et al.  Mathematical Aspects of Mixing Times in Markov Chains , 2006, Found. Trends Theor. Comput. Sci..

[34]  Y. Peres,et al.  Evolving sets, mixing and heat kernel bounds , 2003, math/0305349.

[35]  Jacques Patarin,et al.  A Proof of Security in O(2n) for the Benes Scheme , 2008, AFRICACRYPT.

[36]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, Algorithmica.

[37]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[38]  Jacques Patarin,et al.  Security of Random Feistel Schemes with 5 or More Rounds , 2004, CRYPTO.

[39]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[40]  David J. Goodman,et al.  Personal Communications , 1994, Mobile Communications.

[41]  Thomas Pornin,et al.  Perfect Block Ciphers with Small Blocks , 2007, FSE.

[42]  John Black,et al.  Ciphers with Arbitrary Finite Domains , 2002, CT-RSA.

[43]  Phillip Rogaway,et al.  A Synopsis of Format-Preserving Encryption , 2010 .

[44]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[45]  Jacques Patarin Luby-rackoff: 7 rounds are enough for 2n(1-ε) security , 2003 .

[46]  M. Brightwell,et al.  ENHANCE DATA WAREHOUSE SECURITY , 1997 .

[47]  U. Maurer A Simpliied and Generalized Treatment of Luby-rackoo Pseudorandom Permutation Generators , 1992 .

[48]  Elizabeth L. Wilmer,et al.  Markov Chains and Mixing Times , 2008 .

[49]  W. Steiger A Best Possible Kolmogoroff-Type Inequality for Martingales and a Characteristic Property , 1969 .

[50]  P. Diaconis,et al.  Strong Stationary Times Via a New Form of Duality , 1990 .