On the Pseudorandomness of Top-Level Schemes of Block Ciphers

Block ciphers are usually basedon one top-level scheme into which we plug "roundf unctions". To analyze security, it is important to study the intrinsic security provided by the top-level scheme from the viewpoint of randomness: given a block cipher in which we replaced the lower-level schemes by idealized oracles, we measure the security (in terms of best advantage for a distinguisher) depending on the number of rounds and the number of chosen plaintexts. We then extrapolate a sufficient number of secure rounds given the regular bounds provided by decorrelation theory. This approach allows the comparison of several generalizations of the Feistel schemes and others. In particular, we compare the randomness provided by the schemes used by the AES candidates. In addition we provide a general paradigm for analyzing the security provided by the interaction between the different levels of the block cipher structure.

[1]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[2]  Serge Vaudenay,et al.  On the Lai-Massey Scheme , 1999, ASIACRYPT.

[3]  Serge Vaudenay,et al.  On Probable Security for Conventional Cryptography , 1999, ICISC.

[4]  Fabrice Noilhan Software Optimization of Decorrelation Module , 1999, Selected Areas in Cryptography.

[5]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[6]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[7]  Hideki Imai,et al.  On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[8]  Jacques Stern,et al.  Decorrelated Fast Cipher: an AES Candidate (Extended Abstract) , 1998 .

[9]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[10]  Jacques Stern,et al.  Decorrelated Fast Cipher: an AES Candidate , 1998 .

[11]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[12]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[13]  H. Feistel Cryptography and Computer Privacy , 1973 .

[14]  Jacques Patarin Etude des generateurs de permutations pseudo-aleatoires bases sur le schema du d. E. S , 1991 .

[15]  Serge Vaudenay,et al.  Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness , 1999, Selected Areas in Cryptography.

[16]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[17]  Antoine Joux,et al.  A Statistical Attack on RC6 , 2000, FSE.

[18]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..