Security of the MISTY Structure in the Luby-Rackoff Model: Improved Results

In this paper we consider the security of the Misty structure in the Luby-Rackoff model, if the inner functions are replaced by involutions without fixed point. In this context we show that the success probability in distinguishing a 4-round L-scheme from a random function is O(m2/2n) (where m is the number of queries and 2n the block size) when the adversary is allowed to make adaptively chosen encryption queries. We give a similar bound in the case of the 3-round R-scheme. Finally, we show that the advantage in distinguishing a 5-round scheme from a random permutation when the adversary is allowed to adaptively chosen encryption as well as decryption queries is also O(m2/2n). This is to our knowledge the first time involutions are considered in the context of the Luby-Rackoff model.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Kaoru Kurosawa,et al.  Round Security and Super-Pseudorandomness of MISTY Type Structure , 2001, FSE.

[3]  Jacques Patarin Luby-rackoff: 7 rounds are enough for 2n(1-ε) security , 2003 .

[4]  Marine Minier,et al.  New Results on the Pseudorandomness of Some Blockcipher Constructions , 2001, FSE.

[5]  Marine Minier Preuves d'analyse et de sécurité en cryptologie à clé secrète , 2002 .

[6]  Kaoru Kurosawa,et al.  Non-cryptographic primitive for pseudorandom permutation , 2003, Theor. Comput. Sci..

[7]  Jacques Patarin,et al.  Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[8]  Zulfikar Ramzan,et al.  On the Round Security of Symmetric-Key Cryptographic Primitives , 2000, CRYPTO.

[9]  Jacques Patarin,et al.  Generic Attacks on Feistel Schemes , 2001, ASIACRYPT.

[10]  Serge Vaudenay,et al.  On the Pseudorandomness of Top-Level Schemes of Block Ciphers , 2000, ASIACRYPT.

[11]  Stefan Lucks,et al.  Faster Luby-Rackoff Ciphers , 1996, FSE.

[12]  K. Sakurai,et al.  On Non-Pseudorandomness from Block Ciphers with Provable Immunity Against Linear Cryptanalysis (Special Section on Cryptography and Information Security) , 1997 .

[13]  Serge Vaudenay,et al.  On the Lai-Massey Scheme , 1999, ASIACRYPT.

[14]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[15]  Jacques Patarin,et al.  How to Construct Pseudorandom and Super Pseudorandom Permutations from one Single Pseudorandom Function , 1992, EUROCRYPT.

[16]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[17]  Jacques Patarin Etude des generateurs de permutations pseudo-aleatoires bases sur le schema du d. E. S , 1991 .

[18]  Jacques Patarin,et al.  About Feistel Schemes with Six (or More) Rounds , 1998, FSE.