The D.E.S. cipher is naturally viewed as a composition of sixteen invertible transformations on 64-bit strings (where the transformations depend of the value of a 56-bit key). Each of the transformations has a special form and satisfies the particular property that each of its output bits is determined by a "small" number of its input bits. We investigate the computational power of block ciphers on n-bit strings that can be expressed as polynomial-length (with respect to n) compositions of invertible transformations that have a form similar to those of D.E.S. In particular, we require that the basic transformations have the property that each of their output bits depends on the value of a small number of their input bits (where "small" is somewhere in the range between O(1) and O(log n)). We present some sufficient conditions for ciphers of this type to be "pseudorandom function generators" and, thus, to yield private key cryptosystems that are secure against adaptive chosen plaintext attacks.
[1]
David A. Mix Barrington,et al.
Bounded-width polynomial-size branching programs recognize exactly those languages in NC1
,
1986,
STOC '86.
[2]
Richard Cleve.
Methodologies for designing block ciphers and cryptographic protocols
,
1989
.
[3]
Michael Luby,et al.
How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract)
,
1986,
CRYPTO.
[4]
D. Coppersmith,et al.
Generators for Certain Alternating Groups with Applications to Cryptography
,
1975
.
[5]
Michael Ben-Or,et al.
Computing algebraic formulas with a constant number of registers
,
1988,
STOC '88.
[6]
Oded Goldreich,et al.
DES-like functions can generate the alternating group
,
1983,
IEEE Trans. Inf. Theory.