# Luby-Racko. Ciphers: Why XOR Is Not So Exclusive

## Abstract

This work initiates a study of Luby-Racko. ciphers when the bitwise exclusive-or (XOR) operation in the underlying Feistel network is replaced by a binary operation in an arbitrary finite group. We obtain various interesting results in this context: - First, we analyze the security of three-round Feistel ladders over arbitrary groups. We examine various Luby-Racko. ciphers known to be insecure when XOR is used. In some cases, we can break these ciphers over arbitrary Abelian groups and in other cases, however, the security remains an open problem. - Next, we construct a four round Luby-Racko. cipher, operating over finite groups of characteristic greater than 2, that is not only completely secure against adaptive chosen plaintext and ciphertext attacks, but has better time / space complexity and uses fewer random bits than all previously considered Luby-Racko. ciphers of equivalent security in the literature. Surprisingly, when the group is of characteristic 2 (i.e., the underlying operation on strings is bitwise exclusive-or), the cipher can be completely broken in a constant number of queries. Notably, for the former set of results dealing with three rounds (where we report no difference) we need new techniques. However for the latter set of results dealing with four rounds (where we prove a new theorem) we rely on a generalization of known techniques albeit requires a new type of hash function family, called a monosymmetric hash function family, which we introduce in this work. We also discuss the existence (and construction) of this function family over various groups, and argue the necessity of this family in our construction. Moreover, these functions can be very easily and efficiently implemented on most current microprocessors thereby rendering the four round construction very practical.

## References

- 1.M. Bellare, J. Kilian, and P. Rogaway. The security of cipher block chaining. In Yvo G. Desmedt, editor, Advances in Cryptology-CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 341–358. Springer-Verlag, 21-25 August 1994.Google Scholar
- 2.E. R. Berlekamp. Factoring polynomials over large finite fields. Mathematics of Computation, 24:713–735, 1970.MathSciNetCrossRefGoogle Scholar
- 3.E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993. ISBN: 0-387-97930-1, 3-540-97930.Google Scholar
- 4.G. Carter, E. Dawson, and L. Nielsen. DESV: A Latin Square variation of DES. In Proceeding of Workshop on Selected Areas of Cryptography, 1995.Google Scholar
- 5.M. Etzel, S. Patel, and Z. Ramzan. Square hash: Fast message authentication via optimized universal hash functions. In Proc. CRYPTO 99, Lecture Notes in Computer Science. Springer-Verlag, 1999.zbMATHGoogle Scholar
- 6.M.R. Garey and D.S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman, 1979.Google Scholar
- 7.O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):792–807, October 1986.MathSciNetCrossRefGoogle Scholar
- 8.I. N. Herstein. Topics in Algebra. Blaisdell Publishing Company, 1964.Google Scholar
- 9.R. Karp. Reducibility among combinatorial problems. in Complexity of Computer Computations, 1972.CrossRefGoogle Scholar
- 10.M. Luby and C. Racko.. How to construct pseudorandom permutations and pseudorandom functions. SIAM J. Computing, 17(2):373–386, April 1988.MathSciNetCrossRefGoogle Scholar
- 11.M. Naor and O. Reingold. On the construction of pseudo-random permutations: Luby-Racko. revisited. J. of Cryptology, 12:29–66, 1999. Preliminary version in:Proc. STOC 97.CrossRefGoogle Scholar
- 12.J. Patarin. New results on pseudorandom permutation generators based on the DES scheme. In Proc. CRYPTO 91, Lecture Notes in Computer Science. Springer-Verlag, 1991.zbMATHGoogle Scholar
- 13.J. Patarin. Improved security bounds for pseudorandom permutations. In 4th ACM Conference on Computer and Communications Security, pages 140–150, 1997.Google Scholar
- 14.S. Patel, Z. Ramzan, and G. Sundaram. Towards making Luby-Racko. ciphers optimal and practical. In Proc. Fast Software Encryption 99, Lecture Notes in Computer Science. Springer-Verlag, 1999.zbMATHGoogle Scholar
- 15.R. A. Rueppel. On the security of Schnorr’s pseudo random generator. In Proc. EUROCRYPT 89, Lecture Notes in Computer Science. Springer-Verlag, 1989.zbMATHGoogle Scholar
- 16.D. R. Stinson. Comments on definitions of universal hash families, August 2000. Available from: http://cacr.math.uwaterloo.ca/~dstinson/.
- 17.Y. Zheng, T. Matsumoto, and H. Imai. Impossibility and optimality results on constructing pseudorandom permutations. In Proc. EUROCRYPT 89, Lecture Notes in Computer Science. Springer-Verlag, 1989.zbMATHGoogle Scholar