Luby-Racko. Ciphers: Why XOR Is Not So Exclusive
This work initiates a study of Luby-Racko. ciphers when the bitwise exclusive-or (XOR) operation in the underlying Feistel network is replaced by a binary operation in an arbitrary finite group. We obtain various interesting results in this context: - First, we analyze the security of three-round Feistel ladders over arbitrary groups. We examine various Luby-Racko. ciphers known to be insecure when XOR is used. In some cases, we can break these ciphers over arbitrary Abelian groups and in other cases, however, the security remains an open problem. - Next, we construct a four round Luby-Racko. cipher, operating over finite groups of characteristic greater than 2, that is not only completely secure against adaptive chosen plaintext and ciphertext attacks, but has better time / space complexity and uses fewer random bits than all previously considered Luby-Racko. ciphers of equivalent security in the literature. Surprisingly, when the group is of characteristic 2 (i.e., the underlying operation on strings is bitwise exclusive-or), the cipher can be completely broken in a constant number of queries. Notably, for the former set of results dealing with three rounds (where we report no difference) we need new techniques. However for the latter set of results dealing with four rounds (where we prove a new theorem) we rely on a generalization of known techniques albeit requires a new type of hash function family, called a monosymmetric hash function family, which we introduce in this work. We also discuss the existence (and construction) of this function family over various groups, and argue the necessity of this family in our construction. Moreover, these functions can be very easily and efficiently implemented on most current microprocessors thereby rendering the four round construction very practical.
- 1.M. Bellare, J. Kilian, and P. Rogaway. The security of cipher block chaining. In Yvo G. Desmedt, editor, Advances in Cryptology-CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 341–358. Springer-Verlag, 21-25 August 1994.Google Scholar
- 3.E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993. ISBN: 0-387-97930-1, 3-540-97930.Google Scholar
- 4.G. Carter, E. Dawson, and L. Nielsen. DESV: A Latin Square variation of DES. In Proceeding of Workshop on Selected Areas of Cryptography, 1995.Google Scholar
- 6.M.R. Garey and D.S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman, 1979.Google Scholar
- 8.I. N. Herstein. Topics in Algebra. Blaisdell Publishing Company, 1964.Google Scholar
- 13.J. Patarin. Improved security bounds for pseudorandom permutations. In 4th ACM Conference on Computer and Communications Security, pages 140–150, 1997.Google Scholar
- 16.D. R. Stinson. Comments on definitions of universal hash families, August 2000. Available from: http://cacr.math.uwaterloo.ca/~dstinson/.