Two practical and provably secure block ciphers: BEAR and LION

  • Ross Anderson
  • Eli Biham
Block Ciphers — Proposals
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)


In this paper we suggest two new provably secure block ciphers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components are a hash function and a stream cipher, and they are provably secure in the sense that attacks which find their keys would yield attacks on one or both of the underlying components. They also have the potential to be much faster than existing block ciphers in many applications.


  1. [A1]
    RJ Anderson, “Solving a Class of Stream Ciphers”, in Cryptologia v XIV no 3 (July 1990) pp 285–288Google Scholar
  2. [A2]
    RJ Anderson, “The classification of hash functions”, in Codes and Cyphers — Cryptography and Coding IV (IMA, 1995) pp 83–93Google Scholar
  3. [BKR]
    M Bellare, J Kilian, P Rogaway, “The Security of Cipher Block Chaining”, in Advances in Cryptology — CRYPTO 94, Springer LNCS v 839 pp 341–358Google Scholar
  4. [BS]
    E Biham, A Shamir, ‘Differential Cryptanalysis of the Data Encryption Standard’ (Springer 1993)Google Scholar
  5. [K]
    H Krawczyk, “LFSR-based Hashing and Authentication”, in Advances in Cryptology — CRYPTO 94, Springer LNCS v 839 pp 129–139Google Scholar
  6. [KR]
    BS Kaliski, MR Robshaw, “Fast Block Cipher Proposal”, in Fast Software Encryption, Springer LNCS 809 (1994) pp 33–40Google Scholar
  7. [LR]
    Luby, C Rackoff, “How to construct pseudorandom permutations from pseduorandom functions”, in SIAM Journal on Computing v 17 no 2 (1988) pp 373–386Google Scholar
  8. [LRW]
    XJ Lai, RA Rueppel, J Woollven, in preproceedings of Auscrypt 92 pp 8-7–8-11Google Scholar
  9. [M1]
    U Maurer, “A Simplified and Generalized Treatment of Luby-Rackoff Pseudo-random Permutation Generators”, in Advances in Cryptology — EUROCRYPT 92, Springer LNCS v 658 pp 239–255Google Scholar
  10. [M2]
    M Matsui, “The first experimental cryptanalysis of the Data Encryption Standard”, in Advances in Cryptology — CRYPTO 94, Springer LNCS v 839 pp 1–11Google Scholar
  11. [MB94]
    WB Mao, C Boyd, “Classification of Cryptographic Techniques in Authentication Protocols”, in Workshop on Selected Areas in Cryptography (SAC 94) — Workshop Record, pp 95–104Google Scholar
  12. [P]
    B Preneel, 'Analysis and Design of Cryptographic Hash Functions', PhD Thesis, Katholieke Universiteit Leuven, 1993Google Scholar
  13. [R]
    M Roe, “Algorithms Contest — Preliminary Results”, preprint handed out at KU Leuven workshop on algorithms Google Scholar
  14. [RC]
    P Rogaway, D Coppersmith, “A Software-Optimised Encryption Algorithm”, in Fast Software Encryption, Springer LNCS 809 (1994) pp 56–63Google Scholar
  15. [SB]
    B Schneier, MA Blaze, “McGuffin: an unbalanced Feistel network block cipher”, in KU Leuven Workshop on Cryptographic Algorithms, preproceedings p 44Google Scholar
  16. [T]
    G Tsudik, “Message Authentication with One-Way Hash Functions”, in Computer Communications Review v 22 no 5 pp 29–38Google Scholar
  17. [V]
    S Vaudenay, ‘La Sécurité des Primitives Cryptographiques',Thèse de Doctorat, Laboratoire d'Informatique de l'Ecole Normale Supérieure, Avril 1995Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Ross Anderson
    • 1
  • Eli Biham
    • 2
  1. 1.Cambridge UniversityEngland
  2. 2.TechnionHaifaIsrael

Personalised recommendations