Feistel Structures for MPC, and More

  • Martin R. Albrecht
  • Lorenzo Grassi
  • Léo Perrin
  • Sebastian Ramacher
  • Christian Rechberger
  • Dragos Rotaru
  • Arnab RoyEmail author
  • Markus Schofnegger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11736)


Efficient PRP/PRFs are instrumental to the design of cryptographic protocols. We investigate the design of dedicated PRP/PRFs for three application areas - secure multiparty computation (MPC), ZKSNARK and zero-knowledge (ZK) based PQ signature schemes. In particular, we explore a family of PRFs which are generalizations of the well-known Feistel design approach followed in a previously proposed application specific design - MiMC. Attributing to this approach we call our family of PRP/PRFs GMiMC.

In MPC applications, our construction shows improvements (over MiMC) in throughput by a factor of more than 4 and simultaneously a 5-fold reduction of preprocessing effort, albeit at the cost of a higher latency. Another use-case where MiMC outperforms other designs, in SNARK applications, our design GMiMCHash shows moderate improvement. Additionally, in this case our design benefits from the flexibility of using smaller (prime) fields. In the area of recently proposed ZK-based PQ signature schemes where MiMC was not competitive at all, our new design has 30 times smaller signature size than MiMC.


  1. 1.
    Agrawal, S., Mohassel, P., Mukherjee, P., Rindal, P.: DiSE: distributed symmetric-key encryption. In: Lie et al. [43], pp. 1993–2010 (2018)Google Scholar
  2. 2.
    Albrecht, M., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. Cryptology ePrint Archive, Report 2016/687 (2016).
  3. 3.
    Albrecht, M.R., et al.: Feistel structures for MPC, and more. Cryptology ePrint Archive, Report 2019/397 (2019).
  4. 4.
    Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191–219. Springer, Heidelberg (2016). Scholar
  5. 5.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). Scholar
  6. 6.
    Aly, A., et al.: Scale-mamba v1.3: Documentation (2018).
  7. 7.
    N. Analytics. MP-SPDZ (2019).
  8. 8.
    Applebaum, B., Haramaty, N., Ishai, Y., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: 8th Innovations in Theoretical Computer Science Conference - ITCS 2017. LIPIcs, vol. 67, pp. 7:1–7:31. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2017)Google Scholar
  9. 9.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\({}^{\text{0 }}\). SIAM J. Comput. 36(4), 845–888 (2006)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Archer, D.W., et al.: From keys to databases - real-world applications of secure multi-party computation. Cryptology ePrint Archive, Report 2018/450 (2018).
  11. 11.
    Ben-Sasson, E., et al.: Decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014Google Scholar
  12. 12.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). Scholar
  13. 13.
    Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (2011). Scholar
  14. 14.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). Scholar
  15. 15.
    Biham, E., Anderson, R., Knudsen, L.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998). Scholar
  16. 16.
    Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). Scholar
  17. 17.
    Boneh, D., Eskandarian, S., Fisch, B.: Post-quantum EPID signatures from symmetric primitives. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 251–271. Springer, Cham (2019). Scholar
  18. 18.
    Boneh, D., Ishai, Y., Passelègue, A., Sahai, A., Wu, D.J.: Exploring crypto dark matter. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 699–729. Springer, Cham (2018). Scholar
  19. 19.
    Boyar, J., Peralta, R., Pochuev, D.: On the multiplicative complexity of Boolean functions over the basis (cap, +, 1). Theor. Comput. Sci. 235, 43–57 (2000)Google Scholar
  20. 20.
    Canteaut, A., et al.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313–333. Springer, Heidelberg (2016). Scholar
  21. 21.
    Chailloux, A.: Quantum security of the Fiat-Shamir transform of commit and open protocols. IACR Cryptology ePrint Archive 2019:699 (2019)Google Scholar
  22. 22.
    Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17, pp. 1825–1842. ACM Press, October 2017Google Scholar
  23. 23.
    Chase, M., et al.: The Picnic Signature Algorithm Specification (2017).
  24. 24.
    Childs, A.M., van Dam, W., Hung, S., Shparlinski, I.E.: Optimal quantum algorithm for polynomial interpolation. In: ICALP. LIPIcs, vol. 55, pp. 16:1–16:13. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2016)Google Scholar
  25. 25.
    Cox, D.A., Little, J., O’Shea, D.: Ideals, Varieties, and Algorithms - An Introduction to Computational Algebraic Geometry and Commutative Algebra. Undergraduate Texts in Mathematics, 2 edn. Springer, Heidelberg (1997)Google Scholar
  26. 26.
    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie Proposal: NOEKEON (2000).
  27. 27.
    Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.B.: Asynchronous multiparty computation: theory and implementation. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 160–179. Springer, Heidelberg (2009). Scholar
  28. 28.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). Scholar
  29. 29.
    Derler, D., Ramacher, S., Slamanig, D.: Generic double-authentication preventing signatures and a post-quantum instantiation. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 258–276. Springer, Cham (2018). Scholar
  30. 30.
    Derler, D., Ramacher, S., Slamanig, D.: Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 419–440. Springer, Cham (2018). Scholar
  31. 31.
    Dinur, I., Kales, D., Promitzer, A., Ramacher, S., Rechberger, C.: Linear equivalence of block ciphers with partial non-linear layers: application to lowMC. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 343–372. Springer, Cham (2019). Scholar
  32. 32.
    Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the Fiat-Shamir transformation in the quantum random-oracle model. IACR Cryptology ePrint Archive 2019:190 (2019)Google Scholar
  33. 33.
    Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. Cryptology ePrint Archive, Report 2017/1249 (2017).
  34. 34.
    Doröz, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 208–220. Springer, Heidelberg (2014). Scholar
  35. 35.
    Grassi, L., Rechberger, C., Rotaru, D., Scholl, P., Smart, N.P.: MPC-friendly symmetric key primitives. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 430–443. ACM Press, October 2016Google Scholar
  36. 36.
    Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015). Scholar
  37. 37.
    Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997). Scholar
  38. 38.
    Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: Lie et al. [43], pp. 525–537 (2018)Google Scholar
  39. 39.
    Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 158–189. Springer, Cham (2018). Scholar
  40. 40.
    Keller, M., Scholl, P., Smart, N.P.: An architecture for practical actively secure MPC with dishonest majority. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 549–560. ACM Press, November 2013Google Scholar
  41. 41.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). Scholar
  42. 42.
    Knudsen, L.R., Robshaw, M.J.B.: The Block Cipher Companion. Springer, Heidelberg (2011). Scholar
  43. 43.
    Lie, D., Mannan, M., Backes, M., Wang, X. (eds.): ACM CCS 2018. ACM Press, October 2018Google Scholar
  44. 44.
    Méaux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311–343. Springer, Heidelberg (2016). Scholar
  45. 45.
    Naehrig, M., Lauter, K.E., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Cloud Computing Security Workshop, CCSW 2011, pp. 113–124 (2011)Google Scholar
  46. 46.
    Nyberg, K.: Generalized Feistel networks. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996). Scholar
  47. 47.
    Infrastructure Secret Management Software Overview.
  48. 48.
  49. 49.
    Rotaru, D., Smart, N.P., Stam, M.: Modes of operation suitable for computing on encrypted data. IACR Trans. Symm. Cryptol. 2017(3), 294–324 (2017)Google Scholar
  50. 50.
    Scott, M.: Optimal irreducible polynomials for GF\((2^m)\) arithmetic. Cryptology ePrint Archive, Report 2007/192 (2007).
  51. 51.
  52. 52.
    Shoup, V.: Number Theory Library 5.5.2 (NTL).
  53. 53.
    Solinas, J.A.: Generalized mersenne numbers. Technical report, NSA (1999)Google Scholar
  54. 54.
    Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19–39. Springer, Heidelberg (2010). Scholar
  55. 55.
    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: \(\mathit{ {{twine}}}\): a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339–354. Springer, Heidelberg (2013)Google Scholar
  56. 56.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Martin R. Albrecht
    • 1
  • Lorenzo Grassi
    • 2
    • 3
  • Léo Perrin
    • 4
  • Sebastian Ramacher
    • 2
  • Christian Rechberger
    • 2
  • Dragos Rotaru
    • 5
    • 6
  • Arnab Roy
    • 5
    Email author
  • Markus Schofnegger
    • 2
  1. 1.Royal Holloway, University of LondonEghamUK
  2. 2.IAIKGraz University of TechnologyGrazAustria
  3. 3.Know-Center GmbHGrazAustria
  4. 4.InriaParisFrance
  5. 5.University of BristolBristolUK
  6. 6.imec-Cosic, Department of Electrical EngineeringKU LeuvenLeuvenBelgium

Personalised recommendations