Advertisement

Abstract

Constructing a block cipher requires to define a random permutation, which is usually performed by the Feistel scheme and its variants. In this paper we investigate the Lai-Massey scheme which was used in IDEA. We show that we cannot use it “as is” in order to obtain results like Luby-Rackoff Theorem. This can however be done by introducing a simple function which has an orthomorphism property. We also show that this design offers nice decorrelation properties, and we propose a block cipher family called Walnut.

References

  1. 1.
    FIPS 46, Data Encryption Standard. U.S. Department of Com merce — National Bureau of Standards, National Technical Information Service, Springfield, Virginia. Federal Information Processing Standard Publication 46 (1977)Google Scholar
  2. 2.
    Baudron, O., Gilbert, H., Granboulan, L., Handschuh, H., Harley, R., Joux, A., Nguyen, P., Noilhan, F., Pointcheval, D., Pornin, T., Poupard, G., Stern, J., Vaudenay, S.: DFC Update. In: Proceedings from the Second Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST) (March 1999)Google Scholar
  3. 3.
    Daemen, J., Knudsen, L., Rijmen, V.: The Block Cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–171. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Feistel, H.: Cryptography and Computer Privacy. Scientific American 228, 15–23 (1973)CrossRefGoogle Scholar
  5. 5.
    Gilbert, H., Girault, M., Hoogvorst, P., Noilhan, F., Pornin, T., Poupard, G., Stern, J., Vaudenay, S.: Decorrelated Fast Cipher: an AES Candidate (Extended Abstract.). In: Proceedings from the First Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST) (August 1998)Google Scholar
  6. 6.
    Gilbert, H., Girault, M., Hoogvorst, P., Noilhan, F., Pornin, T., Poupard, G., Stern, J., Vaudenay, S.: Decorrelated Fast Cipher: an AES Candidate. Submitted to the Advanced Encryption Standard process. In: CD-ROM AES CD-1: Documentation, National Institute of Standards and Technology (NIST) (August 1998)Google Scholar
  7. 7.
    Hall, M., Paige, L.J.: Complete Mappings of Finite Groups. Pacific Journal of Mathematics 5, 541–549 (1955)zbMATHMathSciNetGoogle Scholar
  8. 8.
    Lai, X.: On the Design and Security of Block Ciphers. ETH Series in Information Processing, vol. 1. Hartung-Gorre Verlag Konstanz (1992)Google Scholar
  9. 9.
    Lai, X., Massey, J.L.: A Proposal for a New Block Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
  10. 10.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing 17, 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Massey, J.L.: SAFER K-64: a Byte-Oriented Block-Ciphering Algorithm. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 1–17. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Patarin, J.: Etude des Générateurs de Permutations Basés sur le Schéma du D.E.S., Thèse de Doctorat de l’Université de Paris. vol. 6 (1991)Google Scholar
  13. 13.
    Patarin, J.: How to Construct Pseudorandom and Super Pseudorandom Permutations from One Single Pseudorandom Function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 256–266. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  14. 14.
    Schneier, B.: Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish). In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 191–204. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    Schnorr, C.P., Vaudenay, S.: Parallel FFT-Hashing. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 149–156. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Schnorr, C.P., Vaudenay, S.: Black Box Cryptanalysis of Hash Networks based on Multipermutations. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 47–57. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  17. 17.
    Stern, J., Vaudenay, S.: CS-Cipher. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 189–205. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Vaudenay, S.: Provable Security for Block Ciphers by Decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  19. 19.
    Vaudenay, S.: Provable Security for Block Ciphers by Decorrelation (Full Paper) Technical report LIENS-98-8, Ecole Normale Supérieure (1998), ftp://ftp.ens.fr/pub/reports/liens/liens-98-8.A4.ps.Z
  20. 20.
    Vaudenay, S.: Feistel Ciphers with L2-Decorrelation. sac., pp. 1–14. Springer, Heidelberg (1998)Google Scholar
  21. 21.
    Vaudenay, S.: The Decorrelation Technique Home-Page, http://www.dmi.ens.fr/~vaudenay/decorrelation.html
  22. 22.
    Vaudenay, S.: Vers une Théorie du Chiffrement Symétrique, Dissertation for the diploma of habilitation to supervise research from the University of Paris 7, Technical Report LIENS-98-15 of the Laboratoire d’Informatique de l’Ecole Normale Supérieure (1998)Google Scholar
  23. 23.
    Vaudenay, S.: Resistance Against General Iterated Attacks. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 255–271. Springer, Heidelberg (1999)Google Scholar
  24. 24.
    Vaudenay, S.: Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness. Technical report LIENS-99-2, Ecole Normale Supérieure (1999); To appear in SAC1999 LNCS. Springer-Verlag. ftp://ftp.ens.fr/pub/reports/liens/liens-99-2.A4.ps.Z

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Serge Vaudenay
    • 1
  1. 1.Ecole Normale Supérieure – CNRS 

Personalised recommendations