On Tweaking Luby-Rackoff Blockciphers

  • David Goldenberg
  • Susan Hohenberger
  • Moses Liskov
  • Elizabeth Crump Schwartz
  • Hakan Seyalioglu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4833)


Tweakable blockciphers, first formalized by Liskov, Rivest, and Wagner [12], are blockciphers with an additional input, the tweak, which allows for variability. An open problem proposed by Liskov et al. is how to construct tweakable blockciphers without using a pre-existing blockcipher. There are many natural questions in this area: is it significantly more efficient to incorporate a tweak directly? How do direct constructions compare to existing techniques? Are these direct constructions optimal and for what levels of security? How large of a tweak can be securely added? In this work, we explore these questions for Luby-Rackoff blockciphers. We show that tweakable blockciphers can be created directly from Luby-Rackoff ciphers, and in some cases show that direct constructions of tweakable blockciphers are more efficient than previously known constructions.


  1. 1.
    Bellare, M., Kohno, T.: A Theoretical Treatment of Related-Key Attacks: PKA-PRPs, RKA-PRFs, and Applications. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Black, J., Cochran, M., Shrimpton, T.: On The Impossibility of Highly-Efficient Blockcipher-Based Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 526–541. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS - A Candidate Cipher for AES. In: NIST AES proposal (June 1998)Google Scholar
  4. 4.
    Crowley, P.: Mercy: A Fast Large Block Cipher for Disk Sector Encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49–63. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Dodis, Y., Puniya, P.: Feistel networks made public, and applications. In: EUROCRYPT 2007. LNCS, vol. 4515, pp. 534–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Feistel, H.: Cryptography and Computer Privacy, pp. 15–23. Scientific American (1973)Google Scholar
  7. 7.
    Goldenberg, D., Hohenberger, S., Liskov, M., Crump Schwartz, E., Seyalioglu, H.: Full version of this paper, Cryptology ePrint Archive, Report 2007/350Google Scholar
  8. 8.
    Halevi, S.: EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Halevi, S., Rogaway, P.: A Tweakable Enciphering Mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Joux, A.: Cryptanalysis of the EMD Mode of Operation. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 1–16. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Luby, M., Rackoff, C.: How To Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. of Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Lucks, S.: Faster Luby-Rackoff Ciphers. In Fast Software Encryption. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 189–203. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. Journal of Cryptology 12(1), 29–66 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Patarin, J.: Luby-Rackoff: 7 Rounds are Enough for 2n(1 − ε) Security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 513–529. Springer, Heidelberg (2003)Google Scholar
  17. 17.
    Patarin, J.: Security of Random Feistel Schemes with 5 or More Rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Ramzan, Z.: A Study of Luby-Rackoff Ciphers. PhD thesis, MIT (2001)Google Scholar
  19. 19.
    Rivest, R., Robshaw, M., Sidney, R., Yin, Y.L.: The RC6 Block Cipher. In: First AES conference (August 1998)Google Scholar
  20. 20.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Mode OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)Google Scholar
  21. 21.
    Schroeppel, R.: The Hasty Pudding Cipher. NIST AES proposal (1998), available
  22. 22.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • David Goldenberg
    • 1
  • Susan Hohenberger
    • 2
  • Moses Liskov
    • 1
  • Elizabeth Crump Schwartz
    • 1
  • Hakan Seyalioglu
    • 1
  1. 1.The College of William and Mary 
  2. 2.The Johns Hopkins University 

Personalised recommendations