The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8042)


We provide a new shuffling algorithm, called Mix-and-Cut, that provides a provably-secure block cipher even for adversaries that can observe the encryption of all N = 2 n domain points. Such fully secure ciphers are useful for format-preserving encryption, where small domains (e.g., n = 30) are common and databases may well include examples of almost all ciphertexts. Mix-and-Cut derives from a general framework for building fully secure pseudorandom permutations (PRPs) from fully secure pseudorandom separators (PRSs). The latter is a new primitive that we treat for the first time. Our framework was inspired by, and uses ideas from, a particular cipher due to Granboulin and Pornin. To achieve full security for Mix-and-Cut using this framework, we give a simple proof that a PRP secure for (1 − ε)N queries (recently achieved efficiently by Hoang, Morris, and Rogaway’s Swap-or-Not cipher) yields a PRS secure for N queries.


shuffles small-block encryption tweakable block ciphers 


  1. 1.
    Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to prp to prf conversion. Cryptology ePrint Archive, Report 1999/024 (1999),
  2. 2.
    Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P., Spies, T.: Addendum to “the FFX mode of operation for format preserving encryption”. Submission to NIST (September 2010)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P., Spies, T.: The FFX mode of operation for format-preserving encryption. Submission to NIST (February 2010)Google Scholar
  5. 5.
    Black, J.A., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Brier, E., Peyrin, T., Stern, J.: BPS: a format-preserving encryption proposal. Submission to NIST,
  7. 7.
    Brightwell, M., Smith, H.: Using datatype-preserving encryption to enhance data warehouse security. In: National Information Systems Security Conference, NISSC (1997)Google Scholar
  8. 8.
    Czumaj, A., Kanarek, P., Kutylowski, M., Lorys, K.: Fast generation of random permutations via networks simulation. In: European Symposium on Algorithms, pp. 246–260 (1996)Google Scholar
  9. 9.
    Durstenfeld, R.: Algorithm 235: Random permutation. Communications of the ACM 7(7), 420 (1964)CrossRefGoogle Scholar
  10. 10.
    Fisher, R., Yates, F.: Statistical tables for biological, agricultural and medical research. Oliver & Boyd (1938)Google Scholar
  11. 11.
    Granboulan, L., Pornin, T.: Perfect block ciphers with small blocks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 452–465. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Hoang, V.T., Morris, B., Rogaway, P.: An enciphering scheme based on a card shuffle. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 1–13. Springer, Heidelberg (2012)Google Scholar
  14. 14.
    Hoang, V.T., Rogaway, P.: On generalized feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613–630. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Knuth, D.: The Art of Computer Programming, 3rd edn., vol. 2. Addison-Wesley (1997)Google Scholar
  16. 16.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing 17(2) (1988)Google Scholar
  18. 18.
    Morris, B.: Improved mixing time bounds for the Thorp shuffle. arXiv Technical Report 0912.2759 (2009),
  19. 19.
    Morris, B., Rogaway, P., Stegers, T.: How to encipher messages on a small domain. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 286–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. Journal of Cryptology 12(1), 29–66 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Patarin, J.: Generic attacks on feistel schemes. Cryptology ePrint Archive, Report 2008/036 (2008),
  22. 22.
    Ristenpart, T., Rogaway, P.: How to enrich the message space of a cipher. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 101–118. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Stefanov, E., Shi, E.: Fastprp: Fast pseudo-random permutations for small domains. Cryptology ePrint Archive, Report 2012/254 (2012),

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.University of Wisconsin–MadisonUSA
  2. 2.University of St.ThomasUSA

Personalised recommendations