10-Round Feistel is Indifferentiable from an Ideal Cipher

  • Dana Dachman-Soled
  • Jonathan Katz
  • Aishwarya ThiruvengadamEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9666)


We revisit the question of constructing an ideal cipher from a random oracle. Coron et al. (Journal of Cryptology, 2014) proved that a 14-round Feistel network using random, independent, keyed round functions is indifferentiable from an ideal cipher, thus demonstrating the feasibility of such a transformation. Left unresolved is the number of rounds of a Feistel network that are needed in order for indifferentiability to hold. We improve upon the result of Coron et al. and show that 10 rounds suffice.



We thank Vanishree Rao for collaboration during the early stages of this work.


  1. 1.
    Coron, J.S., Holenstein, T., Künzler, R., Patarin, J., Seurin, Y., Tessaro, S.: How to build an ideal cipher: the indifferentiability of the feistel construction. J. Cryptology 29(1), 61–114 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Dachman-Soled, D., Katz, J., Thiruvengadam, A.: 10-round Feistel is indifferentiable from an ideal cipher (2015).
  4. 4.
    Dai, Y., Steinberger, J.P.: Indifferentiability of 10-round Feistel networks (2015).
  5. 5.
    Dai, Y., Steinberger, J.P.: Indifferentiability of 8-round Feistel networks (2015).
  6. 6.
    Dodis, Y., Puniya, P.: On the relation between the ideal cipher and the random oracle models. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 184–206. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Dodis, Y., Puniya, P.: Feistel networks made public, and applications. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 534–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, pp. 210–224. Springer, Heidelberg (1993)Google Scholar
  9. 9.
    Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973)CrossRefGoogle Scholar
  10. 10.
    Gentry, C., Ramzan, Z.: Eliminating random permutation oracles in the even-mansour cipher. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 32–47. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Holenstein, T., Künzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC. pp. 89–98. ACM Press, June 2011Google Scholar
  12. 12.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Mandal, A., Patarin, J., Seurin, Y.: On the public indifferentiability and correlation intractability of the 6-round feistel construction. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 285–302. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Ramzan, Z., Reyzin, L.: On the round security of symmetric-key cryptographic primitives. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 376–393. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Seurin, Y.: Primitives et Protocoles Cryptographiques à Sécurité Prouvée. PH.D. thesis, Versailles University (2009)Google Scholar
  17. 17.
    Seurin, Y.: A note on the indifferentiability of the 10-round Feistel construction (2011).
  18. 18.
    Yoneyama, K., Miyagawa, S., Ohta, K.: Leaky random oracle (extended abstract). In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 226–240. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Dana Dachman-Soled
    • 1
  • Jonathan Katz
    • 1
  • Aishwarya Thiruvengadam
    • 1
    Email author
  1. 1.University of MarylandCollege ParkUSA

Personalised recommendations