Abstract
We revisit the security of various generalized Feistel networks. Concretely, for unbalanced, alternating, type-1, type-2, and type-3 Feistel networks built from random functions, we substantially improve the coupling analyzes of Hoang and Rogaway (CRYPTO 2010). For a tweakable blockcipher-based generalized Feistelnetwork proposed by Coron et al. (TCC 2010), we present a coupling analysis and for the first time show that with enough rounds, it achieves 2n-bit security, and this provides highly secure, double-length tweakable blockciphers.
Highlights
1.1 Feistel NetworksFeistel networks consist of several iterative applications of a simple Feistel permutationΨFi (A, B) = (B, A ⊕ Fi(B)) (1)for a domain-preserving function Fi : {0, 1}n → {0, 1}n that is typically called its round function
Tweakable permutation (TP) and tweakable blockciphers (TBC) were introduced by Liskov et al [LRW02]: the former models a family of permutations indexed by a parameter called the tweak, and the latter is a family of keyed TPs
Coron et al [CDMS10] proposed a Generalized Feistel Networks (GFNs) that turns an n-bit TP with ω-bit tweak (ω > n) into a 2n-bit TP with (ω − n)-bit tweak, i.e., it trades the domain with the tweak space
Summary
Feistel networks consist of several iterative applications of a simple Feistel permutation. A popular approach to analyzing the security of Feistel networks, pioneered by Luby and Rackoff [LR88], is to model the round function Fi as a secret random function. This allows proving its information theoretic indistinguishability, i.e., any distinguisher should not be able to distinguish the Feistel network from a random permutation on 2n-bit strings. With this model, Luby and Rackoff proved the security for 4-round Feistel networks, following which a long series of work has established either better security bounds [Pat, Mau, MP03, Vau, Pat, HR10a, Pat10] or reduced construction complexity [SP93, Pat, Nan, Nan15]. It requires a large number of rounds to asymptotically achieve n-bit security
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
