Luby–Rackoff Revisited: On the Use of Permutations as Inner Functions of a Feistel Scheme

    loading  Checking for direct PDF access through Ovid


In this paper we are dealing with the security of the Feistel structure in the Luby–Rackoff model when the round functions are replaced by permutations. There is a priori no reason to think that the security bounds remain the same in this case, as illustrated by Knudsen's attack [5]. It is why we revisit Luby–Rackoff's proofs [6] in this specific case. The conclusion is that when the inner functions are random permutations, a 3-round (resp. 4-round) Feistel scheme remains secure against pseudorandom (resp. superpseudorandom) distinguishers as long as m ≪ 2n/2 (with m the number of queries and 2n the block size).

Related Topics

    loading  Loading Related Articles