Feistel constructions using contracting round functions were introduced in 1990s and generalized by Yun et al. (Des Codes Cryptogr 58(1):45–72, 2011) to a quasigroup-based definition. To our knowledge, the minimal number of rounds sufficient for CCA security remains elusive. We bridge this gap: for the general quasigroup-based contracting Feistel construction using round functions \(F_i: \mathcal {X}^{b-1} \rightarrow \mathcal {X}\), \(b \ge 3\), we prove CCA security at \(b+1\) rounds. This matches the attacked rounds of Patarin et al. (in: Lai, Chen (ed) ASIACRYPT, Springer, Heidelberg, 2006). Interestingly, this means 4 rounds are already sufficient for CCA security of the case \(b=3\), which is the same as the balanced Feistel.

使用收缩轮函数的 Feistel 结构于 20 世纪 90 年代引入，并由 Yun 等人推广。 (Des Codes Cryptogr 58(1):45–72, 2011) 到基于拟群的定义。据我们所知，足以保证 CCA 安全的最小轮数仍然难以实现。我们弥补了这一差距：对于一般的基于拟群的契约 Feistel 构造，使用轮函数\(F_i: \mathcal {X}^{b-1} \rightarrow \mathcal {X}\) , \(b \ge 3\)，我们在\(b+1\)轮证明 CCA 安全性。这与 Patarin 等人的攻击回合相匹配。 （出自：Lai, Chen (ed) ASIACRYPT，施普林格，海德堡，2006 年）。有趣的是，这意味着 4 轮已经足以满足\(b=3\)情况的 CCA 安全性，这与平衡的 Feistel 相同。