Abstract
We study the Lai–Massey construction defined over bit strings w.r.t. the notion of sequential indifferentiability, which was introduced by Mandal et al. (in: Cramer (ed) TCC 2012, LNCS, Springer, Heidelberg, vol 7194, pp 285–302, 2012) and formalized known-key security of blockcipher structures. We first exhibit a sequential distinguisher against 5-round Lai–Massey structure when the underlying orthomorphism is linear. This enhances a 2011 result of Aumasson. As our main result, we (for the first time) prove sequential indifferentiability for 6-round Lai–Massey constructions (on bit strings) using six independent random round functions.
Similar content being viewed by others
Data availability
No datasets have been used.
Notes
Recent trends towards designing group- and ring-oriented blockciphers have revoked interest on general Lai–Massey structures [22].
As will be shown, it always holds \(A_L \oplus A_R \oplus A_L' \oplus A_R' \oplus A_L'' \oplus A_R'' \oplus A_L''' \oplus A_R''' = 0\) due to the previous computations. Though, it slightly simplifies subsequent arguments by checking both equalities.
If \(\mathcal {D}\) makes \(q_i\) queries to \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}.{\text {Query}} (i,\cdot )\) and \(q_p\) queries to \(\text {LM} _6^{\mathcal {S} ^{\textbf{P},{\textbf{H}}}}\), then \(\text {LM} _6^{\mathcal {S} ^{\textbf{P},{\textbf{H}}}}\) relays at most \(6q_p \) queries \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}\), and \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}\) receives at most \(6q_p + \sum _{i=1}^6 q_i\) queries in total.
References
Albrecht M.R., Rechberger C., Schneider T., Tiessen T., Zohner M.: Ciphers for MPC and FHE. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part I, vol. 9056, pp. 430–454. LNCS. Springer, Heidelberg (2015).
Andreeva E., Bogdanov A., Dodis Y., Mennink B., Steinberger J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti R., Garay J.A. (eds.) CRYPTO 2013, Part I, vol. 8042, pp. 531–550. LNCS. Springer, Heidelberg (2013).
Aumasson J.P.: Exponential attacks on 6-round Luby-Rackoff and on 5-round Lai-Massey. Cryptology ePrint Archive, Report 2011/015 (2011). https://eprint.iacr.org/2011/015.
Barbosa M., Farshim P.: Indifferentiable authenticated encryption. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part I, vol. 10991, pp. 187–220. LNCS. Springer, Heidelberg (2018).
Biryukov A., Khovratovich D., Nikolic I.: Distinguisher and related-key attack on the full AES-256. In: Halevi S. (ed.) CRYPTO 2009, vol. 5677, pp. 231–249. LNCS. Springer, Heidelberg (2009).
Bogdanov A., Knudsen L.R., Leander G., Standaert F.X., Steinberger J.P., Tischhauser E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (extended abstract). In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012, vol. 7237, pp. 45–62. LNCS. Springer, Heidelberg (2012).
Canetti R., Goldreich O., Halevi S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004). https://doi.org/10.1145/1008731.1008734.
Chauhan A.K., Sanadhya S.: Quantum security of FOX construction based on lai-massey scheme. IACR Cryptol. ePrint Arch. p. 1001 (2022). https://eprint.iacr.org/2022/1001.
Chen S., Lampe R., Lee J., Seurin Y., Steinberger J.P.: Minimizing the two-round Even-Mansour cipher. J. Cryptol. 31(4), 1064–1119 (2018).
Choi W., Lee B., Lee J.: Indifferentiability of truncated random permutations. In: Galbraith S.D., Moriai S. (eds.) ASIACRYPT 2019, Part I, vol. 11921, pp. 175–195. LNCS. Springer, Heidelberg (2019).
Cogliati B., Seurin Y.: On the provable security of the iterated Even-Mansour cipher against related-key and chosen-key attacks. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part I, vol. 9056, pp. 584–613. LNCS. Springer, Heidelberg (2015).
Cogliati B., Seurin Y.: Strengthening the known-key security notion for block ciphers. In: Peyrin T. (ed.) FSE 2016, vol. 9783, pp. 494–513. LNCS. Springer, Heidelberg (2016).
Coron J.S., Dodis Y., Malinaud C., Puniya P.: Merkle-Damgård revisited: how to construct a hash function. In: Shoup V. (ed.) CRYPTO 2005, vol. 3621, pp. 430–448. LNCS. Springer, Heidelberg (2005).
Coron J.S., Holenstein T., Künzler R., Patarin J., Seurin Y., Tessaro S.: How to build an ideal cipher: The indifferentiability of the Feistel construction. J. Cryptol. 29(1), 61–114 (2016).
Dachman-Soled D., Katz J., Thiruvengadam A.: 10-round Feistel is indifferentiable from an ideal cipher. In: Fischlin M., Coron J.S. (eds.) EUROCRYPT 2016, Part II, vol. 9666, pp. 649–678. LNCS. Springer, Heidelberg (2016).
Daemen J., Rijmen V.: The wide trail design strategy. In: Honary B. (ed.) 8th IMA International Conference on Cryptography and Coding, vol. 2260, pp. 222–238. LNCS. Springer, Heidelberg (2001).
Dai Y., Seurin Y., Steinberger J.P., Thiruvengadam A.: Indifferentiability of iterated Even-Mansour ciphers with non-idealized key-schedules: five rounds are necessary and sufficient. In: Katz J., Shacham H. (eds.) CRYPTO 2017, Part III, vol. 10403, pp. 524–555. LNCS. Springer, Heidelberg (2017).
Dai Y., Steinberger J.P.: Indifferentiability of 8-round Feistel networks. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, Part I, vol. 9814, pp. 95–120. LNCS. Springer, Heidelberg (2016).
Demay G., Gaži P., Hirt M., Maurer U.: Resource-restricted indifferentiability. In: Johansson T., Nguyen P.Q. (eds.) EUROCRYPT 2013, vol. 7881, pp. 664–683. LNCS. Springer, Heidelberg (2013).
Dodis Y., Stam M., Steinberger J.P., Liu T.: Indifferentiability of confusion-diffusion networks. In: Fischlin M., Coron J.S. (eds.) EUROCRYPT 2016, Part II, vol. 9666, pp. 679–704. LNCS. Springer, Heidelberg (2016).
Feistel H., Notz W.A., Smith J.L.: Some cryptographic techniques for machine-to-machine data communications. Proc. IEEE 63(11), 1545–1554 (1975).
Grassi L.: On generalizations of the Lai-Massey scheme: the birth of amaryllises. IACR Cryptol. ePrint Arch. p. 1245 (2022). https://eprint.iacr.org/2022/1245.
Gunsing A., Bhaumik R., Jha A., Mennink B., Shen Y.: Revisiting the indifferentiability of the sum of permutations. Cryptology ePrint Archive, Paper 2023/840 (2023). https://eprint.iacr.org/2023/840.
Guo C., Lin D.: On the indifferentiability of key-alternating Feistel ciphers with no key derivation. In: Dodis Y., Nielsen J.B. (eds.) TCC 2015, Part I, vol. 9014, pp. 110–133. LNCS. Springer, Heidelberg (2015).
Guo C., Lin D.: A synthetic indifferentiability analysis of interleaved double-key Even-Mansour ciphers. In: Iwata T., Cheon J.H. (eds.) ASIACRYPT 2015, Part II, vol. 9453, pp. 389–410. LNCS. Springer, Heidelberg (2015).
Guo C., Lin D.: Indifferentiability of 3-round even-mansour with random oracle key derivation. IACR Cryptol. ePrint Arch. p. 894 (2016). http://eprint.iacr.org/2016/894.
Guo C., Lin D.: Separating invertible key derivations from non-invertible ones: sequential indifferentiability of 3-round even-mansour. Des. Codes Cryptogr. 81(1), 109–129 (2016).
Guo C., Wang L., Lin D.: Impossibility of indifferentiable iterated blockciphers from 3 or less primitive calls. In: Hazay C., Stam M. (eds.) Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part IV. Lecture Notes in Computer Science, vol. 14007, pp. 408–439. Springer (2023). https://doi.org/10.1007/978-3-031-30634-1_14.
Junod P., Vaudenay S.: FOX: a new family of block ciphers. In: Handschuh H., Hasan A. (eds.) SAC 2004, vol. 3357, pp. 114–129. LNCS. Springer, Heidelberg (2004).
Keller N., Rosemarin A.: Mind the Middle Layer: The HADES Design Strategy Revisited, pp. 35–63. LNCS, Springer, Heidelberg (2021).
Knudsen L.R., Rijmen V.: Known-key distinguishers for some block ciphers. In: Kurosawa K. (ed.) ASIACRYPT 2007, vol. 4833, pp. 315–324. LNCS. Springer, Heidelberg (2007).
Lai X., Massey J.L.: A proposal for a new block encryption standard. In: Damgård I. (ed.) EUROCRYPT’90, vol. 473, pp. 389–404. LNCS. Springer, Heidelberg (1991).
Lampe R., Seurin Y.: How to construct an ideal cipher from a small set of public permutations. In: Sako K., Sarkar P. (eds.) ASIACRYPT 2013, Part I, vol. 8269, pp. 444–463. LNCS. Springer, Heidelberg (2013).
Li X., Wu W.: Constructing binary matrices with good implementation properties for low-latency block ciphers based on Lai-Massey structure. Comput. J. 66(1), 160–173 (2023). https://doi.org/10.1093/comjnl/bxab151.
Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).
Luo Y., Lai X., Gong Z.: Pseudorandomness analysis of the (extended) Lai-Massey scheme. Inf. Process. Lett. 111(2), 90–96 (2010). https://doi.org/10.1016/j.ipl.2010.10.012.
Luo Y., Lai X., Hu J.: The pseudorandomness of many-round lai-massey scheme. J. Inf. Sci. Eng. 31(3), 1085–1096 (2015).
Luo Y., Lai X., Zhou Y.: Generic attacks on the Lai-Massey scheme. Des. Codes Cryptogr. 83(2), 407–423 (2017). https://doi.org/10.1007/s10623-016-0235-2.
Mandal A., Patarin J., Seurin Y.: On the public indifferentiability and correlation intractability of the 6-round Feistel construction. In: Cramer R. (ed.) TCC 2012, vol. 7194, pp. 285–302. LNCS. Springer, Heidelberg (2012).
Mao S., Guo T., Wang P., Hu L.: Quantum attacks on lai-massey structure. In: Cheon J.H., Johansson T. (eds.) Post-Quantum Cryptography - 13th International Workshop, PQCrypto 2022, Virtual Event, September 28-30, 2022, Proceedings. Lecture Notes in Computer Science, vol. 13512, pp. 205–229. Springer (2022). https://doi.org/10.1007/978-3-031-17234-2_11.
Maurer U.M., Renner R., Holenstein C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor M. (ed.) TCC 2004, vol. 2951, pp. 21–39. LNCS. Springer, Heidelberg (2004).
Ristenpart T., Shacham H., Shrimpton T.: Careful with composition: limitations of the indifferentiability framework. In: Paterson K.G. (ed.) EUROCRYPT 2011, vol. 6632, pp. 487–506. LNCS. Springer, Heidelberg (2011).
Shamsabad M.R.M., Dehnavi S.M.: Lai-massey scheme revisited. Cryptology ePrint Archive, Report 2020/005 (2020). https://eprint.iacr.org/2020/005.
Vaudenay S.: On the Lai-Massey scheme. In: Lam K.Y., Okamoto E., Xing C. (eds.) ASIACRYPT’99, vol. 1716, pp. 8–19. LNCS. Springer, Heidelberg (1999).
Xu S., Da Q., Guo C.: Chosen-key secure even-mansour cipher from a single permutation. IACR Trans. Symmetric Cryptol. 2023(1), 244–287 (2023).
Yun A., Park J.H., Lee J.: On Lai-Massey and quasi-Feistel ciphers. Des. Codes Cryptogr. 58(1), 45–72 (2011).
Acknowledgements
We thank the anonymous reviewers of Designs, Codes and Cryptography for insightful comments that help us significantly improve the quality of this paper.
Funding
The authors are supported by the National Natural Science Foundation of China (Grant Nos. 62372274, 62072207) and and Guangdong Basic and Applied Basic Research Foundation (Grant No. 2022A1515140090).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Additional information
Communicated by M. Naya-Plasencia.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Guo, C., Luo, Y. & Xiao, C. On the sequential indifferentiability of the Lai–Massey construction. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01361-6
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10623-024-01361-6