Skip to main content
SpringerLink
Log in

On the sequential indifferentiability of the Lai–Massey construction

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We study the Lai–Massey construction defined over bit strings w.r.t. the notion of sequential indifferentiability, which was introduced by Mandal et al. (in: Cramer (ed) TCC 2012, LNCS, Springer, Heidelberg, vol 7194, pp 285–302, 2012) and formalized known-key security of blockcipher structures. We first exhibit a sequential distinguisher against 5-round Lai–Massey structure when the underlying orthomorphism is linear. This enhances a 2011 result of Aumasson. As our main result, we (for the first time) prove sequential indifferentiability for 6-round Lai–Massey constructions (on bit strings) using six independent random round functions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

No datasets have been used.

Notes

  1. Recent trends towards designing group- and ring-oriented blockciphers have revoked interest on general Lai–Massey structures [22].

  2. As will be shown, it always holds \(A_L \oplus A_R \oplus A_L' \oplus A_R' \oplus A_L'' \oplus A_R'' \oplus A_L''' \oplus A_R''' = 0\) due to the previous computations. Though, it slightly simplifies subsequent arguments by checking both equalities.

  3. If \(\mathcal {D}\) makes \(q_i\) queries to \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}.{\text {Query}} (i,\cdot )\) and \(q_p\) queries to \(\text {LM} _6^{\mathcal {S} ^{\textbf{P},{\textbf{H}}}}\), then \(\text {LM} _6^{\mathcal {S} ^{\textbf{P},{\textbf{H}}}}\) relays at most \(6q_p \) queries \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}\), and \(\mathcal {S} ^{\textbf{P},{\textbf{H}}}\) receives at most \(6q_p + \sum _{i=1}^6 q_i\) queries in total.

References

  1. Albrecht M.R., Rechberger C., Schneider T., Tiessen T., Zohner M.: Ciphers for MPC and FHE. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part I, vol. 9056, pp. 430–454. LNCS. Springer, Heidelberg (2015).

    Google Scholar 

  2. Andreeva E., Bogdanov A., Dodis Y., Mennink B., Steinberger J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti R., Garay J.A. (eds.) CRYPTO 2013, Part I, vol. 8042, pp. 531–550. LNCS. Springer, Heidelberg (2013).

    Chapter  Google Scholar 

  3. Aumasson J.P.: Exponential attacks on 6-round Luby-Rackoff and on 5-round Lai-Massey. Cryptology ePrint Archive, Report 2011/015 (2011). https://eprint.iacr.org/2011/015.

  4. Barbosa M., Farshim P.: Indifferentiable authenticated encryption. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part I, vol. 10991, pp. 187–220. LNCS. Springer, Heidelberg (2018).

    Chapter  Google Scholar 

  5. Biryukov A., Khovratovich D., Nikolic I.: Distinguisher and related-key attack on the full AES-256. In: Halevi S. (ed.) CRYPTO 2009, vol. 5677, pp. 231–249. LNCS. Springer, Heidelberg (2009).

    Chapter  Google Scholar 

  6. Bogdanov A., Knudsen L.R., Leander G., Standaert F.X., Steinberger J.P., Tischhauser E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (extended abstract). In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012, vol. 7237, pp. 45–62. LNCS. Springer, Heidelberg (2012).

    Chapter  Google Scholar 

  7. Canetti R., Goldreich O., Halevi S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004). https://doi.org/10.1145/1008731.1008734.

    Article  MathSciNet  Google Scholar 

  8. Chauhan A.K., Sanadhya S.: Quantum security of FOX construction based on lai-massey scheme. IACR Cryptol. ePrint Arch. p. 1001 (2022). https://eprint.iacr.org/2022/1001.

  9. Chen S., Lampe R., Lee J., Seurin Y., Steinberger J.P.: Minimizing the two-round Even-Mansour cipher. J. Cryptol. 31(4), 1064–1119 (2018).

    Article  MathSciNet  Google Scholar 

  10. Choi W., Lee B., Lee J.: Indifferentiability of truncated random permutations. In: Galbraith S.D., Moriai S. (eds.) ASIACRYPT 2019, Part I, vol. 11921, pp. 175–195. LNCS. Springer, Heidelberg (2019).

    Chapter  Google Scholar 

  11. Cogliati B., Seurin Y.: On the provable security of the iterated Even-Mansour cipher against related-key and chosen-key attacks. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part I, vol. 9056, pp. 584–613. LNCS. Springer, Heidelberg (2015).

    Google Scholar 

  12. Cogliati B., Seurin Y.: Strengthening the known-key security notion for block ciphers. In: Peyrin T. (ed.) FSE 2016, vol. 9783, pp. 494–513. LNCS. Springer, Heidelberg (2016).

    Google Scholar 

  13. Coron J.S., Dodis Y., Malinaud C., Puniya P.: Merkle-Damgård revisited: how to construct a hash function. In: Shoup V. (ed.) CRYPTO 2005, vol. 3621, pp. 430–448. LNCS. Springer, Heidelberg (2005).

    Chapter  Google Scholar 

  14. Coron J.S., Holenstein T., Künzler R., Patarin J., Seurin Y., Tessaro S.: How to build an ideal cipher: The indifferentiability of the Feistel construction. J. Cryptol. 29(1), 61–114 (2016).

    Article  MathSciNet  Google Scholar 

  15. Dachman-Soled D., Katz J., Thiruvengadam A.: 10-round Feistel is indifferentiable from an ideal cipher. In: Fischlin M., Coron J.S. (eds.) EUROCRYPT 2016, Part II, vol. 9666, pp. 649–678. LNCS. Springer, Heidelberg (2016).

    Google Scholar 

  16. Daemen J., Rijmen V.: The wide trail design strategy. In: Honary B. (ed.) 8th IMA International Conference on Cryptography and Coding, vol. 2260, pp. 222–238. LNCS. Springer, Heidelberg (2001).

    Chapter  Google Scholar 

  17. Dai Y., Seurin Y., Steinberger J.P., Thiruvengadam A.: Indifferentiability of iterated Even-Mansour ciphers with non-idealized key-schedules: five rounds are necessary and sufficient. In: Katz J., Shacham H. (eds.) CRYPTO 2017, Part III, vol. 10403, pp. 524–555. LNCS. Springer, Heidelberg (2017).

    Chapter  Google Scholar 

  18. Dai Y., Steinberger J.P.: Indifferentiability of 8-round Feistel networks. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, Part I, vol. 9814, pp. 95–120. LNCS. Springer, Heidelberg (2016).

    Chapter  Google Scholar 

  19. Demay G., Gaži P., Hirt M., Maurer U.: Resource-restricted indifferentiability. In: Johansson T., Nguyen P.Q. (eds.) EUROCRYPT 2013, vol. 7881, pp. 664–683. LNCS. Springer, Heidelberg (2013).

    Chapter  Google Scholar 

  20. Dodis Y., Stam M., Steinberger J.P., Liu T.: Indifferentiability of confusion-diffusion networks. In: Fischlin M., Coron J.S. (eds.) EUROCRYPT 2016, Part II, vol. 9666, pp. 679–704. LNCS. Springer, Heidelberg (2016).

    Google Scholar 

  21. Feistel H., Notz W.A., Smith J.L.: Some cryptographic techniques for machine-to-machine data communications. Proc. IEEE 63(11), 1545–1554 (1975).

    Article  Google Scholar 

  22. Grassi L.: On generalizations of the Lai-Massey scheme: the birth of amaryllises. IACR Cryptol. ePrint Arch. p. 1245 (2022). https://eprint.iacr.org/2022/1245.

  23. Gunsing A., Bhaumik R., Jha A., Mennink B., Shen Y.: Revisiting the indifferentiability of the sum of permutations. Cryptology ePrint Archive, Paper 2023/840 (2023). https://eprint.iacr.org/2023/840.

  24. Guo C., Lin D.: On the indifferentiability of key-alternating Feistel ciphers with no key derivation. In: Dodis Y., Nielsen J.B. (eds.) TCC 2015, Part I, vol. 9014, pp. 110–133. LNCS. Springer, Heidelberg (2015).

    Google Scholar 

  25. Guo C., Lin D.: A synthetic indifferentiability analysis of interleaved double-key Even-Mansour ciphers. In: Iwata T., Cheon J.H. (eds.) ASIACRYPT 2015, Part II, vol. 9453, pp. 389–410. LNCS. Springer, Heidelberg (2015).

    Chapter  Google Scholar 

  26. Guo C., Lin D.: Indifferentiability of 3-round even-mansour with random oracle key derivation. IACR Cryptol. ePrint Arch. p. 894 (2016). http://eprint.iacr.org/2016/894.

  27. Guo C., Lin D.: Separating invertible key derivations from non-invertible ones: sequential indifferentiability of 3-round even-mansour. Des. Codes Cryptogr. 81(1), 109–129 (2016).

    Article  MathSciNet  Google Scholar 

  28. Guo C., Wang L., Lin D.: Impossibility of indifferentiable iterated blockciphers from 3 or less primitive calls. In: Hazay C., Stam M. (eds.) Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part IV. Lecture Notes in Computer Science, vol. 14007, pp. 408–439. Springer (2023). https://doi.org/10.1007/978-3-031-30634-1_14.

  29. Junod P., Vaudenay S.: FOX: a new family of block ciphers. In: Handschuh H., Hasan A. (eds.) SAC 2004, vol. 3357, pp. 114–129. LNCS. Springer, Heidelberg (2004).

    Google Scholar 

  30. Keller N., Rosemarin A.: Mind the Middle Layer: The HADES Design Strategy Revisited, pp. 35–63. LNCS, Springer, Heidelberg (2021).

  31. Knudsen L.R., Rijmen V.: Known-key distinguishers for some block ciphers. In: Kurosawa K. (ed.) ASIACRYPT 2007, vol. 4833, pp. 315–324. LNCS. Springer, Heidelberg (2007).

    Chapter  Google Scholar 

  32. Lai X., Massey J.L.: A proposal for a new block encryption standard. In: Damgård I. (ed.) EUROCRYPT’90, vol. 473, pp. 389–404. LNCS. Springer, Heidelberg (1991).

    Google Scholar 

  33. Lampe R., Seurin Y.: How to construct an ideal cipher from a small set of public permutations. In: Sako K., Sarkar P. (eds.) ASIACRYPT 2013, Part I, vol. 8269, pp. 444–463. LNCS. Springer, Heidelberg (2013).

    Google Scholar 

  34. Li X., Wu W.: Constructing binary matrices with good implementation properties for low-latency block ciphers based on Lai-Massey structure. Comput. J. 66(1), 160–173 (2023). https://doi.org/10.1093/comjnl/bxab151.

    Article  MathSciNet  CAS  Google Scholar 

  35. Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).

    Article  MathSciNet  Google Scholar 

  36. Luo Y., Lai X., Gong Z.: Pseudorandomness analysis of the (extended) Lai-Massey scheme. Inf. Process. Lett. 111(2), 90–96 (2010). https://doi.org/10.1016/j.ipl.2010.10.012.

    Article  MathSciNet  Google Scholar 

  37. Luo Y., Lai X., Hu J.: The pseudorandomness of many-round lai-massey scheme. J. Inf. Sci. Eng. 31(3), 1085–1096 (2015).

    MathSciNet  Google Scholar 

  38. Luo Y., Lai X., Zhou Y.: Generic attacks on the Lai-Massey scheme. Des. Codes Cryptogr. 83(2), 407–423 (2017). https://doi.org/10.1007/s10623-016-0235-2.

    Article  MathSciNet  Google Scholar 

  39. Mandal A., Patarin J., Seurin Y.: On the public indifferentiability and correlation intractability of the 6-round Feistel construction. In: Cramer R. (ed.) TCC 2012, vol. 7194, pp. 285–302. LNCS. Springer, Heidelberg (2012).

    Google Scholar 

  40. Mao S., Guo T., Wang P., Hu L.: Quantum attacks on lai-massey structure. In: Cheon J.H., Johansson T. (eds.) Post-Quantum Cryptography - 13th International Workshop, PQCrypto 2022, Virtual Event, September 28-30, 2022, Proceedings. Lecture Notes in Computer Science, vol. 13512, pp. 205–229. Springer (2022). https://doi.org/10.1007/978-3-031-17234-2_11.

  41. Maurer U.M., Renner R., Holenstein C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor M. (ed.) TCC 2004, vol. 2951, pp. 21–39. LNCS. Springer, Heidelberg (2004).

    Google Scholar 

  42. Ristenpart T., Shacham H., Shrimpton T.: Careful with composition: limitations of the indifferentiability framework. In: Paterson K.G. (ed.) EUROCRYPT 2011, vol. 6632, pp. 487–506. LNCS. Springer, Heidelberg (2011).

    Chapter  Google Scholar 

  43. Shamsabad M.R.M., Dehnavi S.M.: Lai-massey scheme revisited. Cryptology ePrint Archive, Report 2020/005 (2020). https://eprint.iacr.org/2020/005.

  44. Vaudenay S.: On the Lai-Massey scheme. In: Lam K.Y., Okamoto E., Xing C. (eds.) ASIACRYPT’99, vol. 1716, pp. 8–19. LNCS. Springer, Heidelberg (1999).

    Chapter  Google Scholar 

  45. Xu S., Da Q., Guo C.: Chosen-key secure even-mansour cipher from a single permutation. IACR Trans. Symmetric Cryptol. 2023(1), 244–287 (2023).

    Article  Google Scholar 

  46. Yun A., Park J.H., Lee J.: On Lai-Massey and quasi-Feistel ciphers. Des. Codes Cryptogr. 58(1), 45–72 (2011).

Download references

Acknowledgements

We thank the anonymous reviewers of Designs, Codes and Cryptography for insightful comments that help us significantly improve the quality of this paper.

Funding

The authors are supported by the National Natural Science Foundation of China (Grant Nos. 62372274, 62072207) and and Guangdong Basic and Applied Basic Research Foundation (Grant No. 2022A1515140090).

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, China

    Chun Guo & Chenyu Xiao

  2. Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Qingdao, 266237, Shandong, China

    Chun Guo

  3. Shandong Research Institute of Industrial Technology, Jinan, 250102, Shandong, China

    Chun Guo

  4. School of Computer Science and Engineering, Huizhou University, Huizhou, 516007, China

    Yiyuan Luo

Authors
  1. Chun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yiyuan Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chenyu Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yiyuan Luo.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Communicated by M. Naya-Plasencia.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Guo, C., Luo, Y. & Xiao, C. On the sequential indifferentiability of the Lai–Massey construction. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01361-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10623-024-01361-6

Keywords

Mathematics Subject Classification

Search

Navigation