| Abstrakt: |
In this paper we are dealing with the security of the Feistel structure in the Luby–Rackoff model when the round functions are replaced by permutations. There is a priorino reason to think that the security bounds remain the same in this case, as illustrated by Knudsen’s attack [5]. It is why we revisit Luby–Rackoff’s proofs [6] in this specific case. The conclusion is that when the inner functions are random permutations, a 3-round (resp. 4-round) Feistel scheme remains secure against pseudorandom (resp. superpseudorandom) distinguishers as long as m2n/2(with mthe number of queries and 2nthe block size).In this paper we are dealing with the security of the Feistel structure in the Luby–Rackoff model when the round functions are replaced by permutations. There is a priorino reason to think that the security bounds remain the same in this case, as illustrated by Knudsen’s attack [5]. It is why we revisit Luby–Rackoff’s proofs [6] in this specific case. The conclusion is that when the inner functions are random permutations, a 3-round (resp. 4-round) Feistel scheme remains secure against pseudorandom (resp. superpseudorandom) distinguishers as long as m2n/2(with mthe number of queries and 2nthe block size). |
Full text from SpringerLink