1 research outputs found
Understanding the Related-Key Security of Feistel Ciphers from a Provable Perspective
We initiate the provable related-key security treatment for models of
practical Feistel ciphers. In detail, we consider Feistel networks with four
whitening keys () and round-functions of the form
, where is the main-key, and are
efficient transformations, and is a public ideal function or permutation
that the adversary is allowed to query. We investigate conditions on the
key-schedules that are sufficient for security against XOR-induced related-key
attacks up to adversarial queries. When the key-schedules are
non-linear, we prove security for 4 rounds. When only affine key-schedules are
used, we prove security for 6 rounds. These also imply secure tweakable Feistel
ciphers in the Random Oracle model.
By shuffling the key-schedules, our model unifies both the DES-like structure
(known as Feistel-2 scheme in the cryptanalytic community, a.k.a.
key-alternating Feistel due to Lampe and Seurin, FSE 2014) and the Lucifer-like
model (previously analyzed by Guo and Lin, TCC 2015). This allows us to derive
concrete implications on these two (more common) models, and helps
understanding their differences---and further understanding the related-key
security of Feistel ciphers.Comment: The technical part is the same as the submission (only modify to fit
into the double column). In "Related Work" comparison with [72] is added: in
short, these two works focus on very different goals, and their general
results aren't comparabl