Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21]

@

Journal of Information Science and Engineering, Vol. 31 No. 3, pp. 1085-1096 (May 2015)


The Pseudorandomness of Many-Round Lai-Massey Scheme*


YIYUAN LUO1,2, XUEJIA LAI2 AND JING HU1
1School of Electronics and Information
Shanghai Dian Ji University
Shanghai, 200240 P.R. China
E-mail: {luoyy; hujing}@sdju.edu.cn
2Department of Computer Science and Engineering
Shanghai Jiao Tong University
Shanghai, 200240 P.R. China
E-mail: lai-xj@cs.sjtu.edu.cnn

In this paper we prove beyond-birthday-bound for the (strong) pseudorandomness of many-round Lai-Massey scheme. Motivated by Hoang and Rogaway's analysis of generalized Feistel networks, we use the coupling technology from Markov chain theory and prove that for any e > 0, with enough rounds, the Lai-Massey scheme is indistinguishable from a uniform random permutation by any computationally unbounded distinguisher making at most q~N1-t combined chosen plaintext/ciphertext (CCA) queries, where N is the range size of the round function. Previous works by Vaudenay et al. and Yun et al. only proved the birthday-bound CCA security of Lai-Massey scheme.

Keywords: cryptography, block cipher, Lai-Massey scheme, Pseudorandomness, coupling

Full Text () Retrieve PDF document (201505_17.pdf)

Received October 12, 2013; revised January 3 & 22, 2014; accepted January 30, 2014.
Communicated by Vincent Rijmen.
>* Yiyuan Luo was supported by the National Natural Science Foundation of China (61402280) and the Key Discipine Funding (Computer Technology) of Shanghai Dian Ji University, No 13XKJ01.
* Xuejia Lai was supported by the National Natural Science Foundation of China (61073149 and 61272440 and 61472251), and Research Fund for the Doctoral Program of Higher Education of China (2009007311-0027), State Key Laboratory of ASIC and System (11KF0020), Key Lab of Information Network Security, Ministry of Public Security (C11603).