Feistel networks made public, and applications

Yevgeniy Dodis; Prashant Puniya

doi:10.1007/978-3-540-72540-4_31

Feistel networks made public, and applications

Yevgeniy Dodis, Prashant Puniya

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Feistel Network, consisting of a repeated application of the Feistel Transform, gives a very convenient and popular method for designing "cryptographically strong" permutations from corresponding "cryptographically strong" functions. Up to now, all usages of the Feistel Network, including the celebrated Luby-Rackoff's result, critically rely on (a) the (pseudo)randomness of round functions; and (b) the secrecy of (at least some of) the intermediate round values appearing during the Feistel computation. Moreover, a small constant number of Feistel rounds was typically sufficient to guarantee security under assumptions (a) and (b). In this work we consider several natural scenarios where at least one of the above assumptions does not hold, and show that a constant, or even logarithmic number of rounds is provably insufficient to handle such applications, implying that a new method of analysis is needed. On a positive side, we develop a new combinatorial understanding of Feistel networks, which makes them applicable to situations when the round functions are merely unpredictable rather than (pseudo)random and/or when the intermediate round values may be leaked to the adversary (either through an attack or because the application requires it). In essence, our results show that in any such scenario a super-logarithmic number of Feistel rounds is necessary and sufficient to guarantee security. Of independent interest, our technique yields a novel domain extension method for messages authentication codes and other related primitives, settling a question studied by An and Bellare in CRYPTO 1999.

Original language	English (US)
Title of host publication	Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Publisher	Springer Verlag
Pages	534-554
Number of pages	21
ISBN (Print)	9783540725398
DOIs	https://doi.org/10.1007/978-3-540-72540-4_31
State	Published - 2007
Event	26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007 - Barcelona, Spain Duration: May 20 2007 → May 24 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4515 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007
Country	Spain
City	Barcelona
Period	5/20/07 → 5/24/07

Keywords

Domain extension
Feistel network
MACs
PRFs
PRPs
Verifiable random functions/permutations

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-72540-4_31

Fingerprint Dive into the research topics of 'Feistel networks made public, and applications'. Together they form a unique fingerprint.

Cite this

Dodis, Y., & Puniya, P. (2007). Feistel networks made public, and applications. In Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (pp. 534-554). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4515 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-72540-4_31

Feistel networks made public, and applications. / Dodis, Yevgeniy; Puniya, Prashant.

Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer Verlag, 2007. p. 534-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4515 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Dodis, Y & Puniya, P 2007, Feistel networks made public, and applications. in Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4515 LNCS, Springer Verlag, pp. 534-554, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007, Barcelona, Spain, 5/20/07. https://doi.org/10.1007/978-3-540-72540-4_31

Dodis Y, Puniya P. Feistel networks made public, and applications. In Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer Verlag. 2007. p. 534-554. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-72540-4_31

Dodis, Yevgeniy ; Puniya, Prashant. / Feistel networks made public, and applications. Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer Verlag, 2007. pp. 534-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3993a01a45c74f9dbec60e44992c2d04,

title = "Feistel networks made public, and applications",

abstract = "Feistel Network, consisting of a repeated application of the Feistel Transform, gives a very convenient and popular method for designing {"}cryptographically strong{"} permutations from corresponding {"}cryptographically strong{"} functions. Up to now, all usages of the Feistel Network, including the celebrated Luby-Rackoff's result, critically rely on (a) the (pseudo)randomness of round functions; and (b) the secrecy of (at least some of) the intermediate round values appearing during the Feistel computation. Moreover, a small constant number of Feistel rounds was typically sufficient to guarantee security under assumptions (a) and (b). In this work we consider several natural scenarios where at least one of the above assumptions does not hold, and show that a constant, or even logarithmic number of rounds is provably insufficient to handle such applications, implying that a new method of analysis is needed. On a positive side, we develop a new combinatorial understanding of Feistel networks, which makes them applicable to situations when the round functions are merely unpredictable rather than (pseudo)random and/or when the intermediate round values may be leaked to the adversary (either through an attack or because the application requires it). In essence, our results show that in any such scenario a super-logarithmic number of Feistel rounds is necessary and sufficient to guarantee security. Of independent interest, our technique yields a novel domain extension method for messages authentication codes and other related primitives, settling a question studied by An and Bellare in CRYPTO 1999.",

keywords = "Domain extension, Feistel network, MACs, PRFs, PRPs, Verifiable random functions/permutations",

author = "Yevgeniy Dodis and Prashant Puniya",

year = "2007",

doi = "10.1007/978-3-540-72540-4_31",

language = "English (US)",

isbn = "9783540725398",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "534--554",

booktitle = "Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

note = "26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007 ; Conference date: 20-05-2007 Through 24-05-2007",

}

TY - GEN

T1 - Feistel networks made public, and applications

AU - Dodis, Yevgeniy

AU - Puniya, Prashant

PY - 2007

Y1 - 2007

N2 - Feistel Network, consisting of a repeated application of the Feistel Transform, gives a very convenient and popular method for designing "cryptographically strong" permutations from corresponding "cryptographically strong" functions. Up to now, all usages of the Feistel Network, including the celebrated Luby-Rackoff's result, critically rely on (a) the (pseudo)randomness of round functions; and (b) the secrecy of (at least some of) the intermediate round values appearing during the Feistel computation. Moreover, a small constant number of Feistel rounds was typically sufficient to guarantee security under assumptions (a) and (b). In this work we consider several natural scenarios where at least one of the above assumptions does not hold, and show that a constant, or even logarithmic number of rounds is provably insufficient to handle such applications, implying that a new method of analysis is needed. On a positive side, we develop a new combinatorial understanding of Feistel networks, which makes them applicable to situations when the round functions are merely unpredictable rather than (pseudo)random and/or when the intermediate round values may be leaked to the adversary (either through an attack or because the application requires it). In essence, our results show that in any such scenario a super-logarithmic number of Feistel rounds is necessary and sufficient to guarantee security. Of independent interest, our technique yields a novel domain extension method for messages authentication codes and other related primitives, settling a question studied by An and Bellare in CRYPTO 1999.

AB - Feistel Network, consisting of a repeated application of the Feistel Transform, gives a very convenient and popular method for designing "cryptographically strong" permutations from corresponding "cryptographically strong" functions. Up to now, all usages of the Feistel Network, including the celebrated Luby-Rackoff's result, critically rely on (a) the (pseudo)randomness of round functions; and (b) the secrecy of (at least some of) the intermediate round values appearing during the Feistel computation. Moreover, a small constant number of Feistel rounds was typically sufficient to guarantee security under assumptions (a) and (b). In this work we consider several natural scenarios where at least one of the above assumptions does not hold, and show that a constant, or even logarithmic number of rounds is provably insufficient to handle such applications, implying that a new method of analysis is needed. On a positive side, we develop a new combinatorial understanding of Feistel networks, which makes them applicable to situations when the round functions are merely unpredictable rather than (pseudo)random and/or when the intermediate round values may be leaked to the adversary (either through an attack or because the application requires it). In essence, our results show that in any such scenario a super-logarithmic number of Feistel rounds is necessary and sufficient to guarantee security. Of independent interest, our technique yields a novel domain extension method for messages authentication codes and other related primitives, settling a question studied by An and Bellare in CRYPTO 1999.

KW - Domain extension

KW - Feistel network

KW - MACs

KW - PRFs

KW - PRPs

KW - Verifiable random functions/permutations

UR - http://www.scopus.com/inward/record.url?scp=38049138727&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38049138727&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-72540-4_31

DO - 10.1007/978-3-540-72540-4_31

M3 - Conference contribution

AN - SCOPUS:38049138727

SN - 9783540725398

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 534

EP - 554

BT - Advances in Cryptology - EUROCRYPT 2007 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

PB - Springer Verlag

T2 - 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007

Y2 - 20 May 2007 through 24 May 2007

ER -