Abstract
Luby and Rackoff provided a construction (LR) of 2n-bit (strong) pseudo-random permutation or (S)PRP from n-bit pseudorandom function (PRF), which was motivated by the structure of DES. Their construction consists of four rounds of Feistel permutations (or three rounds, for PRP), each round involves an application of an independent PRF (i.e. with an independent round key). The definition of the LR construction can be extended by reusing round keys in a manner determined by a key-assigning function. So far several key-assigning functions had been analyzed (e.g. LR with 4-round keys K 1, K 2, K 2, K 2 was proved secure whereas K 1, K 2, K 2, K 1 is not secure). Even though we already know some key-assigning functions which give secure and insecure LR constructions, the exact characterization of all secure LR constructions for arbitrary number of rounds is still unknown. Some characterizations were being conjectured which were later shown to be wrong. In this paper we solve this long-standing open problem and (informally) prove the following:
-
LR is secure iff its key-assigning is not palindrome (i.e. the order of key indices is not same with its reverse order).
We also study the class of LR-variants where some of its round functions can be tweaked (our previous characterization would not work for the variants). We propose a single-key LR-variant SPRP, denoted by LRv, making only four invocations of the PRF. It is exactly same as single-key, 4-round LR with an additional operation (e.g. rotation) applied to the first round PRF output. So far the most efficient single-key LR construction is due to Patarin, which requires five invocations. Moreover, we show a PRP-distinguishing attack on a wide class of single-key, LR-variants with three PRF-invocations. So,
-
4 invocations of PRF is minimum for a class of a single-key LR-variants SPRP and LRv is optimum in the class.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)
Iwata, T., Kurosawa, K.: How to Re-use Round Function in Super-Pseudorandom Permutation. Information Security and Privacy, 224–235 (2004)
Koren, T.: On the construction of pseudorandom block ciphers, M.Sc. Thesis (in Hebrew), CS Dept., Technion, Israel (May 1989)
Luby, M., Rackoff, C.: How to construct pseudorandom permutations and pseudorandom functions. 2nd SIAM J. Comput. 17, 373–386 (1988)
Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. J. Cryptology 12(1), 29–66 (1999)
National Bureau of Standards, Data encryption standard, Federal Information Processing Standard, PT U.S. Department of Commerce, FIPS PUB 46, Washington, DC (1977)
Patarin, J.: Pseudorandom permutations based on the DES scheme. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, Springer, Heidelberg (1991)
Patarin, J.: How to construct pseudorandom and super pseudorandom permutations from one single pseudorandom pseudorandom function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 256–266. Springer, Heidelberg (1993)
Patarin, J.: The ”Coefficients H” Technique. Selected Areas in Cryptography 2008, 328–345 (2008)
Pieprzyk, J.: How to construct pseudorandom permutations from single pseudorandom functions. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 140–150. Springer, Heidelberg (1991)
Sadeghiyan, B., Pieprzyk, J.: On necessary and sufficient conditions for the construction of super pseudorandom permutations. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 194–209. Springer, Heidelberg (1993)
Sadeghiyan, B., Pieprzyk, J.: A construction for super pseudorandom permutations from a single pseudorandom function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, Springer, Heidelberg (1992)
Vaudenay, S.: Decorrelation: A Theory for Block Cipher Security. J. Cryptology 16(4), 249–286 (2003)
Zheng, Y., Matsumoto, T., Imai, H.: Impossibility and optimally results on constructing pseudorandom permutations. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 412–422. Springer, Heidelberg (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nandi, M. (2010). The Characterization of Luby-Rackoff and Its Optimum Single-Key Variants. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-17401-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17400-1
Online ISBN: 978-3-642-17401-8
eBook Packages: Computer ScienceComputer Science (R0)