Cryptology ePrint Archive: Report 2009/266

Pseudorandomness Analysis of the Lai-Massey Scheme

Yiyuan Luo and Xuejia Lai and Zheng Gong and Zhongming Wu

Abstract: At Asiacrypt’99, Vaudenay modified the structure in the IDEA cipher to a new scheme, which they called as the Lai-Massey scheme. It is proved that 3-round Lai-Massey scheme is sufficient for pseudorandomness and 4-round Lai-Massey scheme is sufficient for strong pseudorandomness. But the author didn’t point out whether three rounds and four rounds are necessary for the pseudorandomness and strong pseudorandomness of the Lai-Massey Scheme. In this paper we find a two round pseudorandomness distinguisher and a three-round strong pseudorandomness distinguisher, thus prove that three rounds is necessary for the pseudorandomness and four rounds is necessary for the strong pseudorandomness.

Category / Keywords: secret-key cryptography / Psuedorandomness, Lai-Massey

Date: received 5 Jun 2009

Contact author: luoyiyuan at sjtu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20090609:144815 (All versions of this report)

Short URL: ia.cr/2009/266

Discussion forum: Show discussion | Start new discussion