On generalized Feistel networks

Viet Tung Hoang; Phillip Rogaway

Paper 2010/301

On generalized Feistel networks

Viet Tung Hoang and Phillip Rogaway

Abstract

We prove beyond-birthday-bound security for the well-known types of generalized Feistel networks, including: (1) unbalanced Feistel networks, where the $n$ -bit to $m$ -bit round functions may have $n \neq m$ ; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where $n$ -bit to $n$ -bit round functions are used to encipher $k n$ -bit strings for some $k \geq 2$ ; and (4) numeric variants of any of the above, where one enciphers numbers in some given range rather than strings of some given size. Using a unified analytic framework we show that, in any of these settings, for any , with enough rounds, the subject scheme can tolerate CCA attacks of up to adversarial queries, where is the size of the round functions' domain (the size of the larger domain for alternating Feistel). This is asymptotically optimal. Prior analyses for generalized Feistel networks established security to only adversarial queries.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. The conference version of this paper will appear in CRYPTO 2010.
Contact author(s): hviettung @ gmail com
History: 2018-11-29: last of 12 revisions; 2010-05-25: received; See all versions
Short URL: https://ia.cr/2010/301
License: CC BY

BibTeX

@misc{cryptoeprint:2010/301,
      author = {Viet Tung Hoang and Phillip Rogaway},
      title = {On generalized Feistel networks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/301},
      year = {2010},
      url = {https://eprint.iacr.org/2010/301}
}