Pseudorandomness Analysis of the Lai-Massey Scheme

Yiyuan Luo, Xuejia Lai, Zheng Gong, and Zhongming Wu

Abstract

At Asiacrypt’99, Vaudenay modified the structure in the IDEA cipher to a new scheme, which they called as the Lai-Massey scheme. It is proved that 3-round Lai-Massey scheme is sufficient for pseudorandomness and 4-round Lai-Massey scheme is sufficient for strong pseudorandomness. But the author didn’t point out whether three rounds and four rounds are necessary for the pseudorandomness and strong pseudorandomness of the Lai-Massey Scheme. In this paper we find a two round pseudorandomness distinguisher and a three-round strong pseudorandomness distinguisher, thus prove that three rounds is necessary for the pseudorandomness and four rounds is necessary for the strong pseudorandomness.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
PsuedorandomnessLai-Massey
Contact author(s)
luoyiyuan @ sjtu edu cn
History
Short URL
https://ia.cr/2009/266

CC BY

BibTeX

@misc{cryptoeprint:2009/266,
author = {Yiyuan Luo and Xuejia Lai and Zheng Gong and Zhongming Wu},
title = {Pseudorandomness Analysis of the Lai-Massey Scheme},
howpublished = {Cryptology ePrint Archive, Paper 2009/266},
year = {2009},
note = {\url{https://eprint.iacr.org/2009/266}},
url = {https://eprint.iacr.org/2009/266}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.