Paper 2014/093

The Related-Key Analysis of Feistel Constructions

Manuel Barbosa and Pooya Farshim


It is well known that the classical three- and four-round Feistel constructions are provably secure under chosen-plaintext and chosen-ciphertext attacks, respectively. However, irrespective of the number of rounds, no Feistel construction can resist related-key attacks where the keys can be offset by a constant. In this paper we show that, under suitable reuse of round keys, security under related-key attacks can be provably attained. Our modification is substantially simpler and more efficient than alternatives obtained using generic transforms, namely the PRG transform of Bellare and Cash (CRYPTO 2010) and its random-oracle analogue outlined by Lucks (FSE 2004). Additionally we formalize Luck's transform and show that it does not always work if related keys are derived in an oracle-dependent way, and then prove it sound under appropriate restrictions.

Note: This is the full version of the FSE 2014 paper with the same title.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2014
Feistel constructionLuby--RackoffRelated-key attackPseudorandom permutationRandom oracle.
Contact author(s)
mbb @ di uminho pt
2014-02-23: revised
2014-02-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Manuel Barbosa and Pooya Farshim},
      title = {The Related-Key Analysis of Feistel Constructions},
      howpublished = {Cryptology ePrint Archive, Paper 2014/093},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.