Paper 2022/1245

On Generalizations of the Lai-Massey Scheme

Lorenzo Grassi, Ruhr University Bochum, Bochum, Germany
Abstract

In this paper, we re-investigate the Lai-Massey scheme, originally proposed in the cipher IDEA. Due to the similarity with the Feistel networks, and due to the existence of invariant subspace attacks as originally pointed out by Vaudenay at FSE 1999, the Lai-Massey scheme has received only little attention by the community. As first contribution, we propose two new generalizations of such scheme that are not (extended) affine equivalent to any generalized Feistel network proposed in the literature so far. Then, inspired by the recent Horst construction, we propose the Amaryllises structure as a generalization of the Lai-Massey scheme, in which the linear combination in the Lai-Massey scheme can be replaced by a non-linear one. Besides proposing concrete examples of the Amaryllises construction, we analyze its cryptographic properties, and we compare them with the ones of other existing schemes/constructions published in the literature. Our results show that the Amaryllises construction could have concrete advantages especially in the context of MPC-/FHE-/ZK-friendly primitives.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Generalized/Redundant Lai-MasseyGeneralized AmaryllisesGeneralized FeistelHorst
Contact author(s)
Lorenzo Grassi @ ruhr-uni-bochum de
History
2024-02-20: last of 6 revisions
2022-09-19: received
See all versions
Short URL
https://ia.cr/2022/1245
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2022/1245,
      author = {Lorenzo Grassi},
      title = {On Generalizations of the Lai-Massey Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1245},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1245}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.