Paper 2022/1245
On Generalizations of the Lai-Massey Scheme
, Ruhr University Bochum, Bochum, GermanyAbstract
In this paper, we re-investigate the Lai-Massey scheme, originally proposed in the cipher IDEA. Due to the similarity with the Feistel networks, and due to the existence of invariant subspace attacks as originally pointed out by Vaudenay at FSE 1999, the Lai-Massey scheme has received only little attention by the community. As first contribution, we propose two new generalizations of such scheme that are not (extended) affine equivalent to any generalized Feistel network proposed in the literature so far. Then, inspired by the recent Horst construction, we propose the Amaryllises structure as a generalization of the Lai-Massey scheme, in which the linear combination in the Lai-Massey scheme can be replaced by a non-linear one. Besides proposing concrete examples of the Amaryllises construction, we analyze its cryptographic properties, and we compare them with the ones of other existing schemes/constructions published in the literature. Our results show that the Amaryllises construction could have concrete advantages especially in the context of MPC-/FHE-/ZK-friendly primitives.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- Generalized/Redundant Lai-MasseyGeneralized AmaryllisesGeneralized FeistelHorst
- Contact author(s)
- Lorenzo Grassi @ ruhr-uni-bochum de
- History
- 2024-02-20: last of 6 revisions
- 2022-09-19: received
- See all versions
- Short URL
- https://ia.cr/2022/1245
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2022/1245,
author = {Lorenzo Grassi},
title = {On Generalizations of the Lai-Massey Scheme},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1245},
year = {2022},
url = {https://eprint.iacr.org/2022/1245}
}
