Paper 2024/1456
Crooked Indifferentiability of the Feistel Construction
Abstract
The Feistel construction is a fundamental technique for building pseudorandom permutations and block ciphers. This paper shows that a simple adaptation of the construction is resistant, even to algorithm substitution attacks---that is, adversarial subversion---of the component round functions. Specifically, we establish that a Feistel-based construction with more than $337n/\log(1/\epsilon)$ rounds can transform a subverted random function---which disagrees with the original one at a small fraction (denoted by $\epsilon$) of inputs---into an object that is \emph{crooked-indifferentiable} from a random permutation, even if the adversary is aware of all the randomness used in the transformation. Here, $n$ denotes the length of both the input and output of the round functions that underlie the Feistel cipher. We also provide a lower bound showing that the construction cannot use fewer than $2n/\log(1/\epsilon)$ rounds to achieve crooked-indifferentiable security.
Note: This is the extended version of the conference paper that will be presented at Asiacrypt2024. It includes proofs that were omitted from the conference paper due to page limitations.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2024
- Keywords
- kleptographic AttackCrooked-indifferentiabilityFeistel Construction
- Contact author(s)
-
acr @ cse uconn edu
qiang tang @ sydney edu au
zhujiadong2016 @ 163 com - History
- 2024-09-24: revised
- 2024-09-18: received
- See all versions
- Short URL
- https://ia.cr/2024/1456
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1456,
author = {Alexander Russell and Qiang Tang and Jiadong Zhu},
title = {Crooked Indifferentiability of the Feistel Construction},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1456},
year = {2024},
url = {https://eprint.iacr.org/2024/1456}
}
