International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Revisiting Key-Alternating Feistel Ciphers for Shorter Keys and Multi-user Security

Chun Guo
Lei Wang
DOI: 10.1007/978-3-030-03326-2_8
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2018
Abstract: Key-Alternating Feistel (KAF) ciphers, a.k.a. Feistel-2 models, refer to Feistel networks with round functions of the form $$F_i(k_i\oplus x_i)$$, where $$k_i$$ is the (secret) round-key and $$F_i$$ is a public random function. This model roughly captures the structures of many famous Feistel ciphers, and the most prominent instance is DES.Existing provable security results on KAF assumed independent round-keys and round functions (ASIACRYPT 2004 & FSE 2014). In this paper, we investigate how to achieve security under simpler and more realistic assumptions: with round-keys derived from a short main-key, and hopefully with identical round functions.For birthday-type security, we consider 4-round KAF, investigate the minimal conditions on the way to derive the four round-keys, and prove that when such adequately derived keys and the same round function are used, the 4-round KAF is secure up to $$2^{n/2}$$ queries.For beyond-birthday security, we focus on 6-round KAF. We prove that when the adjacent round-keys are independent, and independent round-functions are used, the 6 round KAF is secure up to $$2^{2n/3}$$ queries. To our knowledge, this is the first beyond-birthday security result for KAF without assuming completely independent round-keys.Our results hold in the multi-user setting as well, constituting the first non-trivial multi-user provable security results on Feistel ciphers. We finally demonstrate applications of our results on designing key-schedules and instantiating keyed sponge constructions.
  title={Revisiting Key-Alternating Feistel Ciphers for Shorter Keys and Multi-user Security},
  booktitle={Advances in Cryptology – ASIACRYPT 2018},
  series={Lecture Notes in Computer Science},
  author={Chun Guo and Lei Wang},