The Related-Key Analysis of Feistel Constructions [chapter]

Manuel Barbosa, Pooya Farshim
2015 Lecture Notes in Computer Science  
It is well known that the classical three-and four-round Feistel constructions are provably secure under chosen-plaintext and chosen-ciphertext attacks, respectively. However, irrespective of the number of rounds, no Feistel construction can resist related-key attacks where the keys can be offset by a constant. In this paper we show that, under suitable reuse of round keys, security under related-key attacks can be provably attained. Our modification is simpler and more efficient than
more » ... es obtained using generic transforms, namely the PRG transform of Bellare and Cash (CRYPTO 2010) and its random-oracle analogue outlined by Lucks (FSE 2004). Additionally we formalize Luck's transform and show that it does not always work if related keys are derived in an oracle-dependent way, and then prove it sound under appropriate restrictions.
doi:10.1007/978-3-662-46706-0_14 fatcat:gg7huflgxvebdns7mcphyuma5u