Related-Key Analysis Of Generalized Feistel Networks With Contracting Round Functions

Block cipher is one of the core research directions in the field of cryptography.It is widely used in data encryption,message authentication code,hash function,stream cipher and pseudorandom number generator,and key management.In different block cipher algorithm design,block cipher algorithm using Feistel structure has a large number of applications.A popular approach to analyzing the security of Feistel networks,pioneered by Luby and Rackoff in 1988,is to model the round function as a secret random function.This allows proving its information theoretic indistinguishability,i.e.,any distinguisher should not be able to distinguish the Feistel network from a random permutation on 2n-bit strings.With this model,Luby and Rackoff proved the security for 4 rounds Feistel networks.After Schneier and Kelsey proposed the unbalanced Feistel networks in 1996,it has been proved that CFN and AFN could all achieve CCA security up to 2(1-ε)m adversarial queries,at the cost of a logarithmic number of rounds.Despite the asymptotically optimal provable bounds,generalized Feistel networks using contracting functions remain far less understood regarding security in the Related Key Attacks(RKAs)model.In this thesis,we consider the unbalanced Feistel networks using contracting function including CFN and AFN.This thesis extend the prior provable related-key analysis of generalized Feistel networks(Barbosa and Farshim,FSE,2014)to the setting of contracting functions.The core step of our proof consists of analyzing information theoretic indistinguishability of CFNs and AFNs bulit upon ideal keyed functions,which will employ the H-coefficient technique.Our results show that provable related-key CCA security is achieved with[m/n]+3 rounds,as long as the CFN uses two independent main keys K1,K2 in all the rounds in a close-toalternating manner,and a constant number of 4 rounds are sufficient to achieve relatedkey CCA security up to 2n/2 adversarial queries for AFN with two independent keys are alternatively used in each round.Moreover,with RKA secure VIL PRFs,our results provide new approaches to construct related-key secure variable-input-length block ciphers from related-key secure PRFs,which may find applications in the context of,e.g.,non-malleable codes for VIL messages,and wide tweakable block ciphers.meanwhile the results also provide additional theoretical support for the NIST standards FF1 and FF3.In addition,our results can be applied to halve the amount of keys of LIONESS block cipher while boosting provable security.