Questions tagged [luby-rackoff]

A Luby-Rackoff cipher is a Feistel cipher where in each round the nonlinear function used is assumed to be chosen uniformly at random from the set of all such functions. These ciphers are mainly of theoretical interest.

In their paper, Luby and Rackoff show how to construct 2n-bit Pseudorandom Permutations from n-bit random functions. The constructions use three and four rounds in Feistel networks with randomly chosen functions in the round functions. Let L and R be the left, respectively, the right n-bit halves of a 2n-bit input. Then one round of a Feistel network is defined as F(L,R)=(R,L XOR f(R)), where f:{0,1}ⁿ → {0,1}ⁿ is a randomly chosen function.

7 questions

votes

1 answer

Luby-Rackoff theorem confusion

The Luby-Rackoff theorem states that if a round function is a secure pseudorandom function (PRF) then 3 rounds are sufficient to make the block cipher a pseudorandom permutation (PRP). PRPs are invertible whereas PRFs are not. How come 3 rounds of a…

asked Aug 12 '14 at 23:06

BlaX

votes

2 answers

Need for 3 rounds in Luby Rackoff theorem

I get that using Feistel network we can create a secure PRP from a secure PRF (in 3 rounds according to theorem). My question is why not just 2 rounds of Feistel network is sufficient. Is it that the output is random enough compared to a truly…

block-cipher feistel-network luby-rackoff

asked May 16 '16 at 14:46

Kaustubh

votes

2 answers

How do you create a large PRP from a small one?

How can you efficiently create a pseudorandom permutation with a large domain given a PRP with a small domain? Meaning: given an $n$-bit PRP, how can I create an $n k$-bit PRP? I'm only interested in security up to $C 2^{\frac{n}{2}}$ messages, when…

algorithm-design pseudo-random-permutation luby-rackoff

asked Sep 08 '14 at 09:29

user3623227

votes

1 answer

Two Round Feistel network

While reading on block ciphers and DES I read that two-round Feistel network is not a secure PRP? Is there any easy to understand proof to explain the intuition behind this statement. I did search around and also reviewed this question but wasn't…

encryption des pseudo-random-permutation feistel-network luby-rackoff

asked Oct 25 '20 at 08:50

Alex

votes

2 answers

How is this affine function a pair wise independent permutation?

Can anybody explain how the below is true ? $I_n$ denotes the set of all n-bit strings, ${\{0,1\}}^n$. (..) Let $A$ be a finite field then the permutation $f_{(a,b)}(x) = a \cdot x + b$, where $a \ne 0; b \in A$ are uniformly distributed, is…

block-cipher feistel-network luby-rackoff

asked Jul 08 '14 at 14:33

sashank

6,234
4
36
68

votes

1 answer

Why 3 round Feistel cipher are not common

Luby and Rackoff showed that 3 rounds are sufficient to make the Feistel networks a pseudorandom permutation. Question: why are 3 round Feistel Ciphers not common? My thoughts about the round functions of Luby and Rackoff construction are They are…

block-cipher feistel-network luby-rackoff

asked Oct 12 '18 at 20:23

kelalaka

49,797
12
123
211

votes

1 answer

Is there a relation between security of rounds of DES and Luby Rackoff rounds?

DES uses 16 rounds of feistel networks but not considered secure . Where Luby Rackoff constructions which are inspired by DES its proven by Patarin that 7 rounds is secure . Is there a relation between number of rounds in DES and patarin's results ?

des feistel-network luby-rackoff

asked Nov 09 '13 at 07:34

sashank

6,234
4
36
68