Results 1 
5 of
5
On the Construction of PseudoRandom Permutations: LubyRackoff Revisited
 JOURNAL OF CRYPTOLOGY
, 1997
"... Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewh ..."
Abstract

Cited by 93 (8 self)
 Add to MetaCart
Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pairwise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following:  Reduce the success probability of the adversary.  Provide a construction of pseudorandom permutations with large input size using pseudorandom functions with small input size.
On the Construction of VariableInputLength Ciphers
 In Fast Software Encryption
, 1998
"... We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that resembles a family of random lengthpreserving permutations.) Oddly enough, this question seems not to have been investiaged. We show how to construct variableinput length ciphers starting from any block cipher (ie, a cipher which operates on strings of some fixed length n). We do this by giving a general method starting from a particular kind of pseudorandom function and a particular kind of encryption scheme, and then we give example ways to realize these tools from a block cipher. All of our constructions are proven sound, in the provablesecurity sense of contemporary cryptography. Variableinputlength ciphers can be used to encrypt in the presence of the constraint that the ciphertex...
A PseudoRandom Encryption Mode
 UNPUBLISHED
, 1997
"... Block ciphers are lengthpreserving privatekey encryption schemes. I.e., the private key of a block cipher determines a permutation on strings of the length of its input. This permutation is used for encryption while the inverse permutation is used for decryption. Using a lengthpreserving encry ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Block ciphers are lengthpreserving privatekey encryption schemes. I.e., the private key of a block cipher determines a permutation on strings of the length of its input. This permutation is used for encryption while the inverse permutation is used for decryption. Using a lengthpreserving encryption scheme saves on memory and prevents wasting communication bandwidth. Furthermore, it enables the easy incorporation of the encryption into existing protocols or hardware components.
This note describes a mode of operation for blockciphers that achieves a strong notion of security: If the original blockcipher is a pseudorandom permutation then we get a pseudorandom permutation on the entire message. The description is extracted from [Naor & Reingold, 1997] where a framework for constructing and proving the security of pseudorandom permutations is introduced. In such a construction a pseudorandom permutation \Pi is defined to be the composition of three permutations: \Pi = h_2^1 \circ A \circ h_1. In general, h_1 and h_2^1 are "lightweight", and A is where most of the work is done. Intuitively, there are only a few bad inputs for A and the role of h_1 and h_2^1 is to "filter" out these inputs.
On Message Integrity in Symmetric Encryption
, 2000
"... Distinct notions of message integrity #authenticity# for blockoriented symmetric encryption are de #ned byintegrity goals to be achieved in the face of di#erenttypes of attacks. These notions are partially ordered by a #dominance" relation. When chosenplaintext attacks are considered, most integr ..."
Abstract
 Add to MetaCart
Distinct notions of message integrity #authenticity# for blockoriented symmetric encryption are de #ned byintegrity goals to be achieved in the face of di#erenttypes of attacks. These notions are partially ordered by a #dominance" relation. When chosenplaintext attacks are considered, most integrity goals form a lattice. The lattice is extended when knownplaintext and ciphertextonly attacks are also included. The practical use of the dominance relation and lattice in de#ning the relative strength of di#erent integrity notions is illustrated with common modes of encryption, such as the #in#nite garble extension" modes, and simple, noncryptographic, manipulation detection code functions, such as bitwise exclusiveor and constant functions. 1 Introduction The fact that encryption does not provide message integrity #authenticity# is generally wellunderstood #19#, and so is the fact that often #encryption without integritychecking is all but useless" #8#. Less wellunderstood is the ...
On the Construction of Pseudorandom . . .
 JOURNAL OF CRYPTOLOGY
, 1999
"... Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewh ..."
Abstract
 Add to MetaCart
Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pairwise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following:  Reduce the success probability of the adversary.  Provide a construction of pseudorandom permutations with large inputlength using pseudorandom functions with small inputlength.