Results 1 
7 of
7
On the Construction of PseudoRandom Permutations: LubyRackoff Revisited
 JOURNAL OF CRYPTOLOGY
, 1997
"... Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewh ..."
Abstract

Cited by 101 (8 self)
 Add to MetaCart
(Show Context)
Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pairwise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following:  Reduce the success probability of the adversary.  Provide a construction of pseudorandom permutations with large input size using pseudorandom functions with small input size.
On the Construction of VariableInputLength Ciphers
 In Fast Software Encryption
, 1998
"... We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" c ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
(Show Context)
We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that resembles a family of random lengthpreserving permutations.) Oddly enough, this question seems not to have been investiaged. We show how to construct variableinput length ciphers starting from any block cipher (ie, a cipher which operates on strings of some fixed length n). We do this by giving a general method starting from a particular kind of pseudorandom function and a particular kind of encryption scheme, and then we give example ways to realize these tools from a block cipher. All of our constructions are proven sound, in the provablesecurity sense of contemporary cryptography. Variableinputlength ciphers can be used to encrypt in the presence of the constraint that the ciphertex...
A PseudoRandom Encryption Mode
 UNPUBLISHED
, 1997
"... Block ciphers are lengthpreserving privatekey encryption schemes. I.e., the private key of a block cipher determines a permutation on strings of the length of its input. This permutation is used for encryption while the inverse permutation is used for decryption. Using a lengthpreserving encry ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Block ciphers are lengthpreserving privatekey encryption schemes. I.e., the private key of a block cipher determines a permutation on strings of the length of its input. This permutation is used for encryption while the inverse permutation is used for decryption. Using a lengthpreserving encryption scheme saves on memory and prevents wasting communication bandwidth. Furthermore, it enables the easy incorporation of the encryption into existing protocols or hardware components.
This note describes a mode of operation for blockciphers that achieves a strong notion of security: If the original blockcipher is a pseudorandom permutation then we get a pseudorandom permutation on the entire message. The description is extracted from [Naor & Reingold, 1997] where a framework for constructing and proving the security of pseudorandom permutations is introduced. In such a construction a pseudorandom permutation \Pi is defined to be the composition of three permutations: \Pi = h_2^1 \circ A \circ h_1. In general, h_1 and h_2^1 are "lightweight", and A is where most of the work is done. Intuitively, there are only a few bad inputs for A and the role of h_1 and h_2^1 is to "filter" out these inputs.
On Message Integrity in Symmetric Encryption
, 2000
"... Distinct notions of message integrity (authenticity) for blockoriented symmetric encryption are defined by integrity goals to be achieved in the face of different types of attacks. These notions are partially ordered by a "dominance" relation. When chosenplaintext attacks are considered, ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Distinct notions of message integrity (authenticity) for blockoriented symmetric encryption are defined by integrity goals to be achieved in the face of different types of attacks. These notions are partially ordered by a "dominance" relation. When chosenplaintext attacks are considered, most integrity goals form a lattice. The lattice is extended when knownplaintext and ciphertextonly attacks are also included. The practical use of the dominance relation and lattice in defining the relative strength of different integrity notions is illustrated with common modes of encryption, such as the "infinite garble extension" modes, and simple, noncryptographic, manipulation detection code functions, such as bitwise exclusiveor and constant functions.
On the Construction of Pseudorandom . . .
 JOURNAL OF CRYPTOLOGY
, 1999
"... Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewh ..."
Abstract
 Add to MetaCart
Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pairwise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following:  Reduce the success probability of the adversary.  Provide a construction of pseudorandom permutations with large inputlength using pseudorandom functions with small inputlength.
On the Construction of VariableInputLength Ciphers
, 1999
"... Abstract Whereas a block cipher enciphers messages of some one particular length (the blocklength), a variableinputlength cipher takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the probl ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Whereas a block cipher enciphers messages of some one particular length (the blocklength), a variableinputlength cipher takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the problem of constructing such objects, and provides a practical solution. Our VIL mode of operation makes a variableinputlength cipher from any block cipher. The method is demonstrably secure in the provablesecurity sense of modern cryptography: we give a quantitative security analysis relating the difficulty of breaking the constructed (variableinputlength) cipher to the difficulty of breaking the underlying block cipher.
On the Construction of PseudoRandom Permutations: LubyRackoff Revisited
"... Abstract Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We redu ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Luby and Rackoff [27] showed a method for constructing a pseudorandom permutation from a pseudorandom function. The method is based on composing four (or three for weakened security) so called Feistel permutations, each of which requires the evaluation of a pseudorandom function. We reduce somewhat the complexity of the construction and simplify its proof of security by showing that two Feistel permutations are sufficient together with initial and final pairwise independent permutations. The revised construction and proof provide a framework in which similar constructions may be brought up and their security can be easily proved. We demonstrate this by presenting some additional adjustments of the construction that achieve the following: ffl Reduce the success probability of the adversary. ffl Provide a construction of pseudorandom permutations with large input size using pseudorandom functions with small input size.