Differential and Linear Provable Security of Lai-Massey Scheme
DOI:
Author:
Affiliation:

Clc Number:

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    Lai and Massey designed IDEA in 1991 when Lai-Massey scheme was first used in the algorithm. Vaudenay in 1999 added a function σ which has the orthomorphic or α-almost orthomorphic property in Lai-Massey scheme, and proved that this construction could make Lai-Massey scheme satisfy the Luby-Rackoff theorem. In this paper, the provable security of Lai-Massey scheme against differential and linear cryptanalysis is investigated. Firstly, the infimum of the number of differentially active F-functions in Lai-Massey scheme is given no matter if F is an orthomorphism or not. Secondly, the results in this paper indicate that when F is an orthomorphism, the infimum of the number of differentially active F-functions is the same as that of Feistel scheme. Finally, a dual model is introduced to study the duality between the differential characteristic chains and linear approximation chains in Lai-Massey scheme, which can be used to obtain similar results of linear cryptanalysis for Lai-Massey scheme directly.

    Reference
    Related
    Cited by
Get Citation

付立仕,金晨辉. Lai-Massey模型的差分和线性可证明安全性.软件学报,2013,24(S2):207-215

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 17,2013
  • Revised:October 16,2013
  • Adopted:
  • Online: January 02,2014
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063