On Lai-Massey and quasi-Feistel ciphers (Q629883)

For finite sets \(\mathcal{X}\), \(\mathcal{Y}\) a combiner over \((\mathcal{X},\mathcal{Y})\) is a parameterized family \(\Gamma = {\{ {\Gamma _z}\} _{z \in \mathcal{Y}}}\) of quasigroups \({\Gamma _z}:{\mathcal{X}^2} \to \mathcal{X}\), denote \({\Gamma _z}(x,y) = \Gamma \left[\left[ {x*y|z} \right]\right]\). Let \(b > 1\), \(r > 1\) be fixed integers, \(\Gamma\)- a combiner over \((\mathcal{X},{\mathcal{X}^{b - 1}})\), \(P,Q:{\mathcal{X}^b} \to {\mathcal{X}^b}\) - permutations. For \({f_1},...,{f_r}:{\mathcal{X}^{b - 1}} \to \mathcal{X}\) the \(b\)-branched \(r\)-round quasi-Feistel cipher \(\Psi = \Psi _{P,Q}^{b,r}({f_1},...,{f_r}):{\mathcal{X}^b} \to {\mathcal{X}^b}\) is defined by \(y = \Psi (x)\) iff: 1. \(({z_0},...,{z_{b - 1}}) \leftarrow P(x)\); 2. \({z_{i + b - 1}} \leftarrow \Gamma \left[\left[ {{z_{i - 1}}*{f_i}({z_i}...{z_{i + b - 2}})|{z_i}...{z_{i + b - 2}}} \right]\right]\), \(i = 1,...,r\); 3. \(y \leftarrow {Q^{ - 1}}({z_r},...,{z_{r + b - 1}})\). Quasi-Feistel cipher is a generalization of the Feistel cipher and contains the Lai-Massey cipher; the birthday security of \((2b - 1)\)- and \((3b - 2)\)-round quasi-Feistel ciphers against CPA and CPCA attacks is shown.