Abstract
We analyze the security of the Thorp shuffle, or, equivalently, a maximally unbalanced Feistel network. Roughly said, the Thorp shuffle on N cards mixes any N1 − 1/r of them in \(O(r\lg N)\) steps. Correspondingly, making O(r) passes of maximally unbalanced Feistel over an n-bit string ensures CCA-security to 2n(1 − 1/r) queries. Our results, which employ Markov-chain techniques, enable the construction of a practical and provably-secure blockcipher-based scheme for deterministically enciphering credit card numbers and the like using a conventional blockcipher.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aiello, W., Venkatesan, R.: Foiling birthday attacks in length-doubling transformations: Benes: a non-reversible alternative to Feistel. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)
Aldous, D., Diaconis, P.: Shuffling cards and stopping times. American Mathematical Monthly 93, 333–348 (1986)
Aldous, D., Diaconis, P.: Strong uniform times and finite random walks. Advances in Applied Mathematics 8(1), 69–97 (1987)
Bayer, D., Diaconis, P.: Tracing the dovetail shuffle to its lair. Annals of Applied Probability 2(2), 294–313 (1992)
Bellare, M., Ristenpart, T.: Format-preserving encryption. Cryptology ePrint report 2009/251
Black, J., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002)
Brightwell, M., Smith, H.: Using datatype-preserving encryption to enhance data warehouse security. In: 20th National Information Systems Security Conference Proceedings (NISSC), pp. 141–149 (1997)
Czumaj, A., Kanarek, P., Kutyłowski, M., Loryś, K.: Fast generation of random permutations via networks simulation. Algorithmica 21(1) (May 1998)
Desai, A., Miner, S.: Concrete security characterizations of PRFs and PRPs: reductions and applications. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 503–516. Springer, Heidelberg (2000)
Diaconis, P.: Group representations in Probability and Statistics. Lecture Notes—Monograph series, vol. 11. Institute of Mathematical Statistics (1988)
Diaconis, P., Fill, J.: Strong stationary times via a new form of duality. Annals of Probability 18(4), 1483–1522 (1990)
Granboulan, L., Pornin, T.: Perfect block ciphers with small blocks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 452–465. Springer, Heidelberg (2007)
Håstad, J.: The square lattice shuffle. Random Structures and Algorithms 29(4), 466–474 (2006)
Kaplan, E., Naor, M., Reingold, O.: Derandomized constructions of k-wise (almost) independent permutations. In: Chekuri, C., Jansen, K., Rolim, J.D.P., Trevisan, L. (eds.) APPROX 2005 and RANDOM 2005. LNCS, vol. 3624, pp. 354–365. Springer, Heidelberg (2005)
Levin, D., Peres, Y., Wilmer, E.: Markov chains and mixing times. American Mathematical Society (2008)
Liskov, M., Rivest, R., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. on Computing 17(2), 373–386 (1988)
Lucks, S.: Faster Luby-Rackoff ciphers. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 180–203. Springer, Heidelberg (1996)
Maurer, U.: A simplified and generalized treatment of Luby-Rackoff pseudorandom permutation generators. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 239–255. Springer, Heidelberg (1993)
Maurer, U., Pietrzak, K.: The security of many-round Luby-Rackoff pseudo-random permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003)
Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007)
Montenegro, R., Tetali, P.: Mathematical aspects of mixing times in Markov chains. Foundations and Trends in Theoretical Computer Science 1(3) (2006)
Morris, B.: Improved mixing time bounds for the Thorp shuffle and L-reversal chain (February 4, 2008) arXiv:0802.0339
Morris, B.: The mixing time for simple exclusion. Annals of Applied Probability 16(2) (2006)
Morris, B.: The mixing time of the Thorp shuffle. SIAM J. on Computing 38(2), 484–504 (2008); Earlier version in STOC 2005
Morris, B., Peres, Y.: Evolving sets, mixing and heat kernel bounds. Probability Theory and Related Fields 133(2), 245–266 (2005)
Naor, M., Reingold, O.: On the construction of pseudo-random permutations: Luby-Rackoff revisited. J. of Cryptology 12(1), 29–66 (1999)
Patarin, J.: Generic attacks on Feistel schemes. Cryptology ePrint report 2008/036
Patarin, J.: Luby-Rackoff: 7 rounds are enough for 2n(1 − ε) security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 513–529. Springer, Heidelberg (2003)
Patarin, J.: A proof of security in O(2n) for the Benes scheme. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 209–220. Springer, Heidelberg (2008)
Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)
Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. J. of Cryptology 13(3), 315–338 (2000)
Rogaway, P.: A synopsis of format-preserving encryption (manuscript) (September 2008)
Rudich, S.: Limits on the provable consequences of one-way functions. Ph.D. Thesis, UC Berkeley (1989)
Saloff-Coste, L.: Random walks on finite groups. In: Kesten, H. (ed.) Probability on Discrete Structures. Encyclopedia of Mathematical Sciences, vol. 110, pp. 263–346. Springer, Heidelberg (2004)
Schneier, B., Kelsey, J.: Unbalanced Feistel networks and block-cipher design. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)
Spies, T.: Feistel finite set encryption. NIST submission (February 2008), http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html
Spies, T.: Personal communications (February 2009)
Steiger, W.: A best possible Kolmogoroff-type inequality for martingales and a characteristic property. Annals of Mathematical Statistics 40, 764–769 (1969)
Thorp, E.: Nonrandom shuffling with applications to the game of Faro. Journal of the American Statistical Association 68, 842–847 (1973)
Zechner, H.: Efficient sampling from continuous and discrete distributions. Ph.D. Thesis, Institute for Statistics, TU Graz (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Morris, B., Rogaway, P., Stegers, T. (2009). How to Encipher Messages on a Small Domain. In: Halevi, S. (eds) Advances in Cryptology - CRYPTO 2009. CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03356-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-03356-8_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03355-1
Online ISBN: 978-3-642-03356-8
eBook Packages: Computer ScienceComputer Science (R0)