On the Pseudorandomness of the AES Finalists - RC6 and Serpent
Luby and Rackoff idealized DES by replacing each round function with one large random function. In this paper, we introduce a primitive-wise idealization in which some of the primitive operations of the round function are left untouched and some of them are replaced with small random functions or permutations. We then prove that a four round primitive-wise idealized RC6 is not a pseudorandom permutation and a three round primitive-wise idealized Serpent is a superpseudorandom permutation.
- 1.R. Anderson, E. Biham and L. Knudsen. Serpent: a proposal for the Advanced Encryption Standard. AES proposal, available on: http://www.cl.cam.ac.uk/~rja14/serpent.html.
- 2.C. Burwick, D. Coppersmith, E. D'Avignon, R. Gennaro, S. Halevi, C. Jutla, S. M. Matyas Jr., L. O'Connor, M. Peyravian, D. Safford and N. Zunic. MARS-a candidate cipher for AES. AES proposal, available on: http://www.research.ibm.com/security/mars.html.
- 3.J. Daemen and V. Rijmen. AES proposal: Rijndael. AES proposal, available on: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/.
- 6.R. L. Rivest, M. J. B. Robshaw, R. Sidney and Y. L. Yin. The RC6 Block Cipher. v1.1. AES proposal, available on: http://www.rsa.com/rsalabs/aes/.
- 7.B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson. Twofish: a 128-bit block cipher. AES proposal, available on: http://www.counterpane.com/twofish.html.
- 8.S. Vaudenay and S. Moriai. Comparison of the randomness provided by some AES candidates. Rump session at AES2.Google Scholar