Initiated by Luby and Rackoff (SIAM J. Computing, ’88), the information theoretic security of Feistel networks built upon random functions has been extensively studied. In sharp contrast, the exact security of Feistel networks built upon invertible random permutations remains largely unknown, particularly in the regime of beyond-birthday-bound. To bridge this gap, we reduce the problem to counting solutions to systems of linear equations and non-equations, and then derive lower bounds for the number of such solutions via a technical lemma. These yield known-plaintext security against $$2^{2n/3}$$ 2 2 n / 3 adversarial queries at 3 rounds, $$2^{2n/3}$$ 2 2 n / 3 chosen-plaintext security at 5 rounds, and $$2^{2n/3}$$ 2 2 n / 3 chosen-ciphertext security at 7 rounds. To our knowledge, these are the first beyond-birthday bounds for permutation-based Feistel. As potential applications, these give rise to beyond-birthday secure domain extenders for blockciphers with efficiency among the best known.

中文翻译：

---

基于排列的 Feistel 网络的超生日安全

由 Luby 和 Rackoff (SIAM J. Computing, '88) 发起，建立在随机函数上的 Feistel 网络的信息理论安全性得到了广泛的研究。与此形成鲜明对比的是，建立在可逆随机排列上的 Feistel 网络的确切安全性在很大程度上仍然未知，尤其是在不受生日限制的情况下。为了弥补这一差距，我们将问题简化为计算线性方程组和非方程组的解，然后通过技术引理推导出此类解的数量下界。这些在 3 轮时针对 $$2^{2n/3}$$ 2 2 n / 3 个对抗性查询产生已知明文安全性，在 5 轮时 $$2^{2n/3}$$ 2 2 n / 3 选择明文安全性, 和 $$2^{2n/3}$$ 2 2 n / 3 7 轮选择密文安全性。据我们所知，这些是基于排列的 Feistel 的第一个超越生日界限。作为潜在的应用，这些产生了用于分组密码的超生日安全域扩展器，其效率是最著名的。