Infoscience

Conference paper

On the Lai-Massey scheme

Constructing a block cipher requires us to define a random permutation, which is usually performed by the Feistel scheme and its variants. In this paper we investigate the Lai-Massey scheme which was used in IDEA. We show that we cannot use it “as is” in order to obtain results like the Luby-Rackoff theorem. This can however be done by introducing a simple function which has an orthomorphism property. We also show that this design offers nice decorrelation properties, and we propose a block cipher family called Walnut

Related material