On the primitivity of Lai-Massey schemes

TL;DR

This paper investigates the conditions under which Lai-Massey schemes, a cryptographic structure combining features of SPNs and Feistel networks, generate primitive groups, thus resisting imprimitivity attacks.

Contribution

It reduces the problem of proving Lai-Massey's primitivity to the simpler problem of primitivity in related SPNs, providing a new theoretical insight.

Findings

Primitivity of Lai-Massey schemes can be established via related SPN groups.

The study offers conditions to avoid imprimitivity attacks in Lai-Massey schemes.

Provides a theoretical framework linking Lai-Massey and SPN primitivity.

Abstract

In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the receipt to avoid the imprimitivity attack. In this paper a similar study is proposed on the subject of the Lai-Massey scheme, a framework which combines both Substitution Permutation Network and Feistel Network features. Its resistance to the imprimitivity attack is obtained as a consequence of a more general result in which the problem of proving the primitivity of the Lai-Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network.