Abstract:Vaudenay (1999) proved that the permutation σ in Lai-Massey scheme should be an orthomorphism or almost orthomorphism. This paper mainly focuses on the principle of the function σ in Lai-Massey scheme, which is described by its resistance to differential and linear attack. It shows that no matter how the group G is defined, if σ is an affine function on G, then it should be defined as an orthomorphism, or else there exists a differentially characteristic with probability 1 and a linearly approximation with correlation coefficient 1, therefore it has potential security risk. Moreover, by the characteristic spectrum in finite group, a new linear relationship between the input and output of Lai-Massey scheme is introduced, which is used to describe the linear relationship lying between the input and the output of Lai-Massey scheme.
付立仕, 金晨辉. 基于仿射非正型σ变换的Lai-Massey模型的密码学缺陷[J]. 电子与信息学报, 2013, 35(10): 2536-2540.
Fu Li-Shi, Jin Chen-Hui. The Cryptographic Weakness of Lai-Massey Scheme with an Affine but not Orthomorphic Bijection σ. , 2013, 35(10): 2536-2540.