How many queries can you do (concretely, not asymptotically) for a balanced Feistel network with 7 rounds?

Question

In this paper Patarin says that: "for every $\epsilon > 0$, when $m \ll 2^{n(1 - \epsilon)}$ ... for 7 rounds or more it is secure against all adaptive chosen plaintext attacks" where m is the number of queries that the adversary can evaluate.

What concretely is meant by $m \ll 2^{n(1 - \epsilon)}$?

For instance, to have statistical security $2^{-\sigma}$ (e.g. $\sigma = 40$) concretely how many queries can be evaluated?

score 1 · Answer 1 · answered Apr 25 '20 at 23:38

The linked paper is missing a lot of proof details. In any case, it seems impossible to say anything concrete for finite $n$ due to the existence of terms in $O(\cdot)$ notation in the bounds. You simply do not know how large those implied constants are.

How many queries can you do (concretely, not asymptotically) for a balanced Feistel network with 7 rounds?

1 Answers1