On the sequential indifferentiability of the Lai–Massey construction

We study the Lai–Massey construction defined over bit strings w.r.t. the notion of sequential indifferentiability, which was introduced by Mandal et al. (in: Cramer (ed) TCC 2012, LNCS, Springer, Heidelberg, vol 7194, pp 285–302, 2012) and formalized known-key security of blockcipher structures. We first exhibit a sequential distinguisher against 5-round Lai–Massey structure when the underlying orthomorphism is linear. This enhances a 2011 result of Aumasson. As our main result, we (for the first time) prove sequential indifferentiability for 6-round Lai–Massey constructions (on bit strings) using six independent random round functions.