On the differential and linear efficiency of balanced Feistel networks

Authors:
Andrey Bogdanov
Affiliations:
Katholieke Universiteit Leuven, ESAT/COSIC and IBBT, Kasteelpark Arenberg 10, 3001 Leuven, Belgium
Venue:
Information Processing Letters
Year:
2010

Citing 7
Cited 3

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Finite fields

Finite fields
The Design of Rijndael

The Design of Rijndael
Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function

SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis

SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Provable Security Against Differential Cryptanalysis

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Provable Security against Differential and Linear Cryptanalysis for the SPN Structure

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption

Double SP-functions: enhanced generalized feistel networks

ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
The provable constructive effect of diffusion switching mechanism in CLEFIA-type block ciphers

Information Processing Letters
Generalized Feistel networks revisited

Designs, Codes and Cryptography

Quantified Score

Hi-index	0.89

Visualization

Abstract

Balanced Feistel networks (BFN) have been widely used for constructing efficient block ciphers. They are known to provide high efficiency with respect to differential and linear cryptanalysis, when instantiated with SL-type round functions (BFN-SL). This work suggests that BFNs attain higher efficiency when the round function is defined as a composition of two substitution layers connected by a linear diffusion layer (SLS-type round function). The resulting structure is called BFN-SLS. Tight upper bounds on the differential and linear trail probabilities are proven for such constructions. When compared to BFN-SL with single-round diffusion, BFN-SLS exhibits an increase by almost 1/3 in the proportion of active S-boxes. When compared to BFN-SL with multiple-round diffusion, BFN-SLS provides the same proportion of active S-boxes, requiring, however, twice less linear operations and a single diffusion matrix for all rounds. It is argued that the cost of linear operations cannot be ignored when dealing with efficiency. Different BFNs are compared under consideration of the relative complexity of linear and nonlinear finite field operations. As a result, since BFN-SLS minimizes the number of necessary linear operations, its efficiency is higher than that of the known BFN-SL constructions.