Analysis of 3-line generalized Feistel networks with double SD-functions

Authors:
Andrey Bogdanov;Kyoji Shibutani
Affiliations:
Katholieke Universiteit Leuven, ESAT/COSIC and IBBT, Kasteelpark Arenberg 10, 3001 Leuven, Belgium;Sony Corporation, 1-7-1 Konan, Minato-ku, Tokyo 108-0075, Japan
Venue:
Information Processing Letters
Year:
2011

Citing 10
Cited 1

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Finite fields

Finite fields
The Design of Rijndael

The Design of Rijndael
On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A New Keystream Generator MUGI

FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
On Generalized Feistel Structures Using the Diffusion Switching Mechanism

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
On the diffusion of generalized Feistel structures regarding differential and linear cryptanalysis

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
On unbalanced Feistel networks with contracting MDS diffusion

Designs, Codes and Cryptography
The 128-bit blockcipher CLEFIA

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption

On permutation layer of type 1, source-heavy, and target-heavy generalized feistel structures

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security

Quantified Score

Hi-index	0.89

Visualization

Abstract

Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution-diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.