Advertisement

Unbalanced Feistel networks and block cipher design

  • Bruce Schneier
  • John Kelsey
Block Ciphers — Proposals
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)

Abstract

We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security.

Keywords

Block Cipher Stream Cipher Differential Attack Source Block Target Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [AB96]
    R. Anderson and E. Biham, “Two Practical and Provably Secure Block Ciphers: BEAR and LION,” Proceedings of the Cambridge Algorithms Workshop, 1996, to appear.Google Scholar
  2. [AT93]
    C.M. Adams and S.E. Tavares, “Designing S-boxes for Ciphers Resistant to Differential Cryptanalysis,” Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy, 15–16 Feb 1993, pp. 181–190.Google Scholar
  3. [BB93]
    I. Ben-Aroya and E. Biham, “Differential Cryptanalysis of Lucifer,” Advances in Cryptology —CRYPTO '93 Proceedings, Spinger-Verlag, 1994.Google Scholar
  4. [Bih95]
    E. Biham, “On Matsui's Linear Cryptanalysis,” Advances in Cryptology — EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.Google Scholar
  5. [BJ77]
    G. Bhattacharyya and R. Johnson, Statistical Concepts and Methods, John Wiley and Sons, 1977.Google Scholar
  6. [BS93]
    E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  7. [BS95]
    M. Blaze and B. Schneier, “The MacGuffin Block Cipher Algorithm,” Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 97–110.Google Scholar
  8. [BPS93]
    L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry, “Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI,” Advances in Cryptology — ASIACRYPT '91 Proceedings, Springer-Verlag, 1993, pp. 36–50.Google Scholar
  9. [CDN95]
    G. Carter, E. Dawson, and L. Nielsen, “DESV: A Latin Square Variation of DES,” Proceedings of the Workshop on Selected Areas in Cryptography, Ottawa, Canada, 1995.Google Scholar
  10. [DGV94]
    J. Daemen, R. Govaerts, and J. Vandewalle, “A New Approach to Block Cipher Design,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 18–32.Google Scholar
  11. [Dae95]
    J. Daemen, “Cipher and Hash Function Design,” Ph.D Thesis, Katholieke Universiteit Leuven, Mar 95.Google Scholar
  12. [Fei73]
    H. Feistel, “Cryptography and Computer Privacy,” Scientific American, v. 228, n. 5, May 1973, pp. 15–23.Google Scholar
  13. [GOST89]
    GOST, Gosudarstvennyi Standard 28147-89, “Cryptographic Protection for Data Processing Systems,” Government Committee of the USSR for Standards, 1989.Google Scholar
  14. [HKM95]
    C. Harpes, G. Kramer, J. Massey, “A Generalization of Linear Cryptanalysis and the Applicability f Matsui's Piling-up Lemma,” Advances in Cryptology — EUROCRYPT '95 Proceedings, Springer, 1995, pp. 24–38.Google Scholar
  15. [Knu93]
    L.R. Knudsen, “Iterative Characteristics of DES and s2 DES,” Advances in Cryptology — CRYPTO '92, Springer-Verlag, 1993, pp. 497–511.Google Scholar
  16. [Knu94a]
    L.R. Knudsen, “Block Ciphers — Analysis, Design, Applications,” Ph.D. dissertation, Aarhus University, Nov 1994.Google Scholar
  17. [Knu94b]
    L.R. Knudsen, “Practically Secure Feistel Ciphers,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 211–221.Google Scholar
  18. [Knu95]
    L.R. Knudsen, personal communication.Google Scholar
  19. [Mer91]
    R.C. Merkle, “Fast Software Encryption Functions,” Advances in Cryptology — CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 476–501.Google Scholar
  20. [NBS77]
    National Bureau of Standards, NBS FIPS PUB 46, “Data Encryption Standard,” National Bureau of Standards, U.S. Department of Commerce, Jan 1977.Google Scholar
  21. [NIST93]
    National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure Hash Standard,” U.S. Department of Commerce, May 93.Google Scholar
  22. [Nyb91]
    K. Nyberg, “Perfect Nonlinear S-boxes,” Advances in Cryptology — EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 378–386.Google Scholar
  23. [Nyb93]
    K. Nyberg, “On the Construction of Highly Nonlinear Permutations,” Advances in Cryptology — EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 92–98.Google Scholar
  24. [Nyb94]
    K. Nyberg, “Differentially Uniform Mappings for Cryptography,” Advances in Cryptology — EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 55–64.Google Scholar
  25. [NK95]
    K. Nyberg and L.R. Knudsen, “Provable Security Against Differential Cryptanalysis,” Journal of Cryptology, v. 8, n. 1, 1995, pp. 27–37.Google Scholar
  26. [OCo94a]
    L. O'Connor, “Enumerating Nondegenerate Permutations,” Advances in Cryptology — EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 368–377.Google Scholar
  27. [OCo94b]
    L. O'Connor, “On the Distribution of Characteristics in Bijective Mappings,” Advances in Cryptology — EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 360–370.Google Scholar
  28. [OCo94c]
    L. O'Connor, “On the Distribution of Characteristics in Composite Permutations,” Advances in Cryptology — CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 403–412.Google Scholar
  29. [PR95]
    B. Preneel and V. Rijmen, “Cryptanalysis of MacGuffin,” Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 353–358.Google Scholar
  30. [RIPE92]
    Research and Development in Advanced Communication Technologies in Europe, RIPE Integrity Primitives: Final Report of RACE Integrity Primitives Evaluation (R1040), RACE, June 1992.Google Scholar
  31. [Riv91]
    R.L. Rivest, “The MD4 Message Digest Algorithm,” Advances in Cryptology — CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 303–311.Google Scholar
  32. [Riv92]
    R.L. Rivest, “The MD5 Message Digest Algorithm,” RFC 1321, Apr 1992.Google Scholar
  33. [Riv95]
    R.L. Rivest, “The RC5 Encryption Algorithm,” Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 86–96.Google Scholar
  34. [Sch83]
    I. Schaumuller-Bichl, “On the Design and Analysis of New Cipher Systems Related to the DES,” Technical Report, Linz University, 1983.Google Scholar
  35. [Sch94a]
    B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996.Google Scholar
  36. [Sch94b]
    B. Schneier, “Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish),” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 191–204.Google Scholar
  37. [Sha49]
    C.E. Shannon, “Communication Theory of Secrecy Systems,” Bell Systems Technical Journal, v. 27, n. 4, 1948, pp. 379–423.Google Scholar
  38. [SM88]
    A. Shimizu and S. Miyaguchi, “Fast Data Encipherment Algorithm FEAL,” Advances in Cryptology — EUROCRYPT '87 Proceedings, Springer-Verlag, 1988, pp. 267–278.Google Scholar
  39. [Vau96]
    S. Vaudenay, “On the Weak Keys in Blowfish,” Proceedings of the Cambridge Algorithms Workshop, 1996, to appear.Google Scholar
  40. [Wag95]
    D. Wagner, personal communication.Google Scholar
  41. [Win84]
    R.S. Winternitz, “Producing One-Way Hash Functions from DES,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203–207.Google Scholar
  42. [ZPS93]
    Y. Zheng, J. Pieprzyk, and J. Seberry, “HAVAL — A One-Way Hashing Algorithm with Variable Length of Output,” Advances in Cryptology — AUSCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 83–104Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Bruce Schneier
    • 1
  • John Kelsey
    • 1
  1. 1.Counterpane SystemsMinneapolis

Personalised recommendations