On Maximum Differential Probability of Generalized Feistel
The maximum differential probability (MDP) is an important security measure for blockciphers. We investigate MDP of Type-2 generalized Feistel structure (Type-2 GFS), one of the most popular cipher architectures. Previously MDP of Type-2 GFS has been studied for partition number (number of sub-blocks) k = 2 by Aoki and Ohta, and k = 4 by Kim et al. These studies are based on ad-hoc case analysis and it seems rather difficult to analyze larger k by hand. In this paper, we abstract the idea of previous studies and generalize it for any k, and implement it using computers. We investigate Type-2 GFS of k = 4,6,8 and 10 with k + 1 rounds, and obtain O(pk) bound for all cases, when the round function is invertible and its MDP is p. The bound for k = 4 is improved from Kim et al. and those for larger k are new. We also investigate an improvement of Type-2 GFS proposed by Suzaki and Minematsu, and obtain similar bounds as Type-2.
Keywordsblockcipher generalized Feistel differential probability
Unable to display preview. Download preview PDF.
- 1.Massey, J.: On the Optimality of SAFER+ Diffusion. In: Second AES Candidate Conference. National Institute of Standards and Technology (1999)Google Scholar
- 2.Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)Google Scholar
- 7.Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 8.Nyberg, K.: Generalized Feistel Networks. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 90–104. Springer, Heidelberg (1996)Google Scholar
- 9.Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
- 10.Kim, J., Lee, C., Sung, J., Hong, S., Lee, S., Lim, J.: Seven New Block Cipher Structures with Provable Security against Differential Cryptanalysis. IEICE Trans. Fundamentals E91-A(10) (2008)Google Scholar
- 11.Corporation, S.: The 128-bit Blockcipher CLEFIA Security and Performance Evaluations. Revision 1.0 (June 1, 2007)Google Scholar
- 13.Aoki, K., Ohta, K.: Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability. IEICE Trans. Fundamentals E80-A(1), 2–8 (1997)Google Scholar
- 16.Lai, X.: On the Design and Security of Block Ciphers. Hartung-Gorre (1992)Google Scholar