Increasing Block Sizes Using Feistel Networks: The Example of the AES

  • Jacques Patarin
  • Benjamin Gittins
  • Joana Treger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6805)


In this paper we study how to generate new secret key block ciphers based on the AES and Feistel constructions, that allow arbitrary large input/output lengths while maintaining the ability to select -a priori- arbitrary security levels. We start from the generation of block ciphers that are simple balanced Feistel constructions that exploit the pseudorandomness of functions, namely the AES, as round function. This results in block ciphers with inputs and outputs of size 256 bits, i.e., that are doubled compared to the AES. We then extend this principle following the “Russian Doll” design principle to build block ciphers with (arbitrarily) larger inputs and outputs. As an example, we build block ciphers with an expected security in about 2512, or 21024, instead of 2128 for the classical AES with 128 key-bits. The expected security is not proven, but our constructions are based on the best known attacks against Feistel networks with internal random permutations, as well as some natural security assumptions. We study two configurations of assumptions, leading to two families of simple and efficient new block ciphers, which can thus be seen as candidate schemes for higher security.


Smart Card Block Cipher Advance Encryption Standard Round Function Internal Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bernstein, D.J.: Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? In: Workshop Record of SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems (2009),
  2. 2.
    Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Crypto 2000. LNCS, Springer-Verlag, Heidelberg (2000), Google Scholar
  3. 3.
    Blaze, M.: Efficient Symmetric-Key Ciphers Based on an NP-complete Subproblem (1996); Preliminary draft available at,
  4. 4.
    Cid, C., Murphy, S., Robshaw, M.: Algebraic Aspects of the Advanced Encryption Standard. Springer, Heidelberg (2006), zbMATHGoogle Scholar
  5. 5.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) FSE 2002. LNCS, vol. 2501, pp. 267–297. Springer, Heidelberg (2002), CrossRefGoogle Scholar
  6. 6.
    Dooly, Z., Clarke, J., Fitzgerald, W., Donnelly, W., Riguidel, M., Howker, K.: D3.3 - ICT Security and Dependability Research beyond 2010 - Final strategy (2007)Google Scholar
  7. 7.
    ECRYPT. ECRYPT Yearly report on Algorithms and Keysizes. D.SPA.21 (2006),
  8. 8.
    Gilbert, H., Peyrin, T.: Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations (2009),
  9. 9.
    Lov, K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM, New York (1996), Google Scholar
  10. 10.
    Knudsen, L.R.: DEAL - A 128-bit Block Cipher. Technical report number 151. University of Bergen, Norway (1998),
  11. 11.
    Krauss, L.M., Starkman, G.D.: Universal Limits on Computation. Technical report, arXiv:astro-ph/0404510v2 (2004),
  12. 12.
    Lenstra, A.K.: Key Lengths. Wiley, Chichester (2004),
  13. 13.
    Lucks, S.: On the Security of the 128-Bit Block Cipher DEAL. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 60–70. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Moore, G.: Cramming more components onto integrated circuits. Electronics Magazine (1965),
  15. 15.
    NIST. Data Encryption Standard. FIPS 46-3 (1999)Google Scholar
  16. 16.
    NIST. Security requirements for security modules. FIPS 140-2 (2001)Google Scholar
  17. 17.
    NIST. Recommendation for Key Management. SP 800-57 Part 1 (2007),
  18. 18.
    Patarin, J.: Generic Attacks on Feistel Schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 222–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Patarin, J., Seurin, Y.: Building Secure Block Ciphers on Generic Attacks Assumptions. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 66–81. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Piret, G., Quisquater, J.-J.: Security of the MISTY Structure in the Luby-Rackoff Model: Improved Results. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 100–115. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Rimoldi, A.: A related-key distinguishing attack on the full AES-128. In: Workshop on Block Ciphers and their Security (2009),
  22. 22.
    Treger, J., Patarin, J.: Generic Attacks on Feistel Networks with Internal Permutations. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 41–59. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jacques Patarin
    • 1
  • Benjamin Gittins
    • 2
  • Joana Treger
    • 1
    • 3
  1. 1.University of VersaillesSaint-Quentin-en-YvelinesFrance
  2. 2.Synaptic Laboratories LimitedMaltaEurope
  3. 3.ANSSIParisFrance

Personalised recommendations