Improving the Generalized Feistel

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)


The generalized Feistel structure (GFS) is a generalized form of the classical Feistel cipher. A popular version of GFS, called Type-II, divides a message into k > 2 sub blocks and applies a (classical) Feistel transformation for every two sub blocks, and then performs a cyclic shift of k sub blocks. Type-II GFS has many desirable features for implementation. A drawback, however, is its low diffusion property with a large k. This weakness can be exploited by some attacks, such as impossible differential attack. To protect from them, Type-II GFS generally needs a large number of rounds.

In this paper, we improve the Type-II GFS’s diffusion property by replacing the cyclic shift with a different permutation. Our proposal enables to reduce the number of rounds to attain a sufficient level of security. Thus, we improve the security-efficiency treading off of Type-II GFS. In particular, when k is a power of two, we obtain a significant improvement using a highly effective permutation based on the de Bruijn graph.


block cipher generalized Feistel diffusion de Bruijn graph 


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-bit block cipher suitable for multiple platforms. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 41–54. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossbile differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Carter, L., Wegman, M.: Universal Classes of Hash Functions. Journal of Computer and System Science 18, 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Crowley, P.: Mercy: A Fast Large Block Cipher for Disk Sector Encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49–63. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Fiol, M.A., Alegre, I., Yebra, J.L.A., Fábrega, J.: Digraphs with walks of equal length between vertices. In: Graph Theory with Applications to Algorithms and Computer Science. John Wiley and Sons, Inc., Chichester (1985)Google Scholar
  9. 9.
    Gilbert, H., Minier, M.: New Results on the Pseudorandomness of Some Blockcipher Constructions. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 248–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Iwata, T., Yoshino, T., Yuasa, T., Kurosawa, K.: Round Security and Super-Pseudorandomness of MISTY Type Structure. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 233–247. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Kim, J., Hong, S., Sung, J., Lee, C., Lee, S.: Impossible Differential Cryptanalysis for Block Cipher Structures. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 82–96. Springer, Heidelberg (2003)Google Scholar
  14. 14.
    Luby, M., Rackoff, C.: How to Construct Pseudo-random Permutations from Pseudo-random functions. SIAM J. Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Massey, J.: On the Optimality of SAFER+ Diffusion. In: Second AES Candidate Conference. National Institute of Standards and Technology (1999)Google Scholar
  16. 16.
    Matsui, M.: Linear cryptanalysis of the data encryption standard. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  17. 17.
    Maurer, U.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Minematsu, K.: Tweakable Enciphering Schemes from Hash-Sum-Expansion. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 252–267. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Mitsuda, A., Iwata, T.: Tweakable Pseudorandom Permutation from Generalized Feistel Structure. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 22–37. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Moriai, S., Vaudenay, S.: On the Pseudorandomness of Top-Level Schemes of Block Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 289–302. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Nyberg, K.: Generalized Feistel Networks. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 90–104. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  22. 22.
    Junod, P., Macchetti, M.: Revisiting the IDEA Philosophy. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 277–295. Springer, Heidelberg (2009)Google Scholar
  23. 23.
    Rivest, R.L., Robshaw, M.J.B., Sidney, R., Yin, Y.L.: The RC6 block cipher, v1.1, August 20 (1998),
  24. 24.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, ACM CCS 2001, pp. 196–205 (2001)Google Scholar
  25. 25.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit Blockcipher CLEFIA. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Sony Corporation, The 128-bit Blockcipher CLEFIA Security and Performance Evaluations, Revision 1.0 (June 1, 2007),
  27. 27.
    West, D.B.: Introduction to Graph Theory. Prentice-Hall, NJ (1996)zbMATHGoogle Scholar
  28. 28.
    Zheng, Y., Matsumoto, T., Imai, H.: On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1989)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.NEC CorporationKawasakiJapan
  2. 2.Chuo UniversityTokyoJapan

Personalised recommendations