Analysis of 3-line generalized Feistel networks with double SD-functions

Andrey Bogdanov; Kyoji Shibutani

doi:10.1016/j.ipl.2011.04.002

Analysis of 3-line generalized Feistel networks with double SD-functions

Andrey Bogdanov, Kyoji Shibutani

Research output: Contribution to journal › Journal article › Research › peer-review

Abstract

Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution–diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.

Original language	English
Journal	Information Processing Letters
Volume	111
Issue number	13
Pages (from-to)	656-660
ISSN	0020-0190
DOIs	https://doi.org/10.1016/j.ipl.2011.04.002
Publication status	Published - 2011
Externally published	Yes

Access to Document

10.1016/j.ipl.2011.04.002

OpenUrl availability

Full text

Cite this

@article{9fa375204a1b4a319fb5f2f530e18b46,

title = "Analysis of 3-line generalized Feistel networks with double SD-functions",

abstract = "Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution–diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.",

author = "Andrey Bogdanov and Kyoji Shibutani",

year = "2011",

doi = "10.1016/j.ipl.2011.04.002",

language = "English",

volume = "111",

pages = "656--660",

journal = "Information Processing Letters",

issn = "0020-0190",

publisher = "Elsevier",

number = "13",

}

TY - JOUR

T1 - Analysis of 3-line generalized Feistel networks with double SD-functions

AU - Bogdanov, Andrey

AU - Shibutani, Kyoji

PY - 2011

Y1 - 2011

N2 - Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution–diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.

AB - Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution–diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.

U2 - 10.1016/j.ipl.2011.04.002

DO - 10.1016/j.ipl.2011.04.002

M3 - Journal article

SN - 0020-0190

VL - 111

SP - 656

EP - 660

JO - Information Processing Letters

JF - Information Processing Letters

IS - 13

ER -

Analysis of 3-line generalized Feistel networks with double SD-functions

Abstract

Access to Document

OpenUrl availability

Fingerprint

Cite this