Results 1 
9 of
9
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 70 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
SubstitutionPermutation Network Cryptosystems Using KeyDependent SBoxes
 Carleton University
, 1997
"... Substitutionpermutation networks (SPNs) are an important class of private key cryptosystems, having substitution boxes (sboxes) as a critical internal component. Much of the research into sboxes has focussed on determining those sbox properties which yield a cryptographically strong SPN. We inve ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Substitutionpermutation networks (SPNs) are an important class of private key cryptosystems, having substitution boxes (sboxes) as a critical internal component. Much of the research into sboxes has focussed on determining those sbox properties which yield a cryptographically strong SPN. We investigate sboxes which are generated in a pseudorandom fashion from a key. This approach has the advantage of decreasing the effectiveness of certain attacks. In addition, combinatorial results give evidence that the resulting sboxes will possess several desirable properties with high probability. We propose a keydependent sbox generation method and an SPN which incorporates it. The proposed system successfully passes a range of standard statistical tests, as well as two new statistical tests which are designed to detect correlation between sboxes. Some interesting theoretical results concerning these new tests are proven, and one of the tests is shown to be a generalisation of the exist...
The InclusionExclusion Principle and its Applications to Cryptography
, 1995
"... The inclusionexclusion principle is a combinatorial method for determining the cardinality of a set where each element X 2 U satisfies a list of properties u 1 ; u 2 ; : : : ; u n . In this paper we will display the usefulness of the inclusionexclusion principle by solving 8 problems of interest ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The inclusionexclusion principle is a combinatorial method for determining the cardinality of a set where each element X 2 U satisfies a list of properties u 1 ; u 2 ; : : : ; u n . In this paper we will display the usefulness of the inclusionexclusion principle by solving 8 problems of interest to cryptography. These problems will concentrate on the enumeration of boolean functions and permutations that have properties which are considered to be necessary for a cryptographic mapping to be secure. In particular we will be concerned with the properties of nonlinearity and nondegeneracy as these properties correspond to Shannon's notions of confusion and diffusion, respectively. Keywords: probability, enumeration, inclusionexclusion principle, boolean functions, permutations. 1 Introduction In cryptography we are often interested in determining the probability that a certain event may occur. For example, what is the probability that a given block C of ciphertext is encoded using a...
A New SubstitutionPermutation Network Cipher Using KeyDependent SBoxes
, 1997
"... This paper outlines the ongoing work of the authors' investigation into the design of a new block cipher incorporating keydependent, pseudorandomly generated sboxes. Other systems using keydependent sboxes have been proposed in the past, the most wellknown being perhaps Blowfish [17] and ..."
Abstract
 Add to MetaCart
This paper outlines the ongoing work of the authors' investigation into the design of a new block cipher incorporating keydependent, pseudorandomly generated sboxes. Other systems using keydependent sboxes have been proposed in the past, the most wellknown being perhaps Blowfish [17] and Khufu [12]. Each of these two systems, however, uses the cryptosystem itself to generate the sboxes, which renders analysis difficult  we choose to avoid this approach. Preliminary results indicate that our proposed system has good cryptographic strength, with the added benefit that it is immune to linear and differential cryptanalysis, which require that the sboxes be known. In addition, the system can easily be extended through the use of larger sboxes and an increased number of rounds.