Paper 2024/152
Equivalence of Generalised Feistel Networks
, Institut de Recherche en Informatique et Systèmes Aléatoires, Institut de Recherche en Informatique et Systèmes Aléatoires, Direction Générale de l'ArmementAbstract
This paper focuses on equivalences between Generalised Feistel Networks (GFN) of type-II. We introduce a new definition of equivalence which captures the concept that two GFNs are identical up to re-labelling of the inputs/outputs, and give a procedure to test this equivalence relation. Such two GFNs are therefore cryptographically equivalent for several classes of attacks. It induces a reduction of the space of possible GFNs: the set of the $(k!)^2$ possible even-odd GFNs with $2k$ branches can be partitioned into $k!$ different classes. This result can be very useful when looking for an optimal GFN regarding specific computationally intensive properties, such as the minimal number of active S-boxes in a differential trail. We also show that in several previous papers, many GFN candidates are redundant as they belong to only a few classes. Because of this reduction of candidates, we are also able to suggest better permutations than the one of WARP: they reach 64 active S-boxes in one round less and still have the same diffusion round that WARP. Finally, we also point out a new family of permutations with good diffusion properties.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published by the IACR in TOSC 2024
- Keywords
- GFNWARPTWINELBlock
- Contact author(s)
- marie euler @ irisa fr
- History
- 2024-02-05: approved
- 2024-02-02: received
- See all versions
- Short URL
- https://ia.cr/2024/152
- License
-
CC BY-NC-ND
BibTeX
@misc{cryptoeprint:2024/152,
author = {Patrick Derbez and Marie Euler},
title = {Equivalence of Generalised Feistel Networks},
howpublished = {Cryptology ePrint Archive, Paper 2024/152},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/152}},
url = {https://eprint.iacr.org/2024/152}
}
