Provable Security For Feistel Ciphers Containing SPN Structure

This paper studies the Provable Security against Differential and Linear Cryptanalysis for the Feistel cipher with SPN round function. Block cipher which is one of the private key cipher is widely used. The best known attacks are differential cryptanalysis and linear cryptanalysis. Consequently, it is important to calculate the provable security against differential and linear cryptanalysis for the block cipher.According to the relationship between the encryption and decryption keys, cryptosystem is divided into the public-key cryptosystem and the private-key cryptosystem. The encryption key and the decryption key of the private-key cryptosystem is the same, or using the party is easy to determine the other party.According to the difference of the encryption mode, the private-key cryptosystem is divided into the stream cipher and block cipher. Among them, the block cipher is easy to be standard and realized by the software and hardware. At the present, the block cipher is very popular.Before 2000, the data encryption standard is the most widely used block cipher. The analysis of the DES is also very much. Among them, the most effective methods of analysis are differential cryptanalysis and linear cryptanalysis. Along with the rapid development of computer technology, DES is no longer safe. Hence, the Advanced Encryption Standard is proposed, and used after 2000. The two algorithms are the representative of the block ciphers. Many block ciphers take examples from the design methods of the two block ciphers. The Feistel structure of the DES and the SPN structure of the AES are extensively applied in the design of the block cipher.With the rapid development of informatization, people on the information security requirements are higher. In the security of information, block cipher has many advantages, therefore, it is used widely. The security of the block cipher is difficult to be proved. It is risk to use an unproved block cipher. This paper analyses the provable Security against Differential and Linear Cryptanalysis for the Feistel cipher with SPN round function. The purpose is to study the security of the Feistel structure and SPN structure against differential and linear cryptanalysis and it has help to the design of block cipher. The main structure of the Feistel cipher with the SPN round function is Feistel structure. Its round function is one round SPN structure or two rounds SPN structure. This Kind of combination can effectively use the advantages of the SPN structure and the Feiste structure, and avoid the disadvantages of these two structures. The Camellia cipher, which is one of the two block ciphers used NESSIE, is the Feistel cipher with one round SPN structure function. The E2 cipher, which is one of the fifteen AES candidate ciphers, is the Feistel cipher with two rounds SPN structure function.The E2 cipher submitted by Japan cryptographers to NIST is one the fifteen AES candidate ciphers. The block of the E2 cipher is 128 bit. The length of key is 128/192/256 bit. The number of the rounds is 12. The main structure is Feistel and the function is two rounds SPN structure. The SPN structure uses 8 of the same S-box. The linear transformation and the key plus operation of the SPN structure are only using the exclusive or operation. In [32], Jiali Choy analyzes the algebraic properties of the S-box of the E2 cipher, and gives the upper differential probability bound of the three rounds E2 cipher 2-55.39.This paper presents the algorithm that evaluates the provable security against differential and linear cryptanalysis for Feistel ciphers with SPN round function. This method considers the independent variables of the linear transformation of the E2 cipher. We use this method to calculate the upper bound of the maximum differential and linear probabilities of the reduce round E2 cipher. The maximum differential and linear probabilities of the reduce round E2 cipher are respectively proposed as follows:...