Security Evaluation Against Differential And Linear Cryptanalysis For L-Feistel Ciphers Under Some Conditions

Feistel cipher is an important structure for block ciphers,and is employed by massive block ciphers.Differential cryptanalysis and linear cryptanalysis are two powerful attacks against block ciphers.Therefore,how to resist these two attacks is a problem that should be considered for designers.Differential/ linear provable security is one of the most important security evaluations of a block cipher.There are two approaches to characterize the differential provable security and the linear provable security.One is to get the upper bound of the differential/linear probability under the assumption that all round keys are independently and uniformly chosen.The other is to upper bound the number of active round functions or active S-boxes in a differential/linear characteristic.The former method is close to the actual differential/linear probability of block ciphers,but costly,thus can get good results only when the number of rounds is limited.The upper bound of the differential characteristic probability and linear characteristic probability estimated by the second method,may not equal to the true probability.However,they can reflect the differential and linear distribution because of the stronger correlation with the round numbers.In fact,evaluating the upper bound on the maximum differential/ linear probability can be reduced to evaluating the lower bound on the number of active round functions or active S-boxes in a differential/ linear characteristic.Based on this theory,this paper investigates the security of several structures for block ciphers against differential cryptanalysis and linear cryptanalysis.The main contribution of this paper can be concluded by:1.We propose the block-wisely diffusion matrix representation(denoted by H)for the P-layer P,then we prove that if the entries in the main diagonal of H are all 0,then the reachable lower bounds of number of differential/linear active S-boxes of r-round Feistel structure with SP round function is r-1.Moreover,we provide the structure of such differential/linear characteristics.2.We investigate the resistances of L-Feistel structure against the differential/linear cryptanalyses.We provide the reachable lower bound of differential active round function of r-round structure,regardness of the bijectivity of the round function.We provide the 2/3/4-round semi-period differential characteristics,and we prove that the full-period differential characteristic can be constructed by them.By introducing the equivalent structrue of L-Feistel structure,and providing the duality between the differential and the linear characteristics of L-Feistel structure,we similarly get lower bound of linear active round function of r-round structure,which will be helpful in designing L-Feistel ciphers.3.We research on the resistance of L-Feistel cipher with SP round function against the differential cryptanalysis,we prove that the lower bound of the number of the active S-boxes is r-1 in the r-round differential characteristic,if P-function and the L-function satisfy condition A.And the lower bound of the number of the active S-boxes is r in the r(r ?6)-round differential characteristic,if P-function and the L-function satisfy condition B.This paper provides the theoretical basis for the security of block ciphers,and has the practical significance in the design and analysis of block ciphers.