University of Oulu

J. Liu et al., "New Wine Old Bottles: Feistel Structure Revised," in IEEE Transactions on Information Theory, vol. 69, no. 3, pp. 2000-2008, March 2023, doi: 10.1109/TIT.2022.3223139

New wine old bottles : Feistel structure revised

Saved in:
Author: Liu, Jiajie1; Sun, Bing1,2,3; Liu, Guoqiang1;
Organizations: 1Science College, National University of Defense Technology, Changsha 410073, China
2State Key Laboratory of Cryptology, Beijing 100878, China
3Hunan Engineering Research Center of Commercial Cryptography Theory and Technology Innovation, Changsha 410073, China
4School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
5Laboratory for Big Data and Decision, College of System Engineering, National University of Defense Technology, Changsha 410073, China
6Center for Machine Vision and Signal Analysis, University of Oulu, 014031 Oulu, Finland
7State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Format: article
Version: accepted version
Access: open
Online Access: PDF Full Text (PDF, 0.4 MB)
Persistent link:
Language: English
Published: Institute of Electrical and Electronics Engineers, 2022
Publish Date: 2023-03-20


This paper mainly investigates the iterative structures whose decryption is similar to the encryption. Firstly, we unify many well-known structures which share similar procedures between the decryption and the encryption, and give a sufficient and necessary condition for this structure to be bijective, which reveals many new insights into the Feistel structure as well as the Lai-Massey structure. Secondly, we analyze the security of the unified structure against the known cryptanalysis. By extending the dual structure from a Feistel structure to the unified structure, we prove that a differential of the unified structure is impossible if and only if it is a zero-correlation linear hull of its dual structure, which presents a generalized link between the impossible differential and zero-correlation linear cryptanalysis shown in CRYPTO 2015. Significantly, several constraints on the linear components of the cipher and the permutation on the branches of the cipher are specified to make the structure resilient to differential and linear cryptanalysis. Furthermore, in the case that the order of the permutation equals the number of the branches n, we prove that there always exist a (3n−1) -round impossible differential and a (3n−1) -round zero-correlation linear hull of the structure, and also present an algorithm to construct these distinguishers. Finally, we propose some novel structures which might be used in future block cipher designs.

see all

Series: IEEE transactions on information theory
ISSN: 0018-9448
ISSN-E: 1557-9654
ISSN-L: 0018-9448
Volume: 69
Issue: 3
Pages: 2000 - 2008
DOI: 10.1109/TIT.2022.3223139
Type of Publication: A1 Journal article – refereed
Field of Science: 113 Computer and information sciences
Funding: This work was supported in part by the National Natural Science Foundation of China under Grant 62272470, Grant 62002370, and Grant 62172427.
Copyright information: © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.