Lecture Notes in Computer Science vol:3329 pages:1-15
ASIACRYPT 2004 date:December 05-09, 2004
We study a recently proposed design approach of Feistel ciphers which employs optimal diffusion mappings across multiple rounds. This idea was proposed by Shirai and Shibutani at FSE2004, and the technique enables to improve the immunity against either differential or linear cryptanalysis (but not both). In this paper, we present a theoretical explanation why the new design using three different matrices achieves the better immunity. In addition, we are able to prove conditions to improve the immunity against both differential and linear cryptanalysis. As a result, we show that this design approach guarantees at least R(m + 1) active S-boxes in 3R consecutive rounds (R greater than or equal to 2) where m is the number of S-boxes in a round. By using the guaranteed number of active S-boxes, we compare this design approach to other well-known designs employed in SHARK, Rijndael, and MDS-Feistel ciphers. Moreover, we show interesting additional properties of the new design approach.