Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability (Special Section on Cryptography and Information Security)

概要

論文の詳細を見る
Nyberg and Knudsen proved that the maximum average of differential probability (ADP_<max>) and the maximum average of linear probability (ALP_<max>) of Feistel cipher with over 4 rounds can be evaluated as ADP_<max> ≦ 2DCP^2_<max> and ALP_<max> ≦ 2LCP^2_<max> using the maximum of differential characteristic probability (DCP_<max>) and the maximum of linear characteristic probability (LCP_<max>) per round. This paper shows ADP_<max> ≦ DCP^2_<max> and ALP_<max> ≦ LCP^2_<max> if the F function is a bijection and the Feistel cipher has more than 3 rounds. The results prove that Feistel ciphers are stronger against differential and linear cryptanalyses than previously thought. Combining this result with that of Luby and Rackoff, the implication is that the 3-round Feistel cipher could be used as a building block cipher for the construction of provable secure block cipher algorithm.
1997-01-25