On Provable Security against Diierential and Linear Cryptanalysis in Generalized Feistel Ciphers with Multiple Random Functions

We investigate the cryptographic role of random functions used in Generalized Feistel Ciphers in achieving provable security against diierential and linear cryptanalysis. The provable security against diierential and linear cryptanalysis of block ciphers can be estimated from the maximum probabilities of diierential and linear hull. In case of DES-like block ciphers, these probabilities are known to be smaller than twice the square of the maximum diierential and linear hull probabilities of one-round. Even though diierential characteristic and linear approximation probabilities decrease as the serial round iteration number increases, known upper-bounds of probabilities of diierential and linear hull are constant and not less than the square or twice the square of the maximum of the probabilities of one-round. It seems an unproven conjecture that increasing the serial iteration number would fail to achieve stronger provable security against diierential and linear cryptanalysis. This paper introduces the Generalized Feistel Ciphers, multiple random functions are used in a usual Feistel network, whereas most DES-like block ciphers use only one random function. We prove that the proposed Generalized Feistel Ciphers achieve the estimation in which the upper bound of the diierential probability is strictly less than or equal to the square of the maximum diierential probability of one-round, even if a non-injective function is there in the possible position. We also show that a kind of duality holds between the diierential probabilities and the linear hull probabilities among these Generalized Feistel Ciphers, which implies that the similar as our obtained results on prov-able security against diierential cryptanalysis holds for provable security against linear cryptanalysis according to these relations of the duality.