On the Hypothesis of stochastic equivalence for Feistel ciphers


A. Canteaut
INRIA, projet CODES
BP 105
78153 Le Chesnay Cedex, France
Anne.Canteaut@inria.fr

In IEEE International Symposium on Information Theory, ISIT'98, Page 81
Springer-Verlag, 1998.


Abstract

We study the round permutations (or S-boxes) which provide Feistel ciphers with the best resistance against differential cryptanalysis. We prove that a Feistel cipher with any round keys and with at least 5 rounds resists any differential attack if its round permutation is differentially d-uniform for a small d. This improves an earlier result due to Nyberg and Knudsen which only held for independent and uniformly random round keys.

Keywords

differential cryptanalysis, Feistel ciphers, DES, hypothesis of stochastic equivalence.