-2

In a 128-bits Feistel Cipher:

I need suggestions about two variations of the Round Function

Variation-1

  1. $64$ bit input is divided into $8$ bytes
  2. Byte $0,1,2,3$ are substituted with Sbox1
  3. Byte $4,5,6,7$ are substituted with Sbox2.
  4. Then a $8 \times 8$ Binary Matrix is applied on the 8 bytes from 8 rows (Matrix similar to Camellia).

Variation-1

Variation-2

  1. 64 bit input of the round function is expressed as $8 \times 8$ binary matrix.
  2. Sbox1 is applied on the rows (on 8 bytes).
  3. Sbox2 is applied on the columns (on 8 bytes).
  4. 8 Bytes are made using bits of Rows.
  5. Then a $8 \times 8$ Binary Matrix is applied on the 8 bytes from 8 rows (Matrix similar to Camellia).

Variation - 2

Keeping in view that both S-boxes have non-linearity of 112 and maximum Differential Probability of $2^{-6}$ ($\approx$ the same level of security of AES).

Which variation is better in terms of security ? The same S-boxes are used in both the variations. Variation-2 is slow and more complex to implement, but thats not a issue

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
crypt
  • 2,522
  • 22
  • 33

1 Answers1

2

About the security of your first variation, it is sort of answered here.

This is your 1st variation. enter image description here

This is your 2nd variation (your $8 \times 8$ matrix idea is equivalent to apply a permutation). enter image description here

In your first variation, the application of the matrix is useless, one can consider the $S1$ (or $S2$) and the matrix as a single S-box. Hence you have no security gain.

In the second variation, you can see that even if you find the right differential on $S1$, it became harder to exploit because you apply a permutation before the following $S2$ (and subsequently the application of the matrix which is equivalent to another S-box).

Remark: Because in the second scheme you use a permutation, they cannot really be compared (apple vs oranges...)

With this in mind, I will let you decide which of these two variations is the most secure...

Given that you ask such a question (meaning you are not familiar enough to find a weakness),
I HIGHLY RECOMMEND YOU TO NOT USE SUCH A BLOCK CIPHER in production environment and stick to the standards !

Biv
  • 10,088
  • 2
  • 42
  • 68