# Network of Feistel

A network of Feistel is a construction used in the algorithms of Chiffrement per block, named according to the cryptologist of IBM, Horst Feistel. It was used for the first time in Lucifer and OF the. This structure offers several advantages, coding and the deciphering has an even identical similar architecture in certain cases. The material implementation is also easier with such a system even if the things passably changed since the end of the year 1970. A network of Feistel rests on simple principles of which permutations, substitutions, exchanges of storage blocks and a function taking in entry an intermediate key on each floor.

It is probable that Feistel is not the only inventor of this architecture. During a conference, Don Coppersmith implied that Bill Notz and Lynn Smith (of the team of IBM working on OF the) had been mainly at the origin of the network of Feistel such as we know it.

## Structure

A network of Feistel is subdivided in several turns or stages. In its version balanced , the network treats the data in two parts of identical size. With each turn, the two blocks are exchanged then one of the blocks is combined with a transformed version of the other block. To simplify, half of the data are encodées with the key, then the result of this operation is added thanks to a xor (or exclusive) to other half of the data. Then with the following turn, one reverses: it is with the tower of the last half to be encryptée then to be added with a xor to first half, except that one uses the data encryptées previously (if not that would not be used for nothing to make more than two turns). The diagram opposite watch the routing of the data (the " plus" surrounded the xor represents). Each turn uses an intermediate key, in general drawn from the principal key via a generation called Key schedule . The operations carried out during encryption with these intermediate keys are specific to each algorithm.

In the case of OF the, the network of Feistel has 16 turns, each one with a under-key. These various keys make it possible to improve the robustness of an algorithm vis-a-vis the Cryptanalyse.

An alternative, the network of Feistel not-balanced cut data in two parts of different sizes. This alternative was used in MacGuffin of Bruce Schneier, or Skipjack, candidate for AES.

## Formal definition

A formal definition of a network of Feistel can be given in several forms. We take again here the notation used by Knudsen in Partial and Higher Order Differentials and Applications to OF the .

$C_0^L = P^L~$ and $C_0^R = P^R~$

$C_i = \left(C_i^L, C_i^R\right) = \left(C_ \left\{i-1\right\} ^R, F \left(C_ \left\{i-1\right\} ^R, K_i\right) + C_ \left\{i-1\right\} ^L\right) ~$
$C^L = C_r^L~$ and $C^R = C_r^R~$
• the exhibitor represents the under-part of the block considered (L on the left, R on the right).

• $P~$ corresponds to the block of clear text, $P_i^L$ corresponds to the block of left at the entry of the turn $i~$
• $C~$ corresponds to the block of quantified text, $C_i^R$ corresponds to the block of right-hand side on the outlet side of the turn $i~$
• $K_i~$ is the key of the turn $i~$, it is calculated thanks to a Key schedule principal key
• $r~$ is the number of revolutions in the algorithm
• $+~$ is an operation in a commutative group (often a XOR or an addition)

### Composition of the turns

Each turn applies several transformations to the data coming from the preceding turn:
• Permutation of the bits via P-Box be

• function non-linear (Substitution) with S-Box are
• mixing linear by using the function XOR
• application of the key of the turn (integrated in a function or via a XOR)

One uses the terms of Confusion and diffusion to describe the propagation of information in the structure (terms used by Claude Shannon). Indeed, a modification of a bit in entry will produce very important variations in the intermediate training courses and at exit. A more recent term to describe this phenomenon is the Effet avalanche. The use of the permutations makes it possible to improve the diffusion whereas substitutions cause to increase confusion.

## Cryptanalyse

The diagrams of Feistel were largely analyzed and examined by the experts. Several attacks are possible but the two principal ones are:
• the Cryptanalyse differential

These methods proved reliable on and other similar algorithms. But that does not mean that the use of network of Feistel obligatorily will involve significant vulnerabilities. Thanks to the addition of various techniques and with a well carried out design, one can considerably improve resistance of an algorithm based on Feistel. It is the case for Blowfish which is still cryptographiquement sure.

It should be noted that as a general, the cryptanalystes attack in first reduced versions of codings, i.e. comprising less turns.

## Algorithms

A great number of algorithms uses networks of Feistel, with alternatives. Here an not-exhaustive list:

 Random links: Concarneau | OrganizaciÃ³n internacional del refugiado | Arduinna | Roald Hoffmann | Toucouleurs | Báthory (family) | Warbler shade | Jook-chanter