3

There is a Feistel block cipher based on Blowfish called Kaweichel. In one of its papers, there is this affirmation:

For the construction of the round function one choses usually parallel substitutions (s-boxes). The output bits of these s-boxes are permuted in order to achieve diffusion. For the derivation of the round keys from the userkey one has to choose a key schedule.

The basic idea behind this construction is that a weak, iterated encryption function will result in a cryptographically strong cipher. But there are minimum requirements for the round function (F-function). It should, for example, offer sufficient resistance against differential and linear cryptanalysis.

[...]

Rather than using a round key for the round function, the s-boxes are key dependant. This method got first widely known with the block cipher Blowfish. The advantage is, that differential and linear cryptanalysis are not applicable, since they require the knowledge of the s-boxes.

Is this affirmation true? Can one with little knowledge of ciphers design and build a strong cipher based on this?

Patriot
  • 3,132
  • 3
  • 18
  • 65
phantomcraft
  • 877
  • 4
  • 13
  • 2
    There is also a 2006 paper where the author himself calls for more crypt-analysis after showing a minimal argument that some attacks are not possible. But I suppose this is more about the principle of using key-dependent S-boxes? – Maarten Bodewes May 01 '22 at 21:12
  • @MaartenBodewes I think so. Also, you edited my question, I typed the exact text it was on that paper, the author is German and made small typos. – phantomcraft May 01 '22 at 23:03
  • 1
    Yeah, well, dependant is an actual word, so he's excused :P – Maarten Bodewes May 02 '22 at 00:23
  • 1
    This might be an answer https://crypto.stackexchange.com/questions/60502/what-are-the-requirements-from-a-round-function-in-feistel-network – Meir Maor May 02 '22 at 05:29
  • 3
    This is dangerously on the opinion-based side, thus I make this a comment rather than an answer. The basic ingredients of a good classical block cipher are there: substitution, diffusion, rounds with derived keys. It's possible to accidentally design a safe cipher from that, especially by using many rounds to compensate for the lack of analysis. Crude analogy: adding more concrete to a bridge design can help. Or not. So what? We want ciphers/bridges that are safe by design, and use resources (CPU/concrete) conservatively. – fgrieu May 02 '22 at 05:49

0 Answers0