Score:2

Can the security margin of any Feistel block cipher be multiplied if I just multipy the number of rounds and use different random subkeys each round?

pf flag

Kaweichel is a port of Blowfish for 64-bit architectures, its key size accepted is 1920-bytes, instead of 16 rounds it has 32 rounds, the double of Blowfish.

ICE is a feistel block cipher that has a variant called ICE-n that accepts any key size being a multiple of 64, for this variant the number of rounds should be multiplied by the number of 64-bits slices in the key material.

/\ These two ciphers left me doubts.

Can the security margin of any feistel block cipher be multiplied if I just multiply the number of slices of original key size of the cipher by the number of rounds (of course, multiplying the number of random keys too)?

** Sorry about my English, someone correct if necessary.

fgrieu avatar
ng flag
It's possible to construct a Feistel cipher that becomes insecure at a certain high number of rounds due to weakness in key schedule or/and round function, and IIRC there are practical ciphers where that happens to some degree. Which would answer the question in the title by no. That could change is we add "with random independent subkeys". But I'm unsure and out of my comfort zone, thus I let others answer. Note: "security margin" would need to be measured as a (dimensionless) factor of attack effort rather than on a base-2 log scale of that (in bit) so that "multiplied" applies.
phantomcraft avatar
pf flag
@fgrieu I forgot to put "with random independent subkeys", thanks, you answered my question.
fgrieu avatar
ng flag
I'm afraid there is much more to it than in my comment (like, at some point, the width of the message space becomes an issue), but again I'm not that comfortable with the subject.
phantomcraft avatar
pf flag
@fgrieu I changed the title and the description of my question.
Score:1
in flag

Increased? yes. Not in the formal proof sense but as in it's hard to imagine a Feistal cipher not tailored to have an issue becoming any weaker by adding rounds with independent sub keys.

Doubled indefinitely? no. For instance some attacks only depend on block size. If I have a 64 bit block size we will have an issue even if we have a huge key and many rounds. An attacker may just collect plain text cipher text pairs.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.