In Feistel block ciphers, does using a weak but iterated encryption function result in a cryptographically strong cipher?

phantomcraft

9/1/23, 8:05 PM

There is a Feistel block cipher based on Blowfish called Kaweichel. In one of its papers, there is this affirmation:

For the construction of the round function one choses usually parallel substitutions (s-boxes). The output bits of these s-boxes are permuted in order to achieve diffusion. For the derivation of the round keys from the userkey one has to choose a key schedule.

The basic idea behind this construction is that a weak, iterated encryption function will result in a cryptographically strong cipher. But there are minimum requirements for the round function (F-function). It should, for example, offer sufficient resistance against differential and linear cryptanalysis.

[...]

Rather than using a round key for the round function, the s-boxes are key dependant. This method got first widely known with the block cipher Blowfish. The advantage is, that differential and linear cryptanalysis are not applicable, since they require the knowledge of the s-boxes.

Is this affirmation true? Can one with little knowledge of ciphers design and build a strong cipher based on this?

0 + 0

block-cipher

blowfish

feistel-network

Maarten Bodewes

9/1/23, 9:12 PM

There is also a 2006 paper where the author himself calls for more crypt-analysis after showing a minimal argument that some attacks are not possible. But I suppose this is more about the principle of using key-depend**e**nt S-boxes?

phantomcraft

9/1/23, 11:03 PM

@MaartenBodewes I think so. Also, you edited my question, I typed the exact text it was on that paper, the author is German and made small typos.

Maarten Bodewes

9/2/23, 12:23 AM

Yeah, well, dependant is an actual word, so he's excused :P

Meir Maor

9/2/23, 5:29 AM

This might be an answer https://crypto.stackexchange.com/questions/60502/what-are-the-requirements-from-a-round-function-in-feistel-network

fgrieu

9/2/23, 5:49 AM

This is dangerously on the opinion-based side, thus I make this a comment rather than an answer. The basic ingredients of a good classical block cipher are there: substitution, diffusion, rounds with derived keys. It's _possible_ to accidentally design a safe cipher from that, especially by using many rounds to compensate for the lack of analysis. Crude analogy: adding more concrete to a bridge design can help. Or not. So what? We want ciphers/bridges that are safe by design, and use resources (CPU/concrete) conservatively.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: In Feistel block ciphers, does using a weak but iterated encryption function result in a cryptographically strong cipher?

TH: ใน Feistel block ciphers การใช้ฟังก์ชันการเข้ารหัสที่อ่อนแอแต่มีการวนซ้ำจะส่งผลให้มีการเข้ารหัสที่แข็งแกร่งหรือไม่

RO: În cifrurile în bloc Feistel, folosirea unei funcții de criptare slabă, dar repetată are ca rezultat un cifru criptografic puternic?

RU: В блочных шифрах Фейстеля приводит ли использование слабой, но повторяющейся функции шифрования к криптографически стойкому шифру?

VI: Trong mật mã khối Feistel, việc sử dụng hàm mã hóa yếu nhưng được lặp lại có dẫn đến mật mã mạnh về mật mã không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.