- Feistel cipher is based on the idea that instead of using Ideal block cipher which degrades performance, a “substitution-permutation network” can be used.
Feistel Cipher Encryption
- The inputs to the encryption algorithm are a plaintext block of length b bits and a key K.
- The plaintext block is divided into two halves.
- The two halves of the data pass through rounds of processing and then combine to produce the ciphertext block.
- Each round has as inputs and derived from the previous round, as well as a subkey derived from the overall K.
- Any number of rounds could implemented and all rounds have the same structure.
- A substitution is performed on the left half of the data. This done by applying around function F.
- The Round Function F: F takes the right-half block of the previous round and a subkey as input.
- The output of the function XORed with the left half of the data.
- Left and right halves then swapped.
Feistel Cipher Decryption
- The process of decryption with a Feistel cipher is same as the encryption process.
- The ciphertext input to the algorithm and the subkeys used in reverse order. That is, subkey of the last round in encryption used in the first round in decryption, second last in the second round, and so
The exact realization of a Feistel network depends on the choice of the following parameters:
- Block size: Larger block sizes mean greater security but reduced encryption/decryption speed for a given Traditionally, a block size of 64 bits used which gives enough security without greatly affecting the speed.
- Key size: Larger key size means greater security but may decrease encryption/ decryption speed. The greater security achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less now widely considered to inadequate, and 128 bits has become a common size.
- The number of rounds: The essence of the Feistel cipher that a single round offers inadequate security but that multiple rounds offer increased security. A typical size 16 rounds.
Subkey generation algorithm: Greater complexity in this algorithm leads to greater difficulty of
- Round function F: Again, greater complexity generally means greater resistance to cryptanalysis.
- There are two other considerations in the design of a Feistel cipher:
- Fast software encryption/decryption: In many cases, encryption embedded in applications implementation (as software). Accordingly, the speed of execution of the algorithm becomes a concern.
- Ease of analysis: Although we would like to make our algorithm as difficult as possible to crypt analyze, there is a great benefit in making the algorithm easy to analyze. That is if The algorithm can concisely and clearly explain, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a high level of assurance as to its strength.