摘要:This paper studies the minimum number of differential/linear active S-boxes for a class of generalized Feistel cipher with SP type F-function (GFNSP for short). We prove that m rounds m-GFNSP guarantee one differential active S-box and one linear active S-box, and 2m(m≥3) rounds guarantee differential active S-boxes and linear active S-boxes, where and are the differential and the linear branch number of the diffusion layer in F-function respectively. Hence, lower bound of the number of differential active S-boxes and that of linear active S-boxes for GFNSP with arbitrary round are deduced respectively, moreover, the previous one could be reachable for and as well as the latter one be reachable for and , where denotes the number of rounds.
关键词:block cipher, generalized Feistel network, SPN, active S-boxes
