Learning about Feistel Cipher

Question

I'm learning about Feistel Ciphers at the moment, but having issues with the formulae, so I can't move on from it.

Encryption:

$_{+1} = _$
$_{+1} = _ \oplus ( _ , _)$

For the round function $( _ , _)$, could someone advise on what exactly I need to do? Let's say my key is $1197$, what needs to happen in between the brackets, $(_ , _)$ , full diagram screenshot attached, thanks.

Welcome to Cryptography. I've edited your question, please check. The round function which is usually called the $F$ function performs confusion and diffusion. What is your actual question? Normally, one must define it as in DES — kelalaka, Mar 02 '19 at 19:49
Thanks for getting back to me. So If I have a plaintext and divide it into 2 parts, left and right, I need to put the right side through the round function. This should get me my value to XOR with the left side, but i'm not sure what exactly I have to do with the right side and round function in the 1st place. — terodee, Mar 02 '19 at 19:54
Yes, this is what the 1. and 2. equations already says. What is the problem? Did you see this question? — kelalaka, Mar 02 '19 at 19:57
Yes I checked he link you supplied but I can't really make sense of it. As I said Im only learning about it now, so still a bit raw with how it works. I did find something on a video from another site, it seems to imply that I must XOR the right side with Key. From here I would shift this value by 1 it and XOR it with the left side, does that sound correct? I have added a screenshot of this above. — terodee, Mar 02 '19 at 21:22
It is necessary to distinguish between on one hand Feistel cipher that is a structure or a tool that is used to construct block ciphers, on the other hand concrete applications of this tool. So $F$ is a function that takes two inputs, it could be any function but requirements are that it provides confusion and diffusion. The output of $F$ is then xored with the other part of the input. It might be worth mentioning that the keys $K_i$ are generated by some other procedures form input key.Now if you want to see a concrete implementation of $F$ then look at $DES$ for example. — Marc Ilunga, Mar 02 '19 at 22:02
You are using too simplified $F$ function. That is already insecure. — kelalaka, Mar 02 '19 at 22:05

Shan Chen · Accepted Answer · 2019-03-03T20:52:11.250

1

I guess it makes more sense if you write the two equations like this (referring to the nice diagram in Wikipedia): $$L_{i+1}=R_i,\; R_{i+1}=L_i\oplus F_{K_i}(R_i).$$ In each round, the round function $F$ takes as input the corresponding round key $K_i$ and the previous round's right output, then computes the output value, which is then XORed with the previous round's left output. $F$ is usually modeled as a pseudorandom function and has many instantiations (see here for a list of Feistel ciphers, of which each specifies its own $F$ instantiation and key schedule). This post discusses the requirements/goals for good $F$ instantiations.

edited Mar 03 '19 at 20:52

answered Mar 02 '19 at 21:50

Shan Chen

2,715
1
12
17

Thanks for this, makes much more sense to me now. My maths is a bit rusty! This link is also very helpful with explaining what key I should use, thank you. – terodee Mar 03 '19 at 15:51
@terodee One answer to that link mentioned the key schedule, but it seems for SPNs rather than Feistel ciphers. The key schedules are also specified in the listed Feistel cipher instantiations. – Shan Chen Mar 03 '19 at 20:58

ventaquil · Answer 2 · 2020-11-27T09:07:08.420

1

Function $F(x)$ should be function with pseudo-random output (if you change 1 bit in input there should be a chance to change half of output bits). There is no need to use a bijection, because in schema we do not need $F^{-1}(x)$.

Idea behind a Feistel Network is to use some function to hide bits of input behind pseudo-random outputs (but predictable).

edited Nov 27 '20 at 09:07

answered Mar 03 '19 at 00:01

ventaquil

111
5

Learning about Feistel Cipher

2 Answers2