On the practical security bound of GF-NLFSR structure with SPN round function

Abstract

At ACISP 2009, Choy et al. proposed the generalised Feistel nonlinear feedback shift register structure (GF-NLFSR). The main feature of GF-NLFSR containing n sub-blocks is that it can be parallelized up to n-round for implementation, and meanwhile the provable security bound against differential cryptanalysis (DC) and linear cryptanalysis (LC) can be provided for n+1 rounds. Thus, it maybe suit for the lightweight encryption environment, such as RFID tags, smart cards, and sensor nodes. The practical security bound of GF-NLFSR with SPN round function was further studied by Yap et al. at Africacrypt 2010, where a differential bound for 2nr-round was provided, while for the linear bound, only partial results for n = 2, 4 were presented. In this paper, we eliminate such discrepancy between the practical differential and linear bound of GF-NLFSR with SPN round function by demonstrating that a unified bound could be proved using the “divide and conquer” strategy. We further find a relationship between the truncated differential characteristics and linear characteristics of GF-NLFSR, which builds a nice link between the lower differential bound and linear bound of such construction, and demonstrate that proving the cipher’s resistance against either DC or LC is enough to show its resistance against both DC and LC. We hope that the result in the current paper will be useful when designing ciphers based on GF-NLFSR structure with SPN round function.