Newsgroups: sci.crypt
From: (Stewart Strait)

Subject: Re: Generalized Feistel Networks
Organization: CTS Network Services (CTSNET), San Diego, CA
Date: Mon, 3 Apr 1995 06:00:17 GMT
X-Newsreader: TIN [version 1.2 PL2]
References: <3lndp5$>
Sender: (news subsystem)
Lines: 28

Ralf Brown ( wrote:

: This idea can be generalized to the N parts of a block (said block naturally
: being larger than in the N=2 case normally used).  For instance, if N=4,
: then the subblocks A,B,C,D of a block would be transformed as follows for
: encryption:
:       A' = D
:       B' = f(A,B)
:       C' = f(B,C)
:       D' = f(C,D)
: with decryption using
:       D = A'
:       C = f'(D,D')
:       B = f'(C,C')
:       A = f'(B,B')
: We can further generalize by using multiple mixing functions--there could
: be up to N-1 distinct mixing functions applied in each round.  This will
: naturally require careful design to avoid sets of functions which neutralize
: each other.

If the mixing functions are linear, we get a simple form of
the Hill System, i.e.  ciphertext vector=key matrix *
plaintext vector, since every invertible matrix is a product
of matrix representations of elementary row operations. The
Hill System is not secure (at all!) against known plaintext
attack, but it's interesting that it is Feistel-like.