Newsgroups: sci.crypt
Path: illuminati.io.com!uunet!rose.uthscsa.edu!al.skidmore.edu!news.
+     sprintlink.net!crash!straits
From: straits@crash.cts.com (Stewart Strait)

Subject: Re: Generalized Feistel Networks
Organization: CTS Network Services (CTSNET), San Diego, CA
Date: Mon, 3 Apr 1995 06:00:17 GMT
Message-ID: 
X-Newsreader: TIN [version 1.2 PL2]
References: <3lndp5$nm4@cantaloupe.srv.cs.cmu.edu>
Sender: news@crash.cts.com (news subsystem)
Nntp-Posting-Host: crash.cts.com
Lines: 28

Ralf Brown (ralf+@cs.cmu.edu) wrote:

....
: This idea can be generalized to the N parts of a block (said block naturally
: being larger than in the N=2 case normally used).  For instance, if N=4,
: then the subblocks A,B,C,D of a block would be transformed as follows for
: encryption:
:       A' = D
:       B' = f(A,B)
:       C' = f(B,C)
:       D' = f(C,D)
: with decryption using
:       D = A'
:       C = f'(D,D')
:       B = f'(C,C')
:       A = f'(B,B')
....
: We can further generalize by using multiple mixing functions--there could
: be up to N-1 distinct mixing functions applied in each round.  This will
: naturally require careful design to avoid sets of functions which neutralize
: each other.

If the mixing functions are linear, we get a simple form of
the Hill System, i.e.  ciphertext vector=key matrix *
plaintext vector, since every invertible matrix is a product
of matrix representations of elementary row operations. The
Hill System is not secure (at all!) against known plaintext
attack, but it's interesting that it is Feistel-like.