(IJCNS) International Journal of Computer and Network Security, 77

Vol. 1, No. 2, November 2009

Modified Feistel Cipher Involving Interlacing

and Decomposition
K.Anup Kumar1 and V.U.K. Sastry2
1
Associate Professor, Department of Computer Science and Engineering, SNIST,
Hyderabad, Andhra Pradesh, India.
1
k_anupkumar@yahoo.com
2
Dean R & D, Department of Computer Science and Engineering, SNIST,
Hyderabad, Andhra Pradesh, India.
2
vuk_sastry@rediffmail.com

section 4. We have illustrated the cipher in section 5 and

Abstract: In this paper, we have discussed the generation of
large block cipher of 256 bit by using the modified feistel
investigated the cryptanalytic attack on cipher in section 6.
structure involving basic concepts of interlacing, decomposition In section 6.3, we have discussed the avalanche effect which
and key based random permutations. In each round, we perform is followed by the conclusion in section 7 and reference in
decomposition before encryption and interlacing after section 8.
encryption. The key based random permutations and
substitutions used in this process are similar to the one we 2. Interlacing and Decomposition
already published in our previous paper. The cryptanalysis
carried out in this paper, indicates that the cipher cannot be Let us illustrate the process of decomposition first. Let ‘P’
broken by any cryptanalytic attack due to the non linearity be the plaintext of length 256 bit. Let us divide this plaintext
induced by the interlacing, decomposition and key based of 256 bit block into four small blocks of 64 bits each.
random permutations. Let C0 = P be the initial plaintext. Thus we get,
Keywords: Encryption, Decryption, Plaintext, Cipher text, B01, B02, B03, B04 as 64 bits blocks by placing the first 64 bits
Key, Interlacing, Decomposition etc. of ‘C0’ in ‘B01’ and the next 64 bits of ‘C0’ in ‘B02’ and so
on.
1. Introduction Hence,
Ck = Σ Bki , j . Such that, i = 1 to 4 and j = 1 to 64. k = 0 to
In the survey of literature of cryptography, Feistel 16; Where, k = 0 indicates initial plaintext, k = m indicates
structure has a predominant role in generating the block cipher text after mth round and Σ indicates concatenation of
cipher of required size. Here, the bits of the plaintext bits.
undergo a series of diffusion and confusion transformations Let C0 = { C01, C02, C03,………, C0256 }. Then,
involving permutations, substitutions. The classical feistel Bmi = Σ Cmj + k . Where, i = 1 to 4 , j = 1 to 64
structure involves a round function and the number of and k = 64*( i - 1 ). therefore,
rounds which provides good strength to the cipher is
sixteen. Bm1 = { Cm1, Cm2, Cm3,……., Cm64 } (2.1)
Bm2 = { Cm65, Cm66, Cm67,……., Cm128 } (2.2)
In this paper, we have developed a block cipher of 256 Bm3 = { Cm129, Cm130, Cm131,……., Cm192 } (2.3)
bit, using 16 rounds of classical feistel structure. In the Bm4 = { Cm193, Cm194, Cm195,……., Cm256 } (2.4)
process of encryption and decryption, we have used the
function ‘F’ in each round same as our conventional feistel We perform decomposition before encryption. So that, a
structure with key based random permutations and large block of 256 bit is divided into a small block of 64 bit.
substitutions published in our previous paper, see reference Hence encryption of these small blocks can be done in
[6].To get proper mixing of bits between two consecutive parallel and faster. Moreover, decomposition allows us to
rounds; to introduce the non linearity and counter attack the introduce enough confusion in a large block cipher due to
cryptanalysis, we have used the concepts of interlacing and which the desired avalanche effect is maintained. See (6.3).
decomposition. Our interest is to develop a block cipher
using feistel network which cannot be broken by any Now let us illustrate the process of interlacing.
cryptanalytic attack. We perform interlacing after encryption is performed on
small blocks Bm1, Bm2, Bm3, Bm4.
In section 2 of this paper, we introduce the process of Let cm+11, Cm+12, Cm+13, cm+14 be the corresponding ciphers
interlacing and decomposition in feistel network followed by obtained after encryption.
the process of interlacing and decomposition demonstrated Let ‘Ci’ be the 256 bit cipher obtained after interlacing the
in figure. In section 3, we discuss the development of cipher ciphers cm+11, cm+12, cm+13, cm+14. Here ‘i’ indicates the round
and we present the algorithms for encryption, after which interlacing is performed and i=m+1. In the
decryption, Let ‘Ci’ be the 256 bit cipher obtained after process of interlacing, we take the first bit of ‘cm+11’ and
interlacing the ciphers cm+11, cm+12, cm+13, cm+14. Here ‘i’ place it as the first bit of Ci, next we take the first bit of
indicates the round interlacing and decomposition in
78 (IJCNS) International Journal of Computer and Network Security,
Vol. 1, No. 2, November 2009

‘cm+12’ and place it as the second bit of Ci, and similarly the As we use four different blocks B1, B2, B3, B4 of 64 bit each
first bit of ‘cm+13’ and ‘cm+14’ are placed as the third and for encryption, by using required transformations on k1, k2,
fourth bit of Ci. This process is continued till all the bits of k3 and k4 published in our previous paper, see reference [6].
cm+11, cm+12, cm+13, cm+14 are combined into Ci.
Therefore The following is the process proposed for using interlacing
and decomposition during encryption/decryption in feistel
Ci = { c1,1, c2,1, c3,1, c4,1, c1,2, c2,2, c3,2, c4,2, ……., c1,64, c2,64, structure.
c3,64,c4,64 } (2.5)
Plaintext C0 of 256 bit
Thus, The process of interlacing allows us to mix the bits
thoroughly before beginning the next round. Interlacing and
Decompose the plaintext
decomposition enables us in performing variable
permutations and substitutions on bits in each round. Round 1
The following figures explain how interlacing and
decomposition are used. F F F F

Decomposition
Interlacing

C1 …... C64 C65 …. C128C129 …..C192 C193 ….. C256 Round 2

Decompose

F F F F

B1 B2 B3 B4 Interlacing

Decompose
64 bit blocks B1,B2,B3,B4 obtained after Decomposition
F F F F

Interlacing : : : : :
: : : :
C1 C2 C3 C4 : : :

c1 …. c64 c1 … c64 c1 ….. c64 c1 .... c64 F F F F

…… Interlacing

c1,1 c2,1 c3,1 c4,1 c1,2 c2,2 c3,2 c4,2 … c1,64 c2,64 c3,64 c4,64 Round 15
Decompose
Cipher text Ci of 256 bits after Interlacing. F F F F

3. Development of Cipher
Interlacing
Let us consider a block of plaintext ‘P’ consisting of 32
Round 16
characters. By using the EBCDIC code, each character can Decompose
be represented in terms of 8 bits.
F F F F
Then the entire plaintext of 32 characters yields us a block
containing 256 bits.
Let this initial plaintext be represented as C0. Interlacing
16
Cipher text C of 256 bit.
Let the key ‘K’ contain 16 integers, then the 8 bit binary
representation of these integers yields us a block containing Encryption involving interlacing and decomposition
128 bits. Let this block be denoted as ‘k’.
Note: permutations, substitutions and key generation during
Let the first 32 bits of ‘k’ be treated as k1. encryption and reverse permutations and
substitutions and key generations during decryption are
The next 32 bits of ‘k’ be treated as k2. discussed in our paper published earlier. See reference [6].
Similarly, we get two more keys ‘k3’ and ‘k4’.
 (IJCNS) International Journal of Computer and Network Security, 79
Vol. 1, No. 2, November 2009

Ciphertext C
16
of 256 bit
< Cm > indicates decomposition.

Decompose the ciphertext

In the first round, encryption is done in the following way.
We perform the required transformations on k1, k2, k3, and
Round 16 k4 to get krn1, krn2, krn3, krn4.

F F F F Cni = Fkrni ( Bmi ); i = 1 to 4 indicates ith block.

‘F’ indicates encryption and krni indicates the round key

Interlacing for ‘nth’ round on ith block and n = m+1.

Round 15 After encryption in nth round, we get ciphertext as four

Decompose
blocks Cn1, Cn2, Cn3, Cn4.
F F F F
Next we perform interlacing after encryption.
Cn = > Cni < ;
Interlacing
Here i = 1 to 4 , indicates the cipher block.
Decompose n = 1 to 16. indicates the round after which interlacing is
performed.
F F F F > Cni < , represents interlacing.

: : : : Similarly, during decryption, we proceed in the same

: : : : way as discussed above, performing reverse transformations
: : : : on key. See reference [6] for reverse transformations used.

4. Algorithms
F F F F
4. 1 Algorithm for Encryption

Interlacing BEGIN
Round 2

Decompose C0 = P // initialize 256 bits plaintext

F F F F for i = 1 to 16
{
for j = 1 to 4
Interlacing {
Round 1

Decompose Bi -1 j = < Ci -1 > // Decompose

F F F F
}
for j = 1 to 4
{
Interlacing

Plain text of 256 bit. Cij = Fkri j ( Bi-1j ) // Encryption

Decryption involving interlacing and decomposition
}
We generate the keys for respective rounds denoted as krm1, for j = 1 to 4
krm2, krm3, krm4. Such that if krmi is the round key, then ‘i’ {
indicates the block and ‘m’ indicates the round. Ci = > Ci j < // Interlace
}
The initial plaintext of 256 bits is represented as C0 }
Decompose C0 into four blocks of 64 bits each. This can be END
represented as B01, B02, B03, and B04.
Therefore,

Bmi = < Cm > where, ‘m’ indicates the round after which 4. 2 Algorithm for Decryption
decomposition is performed, ‘i’ indicates the block
number; i = 1 to 4 and BEGIN
80 (IJCNS) International Journal of Computer and Network Security,
Vol. 1, No. 2, November 2009

4. 4 Algorithm for Interlacing

C16 = cipher text // initialize 256 bits cipher text
for i = 16 to 1 BEGIN
{
for j = 1 to 4 > Ci-1j <
{
Bij = < Ci > // Decompose {
} for n = 1 to 64
for j = 1 to 4 {
{ Ci-1 [( j-1)*64 + n] = Ci-1j [ n ]
Ci-1j = Fkrij ( Bij ) // Encryption }
}
for j = 1 to 4 }
{
Ci-1 = > Ci-1j < // Interlace END
}
} 5. Illustration Of Cipher
END Consider the plaintext P = { O Lord, Please save me from
evil }. Let the key K = { 155, 23 , 59, 3, 111, 26, 91, 36,
4. 3 Algorithm for Decomposition 77, 148, 87, 59, 118, 2, 65, 181 }.

BEGIN Now the 8 bit binary representation of plaintext P and key K

is as follows.
< Ci-1 > // during ith round Initial plaintext C0 = P.
{
j =1 01001111001000000100110001101111011100100110
for n = 1 to 256 01000010110000100000 01010000011011000110010
{ 10110000101110011011001010010000001110011011
if ( n <= 64 ) 00001011101100110010100100000011011010110010
{ 10010000011001100111001001101111011011010010
B i-1j [n] = Ci-1[n] 000001100101011101100110100101101100 (5.1)
j=j+1
} Initial key k is
10011011000101110011101100000011011011110001
else if ( ( 64 > n ) and ( n <= 128 ) ) 10100101101100100100010011011001010001010111
{ 0011101101110110000000100100000110110101(5.2)
B i-1j [n] = Ci-1[n]
j= j+1 Let the plaintext be decomposed into B01, B02, B03, B04.
} Then the respective 64 bit blocks after decomposition are as
follows.
else if ( ( 128 > n ) and ( n <= 192 ) )
{ 01001111001000000100110001101111011100100110
B i-1j [n] = Ci-1[n] 01000010110000100000. (5.3)
j= j+1
} 01010000011011000110010101100001011100110110
01010010000001110011. (5.4)
else if ( ( 192 > n ) and ( n <= 256 ) )
{ 01100001011101100110010100100000011011010110
B i-1j [n] = Ci-1[n] 01010010000001100110. (5.5)
j= j+1
} 01110010011011110110110100100000011001010111
} 01100110100101101100. (5.6)

} Permute the bits in key ‘k’ by using the random key based
permutations published in our previous paper. See reference
END [6].

Let this permuted key be divided into four equal size blocks
and used as round keys kr11, kr12, kr13, kr14. for blocks B01,
B02, B03, B04.respectively.
 (IJCNS) International Journal of Computer and Network Security, 81
Vol. 1, No. 2, November 2009

We are using 128 bit key k in each round, we divide k

Now we encrypt these four blocks with their respective into four blocks, perform required transformations and get
round keys and with the help of round function ‘F’ as the round sub keys kr11, kr12, kr13, kr14 for plaintext blocks
described in our previous paper published. See reference [6]. B01, B02, B03, B04 respectively.
The corresponding cipher blocks C11, C12, C13, C14. obtained
after encryption in first round are as follows. According to Brute force attack, if a round key has to be
guessed. We need an exhaustive search of key space
01100001011101100110010100100000011011010110
01010010000001100110. (5.7)
2128 ≈ (210)13 ≈ (103)13 ≈ 1039. (6.1.1)
01110010011011110110110100100000011001010111
01100110100101101100. (5.8)
Since it takes many years to test each and every key possible
01101000011001000000000101001001010101111111 within such huge key space, we say that brute force attack is
00011011111101111001 (5.9) not possible on our algorithm as we cannot afford so many
years in searching the exact key.
00100010011110001111101011001000001001111110
10011010100100100010 (5.10) 6. 2 Known plaintext Attack

Next, we need to interlace these four blocks and get a In this case, we have as many plain text – cipher text
block cipher C1. pairs as we require. In our present paper, it is worth noticing
the interlacing and decomposition concepts introduced
So that, enough confusion and nonlinearity is induced by which handle the known plaintext attack. Let us first
mixing the bits of these small block ciphers. understand how classical feistel cipher is prone to known
After applying interlacing, we get the plaintext attack and then will discuss how our modified
following block cipher as C1. feistel cipher tackles this problem.

00001110111101000010000001011000000011111111 According to classical feistel cipher network, the

10010101111011000100000111011101000101011100 problem is with a particular set of bits, which always
00011110000100111100000000110000000000100000 undergo into similar transformations in every successive
11101101001010001111001111110011111111110110 round. For example, the first six bits always go into the first
00011100010010100011010011110010011100100010 substitution box. Therefore, if we have enough plaintext
011100001110111100100110110010010010 (5.11) cipher text pairs, one can easily guess the values used in a
substitution box ignoring the other substitution boxes.
Similarly, by using the respective round and sub keys, Similarly, one will be able to guess the key bits also. This
we continue the process up to 16 rounds and we get the problem does not exist in our modified algorithm because;
following cipher. we are using four independent blocks of encryption in each
round. It is ensured that bits after a particular round will not
10011111110011001000010110011010110000010111 enter into the same substitution boxes, will not use the same
01011000100011110111001000111110111101000101 permutations and key. This is due to interlacing and
00010001001110000001001000100110110000001001 decomposition concepts, which allow the scattering of bits
01110100001000101100101010001111001001111100 into four different blocks. Thus, interlacing and
11110111000001001010000000101001101011011000 decomposition allow us to mix the bits properly and it helps
011111000010000011000110011011101110 (5.12) us in introducing high nonlinearity in the algorithm.

Since the process of decryption is same as the process of 6. 3 Avalanche Effect

encryption, we get the plaintext by following the similar
steps as illustrated above but with reverse permuted keys. Let the plaintext be “O Lord, Please save me from
evil”. By following the process of encryption, we get the
6. Cryptanalysis cipher.

Now, let us examine the brute force attack and the 10011111110011001000010110011010110000010111
known plaintext attack on our cipher to assess the strength 01011000100011110111001000111110111101000101
of the cipher. First, we show that the brute force attack is 00010001001110000001001000100110110000001001
formidable and the known plaintext attack leads to a system 01110100001000101100101010001111001001111100
of equations from which the unknown key cannot be 11110111000001001010000000101001101011011000
determined. 011111000010000011000110011011101110 (6.3.1)

6. 1 Brute Force Attack Now let the plaintext be fixed, but change the key by one
bit. This can be done by changing the number “155” to
“156” in key ‘K’, since 155 and 156 differ by one bit. Now
82 (IJCNS) International Journal of Computer and Network Security,
Vol. 1, No. 2, November 2009

by using this new key ‘k’ we encrypt the same plaintext and into 4 equal parts of 64 bit blocks so that, cipher bits
we obtain the corresponding cipher as obtained after each round scatter into different blocks in the
next round. By doing so, the cryptanalysis part becomes
00110010010101011010111001110010111111110110 more difficult as the final cipher text obtained will depend
01010011101110000101001000100010100001011101 on different substitution boxes and different transformations
01010101111010111100000111000001010001111010
00110101011110010110101101101010010101101010 References
01010101110010001011011100111100011001000100
100010011001010011010010101111010011 (6.3.2) [1] William Stallings, “ Cryptography and Network
Security: Principles & Practices”, Third edition, 2003,
Comparing (6.3.1) and (6.3.2), we notice that the two Chapter 2 and 3.
cipher blocks differ by 125 bits out of the total 256 bits. This [2] Feistel. H. “ Cryptography and Computer Privacy” ,
shows that the algorithm exhibits strong avalanche effect. Scientific American, Vol. 228, No. 5. pp 15 – 23,
1973.
In the second case, let the key ‘K’ be fixed, But [3] Feistel, H., Notz W. and Smith. J. “ Some
change the plaintext. So that, the new plaintext and the cryptographic Techniques for machine to machine
original one differ by exactly one bit. This can be data communications “, Proceedings of the IEEE,
accomplished by changing the first character of the plaintext Vol. 63, No. 11, pp 1545 – 1554, Nov 1975.
from ‘O’ to ‘P’, because, ASCII values of ‘O’ and ‘P’ differ [4] “Avalanche Characteristics of Substitutions –
by one. We get the cipher text from this new plaintext as permutation Encryption Networks” Tavares S. Heys
H. IEEE Transactions on Computers 44 (9): 1131 –
11011100010001000100000100011000001000000101 1139, 1995.
00100100001110111010101111000001101100100110 [5] Shakir M. Hussain and Naim M. Ajilouni, “Key based
11110010110010010000111001111001000111101000 random permutation”, “Journal of Computer Science
00010001010011100100100000111000101001000101 2(5): 419 – 421, 2006. ISSN 1549 -3636.
00101010011111010011010110100010010010001100 [6] K. Anup Kumar and S. Udaya Kumar, “Block cipher
001101101011001011100010001010101010 (6.3.3) using key based random permutations and key based
random substitutions”, “International Journal Of
On comparing (6.3.1) and (6.3.3), we notice that the two Computer Science and Network Security”, Seoul,
cipher blocks differ by 125 bits out of 256 bits. This shows, South Korea. ISSN: 738-7906. Vol. 08, No. 3, March
that the interlacing and decomposition introduced in our 2008. pp. 267-277.
encryption algorithm exhibits good avalanche affect.
Authors Profile
7. Computational Results and Conclusion
K. Anup Kumar is working as an Associate Professor in the
In this paper, we have developed a block cipher of 256 Department Computer Science and Engineering, Sreenidhi
bits. The plaintext is of 32 characters and each character is Institute of Science and Technology. He is pursuing his PhD in the
represented with its 8 bits binary equivalent. The key area of information security, Under the guidance of Prof. V.U.K.
contains 16 integers which converted into its 8 bits binary Sastry from Jawaharlal Nehru Technological University,
Hyderabad, India. He published two papers in international
equivalent. The algorithms used for encryption, decryption,
Journals. He is interested in the research areas like: cryptography,
decomposition, interlacing etc. are all written using C Steganograpy, and Parallel processing systems.
language.
Prof. V.U.K. Sastry is working as the Director school of
From the cryptanalysis presented, we found that, brute computer science and informatics and as Dean R & D CSE
force attack is not possible. There is enough confusion and Department in Sreenidhi Institute of Science and technology.
diffusion introduced in the encryption algorithm through the Hyderabad, India. He has successfully guided many PhD’s and his
concepts of interlacing and decomposition. This is proved by research interests are: information security, Image processing and
the avalanche effect that is shown in (6.3). By using Data warehousing - data mining. He is the reviewer of many
international journals.
interlacing and decomposition, a 256 bit block , is broken

Acknowledgement
The authors are very thankful to Prof. Depanwita Roy
Chaudhury, IIT Kharagpur, India, for giving necessary
suggestions and for her valuable inputs given while writing
this paper. The authors are very thankful to the management
of Sreenidhi Institute Of Science and Technology, for their
support and encouragement given during this research work.