Feistel Cipher

• Feistel cipher named after block cipher pioneer Horst Feistel, is a general cipher design principle.
• A feistel cipher can have three types of components: self-invertible, invertible and non-invertible. This cipher combines all non-invertible elements in a unit and uses the same unit in the encryption and decryption algorithm.
• In a Feistel cipher, the plaintext block P is split into left and right halves, $P = (L_0, R_0)$
• For each round i = 1,2,... ,n new left and right halves are computed according to the rules

$L_i =R_i-1 …………… (I)$

$R_i = L_i-1 ⊕ F (R_i-1, K_i) …………….(II) $

where Ki is the subkey for round i.

• The subkey is derived from the key Ki according to a specified key schedule algorithm. Finally the ciphertext C is the output of the final round, namely,

$C = (L_n , R_n)$

Solving equations (I) and (II) for R i-1 and $L_i-1$

$R_i-1 = L_i$

$L_i-1 = R_i ⊕ F( R_i-1 , K_i )$

and the final result is the original plaintext $P=(L_0 , R_0)$.

• Any round function F will work in a Feistel cipher provided that the output of F produces the correct number of bits. There is no requirement that the function F be invertible.