International Association
for Cryptologic Research

A usual way to construct block ciphers is to apply several rounds of a given structure. Many kinds of attacks are

mounted against block ciphers. Among them, differential and linear attacks are widely used. In~\\cite{V98,V03}, it is

shown that ciphers that achieve perfect pairwise decorrelation are secure against linear and differential attacks. It is possible to obtain such schemes by introducing at least one random affine permutation as a round function in the design of the scheme.

In this paper, we study attacks on schemes based on classical Feistel schemes where we introduce one or two affine

permutations.

Since these schemes resist against linear and differential

attacks, we will study stronger attacks based on specific equations on 4-tuples of

cleartext/ciphertext messages. We give the

number of messages needed to distinguish a permutation produced by such schemes from a random

permutation, depending on the number of rounds used in the schemes, the number and the position of the random affine permutations introduced in the schemes.