From Mok-Kong Shen@21:1/5 to All on Tue Feb 23 12:31:41 2016
IMHO the main essence of a Feistel cipher of block length n is the
working of a non-linear function F that is applied to the two halves
of the block of length n/2.
Now suppose a certain block cipher of block length n as well as two
keys of it are given. If one employs the given block cipher in the
sense of F on each half of a larger block of length 2n in parallel
(actually invoked alternatingly with the two keys) for a number of
rounds, one obtains evidently a new block cipher of Feistel genre
having doubled block length and requiring a doubled key length.
Could anything in general be said on the security (or insecurity)
of such a scheme?
It may be of interest to also examine the special case where the
two keys are identical. The scheme could apparently be useful if
a currently secure block cipher at a future timepoint becomes
insufficiently secure due to growth of adversary's computing power
(including the case when the dream of quantum computing comes true),
since it could obviate the necessity (or at least urgent necessity)
of a new design of block cipher in response.
The scheme can be trivially generalized to achieve a block length of
the larger cipher of m*n (m >= 2) operating on m subblocks of length
n as follows, with E(K,P) denoting the given block cipher and K[*]
denoting the array of the keys:
for i in [1 .. number_of_rounds] do
for j in [1 .. m] do
subblock[(j mod m) + 1] ^= E(K[j], subblock[j])
Note that in case m is not fixed but the plaintext length is m*n (and
there is one or more keys) one obtains a special kind of block chaining
with the given block cipher.
Certainly there is an efficiency issue that needs to be examined for
practical applications of the scheme.