New structure of block ciphers with provable security against differential and linear cryptanalysis

We introduce a methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable security, and the second reduces the size of substitution boxes; moreover, the last is expected to make algebraic attacks difficult. We also give specific examples of practical block ciphers that are provably secure under an independent subkey assumption and are reasonably fast in hardware as well as in software implementation.