不可能差分分析和零相关线性分析是分析分组密码算法的重要工具, 而对分组密码算法进行这两种攻击的关键则是该算法中不可能差分对应和零相关线性逼近的存在. EGFN模型是在2013年SAC会议上被Berger等人提出的, 该模型的扩散速度比已有的Feistel模型快. Berger等人给出了输入分块个数为4、8和16的EGFN模型的具体结构, 并分析了其针对各种攻击的安全性, 但并没有给出EGFN模型中具体的不可能差分对应和零相关线性逼近. 本文定义了4-EGFN/8-EGFN/16-EGFN模型中相容的差分对应/相容的线性逼近和强不可能差分对应/强零相关线性逼近, 给出了4-EGFN/8-EGFN/16-EGFN模型中相容的差分传递链和相容的线性逼近传递链之间的对偶关系, 并首次给出了嵌套SP网络的4-EGFN/8-EGFN/16-EGFN模型的9轮强不可能差分对应和9轮强零相关线性逼近, 以及保证9轮强不可能差分对应和9轮强零相关线性逼近存在时扩散层需要满足的充分条件, 并列举了满足该充分条件的扩散层矩阵.

Impossible differential and zero correlation linear cryptanalyses are important tools to analyze the security of block ciphers，and the basis of these two kinds of attacks is the existence of the impossible differentials and zero correlation linear approximations of the block cipher. EGFN structure is proposed at SAC 2013 by Berger et al., the diffusion speed of EGFN structure is faster than that of other Feistel structure. Berger et al. presented the specific structure of EGFN with 4/8/16 input blocks, and analysis their security against various attack methods. However, they did not give the specific impossible differential and zero correlation linear approximation of 4-EGFN/8-EGFN/16-EGFN. This paper defines compatible differential and compatible linear approximation of 4-EGFN/8-EGFN/16-EGFN, presents the dual relationship between the compatible differential characteristic and the compatible linear trail of 4-EGFN/8-EGFN/16-EGFN, and gives the 9-round strong impossible differentials and strong zero correlation linear approximations for EGFN structure. Moreover, this paper gives the sufficient conditions which the diffusion layer should satisfy to ensure the existence of the 9-round strong impossible differentials and strong zero correlation linear approximations, and lists some matrix that satisfy those sufficient conditions.