Reference : Cryptanalysis of Feistel Networks with Secret Round Functions
 Document type : Scientific congresses, symposiums and conference proceedings : Paper published in a book Discipline(s) : Engineering, computing & technology : Computer science To cite this reference: http://hdl.handle.net/10993/22278
 Title : Cryptanalysis of Feistel Networks with Secret Round Functions Language : English Author, co-author : Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >] Leurent, Gaëtan [Inria] Perrin, Léo Paul [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] Publication date : Mar-2016 Main document title : Selected Areas in Cryptography -- SAC 2015, 21st International Conference, Sackville, NB, Canada, August 12-14, 2015, Revised Selected Papers Editor : Dunkelman, Orr Keliher, Liam Publisher : Springer International Publishing Collection and collection volume : Security and Cryptology, 8781 Pages : 102-121 Peer reviewed : Yes On invitation : No Audience : International Event name : Selected Areas in Cryptography -- SAC 2015 Event date : August 12-14, 2015 Event place (city) : Sackville Event country : Canada Keywords : [en] Feistel Network ; Yoyo ; Guess-and-Determine Abstract : [en] Generic distinguishers against Feistel Network with up to 5 rounds exist in the regular setting and up to 6 rounds in a multi-key setting. We present new cryptanalyses against Feistel Networks with 5, 6 and 7 rounds which are not simply distinguishers but actually recover completely the unknown Feistel functions. When an exclusive-or is used to combine the output of the round function with the other branch, we use the so-called \textit{yoyo game} which we improved using a heuristic based on particular cycle structures. The complexity of a complete recovery is equivalent to $\bigO(2^{2n})$ encryptions where $n$ is the branch size. This attack can be used against 6- and 7-round Feistel Networks in time respectively $\bigO(2^{n2^{n-1}+2n})$ and $\bigO(2^{n2^{n}+2n})$. However when modular addition is used, this attack does not work. In this case, we use an optimized guess-and-determine strategy to attack 5 rounds with complexity $\bigO(2^{n2^{3n/4}})$. Our results are, to the best of our knowledge, the first recovery attacks against generic 5-, 6- and 7-round Feistel Networks. Target : Researchers ; Professionals ; Students Permalink : http://hdl.handle.net/10993/22278 Other URL : http://eprint.iacr.org/2015/723 FnR project : FnR ; FNR4009992 > Alex Biryukov > ACRYPT > Applied Cryptography for the Internet of Things > 01/01/2013 > 31/12/2015 > 2012

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
draft.pdfAuthor preprint408.31 kBRequest a copy

All documents in ORBilu are protected by a user license.