Algebraic Insights into the Secret Feistel Network
Perrin, Léo Paul
Udovenko, Aleksei
Fast Software Encryption - 23rd International Workshop, FSE 2016, Bochum, March 20-23, 2016
Peyrin, Thomas
Springer-Verlag Berlin Heidelberg
Lecture Notes in Computer Science, 9783
23rd International Conference on Fast Software Encryption
20-23 March 2016
International Association for Cryptologic Research (IACR)
[en] secret-key cryptography ; High-Degree Indicator Matrix ; Feistel Network ; ANF ; Linear Approximation Table ; Walsh Spectrum ; Division Property ; Integral Attack
[en] We introduce the high-degree indicator matrix (HDIM), an object closely related with both the linear approximation table and the algebraic normal form (ANF) of a permutation. We show that the HDIM of a Feistel Network contains very specific patterns depending on the degree of the Feistel functions, the number of rounds and whether the Feistel functions are 1-to-1 or not. We exploit these patterns to distinguish Feistel Networks, even if the Feistel Network is whitened using unknown affine layers.

We also present a new type of structural attack exploiting monomials that cannot be present at round r-1 to recover the ANF of the last Feistel function of a r-round Feistel Network. Finally, we discuss the relations between our findings, integral attacks, cube attacks, Todo's division property and the congruence modulo 4 of the Linear Approximation Table.
FNR4009992 > Alex BIRYUKOV > ACRYPT > Applied Cryptography for the Internet of Things > 01/01/2013 > 30/06/2016 > 2012

