Cryptanalysis of Feistel Networks with Secret Round Functions

Biryukov, Alex; Leurent, Gaëtan; Perrin, Léo Paul

Reference : Cryptanalysis of Feistel Networks with Secret Round Functions


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/22278

Title :	Cryptanalysis of Feistel Networks with Secret Round Functions
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Leurent, Gaëtan [Inria]
	Perrin, Léo Paul [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	Mar-2016
Main document title :	Selected Areas in Cryptography -- SAC 2015, 21st International Conference, Sackville, NB, Canada, August 12-14, 2015, Revised Selected Papers
Editor :	Dunkelman, Orr
	Keliher, Liam
Publisher :	Springer International Publishing
Collection and collection volume :	Security and Cryptology, 8781
Pages :	102-121
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	Selected Areas in Cryptography -- SAC 2015
Event date :	August 12-14, 2015
Event place (city) :	Sackville
Event country :	Canada
Keywords :	[en] Feistel Network ; Yoyo ; Guess-and-Determine
Abstract :	[en] Generic distinguishers against Feistel Network with up to 5 rounds exist in the regular setting and up to 6 rounds in a multi-key setting. We present new cryptanalyses against Feistel Networks with 5, 6 and 7 rounds which are not simply distinguishers but actually recover completely the unknown Feistel functions. When an exclusive-or is used to combine the output of the round function with the other branch, we use the so-called \textit{yoyo game} which we improved using a heuristic based on particular cycle structures. The complexity of a complete recovery is equivalent to $\bigO(2^{2n})$ encryptions where $n$ is the branch size. This attack can be used against 6- and 7-round Feistel Networks in time respectively $\bigO(2^{n2^{n-1}+2n})$ and $\bigO(2^{n2^{n}+2n})$. However when modular addition is used, this attack does not work. In this case, we use an optimized guess-and-determine strategy to attack 5 rounds with complexity $\bigO(2^{n2^{3n/4}})$. Our results are, to the best of our knowledge, the first recovery attacks against generic 5-, 6- and 7-round Feistel Networks.
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/22278
Other URL :	http://eprint.iacr.org/2015/723
FnR project :	FnR ; FNR4009992 > Alex Biryukov > ACRYPT > Applied Cryptography for the Internet of Things > 01/01/2013 > 31/12/2015 > 2012

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	draft.pdf		Author preprint	408.31 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices