
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

Upper Bounds for the Security of Several Feistel Networks
Yosuke TODO
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E98A
No.1
pp.3948 Publication Date: 2015/01/01
Online ISSN: 17451337
DOI: 10.1587/transfun.E98.A.39
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security) Category: Symmetric Key Based Cryptography Keyword: block ciphers, Feistel networks, round functions, key recovery attacks,
Full Text: PDF(701.7KB) >>Buy this Article
Summary:
In this paper, we deal with upper bounds for the security of some Feistel networks. Such a topic has been discussed since the introduction of LubyRackoff construction. The LubyRackoff construction is unrealistic because its round functions must be chosen at random from the set of all functions. Knudsen dealt with a more practical construction whose round functions are chosen at random from a family of 2^{k} randomly chosen functions, and showed an upper bound for the security by demonstrating generic key recovery attacks. However it is still difficult for designers to choose functions randomly. Then, this paper considers the security of some Feistel networks which have more efficient and practical round functions, and such Feistel networks are indeed used by some Feistel ciphers in practice. We show new properties using the relationship between plaintexts and ciphertexts. We propose new generic key recovery attacks by using our properties, and confirm the feasibility by implementing the attack on Feistel ciphers with small block sizes. As a result, we conclude that efficient and practical 6round Feistel networks are not secure.

