
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

KnownKey Attacks on Generalized Feistel Schemes with SP Round Function
HyungChul KANG Deukjo HONG Dukjae MOON Daesung KWON Jaechul SUNG Seokhie HONG
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E95A
No.9
pp.15501560 Publication Date: 2012/09/01 Online ISSN: 17451337
DOI: 10.1587/transfun.E95.A.1550 Print ISSN: 09168508 Type of Manuscript: PAPER Category: Cryptography and Information Security Keyword: generalized Feistel schemes, rebound attack, knownkey distinguisher, collision attack, hashing mode,
Full Text: PDF(1.7MB)>>
Summary:
We present attacks on the generalized Feistel schemes, where each round function consists of a subkey XOR, Sboxes, and then a linear transformation (i.e. a SubstitutionPermutation (SP) round function). Our techniques are based on rebound attacks. We assume that the Sboxes have a good differential property and the linear transformation has an optimal branch number. Under this assumption, we firstly describe knownkey distinguishers on the type1, 2, and 3 generalized Feistel schemes up to 21, 13 and 8 rounds, respectively. Then, we use the distinguishers to make several attacks on hash functions where MerkleDamgård domain extender is used and the compression function is constructed with MatyasMeyerOseas or MiyaguchiPreneel hash modes from generalized Feistel schemes. Collision attacks are made for 11 rounds of type1 Feistel scheme. Near collision attacks are made for 13 rounds of type1 Feistel scheme and 9 rounds of type2 Feistel scheme. Half collision attacks are made for 15 rounds of type1 Feistel scheme, 9 rounds of type2 Feistel scheme, and 5 rounds of type3 Feistel scheme.

open access publishing via







