Upper Bounds for the Security of Several Feistel Networks
In this paper, we are dealing with upper bounds for the security of some Feistel networks. Such a topic has been discussed since the introduction of Luby-Rackoff construction, but it is unrealistic construction because its round functions must be chosen at random from the set of all functions. Knudsen dealt with more practical construction where its round functions are chosen at random from a family of 2 k randomly chosen functions, and showed an upper bound for the security by demonstrating generic key recovery attacks. However it is still difficult for designers to choose functions randomly. Then, this paper considers the security of some Feistel networks which have more efficient and practical round functions and are indeed used by some Feistel ciphers in practice. For this Feistel ciphers, we discover new properties using the relation of plaintexts and ciphertexts. By using our properties, we propose new generic key recovery attacks, and confirm the feasibility by implementing the attack for small block sizes. Our results indicate that the 6 round networks are not enough to complicate the relationship between plaintexts and ciphertexts, and how to insert a round key is very influential in the upper bound for the security. This feature should be taken into account when the round function is designed in future. Moreover, for immunity to our attacks and maintenance of the efficiency, we show design principles for efficient and secure Feistel ciphers.
KeywordsBlock cipher Feistel networks Round functions Key recovery attacks
Unable to display preview. Download preview PDF.
- 6.Lampe, R., Patarin, J.: Security of Feistel Schemes with New and Various Tools. IACR Cryptology ePrint Archive 2012, 131 (2012)Google Scholar
- 7.Lee, H., Lee, S., Yoon, J., Cheon, D., Lee, J.: The SEED Encryption Algorithm RFC4269 (2005)Google Scholar
- 10.National Soviet Bureau of Standards: Information Processing System – Cryptographic Protection – Cryptographic Algorithm GOST 28147-89 (1989)Google Scholar
- 14.Patarin, J.: Security of balanced and unbalanced Feistel Schemes with Linear Non Equalities. IACR Cryptology ePrint Archive 2010, 293 (2010)Google Scholar