Cryptology ePrint Archive: Report 2015/141

Analysis of Impossible, Integral and Zero-Correlation Attacks on Type-II Generalized Feistel Networks using the Matrix Method

Céline Blondeau and Marine Minier

Abstract: While some recent publications have shown some strong relations between impossible differential and zero-correlation distinguishers as well as between zero-correlation and integral distinguishers, we analyze in this paper some relation between the underlying key-recovery attacks against Type-II Feistel networks. The results of this paper are build on the relation presented at ACNS 2013. In particular, using a matrix representation of the round function, we show that we can not only find impossible, integral and multidimensional zero-correlation distinguishers but also find the key-words involved in the underlined key-recovery attacks. Based on this representation, for matrix-method-derived strongly-related zero-correlation and impossible distinguishers, we show that the key-words involved in the zero-correlation attack is a subset of the key-words involved in the impossible differential attack. Other relations between the key-words involved in zero-correlation, impossible and integral attacks are also extracted. Also we show that in this context the data complexity of the multidimensional zero-correlation attack is larger than that of the other two attacks.

Category / Keywords: secret-key cryptography / block ciphers, Feistel like ciphers, impossible differential, zero-correlation, integral, key-recovery attacks, matrix method

Original Publication (with minor differences): IACR-FSE-2015

Date: received 20 Feb 2015, last revised 18 Mar 2015

Contact author: marine minier at insa-lyon fr

Available format(s): PDF | BibTeX Citation

Note: Extended version of the FSE 2015 paper "Analysis of Impossible, Integral and Zero-Correlation Attacks on Type-II Generalized Feistel Networks using the Matrix Method"

Version: 20150318:084709 (All versions of this report)

Short URL: ia.cr/2015/141

Discussion forum: Show discussion | Start new discussion