Paper 2015/426

Complementing Feistel Ciphers

Alex Biryukov and Ivica Nikolic

Abstract

In this paper, we propose related-key differential distinguishers based on the complementation property of Feistel ciphers. We show that with relaxed requirements on the complementation, i.e. the property does not have to hold for all keys and the complementation does not have to be on all bits, one can obtain a variety of distinguishers. We formulate criteria sufficient for attacks based on the complementation property. To stress the importance of our findings we provide analysis of the \textit{full-round} primitives: * For the hash mode of \camo without $FL,FL^{-1}$ layers, differential multicollisions with $2^{112}$ time * For GOST, practical recovery of the full key with 31 related keys and $2^{38}$ time/data

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2013
Keywords
ComplementationFeistelCamelliaGOSTrelated-keydifferential
Contact author(s)
inikolic @ ntu edu sg
History
2015-05-05: received
Short URL
https://ia.cr/2015/426
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/426,
      author = {Alex Biryukov and Ivica Nikolic},
      title = {Complementing Feistel Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2015/426},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/426}},
      url = {https://eprint.iacr.org/2015/426}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.