Paper 2015/526
Generic Key Recovery Attack on Feistel Scheme
Takanori Isobe and Kyoji Shibutani
Abstract
We propose new generic key recovery attacks on Feistel-type block ciphers. The proposed attack is based on the all subkeys recovery approach presented in SAC 2012, which determines all subkeys instead of the master key. This enables us to construct a key recovery attack without taking into account a key scheduling function. With our advanced techniques, we apply several key recovery attacks to Feistel-type block ciphers. For instance, we show 8-, 9- and 11-round key recovery attacks on n-bit Feistel ciphers with 2n-bit key employing random keyed F-functions, random F-functions, and SP-type F-functions, respectively. Moreover, thanks to the meet-in-the-middle approach, our attack leads to low-data complexity. To demonstrate the usefulness of our approach, we show a key recovery attack on the 8-round reduced CAST-128, which is the best attack with respect to the number of attacked rounds. Since our approach derives the lower bounds on the numbers of rounds to be secure under the single secret key setting, it can be considered that we unveil the limitation of designing an efficient block cipher by a Feistel scheme such as a low-latency cipher.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2013
- DOI
- 10.1007/978-3-642-42033-7_24
- Keywords
- block cipherkey scheduling functionall-subkeys-recovery attackmeet-in-themiddle attackkey recovery attacklow-data complexity attack
- Contact author(s)
- Takanori Isobe @ jp sony com
- History
- 2015-06-02: received
- Short URL
- https://ia.cr/2015/526
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/526,
author = {Takanori Isobe and Kyoji Shibutani},
title = {Generic Key Recovery Attack on Feistel Scheme},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/526},
year = {2015},
doi = {10.1007/978-3-642-42033-7_24},
url = {https://eprint.iacr.org/2015/526}
}
