Cryptology ePrint Archive: Report 2016/1162

Meet-in-the-Middle Attacks on Classes of Contracting and Expanding Feistel Constructions

Jian Guo and Jérémy Jean and Ivica Nikolic and Yu Sasaki

Abstract: We show generic attacks on unbalanced Feistel ciphers based on the meet-in-the-middle technique. We analyze two general classes of unbalanced Feistel structures, namely contracting Feistels and expanding Feistels. In both of the cases, we consider the practical scenario where the round functions are keyless and known to the adversary. In the case of contracting Feistels with 4 branches, we show attacks on 16 rounds when the key length k (in bits) is as large as the block length n (in bits), and up to 24 rounds when k = 2n. In the case of expanding Feistels, we consider two scenarios: one, where different nonlinear functions without particular structures are used in the round function, and a more practical one, where a single nonlinear is used but different linear functions are introduced in the state update. In the former case, we propose generic attacks on 13 rounds when k = n, and up to 21 rounds when k = 2n. In the latter case, 16 rounds can be attacked for k = n, and 24 rounds for k = 2n.

Category / Keywords: secret-key cryptography / Unbalanced Feistel, Generic Attack, Key Recovery, MITM

Original Publication (with minor differences): IACR-FSE-2017

Date: received 19 Dec 2016

Contact author: ntu guo at gmail com,Jeremy Jean@ssi gouv fr,inikolic@ntu edu sg,sasaki yu@lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20161228:140503 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]