Cryptology ePrint Archive: Report 2016/136

Automatic Expectation and Variance Computing for Attacks on Feistel Schemes

Emmanuel Volte and Valérie Nachef and Nicolas Marrière

Abstract: There are many kinds of attacks that can be mounted on block ciphers: differential attacks, impossible differential attacks, truncated differential attacks, boomerang attacks. We consider generic differential attacks used as distinguishers for various types of Feistel ciphers: they allow to distinguish a random permutation from a permutation generated by the cipher. These attacks are based on differences between the expectations of random variables defined by relations on the inputs and outputs of the ciphers. Sometimes, one has to use the value of the variance as well. In this paper, we will provide a tool that computes the exact values of these expectations and variances. We first explain thoroughly how these computations can be carried out by counting the number of solutions of a linear systems with equalities and non-equalities. Then we provide the first applications of this tool. For example, it enabled to discover a new geometry in 4-point attacks. It gave an explanation to some phenomena that can appear in simulations when the inputs and outputs have a small number of bits.

Category / Keywords: secret-key cryptography / Generic attacks on Feistel type schemes, pseudo-random permutations, differential cryptanalysis

Date: received 15 Feb 2016

Contact author: valerie nachef at u-cergy fr

Available format(s): PDF | BibTeX Citation

Version: 20160216:210854 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]