Cycle Structure of the DES for Keys Having Palindromic (or Antipalindromic) Sequences of Round Keys
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
The real reason for Rivest's phenomenon
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Cycle structure of the DES with weak and semi-weak keys
Proceedings on Advances in cryptology---CRYPTO '86
How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
On Weaknesses of Non–surjective Round Functions
Designs, Codes and Cryptography - Special issue: selected areas in cryptography I
Key-Schedule Cryptanalysis of DEAL
SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
Differential Cryptanalysis of the Full 16-Round DES
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
On Security of the 128-Bit Block Cipher DEAL
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Luby---Rackoff Revisited: On the Use of Permutations as Inner Functions of a Feistel Scheme
Designs, Codes and Cryptography
Reflection Cryptanalysis of Some Ciphers
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Generic Attacks on Feistel Networks with Internal Permutations
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
A cryptanalytic time-memory trade-off
IEEE Transactions on Information Theory
Hi-index | 0.89 |
In this work, we introduce a new generic attack on 5-round Feistel networks whose round functions are random permutations, under the condition that the second and the fourth round keys are equal. The attack is a combination of the square attack technique with the reflection attack technique and exploits the unbalanced distribution of the fixed points of the inner rounds among all the keys. The data complexity of the attack is @?4mn@?2^n^/^2 chosen plaintexts where @?4mn@? is the smallest integer bigger than or equal to 4mn, m is the length of a round key and n is the block length of the Feistel network. We utilize Hellman tables to construct a tradeoff between the time complexity and the memory complexity of the attack which are 2^3^m^-^2^M^-^1 and 2^M respectively where M is the tradeoff parameter. The number of weak keys is 2^k^-^m where k is the key length. As a concrete example, we mount the attack on 5-round DEAL. Our attack has overall complexity of 2^6^5 and works on a key set of cardinality 2^7^2 for 128-bit key length.