How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
New Results on Pseudorandom Permutation Generators Based on the DES Scheme
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom permutations based on the DES scheme
EUROCODE '90 Proceedings of the International Symposium on Coding Theory and Applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Generic Attacks on Feistel Networks with Internal Permutations
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
On generalized Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Generic attacks on misty schemes
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Generic attacks on unbalanced feistel schemes with contracting functions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Security of the MISTY structure in the luby-rackoff model: improved results
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Increasing block sizes using feistel networks: the example of the AES
Cryptography and Security
Hi-index | 0.00 |
Let A be a Feistel scheme with 5 rounds from 2n bits to 2n bits. In the present paper we show that for most such schemes A: 1. It is possible to distinguish A from a random permutation from 2n bits to 2n bits after doing at most O(2 7n/4) computations with O(2 7n/4) random plaintext/ciphertext pairs. 2. It is possible to distinguish A from a random permutation from 2n bits to 2n bits after doing at most O(2 3n/2) computations with O(2 3n/2) chosen plaintexts. Since the complexities are smaller than the number 22n of possible inputs, they show that some generic attacks always exist on Feistel schemes with 5 rounds. Therefore we recommend in Cryptography to use Feistel schemes with at least 6 rounds in the design of pseudo-random permutations. We will also show in this paper that it is possible to distinguish most of 6 round Feistel permutations generator from a truly random permutation generator by using a few (i.e. O(1)) permutations of the generator and by using a total number of O(22n) queries and a total of O(22n) computations. This result is not really useful to attack a single 6 round Feistel permutation, but it shows that when we have to generate several pseudorandom permutations on a small number of bits we recommend to use more than 6 rounds. We also show that it is also possible to extend these results to any number of rounds, however with an even larger complexity.