Optimum Attack on 3-Round Feistel-2 Structure

Daiza, Takanori; Kurosawa, Kaoru

doi:10.1007/978-3-030-85987-9_10

Takanori Daiza¹⁰ &
Kaoru Kurosawa^11,12

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12835))

Included in the following conference series:

International Workshop on Security

390 Accesses
2 Citations

Abstract

Feistel-2 structure is a variant of Feistel structure such that the \(i^{th}\) round function is given by \(\mathrm {F}_i(k_i \oplus x)\), where \(\mathrm {F}_i\) is a public random function and \(k_i\) is a key of n/2 bits. Lampe and Seurin showed that 3-round Feistel-2 structure is secure if \(D+T \ll 2^{n/4}\) (which is equivalent to \(D \ll 2^{n/4}\) and \(T \ll 2^{n/4}\)), where D is the number of queries to the encryption oracle and T is the number of queries to each \(\mathrm {F}_i\) oracle. On the other hand, only the meet-in-the-middle attack is known for 3-round Feistel-2 structure which works only for \((D,T)=(O(1), O(2^{n/2}))\) with \(O(2^{n/2})\) amount of memory.

In this paper, we first show that 3-round Feistel-2 structure is broken by a key recovery attack if \(DT \ge 2^{n/2}\) (which requires \(O(D+T)\) amount of memory). Since it works for \(D=T=O(2^{n/4})\), this attack proves that the security bound of Lampe and Seurin is tight at \(D=T=O(2^{n/4})\). We next present a memoryless key recovery attack for \((D,T)=(O(1), O(2^{n/2}))\). We finally show a memoryless key recovery attack for \(D=O(2^{n/4})\) and \(T=O(2^{n/4})\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 69.99; Price excludes VAT (USA)

Softcover Book: USD 89.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45–62. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_5
Chapter MATH Google Scholar
Daemen, J.: Limitations of the Even-Mansour construction. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57332-1_46
Chapter Google Scholar
Dunkelman, O., Keller, N., Shamir, A.: Slidex attacks on the Even-Mansour encryption scheme. J. Cryptol. 28(1), 1–28 (2015)
Article MathSciNet Google Scholar
Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: New attacks on Feistel structures with improved memory complexities. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 433–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_21
Chapter Google Scholar
Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of bicomposite problems with cryptanalytic applications. J. Cryptol. 32(4), 1448–1490 (2019)
Article MathSciNet Google Scholar
Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210–224. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57332-1_17
Chapter Google Scholar
Galbraith, S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012)
Book Google Scholar
Hoang, V.T., Rogaway, P.: On generalized Feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613–630. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_33
Chapter Google Scholar
Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 202–221. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_14
Chapter MATH Google Scholar
Isobe, T., Shibutani, K.: Generic key recovery attack on Feistel scheme. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_24
Chapter Google Scholar
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
Article MathSciNet Google Scholar
Lucks, S.: Faster Luby-Rackoff ciphers. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 189–203. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-60865-6_53
Chapter Google Scholar
Lampe, R., Seurin, Y.: Security analysis of key-alternating Feistel ciphers. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 243–264. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_13
Chapter Google Scholar
Maurer, U.M.: A simplified and generalized treatment of Luby-Rackoff pseudorandom permutation generators. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 239–255. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_21
Chapter Google Scholar
Maurer, U., Pietrzak, K.: The security of many-round Luby-Rackoff pseudo-random permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_34
Chapter Google Scholar
Maurer, U., Oswald, Y.A., Pietrzak, K., Sjödin, J.: Luby-Rackoff ciphers from weak round functions? In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 391–408. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_24
Chapter Google Scholar
Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. J. Cryptol. 12(1), 29–66 (1999)
Article MathSciNet Google Scholar
Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_7
Chapter Google Scholar
Ramzan, Z., Reyzin, L.: On the round security of symmetric-key cryptographic primitives. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 376–393. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_24
Chapter Google Scholar
Pollard, J.M.: Monte Carlo methods for index computation (mod p). Math. Comput. 32(143), 918–924 (1978)
MathSciNet MATH Google Scholar

Download references

Author information

Authors and Affiliations

Ibaraki University, Hitachi, Japan
Takanori Daiza
Research and Development Initiative, Chuo University, Tokyo, Japan
Kaoru Kurosawa
National Institute of Advanced Industrial Science and Technology, Tokyo, Japan
Kaoru Kurosawa

Authors

Takanori Daiza
View author publications
You can also search for this author in PubMed Google Scholar
Kaoru Kurosawa
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kaoru Kurosawa .

Editor information

Editors and Affiliations

Hiroshima University, Hiroshima, Japan
Toru Nakanishi
National Institute of Information and Communications Technology, Tokyo, Japan
Ryo Nojima

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Daiza, T., Kurosawa, K. (2021). Optimum Attack on 3-Round Feistel-2 Structure. In: Nakanishi, T., Nojima, R. (eds) Advances in Information and Computer Security. IWSEC 2021. Lecture Notes in Computer Science(), vol 12835. Springer, Cham. https://doi.org/10.1007/978-3-030-85987-9_10

Download citation

DOI: https://doi.org/10.1007/978-3-030-85987-9_10
Published: 27 August 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85986-2
Online ISBN: 978-3-030-85987-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics