Abstract
Generalized Feistel network (GFN) is a widely used design for encryption algorithm such as DES, IDEA and others. Generally, block ciphers are used not only for symmetric encryption but also as building blocks of cryptographic hash functions in modes such as Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel. For these compression function modes, block ciphers are used with a key that is known to the attacker. Therefore a known-key distinguisher on the internal block cipher can be directly converted into a distinguisher on the compression function. In other words, the security of a compression mode relies on the security of the internal block cipher used.
The security of the cipher in known-key setting is only due to the round function. Block ciphers popularly use sub-key XOR-ing followed by one or more SP-functions as the building block of a round function. The general understanding is that increasing the number of active S-boxes will cause more confusion and guarantee more secure ciphers against differential and linear cryptanalysis. In Indocrypt 2012, Sasaki compared the security of single-SP function with double-SP function and successfully mounted a distinguisher up to 7-round for 4-branch type-2 GFN with double-SP functions and up to 11-rounds of 2-branch single-SP functions by using the rebound attack technique. Based on the total number of S-boxes used and the number of rounds attacked, he argued that double-SP is in fact weaker than single-SP. The basis of this result is the number of rounds that the author could attack. In this work, we successfully increase the number of rounds attacked from 7 to 8 for 4-branch type-2 double-SP. The presented distinguisher is the first known distinguisher for 8 round 4-branch type-2 GFN with double SP-function. In our attack, we use an improved matching technique which is simpler than the byte-by-byte matching. This simple matching technique results in better complexity than the previously known 7 round distinguisher for most of the practical cases, allowing us to attack one extra round.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Bogdanov, A., Shibutani, K.: Double SP-Functions: Enhanced Generalized Feistel Networks - Extended Abstract. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 106–119. Springer, Heidelberg (2011)
Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)
Knudsen, L.R., Rijmen, V.: Known-Key Distinguishers for Some Block Ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)
Luby, M., Rackoff, C.: How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract). In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 447–447. Springer, Heidelberg (1986)
Matsui, M.: Linear Cryptoanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)
Sasaki, Y.: Double-SP Is Weaker Than Single-SP: Rebound Attacks on Feistel Ciphers with Several Rounds. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 265–282. Springer, Heidelberg (2012)
Sasaki, Y., Yasuda, K.: Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 397–415. Springer, Heidelberg (2011)
Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-Bit Blockcipher CLEFIA (Extended Abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)
Stinson, D.R.: Cryptography - theory and practice, 3rd edn. Discrete mathematics and its applications series. Chapman and Hall/CRC Press (2005)
Zheng, Y., Matsumoto, T., Imai, H.: On the Construction of Block Ciphers: Provably Secure and Not Relying on Any Unproved Hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Chang, D., Kumar, A., Sanadhya, S. (2013). Security Analysis of GFN: 8-Round Distinguisher for 4-Branch Type-2 GFN. In: Paul, G., Vaudenay, S. (eds) Progress in Cryptology – INDOCRYPT 2013. INDOCRYPT 2013. Lecture Notes in Computer Science, vol 8250. Springer, Cham. https://doi.org/10.1007/978-3-319-03515-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-03515-4_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03514-7
Online ISBN: 978-3-319-03515-4
eBook Packages: Computer ScienceComputer Science (R0)