Abstract
We present some known-key distinguishers for a type-1 Feistel scheme with a permutation as the round function. To be more specific, the 29-round known-key truncated differential distinguishers are given for the 256-bit type-1 Feistel scheme with an SP (substitution-permutation) round function by using the rebound attack, where the S -boxes have perfect differential and linear properties and the linear diffusion layer has a maximum branch number. For two 128-bit versions, the distinguishers can be applied on 25-round structures. Based on these distinguishers, we construct near-collision attacks on these schemes with MMO (Matyas-Meyer-Oseas) and MP (Miyaguchi-Preneel) hashing modes, and propose the 26-round and 22-round near-collision attacks for two 256-bit schemes and two 128-bit schemes, respectively. We apply the near-collision attack on MAME and obtain a 26-round near-collision attack. Using the algebraic degree and some integral properties, we prove the correctness of the 31-round known-key integral distinguisher proposed by Sasaki et al. We show that if the round function is a permutation, the integral distinguisher is suitable for a type-1 Feistel scheme of any size.
Similar content being viewed by others
References
Knudsen L R, Rijmen V. Known-key distinguishers for some blockciphers. In: Proceedings of the 13th International Conference on the Theory and Application of Cryptology and Information Security. 2007, 315–324
Smid M E, Branstad D K. Data encryption standard: past and future. Proceedings of the IEEE, 1988, 76(5): 550–559
Schneier B. Description of a new variable-length key, 64-bit block cipher (blowfish). Lecture Notes in Computer Science, 1994, 809: 191–204
Kazumaro A, Tetsuya I, Masayuki K, Mitsuru M, Shiho M, Junko N, Toshio T. Camellia: a 128-bit block cipher suitable for multiple platforms design and analysis. In: Proceedings of the 7th Annual International Workshop Selected Areas in Cryptography. 2001, 39–56
Wallen J. Design principles of the kasumi block cipher. Proceedings of the Helsinki University of Technology Seminar on Network Security, 2000
Rivest R L. The RC5 encryption algorithm. In: Proceedings of the 2nd International Workshop on Fast Software Encryption.1995, 86–96
Wu W, Zhang L. Lblock: a lightweight block cipher. In: Proceedings of the 9th International Conference on Applied Cryptography and Network Security. 2011, 327–344
Mendel F, Rechberger C, Schläffer M, Thomsen S S. The rebound attack: Cryptanalysis of reduced Whirlpool and Grøstl. In: Proceedings of the 16th International Workshop on Fast Software Encryption. 2009, 260–276
Sasaki Y, Yasuda K. Known-key distinguishers on 11-round feistel and collision attacks on its hashing modes. In: Proceedings of the 18th International Workshop on Fast Software Encryption. 2011, 397–415
Sasaki Y, Emami S, Hong D, Kumar A. Improved known-key distinguishers on Feistel-SP ciphers and application to camellia. In: Proceedings of the 17th Australasian Conference Conference on Information Security and Privacy. 2012, 87–100
Minier M, Phan R C W, Pousse B. Distinguishers for ciphers and known key attack against rijndael with large blocks. Lecture Notes in Computer Science, 2009, 5580: 60–76
Lamberger M, Mendel F, Rechberger C, Rijmen V, Schläffer M. Rebound distinguishers: Results on the full Whirlpool compression function. In: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security. 2009, 126–143
Wu S, Feng D, Wu W. Cryptanalysis of the LANE hash function. In: Proceedings of the 16th Annual International Workshop on Selected Areas in Cryptography. 2009, 126–140
Gilbert H, Peyrin T. Super-sbox cryptanalysis: Improved attacks for AES-like permutations. In: Proceedings of the 17th International Workshop on Fast Soft Encryption. 2010, 365–383
Dong L, Wu W, Wu S, Zou J. Known-key distinguisher on round reduced 3D block cipher. In: Proceedings of the 12th International Workshop on Information Security Applications. 2011, 55–69
Zheng Y, Matsumoto T, Imai H. On the construction of block ciphers provably secure and not relying on any unproved hypotheses. Lecture Notes in Computer Science, 1989, 435: 461–480
Adams C, Tavares S, Heys H, Wiener M. The CAST-256 encryption algorithm. Submission to AES competition, 1998
Yoshida H, Watanabe D, Okeya K, Kitahara J, Wu H, Küçük Ö, Preneel B. Mame: A compression function with reduced hardware requirements. In: Proceedings of the 9th International Workshop Workshop on Cryptographic Hardware and Embedded Systems. 2007, 148–165
Hirose S, Kuwakado H, Yoshida H. SHA-3 proposal: Lesamnta. Submission to NIST, 2008
Bouillaguet C, Dunkelman O, Leurent G, Fouque P A. Lecture Notes in Computer Science, 2010, 6544: 18–35
Sasaki Y, Aoki K. Improved integral analysis on tweaked lesamnta. In: Proceedings of the 14th International Conference on Information Security and Cryptology. 2011, 1–17
Peyrin T. Improved differential attacks for ECHO and Grøstl. In: Proceedings of the 30th Annual Cryptology Conference. 2010, 370–392
Mendel F, Peyrin T, Rechberger C, Schläffer M. Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and aes block cipher. Lecture Notes in Computer Science, 2009, 5867: 16–35
Matusiewicz K, Naya-Plasencia M, Nikolic I, Sasaki Y, Schläffer M. Rebound attack on the full LANE compression function. In: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security. 2009, 106–125
Mendel F, Rechberger C, Schläffer M. Cryptanalysis of twister. In: Proceedings of the 7th International Conference on Applied Cryptography and Network Security. 2009, 342–353
Rijmen V, Toz D, Varici K. Rebound attack on reduced-round versions of JH. In: Proceedings of the 17th International Workshop on Fast Soft Encryption. 2010, 286–303
Naya-Plasencia M, Toz D, Varici K. Rebound attack on JH42. In: Proceedings of the 17th International Conference on the Theory and Application of Cryptology and Information Security. 2011, 252–269
Wu S, Feng D, Wu W. Practical rebound attack on 12-round Cheetah-256. In: Proceedings of the 12th International Conference Annual International Conference on Information Security and Cryptology. 2009, 300–314
Khovratovich D, Naya-Plasencia M, Röck A, Schläffer M. Cryptanalysis of Luffa v2 components. In: Proceedings of the 17th International Workshop on Selected Areas in Cryptography. 2010, 388–409
Daemen J, Knudsen L R, Rijmen V. The block cipher square. In: Proceedings of the 4th International Workshop on Fast Soft Encryption. 1997, 149–165
Ferguson N, Kelsey J, Lucks S, Schneier B, Stay M, Wagner D, Whiting D. Improved cryptanalysis of Rijndael. In: Proceedings of the 7th International Workshop on Fast Soft Encryption. 2000, 213–230
Galice S, Minier M. Improving integral attacks against Rijndael-256 up to 9 rounds. Lecture Notes in Computer Science, 2008, 5023: 1–15
Knudsen L R, Wagner D. Integral cryptanalysis. In: Proceedings of the 9th International Workshop on Fast Soft Encryption. 2002, 112–127
Preneel B, Govaerts R, Vandewalle J. Hash functions based on block ciphers: A synthetic approach. Lecture Notes in Computer Science, 1993, 773: 368–378
Black J, Rogaway P, Shrimpton T. Black-box analysis of the blockcipher-based hash-function constructions from PGV. Lecture Notes in Computer Science, 2002, 2442: 320–335
Yu X, Wenling W. Cryptanalysis of MAME compression function. In: Proceedings of the 2010 International Conference on Computer Design and Applications. 2010, 5: 602–605
Author information
Authors and Affiliations
Corresponding author
Additional information
Le Dong is a lecturer in the Henan Normal University, China. He received his PhD from the Institute of Software, Chinese Academy of Sciences in 2013. He received his MS and BS from Zhengzhou University in 2006 and 2003, respectively. His research interests include cryptanalysis of hash functions and block ciphers.
Wenling Wu is a researcher and PhD supervisor in the Institute of Software, Chinese Academy of Sciences. She received her PhD from Xidian University in 1997, and her MS and BS from Northwest University in 1990 and 1987. Her research interests are cryptanalysis and the design of block ciphers.
Shuang Wu is a research associate in the Institute of Software, Chinese Academy of Sciences. He received his PhD from the Chinese Academy of Sciences in 2011, and his BS from Tsinghua University in 2005. His research interests are cryptanalysis and the design of hash functions.
Jian Zou is a PhD candidate in the Institute of Software, Chinese Academy of Sciences. He received his BS from Central China Normal University in 2009. His research interests are cryptanalysis and the design of hash functions.
Rights and permissions
About this article
Cite this article
Dong, L., Wu, W., Wu, S. et al. Known-key distinguishers on type-1 Feistel scheme and near-collision attacks on its hashing modes. Front. Comput. Sci. 8, 513–525 (2014). https://doi.org/10.1007/s11704-014-2412-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11704-014-2412-7