Generic Key Recovery Attacks on the Variants of the Feistel-2 Ciphers
Feistel-2 is a Feistel scheme proposed by Isobe and Shibutani in Asiacrypt 2013, in which the round functions are composed of an XOR of a subkey followed by an application of a public function or permutation.Recently, a variation of the Feistel-2 scheme, in which the subkeys XORed after the round functions, has been widely used in proposals, like SIMON and Simeck.We denote this type Feistel scheme as Feistel-2*.In this paper, we study the security of the Feistel-2* ciphers and propose meet-in-the-middle attacks on Feistel-2* ciphers.Assuming that the block size is n, our attacks can further break up 8, 10, 12 rounds for n-, 3n/2-, 2n-bit key size, respectively.In particular, if the round functions of Feistel-2* follows by the SPN structure (this cipher is denoted as Feistel-3* here), our attacks can break up 12, 14 and 16 rounds for n-, 3n/2-, 2n-bit key size, respectively.Based on these results, lower bounds on the number of rounds that the secure Feistel-2* and Feistel-3* ciphers should have have been given.These results imply that the location of the subkey has an effect on the security of the Feistel cipher.
Dong Yang Wen-Feng Qi Tian Tian
National Digital Switching System Engineering & Technological Research Center, P.O.Box 407, 62 Kexue Road, Zhengzhou, 450001, China
国内会议
成都
英文
69-84
2016-07-01(万方平台首次上网日期,不代表论文的发表时间)