Abstract
Let A be a Feistel scheme with 5 rounds from 2n bits to 2n bits. In the present paper we show that for most such schemes A: 1. It is possible to distinguish A from a random permutation from 2n bits to 2n bits after doing at most O(2 7n/4 ) computations with O(2 7n/4 ) random plaintext/ciphertext pairs. 2. It is possible to distinguish A from a random permutation from 2n bits to 2n bits after doing at most O(2 3n/2 ) computations with O(2 3n/2 ) chosen plaintexts.
Since the complexities are smaller than the number 22n of possible inputs, they show that some generic attacks always exist on Feistel schemes with 5 rounds. Therefore we recommend in Cryptography to use Feistel schemes with at least 6 rounds in the design of pseudo-random permutations.
We will also show in this paper that it is possible to distinguish most of 6 round Feistel permutations generator from a truly random permutation generator by using a few (i.e. O(1)) permutations of the generator and by using a total number of O(22n) queries and a total of O(22n) computations. This result is not really useful to attack a single 6 round Feistel permutation, but it shows that when we have to generate several pseudorandom permutations on a small number of bits we recommend to use more than 6 rounds. We also show that it is also possible to extend these results to any number of rounds, however with an even larger complexity.
Chapter PDF
Similar content being viewed by others
Keywords
References
William Aiollo, Ramarathnam Venkatesan: Foiling Birthday Attacks in Length-Doubling Transformations-Benes: A Non-Reversible Alternative to Feistel. Eurocrypt 96, LLNCS 1070, Springer-Verlag, pp. 307–320.
L.R. Knudsen: DEAL-A 128-bit Block Cipher, Technical report #151, University of Bergen, Department of Informatics, Norway, February 1998. Submitted as a candidate for the Advanced Encryption Standard. Available at http://www.ii.uib.no/~larsr/newblock.html
L.R. Knudsen, V. Rijmen: On the Decorrelated Fast Cipher (DFC) and its Theory. Fast Software Encryption (FSE’99), Sixth International Workshop, Rome, Italy, March 1999, LNCS 1636, pp. 81–94, Springer, 1999.
M. Luby, C. Racko., How to construct pseudorandom permutations from pseudorandom functions, SIAM Journal on Computing, vol. 17, n. 2, pp. 373–386, April 1988.
Moni Naor and Omer Reingold, On the construction of pseudo-random permutations: Luby-Racko. revisited, J. of Cryptology, vol 12, 1999, pp. 29–66. Extended abstract in: Proc. 29th Ann. ACM Symp. on Theory of Computing, 1997, pp. 189–199.
J. Patarin, Pseudorandom Permutations based on the DES Scheme, Eurocode’90, LNCS 514, Springer-Verlag, pp. 193–204.
J. Patarin, New results on pseudorandom permutation generators based on the DES scheme, Crypto’91, Springer-Verlag, pp. 301–312.
J. Patarin, About Feistel Schemes with Six (or More) Rounds, in Fast Software Encryption 1998, pp. 103–121.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Patarin, J. (2001). Generic Attacks on Feistel Schemes. In: Boyd, C. (eds) Advances in Cryptology — ASIACRYPT 2001. ASIACRYPT 2001. Lecture Notes in Computer Science, vol 2248. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45682-1_14
Download citation
DOI: https://doi.org/10.1007/3-540-45682-1_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42987-6
Online ISBN: 978-3-540-45682-7
eBook Packages: Springer Book Archive