Complementing Feistel Ciphers

Conference paper

DOI: 10.1007/978-3-662-43933-3_1

Volume 8424 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Biryukov A., Nikolić I. (2014) Complementing Feistel Ciphers. In: Moriai S. (eds) Fast Software Encryption. FSE 2013. Lecture Notes in Computer Science, vol 8424. Springer, Berlin, Heidelberg

Abstract

In this paper, we propose related-key differential distinguishers based on the complementation property of Feistel ciphers. We show that with relaxed requirements on the complementation, i.e. the property does not have to hold for all keys and the complementation does not have to be on all bits, one can obtain a variety of distinguishers. We formulate criteria sufficient for attacks based on the complementation property. To stress the importance of our findings we provide analysis of the full-round primitives:
  • For the hash mode of Camellia-128 without \(FL,FL^{-1}\) layers, differential multicollisions with \(2^{112}\) time.

  • For GOST, practical recovery of the full key with 31 related keys and \(2^{38}\) time/data.

Keywords

Complementation Feistel Camellia GOST 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.University of LuxembourgLuxembourgLuxembourg
  2. 2.Nanyang Technological UniversitySingaporeSingapore