Differential Attacks on Generalized Feistel Schemes

  • Valérie Nachef
  • Emmanuel Volte
  • Jacques Patarin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8257)


While generic attacks on classical Feistel schemes and unbalanced Feistel schemes have been studied a lot, generic attacks on several generalized Feistel schemes like type-1, type-2 and type-3 and alternating Feistel schemes, as defined in [8], have not been systematically investigated. These generalized Feistel schemes are used in well known block cipher networks that use generalized Feistel schemes: CAST-256 (type-1), RC-6 (type-2), MARS (type-3) and BEAR/LION (alternating). Also, type-1 and type-2 Feistel schemes are respectively used in the construction of the hash functions Lesamnta and SHAvite − 3512.In this paper, we give our best Known Plaintext Attacks and non-adaptive Chosen Plaintext Attacks on these schemes. We determine the maximal number of rounds that we can attack when we want to distinguish a permutation produced by the scheme from a permutation chosen randomly in the set of permutations.


generalized Feistel schemes generic attacks on encryption schemes block ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiello, W., Venkatesan, R.: Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel. In: EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  2. 2.
    Anderson, R.J., Biham, E.: Two Practical and Provably Secure Block Ciphers: BEAR and LION. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 113–120. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Rijmen, V.: Zero-Correlation Linear Cryptanalysis on Block Cipher. Cryptology ePrint archive: 2011/123: Listing for 2011 (2011)Google Scholar
  4. 4.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.-A.: Attacks on hash Functions based on Generalized Feistel schemes. Application to Reduced-Round Lesamnta and SHAvite − 3512. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 18–35. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Bouillaguet, C., Dunkelman, O., Fouque, P.-A., Leurent, G.: New Insights on Impossible Differential Cryptanalysis. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 243–259. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Choy, J., Yap, H.: Impossible Boomerang Attack for Block Cipher Structures. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 22–37. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Hoel, P.G., Port, S.C., Stone, C.J.: Introduction to Probability Theory. Houghton Mifflin Company (1971)Google Scholar
  8. 8.
    Hoang, V.T., Rogaway, P.: On Generalized Feistel Networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613–630. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Ibrahim, S., Mararof, M.A.: Diffusion Analysis of Scalable Feistel Networks. World Academy of Science, Engineering and Technology 5, 98–101 (2005)Google Scholar
  10. 10.
    Jutla, C.S.: Generalized Birthday Attacks on Unbalanced Feistel Networks. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 186–199. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Kim, J., Hong, S., Lim, J.: Impossible Differential Cryptanalysis Using Matrix Method. Discrete Mathematics 310(5), 988–1002 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Knudsen, L.R.: DEAL - A 128-bit Block Cipher. Technical Report 151, University of Bergen, Department of Informatics, Norway (February 1998)Google Scholar
  13. 13.
    Knudsen, L.R., Rijmen, V.: On the Decorrelated Fast Cipher (DFC) and Its Theory. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 81–94. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. J. Cryptology 12(1), 29–66 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Patarin, J.: Generic Attacks on Feistel Schemes - Extended version. In: Cryptology ePrint archive: 2008/036: Listing for 2008 (2008)Google Scholar
  17. 17.
    Patarin, J.: Security of balanced and unbalanced Feistel schemes with linear non equalities. In: Cryptology ePrint archive: 2010/293: Listing for (2010)Google Scholar
  18. 18.
    Patarin, J.: New Results on Pseudorandom Permutation Generators Based on the DES Scheme. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 301–312. Springer, Heidelberg (1992)Google Scholar
  19. 19.
    Patarin, J.: Generic Attacks on Feistel Schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 222–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Patarin, J.: Security of Random Feistel Schemes with 5 or More Rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions - Extended version. Cryptology ePrint archive: 2007/449: Listing for 2007 (2007)Google Scholar
  22. 22.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 396–411. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 325–341. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  25. 25.
    Treger, J., Patarin, J.: Generic Attacks on Feistel Networks with Internal Permutations. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 41–59. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Volte, E., Nachef, V., Patarin, J.: Improved Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 94–111. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Lai, X., Luo, Y., Wu, Z., Gong, G.: A Unified Method for Finding Impossible Differentials of Block Cipher Structures (2009),
  28. 28.
    Yun, A., Park, J.H., Lee, J.: Lai-Massey Scheme and Quasi-Feistel Networks. Cryptology ePrint archive: 2007/347: Listing for 2007 (2007)Google Scholar
  29. 29.
    Zheng, Y., Matsumoto, T., Imai, H.: On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Valérie Nachef
    • 1
  • Emmanuel Volte
    • 1
  • Jacques Patarin
    • 2
  1. 1.Department of MathematicsUniversity of Cergy-Pontoise, CNRS UMR 8088Cergy-Pontoise CedexFrance
  2. 2.PRISMUniversity of VersaillesVersailles CedexFrance

Personalised recommendations