Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions

  • Jacques Patarin
  • Valérie Nachef
  • Côme Berbain
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)


In this paper, we describe generic attacks on unbalanced Feistel schemes with contracting functions. These schemes are used to construct pseudo-random permutations from kn bits to kn bits by using d pseudo-random functions from (k–1)n bits to n bits. We describe known plaintext attacks (KPA) and non-adaptive chosen plaintext attacks (CPA-1) against these schemes with less than 2 kn plaintext/ciphertext pairs and complexity strictly less than O(2 kn ) for a number of rounds d ≤2k –1. Consequently at least 2k rounds are necessary to avoid generic attacks. For k=3, we found attacks up to 6 rounds, so 7 rounds are required. When d ≥2k, we also describe some attacks on schemes with generators, (i.e. schemes where the d pseudo-random functions are generated) and where more than one permutation is required.


unbalanced Feistel permutations pseudo-random permutations generic attacks Luby-Rackoff theory block ciphers 


  1. 1.
    Aiello, W., Venkatesan, R.: Foiling Birthday Attacks in Length-Doubling Transformations. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Coppersmith, D.: Luby-Rackoff: Four rounds is not enough. Technical Report RC20674, IBM Research Report (December 1996)Google Scholar
  3. 3.
    Even, S., Goldreich, O.: Des-like functions can generate the alternating group. IEEE Transactions on Information Theory 29(6), 863–865 (1983)MATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Jutla, C.S.: Generalized Birthday Attacks on Unbalanced Feistel Networks. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 186–199. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Knudsen, L.R.: DEAL - A 128-bit Block Cipher. Technical Report 151, University of Bergen, Department of Informatics, Norway (February 1998)Google Scholar
  6. 6.
    Knudsen, L.R., Rijmen, V.: On the Decorrelated Fast Cipher (DFC) and Its Theory. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 81–94. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Lucks, S.: Faster Luby-Rackoff Ciphers. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 189–203. Springer, Heidelberg (1996)Google Scholar
  9. 9.
    Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. J. Cryptology 12(1), 29–66 (1999)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Patarin, J.: New Results on Pseudorandom Permutation Generators Based on the DES Scheme. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 301–312. Springer, Heidelberg (1992)Google Scholar
  11. 11.
    Patarin, J.: Generic Attacks on Feistel Schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 222–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Patarin, J.: Security of Random Feistel Schemes with 5 or More Rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions, Extended Version. Available from the authors (2006)Google Scholar
  14. 14.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions. Available from the authors (2006)Google Scholar
  15. 15.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jacques Patarin
    • 1
  • Valérie Nachef
    • 2
  • Côme Berbain
    • 3
  1. 1.Université de VersaillesVersailles CedexFrance
  2. 2.Université de Cergy-PontoiseCergy-Pontoise CedexFrance
  3. 3.France Telecom Research and DevelopmentIssy-les-MoulineauxFrance

Personalised recommendations