Preimage Attacks on Feistel-SP Functions: Impact of Omitting the Last Network Twist
- Cite this paper as:
- Sasaki Y. (2013) Preimage Attacks on Feistel-SP Functions: Impact of Omitting the Last Network Twist. In: Jacobson M., Locasto M., Mohassel P., Safavi-Naini R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg
In this paper, generic attacks are presented against hash functions that are constructed by a hashing mode instantiating a Feistel or generalized Feistel networks with an SP-round function. It is observed that the omission of the network twist in the last round can be a weakness against preimage attacks. The first target is a standard Feistel network with an SP round function. Up to 11 rounds can be attacked in generic if a condition on a key schedule function is satisfied. The second target is a 4-branch type-2 generalized Feistel network with an SP round function. Up to 15 rounds can be attacked in generic. These generic attacks are then applied to hashing modes of ISO standard ciphers Camellia-128 without FL and whitening layers and CLEFIA-128.
KeywordsFeistel generalized Feistel SP round function hashing modes meet-in-the-middle attack preimage attack Camellia CLEFIA
Unable to display preview. Download preview PDF.