Complementing Feistel Ciphers

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)


In this paper, we propose related-key differential distinguishers based on the complementation property of Feistel ciphers. We show that with relaxed requirements on the complementation, i.e. the property does not have to hold for all keys and the complementation does not have to be on all bits, one can obtain a variety of distinguishers. We formulate criteria sufficient for attacks based on the complementation property. To stress the importance of our findings we provide analysis of the full-round primitives:
  • For the hash mode of Camellia-128 without \(FL,FL^{-1}\) layers, differential multicollisions with \(2^{112}\) time.

  • For GOST, practical recovery of the full key with 31 related keys and \(2^{38}\) time/data.


Complementation Feistel Camellia GOST 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.University of LuxembourgLuxembourgLuxembourg
  2. 2.Nanyang Technological UniversitySingaporeSingapore

Personalised recommendations