Complementing Feistel Ciphers

  • Alex Biryukov
  • Ivica Nikolić
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)


In this paper, we propose related-key differential distinguishers based on the complementation property of Feistel ciphers. We show that with relaxed requirements on the complementation, i.e. the property does not have to hold for all keys and the complementation does not have to be on all bits, one can obtain a variety of distinguishers. We formulate criteria sufficient for attacks based on the complementation property. To stress the importance of our findings we provide analysis of the full-round primitives:
  • For the hash mode of Camellia-128 without \(FL,FL^{-1}\) layers, differential multicollisions with \(2^{112}\) time.

  • For GOST, practical recovery of the full key with 31 related keys and \(2^{38}\) time/data.


Complementation Feistel Camellia GOST 



The authors would like to thank anonymous reviewers of FSE 2013 for their helpful comments. Ivica Nikolić is supported by the Singapore National Research Foundation under Research Grant NRF-CRP2-2007-03.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: \(Camellia\): a 128-bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001) Google Scholar
  2. 2.
    Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009) Google Scholar
  3. 3.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.-A.: Another look at complementation properties. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 347–364. Springer, Heidelberg (2010) Google Scholar
  4. 4.
    Dinur, I., Dunkelman, O., Shamir, A.: Improved attacks on full GOST. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 9–28. Springer, Heidelberg (2012) Google Scholar
  5. 5.
    Government Committee of the USSR for Standards. GOST, Gosudarstvennyi Standard 28147-89, Cryptographic Protection for Data Processing Systems (1989)Google Scholar
  6. 6.
    Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997) Google Scholar
  7. 7.
    Ko, Y., Hong, S., Lee, W., Lee, S., Kang, J.-S.: Related key differential attacks on 27 rounds of XTEA and full-round GOST. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 299–316. Springer, Heidelberg (2004) Google Scholar
  8. 8.
    Lipmaa, H., Moriai, S.: Efficient algorithms for computing differential properties of addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, p. 336. Springer, Heidelberg (2002) Google Scholar
  9. 9.
    National Bureau of Standards. Data Encryption Standard. U.S. Department of Commerce, FIPS pub. 46, January 1977Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.University of LuxembourgLuxembourgLuxembourg
  2. 2.Nanyang Technological UniversitySingaporeSingapore

Personalised recommendations