New attacks on Feistel structures with improved memory complexities

Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Feistel structures are an extremely important and extensively researched type of cryptographic schemes. In this paper we describe improved attacks on Feistel structures with more than 4 rounds. We achieve this by a new attack that combines the main benefits of meet-in-the-middle attacks (which can reduce the time complexity by comparing only half blocks in the middle) and dissection attacks (which can reduce the memory complexity but have to guess full blocks in the middle in order to perform independent attacks above and below it). For example, for a 7-round Feistel structure on n-bit inputs with seven independent round keys of n/2 bits each, a MITM attack can use (21.5n, 21.5n) time and memory, while dissection requires (22n, 2n) time and memory. Our new attack requires only (21.5n, 2n) time and memory, using a few known plaintext/ciphertext pairs. When we are allowed to use more known plaintexts, we develop new techniques which rely on the existence of multicollisions and differential properties deep in the structure in order to further reduce the memory complexity. Our new attacks are not just theoretical generic constructions — in fact, we can use them to improve the best known attacks on several concrete cryptosystems such as round-reduced CAST-128 (where we reduce the memory complexity from 2111 to 264) and full DEAL-256 (where we reduce the memory complexity from 2200 to 2144), without affecting their time and data complexities. An extension of our techniques applies even to some non-Feistel structures — for example, in the case of FOX, we reduce the memory complexity of all the best known attacks by a factor of 216.

Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings
EditorsMatthew Robshaw, Rosario Gennaro
PublisherSpringer Verlag
Pages433-454
Number of pages22
ISBN (Print)9783662479889
DOIs
StatePublished - 2015
Event35th Annual Cryptology Conference, CRYPTO 2015 - Santa Barbara, United States
Duration: 16 Aug 201520 Aug 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9215
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference35th Annual Cryptology Conference, CRYPTO 2015
Country/TerritoryUnited States
CitySanta Barbara
Period16/08/1520/08/15

Bibliographical note

Funding Information:
O. Dunkelman—The second author was supported in part by the Israeli Science Foundation through grant No. 827/12.

Publisher Copyright:
© International Association for Cryptologic Research 2015.

Keywords

  • Block cipher
  • CAST-128
  • Cryptanalysis
  • DEAL
  • Dissection
  • Feistel structure
  • Meet-in-the-middle
  • Splice-and-cut

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'New attacks on Feistel structures with improved memory complexities'. Together they form a unique fingerprint.

Cite this