The Cryptanalysis of Feal with Twenty Chosen Plaintexts
نویسنده
چکیده
The FEAL N cryptosystem has been developed by N T T as a highly programming e cient block cipher system as it does not use look up tables It was rst presented in It is essentially an N round Feistel block cipher operating on bit blocks and determined by a bit key FEAL is the standard block cipher but N T T intend that FEAL can be used in cipher block chaining mode when plaintexts are not revealed a cryptogram only environment or for data integrity usage The best published attack on FEAL was given by Den Boer who used chosen plaintexts to recover the key We shall give a method that uses at most twenty chosen plaintexts to recover the key Whereas it may be possible to ensure the absence of chosen plaintexts ensuring the absence of twenty plaintexts may well be too restrictive for most uses
منابع مشابه
On Matsui's Linear Cryptanalysis
to linear cryptanalysis. We also described how to sum up characteristics (which also hold in diierential cryptanalysis). The iteration of this characteristic to seven rounds have probability 1=2 ? 2 ?11. A similar characteristic exist with a reverse order of the bytes in each word. From the tables in 9] we can see that about 4 2 112 = 2 24 known plaintexts are required to attack Feal-8, with su...
متن کاملHow Much Can Complexity of Linear Cryptanalysis Be Reduced?
The linear cryptanalysis proposed by Matsui is one of the most effective attacks on block ciphers, and he demonstrated an experimental cryptanalysis against DES at CRYPTO 1994. In this paper, we show how to optimize the linear cryptanalysis on modern microprocessors. Nowadays, there are two methods of implementing the linear cryptanalysis. Method 1 reduces the time complexity by reducing the nu...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملDiierential Cryptanalysis of Feal and N-hash
In 1,2] we introduced the notion of diierential cryptanalysis and described its application to DESS11] and several of its variants. In this paper we show the applicability of diierential cryptanalysis to the Feal family of encryption algorithms and to the N-Hash hash function. In addition, we show how to transform diierential cryptanalytic chosen plaintext attacks into known plaintext attacks.
متن کاملImproved Impossible Differential Attacks on Large-Block Rijndael
In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by Zhang et al. in ISC 2008. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2 chosen plaintexts, an attack ...
متن کامل