Known-key distinguishers on 15-round 4-branch type-2 generalised Feistel networks with single substitution-permutation functions and near-collision attacks on its hashing modes

Generalised Feistel network (GFN) is a popular design for block ciphers and hash functions. The round function of the network often chooses a substitution–permutation (SP) transformation (consists of a subkey XOR, an S-boxes layer and a linear layer). In 2011, Bogdanov and Shibutani provided another choice to build round functions, namely the double SP-functions, which has two SP-layers in series. They showed that a 4-branch type-2 GFN with double SP-functions was stronger than the one with single SP-function in terms of the number of active S-boxes in a differential or linear cryptanalysis, but some subsequent results showed that the double SP-function is the weaker one in some known-key scenarios and hashing modes. In this study, the authors present a new result of the 4-branch type-2 GFN, whose round function is a single SP-function. They show some 15-round truncated differential distinguishers for this network with four usual parameters by utilising some rebound attack techniques. Based on these distinguishers, they construct some 15-round near-collision attacks on the Matyas–Meyer–Oseas and Miyaguchi–Preneel compression function modes in which the 4-branch type-2 GFN with the single SP-function is used.

[1]  Vincent Rijmen,et al.  Rebound Distinguishers: Results on the Full Whirlpool Compression Function , 2009, ASIACRYPT.

[2]  María Naya-Plasencia,et al.  Rebound Attack on JH42 , 2011, ASIACRYPT.

[3]  Yu Sasaki Double-SP Is Weaker Than Single-SP: Rebound Attacks on Feistel Ciphers with Several Rounds , 2012, INDOCRYPT.

[4]  Donghoon Chang,et al.  Security Analysis of GFN: 8-Round Distinguisher for 4-Branch Type-2 GFN , 2013, INDOCRYPT.

[5]  Yu Sasaki,et al.  Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes , 2011, FSE.

[6]  Vincent Rijmen,et al.  Known-Key Distinguishers for Some Block Ciphers , 2007, ASIACRYPT.

[7]  Shuang Wu,et al.  Known-Key Distinguisher on Round-Reduced 3D Block Cipher , 2011, WISA.

[8]  Thomas Peyrin,et al.  Improved Differential Attacks for ECHO and Grostl , 2010, IACR Cryptol. ePrint Arch..

[9]  Masanobu Katagi,et al.  The 128-Bit Blockcipher CLEFIA , 2007, RFC.

[10]  Yu Sasaki,et al.  Improved Known-Key Distinguishers on Feistel-SP Ciphers and Application to Camellia , 2012, ACISP.

[11]  Marine Minier,et al.  Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks , 2009, AFRICACRYPT.

[12]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[13]  Ron Steinfeld,et al.  Known and Chosen Key Differential Distinguishers for Block Ciphers , 2010, ICISC.

[14]  Jorge Nakahara,et al.  New Impossible Differential and Known-Key Distinguishers for the 3D Cipher , 2011, ISPEC.

[15]  Yu Sasaki,et al.  Rebound Attack on the Full Lane Compression Function , 2009, ASIACRYPT.

[16]  Shuang Wu,et al.  Cryptanalysis of the LANE Hash Function , 2009, Selected Areas in Cryptography.

[17]  Hideki Imai,et al.  On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[18]  Yu Sasaki,et al.  Improved Integral Analysis on Tweaked Lesamnta , 2011, ICISC.

[19]  Thomas Peyrin,et al.  Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations , 2010, FSE.

[20]  Vincent Rijmen,et al.  Rebound Attack on Reduced-Round Versions of JH , 2010, FSE.

[21]  Seokhie Hong,et al.  Known-Key Attacks on Generalized Feistel Schemes with SP Round Function , 2012, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[22]  Thomas Peyrin,et al.  Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher , 2009, Selected Areas in Cryptography.

[23]  Shuang Wu,et al.  Practical Rebound Attack on 12-Round Cheetah-256 , 2009, ICISC.

[24]  Kyoji Shibutani,et al.  Double SP-Functions: Enhanced Generalized Feistel Networks - Extended Abstract , 2011, ACISP.

[25]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.