On Weaknesses of Non–surjective Round Functions

We propose a new attack on Feistel ciphers with a non-surjective round function such as the CAST cipher family and LOKI91. We extend the attack towards block ciphers that use a non-uniformly distributed round function and apply the extended attack to the CAST family. This attack demonstrates that the round function of a Feistel cipher with six to eight rounds needs to be surjective and sufficiently uniform.

[1]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[2]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[3]  E. Tavares,et al.  On the security of the CAST encryption algorithm , 1994, 1994 Proceedings of Canadian Conference on Electrical and Computer Engineering.

[4]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[5]  Jennifer Seberry,et al.  Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI , 1991, ASIACRYPT.

[6]  J.L. Smith,et al.  Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[7]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[8]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[9]  C. K. Yuen,et al.  Walsh Functions and Their Applications , 1976, IEEE Transactions on Systems, Man, and Cybernetics.

[10]  Mitsuru Matsui,et al.  Linear Cryptanalysis of LOKI and s2DES , 1994, ASIACRYPT.

[11]  Shoji Miyaguchi,et al.  The FEAL Cipher Family , 1990, CRYPTO.

[12]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[13]  Lars R. Knudsen,et al.  Block Ciphers: Analysis, Design and Applications , 1994 .

[14]  C. Adams,et al.  DESIGNING S-BOXES FOR CIPHERS RESISTANT TO DIFFERENTIAL CRYPTANALYSIS ( Extended , 1993 .