Improved Meet-in-the-Middle Distinguisher on Feistel Schemes

Improved meet-in-the-middle cryptanalysis with efficient tabulation technique has been shown to be a very powerful form of cryptanalysis against SPN block ciphers, especially AES. However, few results have been proposed on Balanced-Feistel-Networks BFN and Generalized-Feistel-Networks GFN. This is due to the stagger of affected trail and special truncated differential trail in the precomputation phase, i.e. these two trails differ a lot from each other for BFN and GFN ciphers. In this paper, we describe an efficient and generic algorithm to search for an optimal improved meet-in-the-middle distinguisher with efficient tabulation technique on word-oriented BFN and GFN block ciphers. It is based on recursive algorithm and greedy algorithm. To demonstrate the usefulness of our approach, we show key recovery attacks on 14/16-round CLEFIA-192/256 which are the best attacks. We also give key recovery attacks on 13/15-round Camellia-192/256 without $$FL/FL^{-1}$$FL/FL-1.

[1]  Kyoji Shibutani,et al.  Generic Key Recovery Attack on Feistel Scheme , 2013, IACR Cryptol. ePrint Arch..

[2]  Keting Jia,et al.  Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE , 2013, IACR Cryptol. ePrint Arch..

[3]  Cihangir Tezcan The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA , 2010, INDOCRYPT.

[4]  Jiqiang Lu Cryptanalysis of Block Ciphers , 2008 .

[5]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[6]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[7]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[8]  Masanobu Katagi,et al.  The 128-Bit Blockcipher CLEFIA , 2007, RFC.

[9]  Keting Jia,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256 , 2014, IACR Cryptol. ePrint Arch..

[10]  Li Lin,et al.  General Model of the Single-Key Meet-in-the-Middle Distinguisher on the Word-Oriented Block Cipher , 2013, ICISC.

[11]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[12]  Keting Jia,et al.  Improved Attacks on Reduced-Round Camellia-128/192/256 , 2015, CT-RSA.

[13]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[14]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[15]  H. Gilbert A collisions attack on the 7-rounds Rijndael , 2022 .

[16]  Kaisa Nyberg,et al.  Generalized Feistel Networks , 1996, ASIACRYPT.

[17]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[18]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[19]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Generic Feistel Constructions , 2014, ASIACRYPT.

[20]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[21]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[22]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[23]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[24]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[25]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[26]  Thomas Peyrin,et al.  Structural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128 , 2013, CRYPTO.

[27]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2014, Theor. Comput. Sci..

[28]  Kyoji Shibutani,et al.  All Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle Approach , 2012, Selected Areas in Cryptography.