Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes
| 详细信息 | 推荐本文 | |
- 作者:Yu Sasaki (1) sasaki.yu@lab.ntt.co.jp
Kan Yasuda (1) yasuda.kan@lab.ntt.co.jp - 关键词:known ; key – ; block cipher – ; Feistel ; SP – ; rebound attack – ; MDS – ; collision attack – ; hash function – ; MMO – ; Miyaguchi ; Preneel
- 刊名:Lecture Notes in Computer Science
- 出版时间:2011
- 出版年:2011
- 期刊代码:99_0302-9743
- 类别:cp
- 卷:6733
- 期:1
- 页码:397-415
- 数据来源:sp
摘要
We present new attacks on the Feistel network, where each round function consists of a subkey XOR, S-boxes, and then a linear transformation (i.e., an SP round function). Our techniques are based largely on what they call the rebound attacks. As a result, our attacks work most effectively when the S-boxes have a “good” differential property (like the inverse function x↦x − 1 in the finite field) and when the linear transformation has an “optimal” branch number (i.e., a maximum distance separable matrix). We first describe known-key distinguishers on such Feistel block ciphers of up to 11 rounds, increasing significantly the number of rounds from previous work. We then apply our distinguishers to the Matyas-Meyer-Oseas and Miyaguchi-Preneel modes in which the Feistel ciphers are used, obtaining collision and half-collision attacks on these hash functions.