access icon free Known-key distinguishers on 15-round 4-branch type-2 generalised Feistel networks with single substitution–permutation functions and near-collision attacks on its hashing modes

© The Institution of Engineering and Technology
Received 09/12/2013, Accepted 27/11/2014, Published 18/02/2015

Generalised Feistel network (GFN) is a popular design for block ciphers and hash functions. The round function of the network often chooses a substitution–permutation (SP) transformation (consists of a subkey XOR, an S-boxes layer and a linear layer). In 2011, Bogdanov and Shibutani provided another choice to build round functions, namely the double SP-functions, which has two SP-layers in series. They showed that a 4-branch type-2 GFN with double SP-functions was stronger than the one with single SP-function in terms of the number of active S-boxes in a differential or linear cryptanalysis, but some subsequent results showed that the double SP-function is the weaker one in some known-key scenarios and hashing modes. In this study, the authors present a new result of the 4-branch type-2 GFN, whose round function is a single SP-function. They show some 15-round truncated differential distinguishers for this network with four usual parameters by utilising some rebound attack techniques. Based on these distinguishers, they construct some 15-round near-collision attacks on the Matyas–Meyer–Oseas and Miyaguchi–Preneel compression function modes in which the 4-branch type-2 GFN with the single SP-function is used.

Inspec keywords: cryptography; file organisation

Other keywords: block ciphers; rebound attack techniques; Miyaguchi–Preneel compression function modes; SP-layers; 15-round 4-branch type-2 generalised Feistel networks; near-collision attacks; subkey XOR; 15-round near-collision attacks; single substitution permutation functions; differential cryptanalysis; single SP-function; hash functions; known-key distinguishers; S-boxes layer; 4-branch type-2 GFN; Matyas–Meyer–Oseas; double SP-functions; SP transformation; substitution permutation transformation; linear cryptanalysis; linear layer; hashing modes

Subjects: File organisation; Data security; Cryptography

References

    1. 1)
      • 18. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: ‘The rebound attack: Ccryptanalysis of reduced Whirlpool and Grøstl’. Fast Software Encryption, 2009, pp. 260276.
    2. 2)
      • 24. Wu, S., Feng, D., Wu, W.: ‘Cryptanalysis of the LANE hash function’. Selected Areas in Cryptography, 2009, pp. 126140.
    3. 3)
      • 3. Sasaki, Y.: ‘Double-SP is weaker than single-SP: rebound attacks on Feistel ciphers with several rounds’. Progress in Cryptology – INDOCRYPT 2012, 2012, pp. 265282.
    4. 4)
      • 17. Black, J., Rogaway, P., Shrimpton, T.: ‘Black-box analysis of the block-cipher-based hash-function constructions from PGV’. Advances in Cryptology – CRYPTO 2002, 2002, pp. 320335.
    5. 5)
      • 14. Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: ‘The 128-bit blockcipher CLEFIA’. Fast software encryption, 2007, pp. 181195.
    6. 6)
      • 12. Chang, D., Kumar, A., Sanadhya, S.: ‘Security analysis of GFN: 8-round distinguisher for 4-branch type-2 GFN’. Progress in Cryptology – INDOCRYPT 2013, 2013, pp. 136148.
    7. 7)
      • 13. Rivest, R.L., Robshaw, M., Sidney, R., Yin, Y.L.: ‘The RC6TM block cipher’. First Advanced Encryption Standard (AES) Conf., 1998.
    8. 8)
      • 9. Deukjo, H., Dukjae, M., Daesung, K., Jaechul, S., Seokhie, H.: ‘Known-key attacks on generalized Feistel schemes with SP round function’, IEICE Trans. Fundam. Electron., Commun. Comput. Sci., 2012, 95, (9), pp. 15501560.
    9. 9)
      • 21. Gilbert, H., Peyrin, T.: ‘Super-Sbox cryptanalysis: improved attacks for AES-like permutations’. Fast Software Encryption, 2010, pp. 365383.
    10. 10)
      • 15. Nikolić, I., Pieprzyk, J., Soko lowski, P., Steinfeld, R.: ‘Known and chosen key differential distinguishers for block ciphers’. Information Security and Cryptology – ICISC 2010, 2011, pp. 2948.
    11. 11)
      • 1. Knudsen, L.R., Rijmen, V.: ‘Known-key distinguishers for some block ciphers’. Advances in Cryptology – ASIACRYPT 2007, 2007, pp. 315324.
    12. 12)
      • 4. Sasaki, Y., Yasuda, K.: ‘Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes’. Fast Software Encryption, 2011, pp. 397415.
    13. 13)
      • 22. Peyrin, T.: ‘Improved differential attacks for ECHO and Grøstl’. Advances in Cryptology – CRYPTO 2010, 2010, pp. 370392.
    14. 14)
      • 11. Bogdanov, A., Shibutani, K.: ‘Double SP-functions: enhanced generalized Feistel networks’. Information Security and Privacy, 2011, pp. 106119.
    15. 15)
      • 23. Matusiewicz, K., Naya-Plasencia, M., Nikolić, I., Sasaki, Y., Schläffer, M.: ‘Rebound attack on the full LANE compression function’. Advances in Cryptology – ASIACRYPT 2009, 2009, pp. 106125.
    16. 16)
      • 25. Rijmen, V., Toz, D., Varıcı, K.: ‘Rebound attack on reduced-round versions of JH’. Fast Software Encryption, 2010, pp. 286303.
    17. 17)
      • 27. Wu, S., Feng, D., Wu, W.: ‘Practical rebound attack on 12-round Cheetah-256’. Information, Security and Cryptology – ICISC 2009, 2010, pp. 300314.
    18. 18)
      • 7. Nakahara, J.Jr.: ‘New impossible differential and known-key distinguishers for the 3D cipher’. Information Security Practice and Experience, 2011, pp. 208221.
    19. 19)
      • 16. Preneel, B., Govaerts, R., Vandewalle, J.: ‘Hash functions based on block ciphers: a synthetic approach’. Advances in Cryptology – CRYPTO 1993, 1994, pp. 368378.
    20. 20)
      • 19. Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: ‘Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher’. Selected Areas in Cryptography, 2009, pp. 1635.
    21. 21)
      • 26. Naya-Plasencia, M., Toz, D., Varici, K.: ‘Rebound attack on JH42’. Advances in Cryptology – ASIACRYPT 2011, 2011, pp. 252269.
    22. 22)
      • 20. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: ‘Rebound distinguishers: results on the full Whirlpool compression function’. Advances in Cryptology – ASIACRYPT 2009, 2009, pp. 126143.
    23. 23)
      • 2. Minier, M., Phan, R.C.W., Pousse, B.: ‘Distinguishers for ciphers and known key attack against Rijndael with large blocks’. Progress in Cryptology – AFRICACRYPT 2009, 2009, pp. 6076.
    24. 24)
      • 10. Zheng, Y., Matsumoto, T., Imai, H.: ‘On the construction of block ciphers provably secure and not relying on any unproved hypotheses’. Advances in Cryptology – CRYPTO 1989 Proc., 1990, pp. 461480.
    25. 25)
      • 6. Dong, L., Wu, W., Wu, S., Zou, J.: ‘Known-key distinguisher on round-reduced 3d block cipher’. Information Security Applications, 2012, pp. 5569.
    26. 26)
      • 8. Sasaki, Y., Aoki, K.: ‘Improved integral analysis on tweaked lesamnta’. Information Security and Cryptology – ICISC 2011, 2012, pp. 117.
    27. 27)
      • 5. Sasaki, Y., Emami, S., Hong, D., Kumar, A.: ‘Improved known-key distinguishers on Feistel-SP ciphers and application to Camellia’. Information Security and Privacy, 2012, pp. 87100.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0402
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0402
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading