Abstract
“Generic” Unbalanced Feistel Ciphers with Expanding Functions are Unbalanced Feistel Ciphers with truly random internal round functions from n bits to (k − 1)n bits with k ≥ 3. From a practical point of view, an interesting property of these schemes is that since n < (k − 1)n and n can be small (8 bits for example), it is often possible to store these truly random functions in order to design efficient schemes. This was done in the construction of the hash function CRUNCH (Goubin et al., CRUNCH, Submission to NIST, October 2008) for example. Attacks on Unbalanced Feistel Ciphers with expanding functions have been first studied by Jutla (Generalized birthday attacks on unbalanced Feistel networks, Springer, Heidelberg, 1998, pp. 186–199). Then these attacks were improved and generalized in Patarin et al. (Generic attacks on unbalanced Feistel schemes with expanding functions, Springer, Heidelberg, 2007, pp. 325–341). However, in Patarin et al. (Generic attacks on unbalanced Feistel schemes with expanding functions, Springer, Heidelberg, 2007, pp. 325–341), some attacks were working only with particular functions (weak keys). This was due to bottlenecks in equalities as explained in Sect. 9.3.2. This issue has been addressed in Volte et al. (Improved generic attacks on unbalanced Feistel schemes with expanding functions, Springer, Heidelberg, 2010, pp. 94–111) where the authors created a computer program that systematically analyzes all the possible attacks, reject attacks with bottlenecks and detect the most efficient ones. This led to many new improved attacks by a systematic study of all 2-point and rectangle attacks when k ≤ 7. The generalization of these improved attacks was done for all k. This chapter is devoted to present the best attacks (KPA and NCPA) on Unbalanced Feistel Ciphers with Expanding Functions. According to the number of rounds, these attacks will be either 2-point attacks or different type of rectangle attacks. As pointed in Jutla (Generalized birthday attacks on unbalanced Feistel networks, Springer, Heidelberg, 1998, pp. 186–199) and (Patarin et al., Generic attacks on unbalanced Feistel schemes with expanding functions, Springer, Heidelberg, 2007, pp. 325–341; Volte et al., Improved generic attacks on unbalanced Feistel schemes with expanding functions, Springer, Heidelberg, 2010, pp. 94–111), there are surprisingly much more possibilities for these attacks than for generic balanced Feistel ciphers, generic unbalanced Feistel ciphers with contracting functions, or generalized Feistel ciphers. In fact, this large number of attack possibilities makes the analysis difficult. Many simulations on the attacks are also given, which confirm the theoretical analysis. Security results using the coupling method are given in Hoang and Rogaway (On generalized Feistel networks, Springer, Heidelberg, 2010, pp. 613–630).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
