The development of generic key recovery attack on Feistel structure

Abstract

Feistel structure was firstly proposed in 1973, and because its structure has a great avalanche effect and similar encryption and decryption, it was used in many encryption schemes, like DES, AES, CAST. According to the ambiguity of the intermediate state, Feistel structures are separately named as Feistel-1, Feistel-2 and Feistel-3.Even though some of efficient analysis were proposed to attack the Feistel structure such as differential cryptanalysis and linear attack, these attacks are only applicable to a given Feistel structure and cannot have a general analysis of all Feistel structures. To attack the general Feistel structure, splice and cut, key linearization, and meet-in-the-middle attack have been used to propose the general key recovery attack on various Feistel architectures. This paper summarizes these results and proposes the research direction of the MITM attack of the Feistel structure, especially for the generic key recovery on different round functions and combination with modern means, like the application of Simon algorithm, which can build 3-round distinguisher on the Feistel structure.