Generic Attacks on Generalized Feistel Ciphers
摘要
Type-1, type-2 and type-3 and alternating Feistel schemes are described by Zhen et al. (1990) (see also Hoang and Rogaway 2010). These generalized Feistel schemes are used in well-known block cipher networks that use generalized Feistel schemes: CAST-256 (type-1), RC-6 (type-2), and BEAR/LION (alternating). Also, type-1 and type-2 Feistel schemes are respectively used in the construction of the hash functions \(\textrm{Lesamnta}\) and \(\mathrm {SHAvite-3}_{512}\) . There exist many kind of attacks on these schemes: impossible differential attacks (Bouillaguet et al. 2012; Luo et al. 2014), boomerang attacks (Choy and Yap 2009), and differential attacks (Nachef et al. 2013). However, the attacks we are going to describe in this chapter generally allow to attack more rounds (or at least the same number of rounds) than for example impossible differential attacks. Moreover in the presented attacks, there is no restriction on the round function, unlike for some impossible differential attacks where it is supposed to be bijective. Security results are given in Hoang and Rogaway (2010).