Multidimensional Linear Cryptanalysis of Feistel Ciphers

Authors

  • Betül Aşkın Özdemir COSIC, KU Leuven, Leuven, Belgium
  • Tim Beyne COSIC, KU Leuven, Leuven, Belgium
  • Vincent Rijmen COSIC, KU Leuven, Leuven, Belgium; University of Bergen, Bergen, Norway

DOI:

https://doi.org/10.46586/tosc.v2023.i4.1-27

Keywords:

Multidimensional linear cryptanalysis, Likelihood-ratio test, Generic attack, Feistel ciphers, CAST-128, LOKI91

Abstract

This paper presents new generic attacks on Feistel ciphers that incorporate the key addition at the input of the non-invertible round function only. This feature leads to a specific vulnerability that can be exploited using multidimensional linear cryptanalysis. More specifically, our approach involves using key-independent linear trails so that the distribution of a combination of the plaintext and ciphertext can be computed. This makes it possible to use the likelihood-ratio test as opposed to the χ2 test. We provide theoretical estimates of the cost of our generic attacks and verify these experimentally by applying the attacks to CAST-128 and LOKI91. The theoretical and experimental findings demonstrate that the proposed attacks lead to significant reductions in data-complexity in several interesting cases.

Downloads

Published

2023-12-08

Issue

Vol. 2023 No. 4

Section

Articles

License

Copyright (c) 2023 Betül Aşkın Özdemir, Tim Beyne, Vincent Rijmen

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Multidimensional Linear Cryptanalysis of Feistel Ciphers. (2023). IACR Transactions on Symmetric Cryptology, 2023(4), 1-27. https://doi.org/10.46586/tosc.v2023.i4.1-27