Generic attacks on feistel networks with internal permutations

Abstract

In this paper, we describe generic attacks on Feistel networks with internal permutations, instead of Feistel networks with internal functions as designed originally. By generic attacks, we mean that in these attacks the internal permutations are supposed to be random. Despite the fact that some real Feistel ciphers actually use internal permutations like Twofish, Camellia, or DEAL, these ciphers have not been studied much. We will see that they do not always behave like the original Feistel networks with round functions. More precisely, we will see that the attacks (known plaintext attacks or chosen plaintext attacks) are often less efficient, namely on all 3i rounds, i ε ℕ*. For a plaintext of size 2n bits, the complexity of the attacks will be strictly less than 22n when the number of rounds is less than or equal to 5. When the number k of rounds is greater, we also describe some attacks enabling to distinguish a k-round Feistel network generator from a random permutation generator. © 2009 Springer Berlin Heidelberg.