Yu Sasaki

From ESC2013
Jump to: navigation, search

Title:

Meet-in-the-Middle Attacks on Feistel Functions: Impact of Omitting the Last Network Twist

Abstract:

Several block ciphers omit the the network twist in the last round. This makes the encryption and decryption algorithms symmetric, and leads to some advantage for implementations, while it does not lower the provable security bound against the differential and linear cryptanalysis. In this talk, it is shown that the omission of the last network twist can be a weakness against preimage attacks, when they are used to build a compression function with some PGV mode.

Slides PDF