Yu Sasaki

From ESC2013
Revision as of 10:40, 22 January 2013 by Guest (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Meet-in-the-Middle Attacks on Feistel Functions: Impact of Omitting the Last Network Twist


Several block ciphers omit the the network twist in the last round. This makes the encryption and decryption algorithms symmetric, and leads to some advantage for implementations, while it does not lower the provable security bound against the differential and linear cryptanalysis. In this talk, it is shown that the omission of the last network twist can be a weakness against preimage attacks, when they are used to build a compression function with some PGV mode.

Slides PDF