Shoji Miyaguchi, FEAL-N specifications, technical note, NTT, 1989. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Differential Cryptanalysis of Feal and N-Hash - Biham, Shamir (1991) (16 citations) (Correct)
....a second version, called Feal 8[12,9] in which the number of rounds was increased to eight, while the F function was not changed. Feal 8 was broken by the differential cryptanalytic chosen plaintext attack described in this paper. As a result, two new versions were added to the family: FealN [6] with any even number N of rounds, and Feal NX[7] with an extended 128 bit key. In addition, The designers proposed a more complex eight round version called N Hash[8] as a cryptographically strong hash function which maps arbitrarily long inputs into 128 bit values. Recently, two chosen plaintext ....
....1000 pairs with more than 95 success rate. Using quartets with two characteristics we need 1000 ciphertexts for this attack. Using 2000 pairs it finds the key with almost 100 success rate. The program uses 280K bytes of memory. 4 Cryptanalysis of Feal N and Feal NX with N 31 rounds Feal N[6] was suggested as an N round extension of Feal 8 after our attack on Feal 8 was announced. Feal NX[7] is similar to Feal N but uses a longer 128 bit key and a different key processing algorithm. Since our attack ignores the key processing algorithm and finds the actual subkeys, we can apply it to ....
Shoji Miyaguchi, FEAL-N specifications, technical note, NTT, 1989.
Differential Cryptanalysis attacks - Biham, Shamir (1991) (146 citations) (Correct)
....using less than 60 ciphertexts (30 pairs) The Feal 8 cryptosystem can be broken with less than 2000 ciphertexts (1000 pairs) and the Feal 4 cryptosystem can be broken with just eight ciphertexts and one of their plaintexts. As a reaction to our attack on Feal 8, its creators introduced Feal N[11], with any even number of rounds N. They suggest the use of Feal N with 16 and 32 rounds. Feal NX[12] is similar to Feal N with the extension of the key size to 128 bits. Nevertheless, Feal N and Feal NX can be broken for any N 31 rounds faster than exhaustive search. Differential cryptanalytic ....
Shoji Miyaguchi, FEAL-N specifications, technical note, NTT, 1989.
Differential Fault Analysis of Secret Key Cryptosystems - Biham, Shamir (1997) (31 citations) (Correct)
....by triple DES (whose 168 bits of key were assumed to make it practically invulnerable) essentially the same attack can break it with essentially the same number of given ciphertexts. Differential Fault Analysis can break many additional secret key cryptosystems, including IDEA[9] RC5[19] and Feal[21,16,14,15]. Some ciphers, such as Khufu[13] Khafre[13] and Blowfish[20] compute their S boxes from the key material. In such ciphers, it may be even possible to extract the S boxes themselves, and the keys, using the techniques of Differential Fault Analysis. Differential Fault Analysis can also be applied ....
Shoji Miyaguchi, FEAL-N specifications, technical note, NTT, 1989.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC