Rectangle Attack Against Type-I Generalized Feistel Structures
-
Abstract
Type-I generalized Feistel networks (GFN) are widely used frameworks in symmetric-key primitive designs such as CAST-256 and Lesamnta. Different from the extensive studies focusing on specific block cipher instances, the analysis against Type-I GFN structures gives generic security evaluation of the basic frameworks and concentrates more on the effect of linear transformation. Currently, works in this field mainly evaluate the security against impossible differential attack, zero-correlation linear attack, meet-in-the-middle attack and yoyo game attack, while its security evaluation against rectangle attack is still missing. In this paper, we filled this gap and gave the first structural analytical results of Type-I GFN against rectangle attack. By exploiting its structural properties, we proved there exists a boomerang switch for Type-I GFN for the first time, which is independent of the round functions. Then we turned the boomerang switch into chosen plaintext setting and proposed a new rectangle attack model. By appending 1 more round in the beginning of the boomerang switch, we constructed a rectangle distinguisher and a key recovery attack could be performed.
-
-