Welcome to the resource topic for 2021/815
Title:
Linear Cryptanalysis of FF3-1 and FEA
Authors: Tim Beyne
Abstract:Improved attacks on generic small-domain Feistel ciphers with alternating round tweaks are obtained using linear cryptanalysis. This results in practical distinguishing and message-recovery attacks on the United States format-preserving encryption standard FF3-1 and the South-Korean standards FEA-1 and FEA-2. The data-complexity of the proposed attacks on FF3-1 and FEA-1 is O(N^{r/2 - 1.5}), where N^2 is the domain size and r is the number of rounds. For example, FF3-1 with N = 10^3 can be distinguished from an ideal tweakable block cipher with advantage \ge 1/10 using 2^{23} encryption queries. Recovering the left half of a message with similar advantage requires 2^{24} data. The analysis of FF3-1 serves as an interesting real-world application of (generalized) linear cryptanalysis over the group \mathbb{Z}/N\mathbb{Z}.
ePrint: https://eprint.iacr.org/2021/815
Talk: https://www.youtube.com/watch?v=lFmbJHw-4PA
Slides: https://iacr.org/submit/files/slides/2021/crypto/crypto2021/83/slides.pdf
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .