INFORMATION PROCESSING LETTERS, vol.113, pp.827-831, 2013 (SCI-Expanded)
In this work, we introduce a new generic attack on 5-round Feistel networks whose round functions are random permutations, under the condition that the second and the fourth round keys are equal. The attack is a combination of the square attack technique with the reflection attack technique and exploits the unbalanced distribution of the fixed points of the inner rounds among all the keys. The data complexity of the attack is inverted right perpendicular4m/ninverted left perpendicular2(n/2) chosen plaintexts where inverted right perpendicular4m/2inverted left perpendicular is the smallest integer bigger than or equal to 4m/n, m is the length of a round key and n is the block length of the Feistel network. We utilize Hellman tables to construct a tradeoff between the time complexity and the memory complexity of the attack which are 2(3m-2M-1) and 2(M) respectively where M is the tradeoff parameter. The number of weak keys is 2(k-m) where k is the key length. As a concrete example, we mount the attack on 5-round DEAL. Our attack has overall complexity of 2(65) and works on a key set of cardinality 2(72) for 128-bit key length. (c) 2013 Elsevier B.V. All rights reserved.