This preview shows page 1. Sign up to view the full content.
Unformatted text preview: a dynamic swapping function . There’s more. Another attack against FEAL-4, requiring only 1000 known plaintexts, and against FEAºL-8, requiring only 20,000 known plaintexts, was published in . Other attacks are in [1549,1550]. The best attack is by Mitsuru Matsui and Atshuiro Yamagishi . This is the first use of linear cryptanalysis, and can break FEAL-4 with 5 known plaintexts, FEAL-6 with 100 known plaintexts and FEAL-8 with 215 known plaintexts. Further refinements are in . Differential-linear cryptanalysis can break FEAL-8 with only 12 chosen plaintexts . Whenever someone discovers a new cryptanalytic attack, he always seems to try it out on FEAL first. Patents
FEAL is patented in the United States  and has patents pending in England, France, and Germany. Anyone wishing to license the algorithm should contact the Intellectual Property Department, NTT, 1-6 Uchisaiwai-cho, 1-chome, Chiyoda-ku, 100 Japan. 13.5 REDOC
REDOC II is another block algorithm, designed by Michael Wood for Cryptech, Inc. [1613,400]. It has a 20-byte (160-bit) key and an 80-bit block. REDOC II performs all of its manipulations—permutations, substitutions, and key XORs—on bytes; the algorithm is efficient in software. REDOC II uses variable function tables. Unlike DES, which has a fixed (albeit optimized for security) set of permutation and substitution tables, REDOC II uses a key-dependent and plaintext-dependent set of tables (S-boxes, actually). REDOC II has 10 rounds; each round is a complicated series of manipulations on the block. Figure 13.7 FEAL-NX key schedule. Another unique feature in the design is the use of masks. These are numbers derived from the key table that are used to select the tables in a given function within a given round. Both the value of the data and the masks are used together to select the function tables. Assuming that brute force is the most efficient means of attack, REDOC II is very secure: 2160 operations are required to recover...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10