This preview shows page 1. Sign up to view the full content.
Unformatted text preview: a dynamic swapping function [1525]. There’s more. Another attack against FEAL4, requiring only 1000 known plaintexts, and against FEAºL8, requiring only 20,000 known plaintexts, was published in [1520]. Other attacks are in [1549,1550]. The best attack is by Mitsuru Matsui and Atshuiro Yamagishi [1020]. This is the first use of linear cryptanalysis, and can break FEAL4 with 5 known plaintexts, FEAL6 with 100 known plaintexts and FEAL8 with 215 known plaintexts. Further refinements are in [64]. Differentiallinear cryptanalysis can break FEAL8 with only 12 chosen plaintexts [62]. Whenever someone discovers a new cryptanalytic attack, he always seems to try it out on FEAL first. Patents
FEAL is patented in the United States [1438] and has patents pending in England, France, and Germany. Anyone wishing to license the algorithm should contact the Intellectual Property Department, NTT, 16 Uchisaiwaicho, 1chome, Chiyodaku, 100 Japan. 13.5 REDOC
REDOC II is another block algorithm, designed by Michael Wood for Cryptech, Inc. [1613,400]. It has a 20byte (160bit) key and an 80bit block. REDOC II performs all of its manipulations—permutations, substitutions, and key XORs—on bytes; the algorithm is efficient in software. REDOC II uses variable function tables. Unlike DES, which has a fixed (albeit optimized for security) set of permutation and substitution tables, REDOC II uses a keydependent and plaintextdependent set of tables (Sboxes, actually). REDOC II has 10 rounds; each round is a complicated series of manipulations on the block. Figure 13.7 FEALNX key schedule. Another unique feature in the design is the use of masks. These are numbers derived from the key table that are used to select the tables in a given function within a given round. Both the value of the data and the masks are used together to select the function tables. Assuming that brute force is the most efficient means of attack, REDOC II is very secure: 2160 operations are required to recover...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details