This preview shows page 1. Sign up to view the full content.
Unformatted text preview: lves. The halves are XORed and operated on by function fk, as indicated in the diagram. Figure 13.6 is a block diagram of function fk. The two 32bit inputs are broken up into 8bit blocks and combined and substituted as shown. S0 and S1 are defined as just shown. The 16bit key blocks are then used in the encryption/decryption algorithm. On a 10 megahertz 80286 microprocessor, an assemblylanguage implementation of FEAL32 can encrypt data at a speed of 220 kilobits per second. FEAL64 can encrypt data at a speed of 120 kilobits per second [1104]. Figure 13.4 Function f. Figure 13.5 Key processing part of FEAL. Figure 13.6 Function fK. Cryptanalysis of FEAL
FEAL4, FEAL with four rounds, was successfully cryptanalyzed with a chosenplaintext attack in [201] and later demolished [1132]. This later attack, by Sean Murphy, was the first published differentialcryptanalysis attack and required only 20 chosen plaintexts. The designers retaliated with 8round FEAL [1436,1437,1108] which Biham and Shamir cryptanalyzed at the SECURICOM ’89 conference[1427]. Another chosenplaintext attack, using only 10,000 blocks, against FEAL8 [610] forced the designers to throw up their hands and define FEALN [1102,1104], with a variable number of rounds (greater than 8, of course). Biham and Shamir used differential cryptanalysis against FEALN; they could break it more quickly than by brute force (with fever than 264 chosen plaintext encryptions) for N less than 32 [169]. FEAL16 required 228 chosen plaintexts or 246.5 known plaintexts to break. FEAL8 required 2000 chosen plaintexts or 237.5 known plaintexts to break. FEAL4 could be broken with just eight carefully selected chosen plaintexts. The FEAL designers also defined FEALNX, a modification of FEAL, that accepts 128bit keys (see Figure 13.7)[1103,1104]. Biham and Shamir showed that FEALNX with a 128bit key is just as easy to break as FEALN with a 64bit key, for any value of N [169]. Recently FEALN(X)S has been proposed, which strengthens FEAL with...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details