This preview shows page 1. Sign up to view the full content.
Unformatted text preview: enkey chosenplaintexts in 248 steps [160]. While this attack is timeconsuming and largely theoretical, it shows that NewDES is weaker than DES. 13.4 FEAL
FEAL was designed by Akihiro Shimizu and Shoji Miyaguchi from NTT Japan [1435]. It uses a 64bit block and a 64bit key. The idea was to make a DESlike algorithm with a stronger round function. Needing fewer rounds, the algorithm would run faster. Unfortunately, reality fell far short of the design goals. Description of FEAL
Figure 13.3 is a block diagram of one round of FEAL. The encryption process starts with a 64bit block of plaintext. First, the data block is XORed with 64 key bits. The data block is then split into a left half and a right half. The left half is XORed with the right half to form a new right half. The left and new right halves go through n rounds (four, initially). In each round the right half is combined with 16 bits of key material (using function f) and XORed with the left half to form the new right half. The original right half (before the round) forms the new left half. After n rounds (remember not to switch the left and right halves after the nth round) the left half is again XORed with the right half to form a new right half, and then the left and right halves are concatenated together to form a 64bit whole. The data block is XORed with another 64 bits of key material, and the algorithm terminates. Figure 13.3 One round of FEAL. Function f takes the 32 bits of data and 16 bits of key material and mixes them together. First the data block is broken up into 8bit chunks, then the chunks are XORed and substituted with each other. Figure 13.4 is a block diagram of function f. The two functions S0 and S1, are defined as: S0(a,b) = rotate left two bits ((a + b) mod 256) S1(a,b) = rotate left two bits ((a + b + 1) mod 256) The same algorithm can be used for decryption. The only difference is: When decrypting, the key material must be used in the reverse order. Figure 13.5 is a block diagram of the keygenerating function. First the 64bit key is divided into two ha...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details