Multiset structural attack on generalized Feistel networks (Q2298200)

Summary: In this paper, we present new generic multiset attacks against generalized Feistel networks, by which we can recover all the unknown round functions completely instead of deciding whether an unknown encryption oracle is such network or a random permutation. With one \(r\)-round multiset distinguisher, we can recover the outermost round functions for \(r + 1\)-round block cipher. Next we propose the \textit{dummy-round technique}, which allows us to make a full-round decomposition if the outermost round is recovered. Moreover, the \textit{dummy-round technique} barely increases the complexity of our attack. Using this generic method, we propose attacks on 7-round RC6-like and 7-round CLEFIA-like structures. Our attacks can recover all the secret round functions, requiring only \(O(10 \times 2^{0.7 n})\) time complexity and \(O(5 \times 2^{n / 2})\) chosen plaintexts, where \(n\) indicates the block size of the cipher. For 64-bit ciphers of these two structures, our results will lead to a practical attack.