Differential cryptanalysis, publicly introduced by Eli Biham and Adi Shamir at the CRYPTO’90 conference, is still one of the most used methods for evaluating the security of symmetric-key ciphers, particularly those with round-based structures. A common bottleneck in these attacks is the need to analyse large sets of plaintext–ciphertext pairs, in which only a small fraction contributes to successful key recovery. To reduce this overhead, many attacks apply filtering techniques that aim to discard useless pairs. While filtering is widely applied, its concrete impact on performance has not, to our knowledge, been studied in a systematic and reproducible manner. In this work, we revisit the classical differential attack on the FEAL-8 cipher as a case study to evaluate the role of filtering in practice. We reimplement the attack by Biham and Shamir, analyse the proposed filters for its early stages, and introduce a synthetic perfect filter to estimate upper bounds in reductions without known filters. We observe that filtering can reduce runtime by up to \(17\times \) and significantly lower data requirements, particularly in early stages of the attack. These results provide a clear and quantitative picture of filtering’s role in making differential attacks more efficient. Our implementation is publicly available for reproducibility.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

The Impact of Filtering in Differential Cryptanalysis: A Case Study on FEAL-8

  • Ivan Costa,
  • Ivone Amorim,
  • Eva Maia,
  • Isabel Praça

摘要

Differential cryptanalysis, publicly introduced by Eli Biham and Adi Shamir at the CRYPTO’90 conference, is still one of the most used methods for evaluating the security of symmetric-key ciphers, particularly those with round-based structures. A common bottleneck in these attacks is the need to analyse large sets of plaintext–ciphertext pairs, in which only a small fraction contributes to successful key recovery. To reduce this overhead, many attacks apply filtering techniques that aim to discard useless pairs. While filtering is widely applied, its concrete impact on performance has not, to our knowledge, been studied in a systematic and reproducible manner. In this work, we revisit the classical differential attack on the FEAL-8 cipher as a case study to evaluate the role of filtering in practice. We reimplement the attack by Biham and Shamir, analyse the proposed filters for its early stages, and introduce a synthetic perfect filter to estimate upper bounds in reductions without known filters. We observe that filtering can reduce runtime by up to \(17\times \) and significantly lower data requirements, particularly in early stages of the attack. These results provide a clear and quantitative picture of filtering’s role in making differential attacks more efficient. Our implementation is publicly available for reproducibility.