The Impact of Filtering in Differential Cryptanalysis: A Case Study on FEAL-8
摘要
Differential cryptanalysis, publicly introduced by Eli Biham and Adi Shamir at the CRYPTO’90 conference, is still one of the most used methods for evaluating the security of symmetric-key ciphers, particularly those with round-based structures. A common bottleneck in these attacks is the need to analyse large sets of plaintext–ciphertext pairs, in which only a small fraction contributes to successful key recovery. To reduce this overhead, many attacks apply filtering techniques that aim to discard useless pairs. While filtering is widely applied, its concrete impact on performance has not, to our knowledge, been studied in a systematic and reproducible manner. In this work, we revisit the classical differential attack on the FEAL-8 cipher as a case study to evaluate the role of filtering in practice. We reimplement the attack by Biham and Shamir, analyse the proposed filters for its early stages, and introduce a synthetic perfect filter to estimate upper bounds in reductions without known filters. We observe that filtering can reduce runtime by up to \(17\times \) and significantly lower data requirements, particularly in early stages of the attack. These results provide a clear and quantitative picture of filtering’s role in making differential attacks more efficient. Our implementation is publicly available for reproducibility.