183k views
1 vote
Consider a Feistel cipher with r rounds and n=128 (half the block length); ℓ=256(the key bit size). Then M={0,1} 24

(the plaintext space), C={0,1} 276
(the ciphertext space), and K={0,1} 2%
(the key space). A key scheduling algorithm determines subkeys k 1

,k 2

from a key K∈K={0,1} 206
. Each subkey k i ​
determines a function f i

:{0,1} 12×
→{0,1} 12×
. Eneryptio. takes r rounds: - Plaintext is m=(m 0

,m 1

) with m 0

,m 1

∈{0,1} 12κ
, - Round 1: (m 0

,m 1

)→(m 1

,m 2

) with m 2

=m 0

⊕f 1

(m 1

). - Round 2: (m 1

,m 2

)→(m 2

,m 3

) with m 3

=m 1

⊕f 2

(m 2

). - Round r: (m r−1

,m r

)→(m r

,m r+1

) with m r+1

=m r−1

⊕f r

(m r

). - The ciphertext is c=(m r

,m r+1

). For the Feistel cipher described above: Exercise 2 (Security of Feistel ciphers 1. Consider the above Feistel cipher with r=2 rounds. Is this Feistel cipher secure against an exhaustive key search attack, in the known-plaintext attack model? What does the complexity of such an attack depend on? Explain. 2. Consider the above Feistel cipher with r=2 rounds. Imagine a key scheduling algorithm that works as follows. Given K∈K={0,1} 2π
, set k 1

to be the leftmost 128 bits of K, and k 2

to be the rightmost 128 bits of K, then define f i

(x)=x∈
/
k i

. Show that this block cipher is totally insecure - that is, given a single plaintext-ciphertext pair (m,c), the secret key K can be easily recovered. Hint: linearity is the problem here.

User HenryZhang
by
6.9k points

1 Answer

2 votes

Answer:

Step-by-step explanation:654
\sqrt[n]{x} \sqrt[n]{x}

User Peter Gerber
by
8.1k points