Infobox block cipher
name = FEAL

caption = The FEAL Feistel function
designers = Akihiro Shimizu and Shoji Miyaguchi (NTT)
publish date = FEAL-4 in 1987; FEAL-N/NX in 1990
derived from =
derived to =
key size = 64 bits (FEAL), 128 bits (FEAL-NX)
block size = 64 bits
structure = Feistel network
rounds = Originally 4, then 8, then variable (recommended 32)
cryptanalysis = Linear cryptanalysis can break FEAL-4 with 5 known plaintexts (Matsui and Yamagishi, 1992). A differential attack breaks FEAL-N/NX with fewer than 31 rounds (Biham and Shamir, 1991).

In cryptography, FEAL (the Fast Data Encipherment Algorithm) is a block cipher proposed as an alternative to the Data Encryption Standard (DES), and designed to be much faster in software. The Feistel based algorithm was first published in 1987 by Akihiro Shimizu and Shoji Miyaguchi from NTT. The cipher is susceptible to various forms of cryptanalysis, and has acted as a catalyst in the discovery of differential and linear cryptanalysis.

There have been several different revisions of FEAL, though all are Feistel ciphers, and make use of the same basic round function and operate on a 64-bit block. One of the earliest designs is now termed FEAL-4, which has four rounds and a 64-bit key.

Unfortunately, problems were found with FEAL-4 from the start: Bert den Boer related a weakness in an unpublished rump session at the same conference where the cipher was first presented. A later paper (den Boer, 1988) describes an attack requiring 100–10000 chosen plaintexts, and Sean Murphy (1990) found an improvement that needs only 20 chosen plaintexts. Murphy and den Boer's methods contain elements similar to those used in differential cryptanalysis.

The designers countered by doubling the number of rounds, FEAL-8 (Shimizu and Miyaguchi, 1988). However, eight rounds also proved to be insufficient — in 1989, at the Securicom conference, Eli Biham and Adi Shamir described a differential attack on the cipher, mentioned in (Miyaguchi, 1989). Gilbert and Chassé (1990) subsequently published a statistical attack similar to differential cryptanalysis which requires 10000 pairs of chosen plaintexts.

In response, the designers introduced a variable-round cipher, FEAL-N (Miyaguchi, 1990), where "N" was chosen by the user, together with FEAL-NX, which had a larger 128-bit key. Biham and Shamir's differential cryptanalysis (1991) showed that both FEAL-N and FEAL-NX could be broken faster than exhaustive search for N ≤ 31. Later attacks, precursors to linear cryptanalysis, could break versions under the known plaintext assumption, first (Tardy-Corfdir and Gilbert, 1991) and then (Matsui and Yamagishi, 1992), the latter breaking FEAL-4 with 5 known plaintexts, FEAL-6 with 100, and FEAL-8 with 215.

ee also

* N-Hash


* Eli Biham, Adi Shamir: Differential Cryptanalysis of Feal and N-Hash. EUROCRYPT 1991: 1–16
* Bert den Boer, Cryptanalysis of F.E.A.L., EUROCRYPT 1988: 293–299
* Henri Gilbert, Guy Chassé: A Statistical Attack of the FEAL-8 Cryptosystem. CRYPTO 1990: 22–33.
* Shoji Miyaguchi: The FEAL Cipher Family. CRYPTO 1990: 627–638
* Shoji Miyaguchi: The FEAL-8 Cryptosystem and a Call for Attack. CRYPTO 1989: 624–627
* Mitsuru Matsui, Atsuhiro Yamagishi: A New Method for Known Plaintext Attack of FEAL Cipher. EUROCRYPT 1992: 81–91
* Sean Murphy, The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts. "J. Cryptology" 2(3): 145–154 (1990)
* A. Shimizu and S. Miyaguchi, Fast data encipherment algorithm FEAL, Advances in Cryptology — Eurocrypt '87, Springer-Verlag (1988), 267–280.
* Anne Tardy-Corfdir, Henri Gilbert: A Known Plaintext Attack of FEAL-4 and FEAL-6. CRYPTO 1991: 172–181

External links

* [http://info.isl.ntt.co.jp/crypt/eng/archive/index.html#feal The FEAL home page]
* [http://groups.google.com/groups?selm=54gq4q%242d7%40scream.auckland.ac.nz A sci.crypt article by Peter Gutmann describing FEAL]
* [http://patft.uspto.gov/netacgi/nph-Parser?TERM1=4850019&u=/netahtml/srchnum.htm&Sect1=PTO1&Sect2=HITOFF&p=1&r=0&l=50&f=S&d=PALL US patent 4850019]

Wikimedia Foundation. 2010.

См. также в других словарях:

  • féal — féal …   Dictionnaire des rimes

  • FEAL — La fonction de Feistel dans FEAL Résumé Concepteur(s) Akihiro Shimizu and Shoji Miyaguchi (NTT) Première publication 1987 (FEAL 4) et 1990 (FEAL N/NX) …   Wikipédia en Français

  • FEAL — Die Rundenfunktion F von FEAL Entwickler Akihiro Shimizu und Shoji Miyaguchi, beide von NTT Veröffentlicht FEAL 4 1987; FEAL N/NX 1990 Schlüssellänge …   Deutsch Wikipedia

  • féal — féal, ale, aux [ feal, o ] adj. et n. m. • v. 1200; de fei, anc. forme de foi 1 ♦ Vx Fidèle à la foi jurée. ⇒ dévoué, fidèle, loyal. À nos aimés et féaux conseillers, formule de l ancienne chancellerie royale. 2 ♦ N. m. Littér. Partisan, ami… …   Encyclopédie Universelle

  • FEAL — Создатель: Акихиро Симидзу и Сёдзи Миягути (NTT) Опубликован: FEAL 4 в 1987; FEAL N/NX в 1990 Размер ключа: 64 бит (FEAL), 128 бит (FEAL NX) Размер блока: 64 бит Число раундов: изначально 4, потом 8 и потом переменное количество (рекомендуемо 32) …   Википедия

  • féal — féal, ale (fé al, a l ) adj. 1°   Vieux mot qui était usité dans les lettres royales. Fidèle. À nos amés et féaux conseillers, etc. •   Roland, Duguesclin, Bayard, étaient de féaux chevaliers, CHATEAUBR. Génie, I, II, 2. 2°   Familièrement. C est …   Dictionnaire de la Langue Française d'Émile Littré

  • feal — fe al (f[=e] al), a. [OF. feal, feel, feeil, fedeil, F. fid[ e]le, L. fidelis faithful, fr. fides faith. See {Faith}.] Faithful; loyal. [Obs.] Wright. [1913 Webster] …   The Collaborative International Dictionary of English

  • feal — Feal, Fidus, Fidelis. Estre feaulx et loyaulx au peuple Romain, Comiter conseruare maiestatem populi Romani …   Thresor de la langue françoyse

  • feal — {{11}}feal (1) “to hide, conceal,” early 14c., a Northern English and Northern Midlands word, from O.N. fela to hide, cognate with Goth. filhan to hide, bury, O.E. feolan. {{12}}feal (2) faithful, 1560s, from O.Fr. feal, collateral form of… …   Etymology dictionary

  • FÉAL — ALE. adj. Vieux mot qui signifie, Fidèle, et qui était usité dans les lettres royaux. À nos amés et féaux ... Fam. et substantiv., C est mon féal, c est son féal, C est mon fidèle ami, son fidèle ami, mon intime, son intime …   Dictionnaire de l'Academie Francaise, 7eme edition (1835)

Поделиться ссылкой на выделенное

Прямая ссылка:
Нажмите правой клавишей мыши и выберите «Копировать ссылку»