On Feistel ciphers with alternating round functions and whitening keys

In [1] it was shown that a n-bit balanced Feistel cipher with identical round functions and independent preand post-whitening keys can be broken using n2n=2+1 chosen plaintexts in O(n2n=2) time and space. This paper presents an extension of that result showing that the “sliding with a twist” technique of [2] can be used to break a more general class of Feistel cipher with essentially the same resource requirements. The class of cipher considered in this paper is the n-bit balanced Feistel block cipher with preand post-whitening keys that has alternating round functions. That is, has an encryption function given by C = EK;X;Y (P ) = Y +HK(P +X) where P and C are plaintext and ciphertext, X and Y are the whitening keys, ‘+’ denotes XOR and HK is an r round balanced Feistel construction that makes use of two independent round functions, F1 and F2, in the odd and even rounds respectively. In symbols, HK = Gr=2 K , where r > 2 is any even number and GK is the 2-round transformation given by GK (hL;Ri) = hL+ F2(R+ F1(L)); R + F1(L)i. It is assumed, without loss of generality, that the secret quantity K is used to derive F1 and F2 in some unknown manner and that K , X and Y are all independent quantities.