Cryptography Reference
In-Depth Information
However, somebody who can use an IMSI catcher and play the man in the
middle is normally more nifty: he'd talk the handset into disabling the cipher
(which often happens due to poor transmission conditions, since unencrypted
messages require less bandwidth). Only very few handset models display this
state, and if they do, users don't normally pay attention. Disappointed? That's
espionage in practice: it's not the elegance that counts, but the result.
5.7.3 FEAL: The Cryptanalysts' Favorite
Read a lot about cryptanalysis and still not heard of the
FEAL
block algorithm?
Just like every cryptologist should know the Enigma, they should have heard of
the cryptanalytic successes against FEAL. For, whenever a new cryptanalytic
method is discovered, FEAL seems to be the first victim, and the algorithm
does 'lend' itself indeed.
FEAL was designed by the Japanese Shimizu and Miyaguchi in 1987 with the
goal to replace DES by a faster and at least equally secure algorithm. Simi-
larly to DES, it is a Feistel network with 64-bit blocks, but it uses a 64-bit
key. The intended improvement was to be a more secure round function. Four
rounds had originally been planned. FEAL-4 (4-round FEAL) is really much
faster than DES; unfortunately, it is not more secure. Figure 5.23 shows the
round function.
R
i
half block (32 bits)—split in 4*8 bits
subkey (16 bits)—split in 2*8 bits
S
1
S
0
(a,b) = Rot2((a+b) & 0xff )
S
0
S
1
(a,b) = Rot2((a+b+1) & 0xff )
S
0
S
1
Rot2(a): rotate byte a by 2 bits
f(R
i
)
Figure 5.23:
The round function of FEAL.
