home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!uwm.edu!linac!att!mcdchg!chinet!schneier
- From: schneier@chinet.chi.il.us (Bruce Schneier)
- Subject: Re: Anyone know about FEAL-8
- Message-ID: <Bzouwv.1ox@chinet.chi.il.us>
- Keywords: FEAL-8
- Organization: Chinet - Public Access UNIX
- References: <1992Dec22.134951.16838@ncsu.edu>
- Date: Wed, 23 Dec 1992 01:31:42 GMT
- Lines: 34
-
- In article <1992Dec22.134951.16838@ncsu.edu> jlnance@eos.ncsu.edu (JAMES LEWIS NANCE) writes:
- >
- >I have been reading a 1988 paper by Miyaguchi, Shiraishi, and Shimizu in which
- >they describe an encryption algorithm they call FEAL-8. I am interested in
- >this algorithm because it was designed to run quickly on computers. I have
- >never heard of it anywhere before and I have the following questions about it.
- >Can anyone help me?
- >
- >1) Is FEAL-8 Secure (as compared to DES)?
-
- FEAL-8 is insecure. A successful chosen-plaintext attack, using 10,000
- plaintext/ciphertext pairs, was reported in the CRYPTO '90 proceedings by
- H. Gilbert and G. Chase. Biham and Shamir, in the EUROCRYPT '91 proceedings,
- reported that FEAL with any number of rounds less than 32 can be broken with
- differential cryptanalysis more easily than it can with brute force.
-
- >2) Is C source code available for it anywhere?
-
- There is C source code floating around the net. I have two versions, one of
- which will appear in my book.
-
- >3) Is it patented
-
- I don't know, actually. If anyone does know, I would appreciate them telling
- me.
-
- >4) Is it a good choice for a fast, secure private key method?
-
- No.
-
- By the way, neither is a variant called FEAL-NX. It's better than FEAL-N.
- (FEAL-N is the FEAL algorithm with N rounds.)
-
- Bruce
-
