FEAL stands for
Fast Data
Encipherment
ALgorithm. It was developed by Akihiro Shimizu and Shoji Miyaguchi of
NTT Japan.
FEAL utilizes a linear f-function in conjunction with a Feistel Network. Unfortunately, the f-function is so flawed, that FEAL is unable to resist any attempts at cryptanalysis.
So How Does FEAL Work?
FEAL is a 64-bit block cipher with a 64-bit key. It utilizes feistel rounds, which ensures that it can be easily decrypted with the proper key.
1. 64 plaintext bits are input. 64 key bits are input.
2. The plaintext bits are XORed with key bits. This process is known as key whitening and is used as an aditional layer of security.
3. The plaintext is broken into a right half (R) and a left half (L). The left half is XORed with the right half.
4. The result of f(R,subkey) is XORed with L.
5. The two halves are exchanged.
6. The above two steps are repeated for a preset number of rounds.
7. The result of f(R,subkey) is XORed with L.
8. L is XORed with R.
9. Key whitening is applied again.
How does the f-function work?
1. Thirty two bits are input (a0, a1, a2, a3), sixteen key bits are input (b0, b1).
2. b0 is XORed with a1. b1 is XORed with a2.
3. a0 is XORed with a1. a3 is XORed with a2.
4. a1 is set equal to S1(a1,a2).
5. a2 is set equal to S0(a2,a1).
6. a0 is set equal to S0(a0,a1).
7. a3 is set equal to S1(a3,a2).
8. a0, a1, a2, a3 are output.
How do S0(a,b) and S1(a,b) work?
S0(a,b) = ((a + b) mod 256) circular shift left two bits.
S1(a,b) = ((a + b + 1) mod 256) circular shift left two bits.
So Why Does FEAL Suck?
FEAL's fatal weakness lies in the f-function. The function uses no non-linear steps. This makes differential and linear cryptanalysis a joke.