I am performing an operation where a function F(k,x) takes two 64bit values and returns the product of their decimal numbers. For example:
F(123,231) = 123 x 231 = 28413
The number is then converted into binary and the least significant bits are extracted. i.e. if 28413 = 0110111011111101 then we take 11111101, which is 253 in decimal.
This function is part of a Feistel network in security. When performing a type of attack (chosen plaintext) we get to the point where we have 253 and 231, but need to figure out 123.
Is there any way that is possible?
No.
By dropping the most significant bits, the operation is rendered mono-directional. In order to recover the 123 you would have to brute-force the function with every possibility until the result was the value you want.
I.e. run F(x,231) for values of x until the result of F is 253.
That said, knowing one of the two inputs and the output makes it relatively easy to brute force. It would depend on the number of valid values for x (e.g. is it always a 3 digit number? Always prime? Always odd?)
There may be some other shortcuts, depending on the patterns that multiplying a number of 231 gets you, but any given value for that number will have different patterns. e.g. if it was 9 instead of 231, you would know that the sum of the digits always summed to 9.