Advertisement

Cryptanalysis of Reduced-Round MISTY

  • Ulrich Kühn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2045)

Abstract

The block ciphers MISTY1and MISTY2 proposed by Matsui are based on the principle of provable security against differential and linear cryptanalysis. This paper presents attacks on reduced-round variants of both ciphers, without as well as with the key-dependent linear functions FL. The attacks employ collision-searching techniques and impossible differentials. KASUMI, a MISTY variant to be used in next generation cellular phones, can be attacked with the latter method faster than brute force when reduced to six sounds.

Keywords

Round Function Linear Cryptanalysis Fast Software Encryption Basic Attack Feistel Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [1]
    E. Biham. Cryptanalysis of Ladder-DES. In E. Biham, editor, Fast Software Encryption: 4th International Workshop, Volume 1267 of Lecture Notes in Computer Science, pages 134–138, Haifa, Israel, 20–22 Jan. 1997. Springer-Verlag.Google Scholar
  2. [2]
    E. Biham, A. Biryukov, and A. Shamir. Miss in the middle attacks on IDEA and Khufu. In L. Knudsen, editor, Fast Software Encryption, 6th international Workshop, Volume 1636 of Lecture Notes in Computer Science, pages 124–138, Rome, Italy, 1999. Springer-Verlag.Google Scholar
  3. [3]
    E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, Berlin, 1993.zbMATHGoogle Scholar
  4. [4]
    ETSI/SAGE. Specification of the 3GPP Confidentiality and Integrity Algorithms-Document 2: KASUMI Specification, Version 1.0. 3G TS 35.202, December 23, 1999. http://www.etsi.org/dvbandca/3GPP/3GPPconditions.html.
  5. [5]
    L. R. Knudsen. DEAL — A 128-bit block cipher. Technical Report 151, Department of Informatics, University of Bergen, Bergen, Norway, Feb. 1998.Google Scholar
  6. [6]
    A. W. Marshal and I. Olkin. Inequalities: Theory of Majorization and Its Applications, volume 143 of Mathematics in Science and Engineering. Academic Press, New York, 1979.Google Scholar
  7. [7]
    M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology-EuroCrypt '93, Volume 765 of Lecture Notes in Computer Science, pages 386–397, Berlin, 1993. Springer-Verlag.Google Scholar
  8. [8]
    M. Matsui. New block encryption algorithm MISTY. In E. Biham, editor, Fast Software Encryption: 4th International Workshop, Volume 1267 of Lecture Notes in Computer Science, pages 54–68, Haifa, Israel, 20–22 Jan. 1997. Springer-Verlag.Google Scholar
  9. [9]
    K. Sakurai and Y. Zheng. On non-pseudorandomness from block ciphers with provable immunity against linear cryptanalysis. IEICE Trans. Fundamentals, E80-A(1):19–24, January 1997.Google Scholar
  10. [10]
    M. Sugita. Higher order differential attack of block ciphers MISTY1,2. Technical Report ISEC 98-4, Institute of Electronics, Information and Communication Engineers (IEICE), 1998.Google Scholar
  11. [11]
    M. Sugita. Personal communication, January 2001.Google Scholar
  12. [12]
    H. Tanaka, K. Hisamatsu, and T. Kaneko. Strength of MISTY1 without FL function for higher order differential attack. In M. Fossorier, H. Imai, S. Lin, and A. Poli, editors, Proc. Applied algebra, algebraic algorithms, and error-correcting codes: 13th international symposium, AAECC-13, Volume 1719 of Lecture Notes in Computer Science, pages 221–230, Hawaii, USA, 1999. Springer Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Ulrich Kühn
    • 1
  1. 1.Dresdner Bank AGGroup Information Technology RS ResearchFrankfurtGermany

Personalised recommendations