Cryptanalysis of Reduced-Round MISTY
- 1.7k Downloads
The block ciphers MISTY1and MISTY2 proposed by Matsui are based on the principle of provable security against differential and linear cryptanalysis. This paper presents attacks on reduced-round variants of both ciphers, without as well as with the key-dependent linear functions FL. The attacks employ collision-searching techniques and impossible differentials. KASUMI, a MISTY variant to be used in next generation cellular phones, can be attacked with the latter method faster than brute force when reduced to six sounds.
KeywordsRound Function Linear Cryptanalysis Fast Software Encryption Basic Attack Feistel Network
- E. Biham. Cryptanalysis of Ladder-DES. In E. Biham, editor, Fast Software Encryption: 4th International Workshop, Volume 1267 of Lecture Notes in Computer Science, pages 134–138, Haifa, Israel, 20–22 Jan. 1997. Springer-Verlag.Google Scholar
- E. Biham, A. Biryukov, and A. Shamir. Miss in the middle attacks on IDEA and Khufu. In L. Knudsen, editor, Fast Software Encryption, 6th international Workshop, Volume 1636 of Lecture Notes in Computer Science, pages 124–138, Rome, Italy, 1999. Springer-Verlag.Google Scholar
- ETSI/SAGE. Specification of the 3GPP Confidentiality and Integrity Algorithms-Document 2: KASUMI Specification, Version 1.0. 3G TS 35.202, December 23, 1999. http://www.etsi.org/dvbandca/3GPP/3GPPconditions.html.
- L. R. Knudsen. DEAL — A 128-bit block cipher. Technical Report 151, Department of Informatics, University of Bergen, Bergen, Norway, Feb. 1998.Google Scholar
- A. W. Marshal and I. Olkin. Inequalities: Theory of Majorization and Its Applications, volume 143 of Mathematics in Science and Engineering. Academic Press, New York, 1979.Google Scholar
- M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology-EuroCrypt '93, Volume 765 of Lecture Notes in Computer Science, pages 386–397, Berlin, 1993. Springer-Verlag.Google Scholar
- M. Matsui. New block encryption algorithm MISTY. In E. Biham, editor, Fast Software Encryption: 4th International Workshop, Volume 1267 of Lecture Notes in Computer Science, pages 54–68, Haifa, Israel, 20–22 Jan. 1997. Springer-Verlag.Google Scholar
- K. Sakurai and Y. Zheng. On non-pseudorandomness from block ciphers with provable immunity against linear cryptanalysis. IEICE Trans. Fundamentals, E80-A(1):19–24, January 1997.Google Scholar
- M. Sugita. Higher order differential attack of block ciphers MISTY1,2. Technical Report ISEC 98-4, Institute of Electronics, Information and Communication Engineers (IEICE), 1998.Google Scholar
- M. Sugita. Personal communication, January 2001.Google Scholar
- H. Tanaka, K. Hisamatsu, and T. Kaneko. Strength of MISTY1 without FL function for higher order differential attack. In M. Fossorier, H. Imai, S. Lin, and A. Poli, editors, Proc. Applied algebra, algebraic algorithms, and error-correcting codes: 13th international symposium, AAECC-13, Volume 1719 of Lecture Notes in Computer Science, pages 221–230, Hawaii, USA, 1999. Springer Verlag.Google Scholar