http://iet.metastore.ingenta.com
1887

Weak keys of the full MISTY1 block cipher for related-key amplified boomerang cryptanalysis

Weak keys of the full MISTY1 block cipher for related-key amplified boomerang cryptanalysis

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The MISTY1 block cipher has a 64-bit block size, a 128-bit master key, and a total of 8 rounds. It is an ISO international standard, a Japanese CRYPTREC-recommended e-government cipher, and a European NESSIE selected cipher. In this study, the authors show another cryptographic weakness of the full MISTY1 cipher: they describe four classes of weak keys of the full MISTY1 cipher for a related-key amplified boomerang attack that has a data complexity of chosen plaintexts and a time complexity of encryptions under each class of weak keys. The result shows that the MISTY1 cipher can be distinguishable from an ideal cipher in terms of related-key amplified boomerang cryptanalysis, and users should be very careful when using MISTY1 for a full security in relevant application situations.

References

    1. 1)
      • 1. Matsui, M.: ‘New block encryption algorithm MISTY’. Int. Workshop on Fast Software Encryption 1997, 1997 (LNCS, 1267), pp. 5468.
    2. 2)
      • 2. Cryptography Research and Evaluatin Committees (CRYPTREC): ‘CRYPTREC report 2002’, 2003.
    3. 3)
      • 3. New European Schemes for Signatures, Integrity, and Encryption (NESSIE): ‘Final report of European project IST-1999-12324’, 2004.
    4. 4)
      • 4. International Standardization of Organization (ISO): ‘Int. standard – ISO/IEC 18033-3, information technology – security techniques – encryption algorithms – part 3: block ciphers’, 2005.
    5. 5)
      • 5. Dunkelman, O., Keller, N.: ‘An improved impossible differential attack on MISTY1’. ASIACRYPT 2008, 2008 (LNCS, 5350), pp. 441454.
    6. 6)
      • 6. Biham, E., Biryukov, A., Shamir, A.: ‘Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials’. EUROCRYPT 1999, 1999 (LNCS, 1592), pp. 1223.
    7. 7)
      • 7. Knudsen, L.R.: ‘DEAL – a 128-bit block cipher’. Technical report, Department of Informatics, University of Bergen, 1998.
    8. 8)
      • 8. Kühn, U.: ‘Cryptanalysis of reduced-round MISTY’. EUROCRYPT 2001, 2001 (LNCS, 2045), pp. 325339.
    9. 9)
      • 9. Kühn, U.: ‘Improved cryptanalysis of MISTY1’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 6175.
    10. 10)
      • 10. Tsunoo, Y., Saito, T., Shigeri, M., et al: ‘Higher order differential attacks on reduced-round MISTY1’. ICISC 2008, 2009 (LNCS, 5461), pp. 415431.
    11. 11)
      • 11. Knudsen, L.R.: ‘Truncated and higher order differentials’. Int. Workshop on Fast Software Encryption 1994, 1995 (LNCS, 1008), pp. 196211.
    12. 12)
      • 12. Lai, X.: ‘Higher order derivatives and differential cryptanalysis’, in Blahut, R.E., Costello, D.R.Jr., Maurer, U., et al (Eds.): ‘Communications and cryptography: two-sides of one tapestry’ (Kluwer Academic Publisher, Dordrecht, Netherlands, 1994), pp. 227233.
    13. 13)
      • 13. Lee, S., Kim, J., Hong, D., et al: ‘Weak key classes of 7-round MISTY 1 and 2 for related-key amplied boomerang attacks’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, 91-A, pp. 642649.
    14. 14)
      • 14. Biham, E., Dunkelman, O., Keller, N.: ‘Related-key boomerang and rectangle attacks’. EUROCRYPT 2005, 2005 (LNCS, 3494), pp. 507525.
    15. 15)
      • 15. Hong, S., Kim, J., Lee, S., et al: ‘Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192’. Int. Workshop on Fast Software Encryption 2005, 2005 (LNCS, 3557), pp. 368383.
    16. 16)
      • 16. Kim, J., Kim, G., Hong, S., et al: ‘The related-key rectangle attack – application to SHACAL-1’. ACISP 2004, 2004 (LNCS, 3108), pp. 123136.
    17. 17)
      • 17. Sun, X., Lai, X.: ‘Improved integral attacks on MISTY1’. Int. Workshop on Selected Areas in Cryptography 2009, 2009 (LNCS, 5867), pp. 266280.
    18. 18)
      • 18. Knudsen, L.R., Wagner, D.: ‘Integral cryptanalysis’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 112127.
    19. 19)
      • 19. Chen, S., Dai, Y.: ‘Related-key amplified boomerang attack on 8-round MISTY1’. CHINACRYPT 2011, 2011, pp. 714.
    20. 20)
      • 20. Dai, Y., Chen, S.: ‘Weak key class of MISTY1 for related-key differential attack’. INSCRYPT 2011, 2012 (LNCS, 7537), pp. 227236.
    21. 21)
      • 21. Biham, E.: ‘New types of cryptanalytic attacks using related keys’. EUROCRYPT 1993, 1993 (LNCS, 765), pp. 398409.
    22. 22)
      • 22. Kelsey, J., Schneier, B., Wagner, D.: ‘Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES’. CRYPTO 1996, 1996 (LNCS, 1109), pp. 237251.
    23. 23)
      • 23. Knudsen, L.R.: ‘Cryptanalysis of LOKI91’. ASIACRYPT 1992, 1993 (LNCS, 718), pp. 196208.
    24. 24)
      • 24. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis’. CT-RSA 2013, 2013 (LNCS, 7779), pp. 389404.
    25. 25)
      • 25. Tsunoo, Y., Saito, T., Kawabata, T., et al: ‘Finding higher order differentials of MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2012, 95-A, pp. 10491055.
    26. 26)
      • 26. Bar-On, A.: ‘Improved higher-order differential attacks on MISTY1’. Int. Workshop on Fast Software Encryption 2015, 2015 (LNCS, 9054), pp. 2847.
    27. 27)
      • 27. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’. CRYPTO 2015, 2015 (LNCS, 9215), pp. 413432.
    28. 28)
      • 28. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’, J. Cryptol., 2017, 30, pp. 920959.
    29. 29)
      • 29. Bar-On, A., Keller, N.: ‘A 270 attack on the full MISTY1’. CRYPTO 2016, 2016 (LNCS, 9814), pp. 435456.
    30. 30)
      • 30. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key cryptanalysis’. Report 2012/066, IACR Cryptology ePrint Archive, 2012.
    31. 31)
      • 31. Kelsey, J., Kohno, T., Schneier, B.: ‘Amplified boomerang attacks against reduced-round MARS and Serpent’. 7th Fast Software Encryption Workshop 2000, 2001 (LNCS, 1978), pp. 7593.
    32. 32)
      • 32. Wagner, D.: ‘The boomerang attack’. Int. Workshop on Fast Software Encryption 1999, 1999 (LNCS, 1636), pp. 156170.
    33. 33)
      • 33. Biham, E., Shamir, A.: ‘Differential cryptanalysis of DES-like cryptosystems’, J. Cryptol., 1991, 4, pp. 372.
    34. 34)
      • 34. National Institute of Standards and Technology (NIST): ‘Advanced encryption standard (AES), FIPS-197’, 2001.
    35. 35)
      • 35. 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V3.1.1, 2001.
    36. 36)
      • 36. Biryukov, A., Khovratovich, D.: ‘Related-key cryptanalysis of the full AES-192 and AES-256’. ASIACRYPT 2009, 2009 (LNCS, 5912), pp. 118.
    37. 37)
      • 37. Biham, E., Dunkelman, O., Keller, N.: ‘A related-key rectangle attack on the full KASUMI’. ASIACRYPT 2005, 2005 (LNCS, 3788), pp. 443461.
    38. 38)
      • 38. Dunkelman, O., Keller, N., Shamir, A.: ‘A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony’. CRYPTO 2010, 2010 (LNCS, 6223), pp. 393410.
    39. 39)
      • 39. Tsunoo, Y., Saito, T., Nakashima, H., et al: ‘Higher order differential attack on 6-round MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2009, 92-A, pp. 310.
    40. 40)
      • 40. Lai, X., Massey, J.L., Murphy, S: ‘Markov ciphers and differential cryptanalysis’. EUROCRYPT 1991, 1991 (LNCS, 547), pp. 1738.
    41. 41)
      • 41. Kim, J., Hong, S., Preneel, B., et al: ‘Related-key boomerang and rectangle attacks: theory and experimental analysis’, IEEE Trans. Inf. Theory, 2012, 58, pp. 49484966.
    42. 42)
      • 42. Murphy, S.: ‘The return of the cryptographic boomerang’, IEEE Trans. Inf. Theory, 2011, 57, pp. 25172521.
    43. 43)
      • 43. Lu, J.: ‘Cryptanalysis of block ciphers’. PhD thesis, University of London, UK, 2008.
    44. 44)
      • 44. Lu, J., Kim, J., Keller, N., et al: ‘Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1’. CT-RSA 2008, 2008 (LNCS, 4964), pp. 370386.
    45. 45)
      • 45. Lu, J., Kim, J.: ‘Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, E91-A, pp. 25882596.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0173
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0173
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address