Weak keys of the full MISTY1 block cipher for related-key amplified boomerang cryptanalysis
- Author(s): Jiqiang Lu 1 ; Wun-She Yap 2, 3 ; Yongzhuang Wei 4, 5
-
-
View affiliations
-
Affiliations:
1:
School of Cyber Science and Technology , Beihang University , Beijing 100083 , People's Republic of China ;
2: Lee Kong Chian Faculty of Engineering and Science , Universiti Tunku Abdul Rahman , Sungai Long 43000 , Malaysia ;
3: Faculty of Information Science and Technology , Multimedia University , Melaka 75450 , Malaysia ;
4: Guilin University of Electronic Technology , Guilin City, Guangxi Province 541004 , People's Republic of China ;
5: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences , Beijing 100093 , People's Republic of China
-
Affiliations:
1:
School of Cyber Science and Technology , Beihang University , Beijing 100083 , People's Republic of China ;
- Source:
Volume 12, Issue 5,
September
2018,
p.
389 – 397
DOI: 10.1049/iet-ifs.2017.0173 , Print ISSN 1751-8709, Online ISSN 1751-8717
- « Previous Article
- Table of contents
- Next Article »
The MISTY1 block cipher has a 64-bit block size, a 128-bit master key, and a total of 8 rounds. It is an ISO international standard, a Japanese CRYPTREC-recommended e-government cipher, and a European NESSIE selected cipher. In this study, the authors show another cryptographic weakness of the full MISTY1 cipher: they describe four classes of weak keys of the full MISTY1 cipher for a related-key amplified boomerang attack that has a data complexity of chosen plaintexts and a time complexity of encryptions under each class of weak keys. The result shows that the MISTY1 cipher can be distinguishable from an ideal cipher in terms of related-key amplified boomerang cryptanalysis, and users should be very careful when using MISTY1 for a full security in relevant application situations.
Inspec keywords: public key cryptography; ISO standards; private key cryptography
Other keywords: Japanese CRYPTREC-recommended e-government cipher; 260.5 chosen plaintexts; 290 weak keys; time complexity; cryptographic weakness; related-key amplified boomerang cryptanalysis; full MISTY1 block cipher; master key; 287.33 encryptions; ISO international standard; block size; European NESSIE selected cipher; data complexity
Subjects: Data security; Cryptography
References
-
-
1)
-
9. Kühn, U.: ‘Improved cryptanalysis of MISTY1’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 61–75.
-
-
2)
-
38. Dunkelman, O., Keller, N., Shamir, A.: ‘A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony’. CRYPTO 2010, 2010 (LNCS, 6223), pp. 393–410.
-
-
3)
-
26. Bar-On, A.: ‘Improved higher-order differential attacks on MISTY1’. Int. Workshop on Fast Software Encryption 2015, 2015 (LNCS, 9054), pp. 28–47.
-
-
4)
-
43. Lu, J.: ‘Cryptanalysis of block ciphers’. PhD thesis, University of London, UK, 2008.
-
-
5)
-
39. Tsunoo, Y., Saito, T., Nakashima, H., et al: ‘Higher order differential attack on 6-round MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2009, 92-A, pp. 3–10.
-
-
6)
-
45. Lu, J., Kim, J.: ‘Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, E91-A, pp. 2588–2596.
-
-
7)
-
28. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’, J. Cryptol., 2017, 30, pp. 920–959.
-
-
8)
-
30. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key cryptanalysis’. Report 2012/066, IACR Cryptology ePrint Archive, 2012.
-
-
9)
-
44. Lu, J., Kim, J., Keller, N., et al: ‘Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1’. CT-RSA 2008, 2008 (LNCS, 4964), pp. 370–386.
-
-
10)
-
37. Biham, E., Dunkelman, O., Keller, N.: ‘A related-key rectangle attack on the full KASUMI’. ASIACRYPT 2005, 2005 (LNCS, 3788), pp. 443–461.
-
-
11)
-
2. Cryptography Research and Evaluatin Committees (CRYPTREC): ‘CRYPTREC report 2002’, 2003.
-
-
12)
-
35. 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V3.1.1, 2001.
-
-
13)
-
29. Bar-On, A., Keller, N.: ‘A 270 attack on the full MISTY1’. CRYPTO 2016, 2016 (LNCS, 9814), pp. 435–456.
-
-
14)
-
6. Biham, E., Biryukov, A., Shamir, A.: ‘Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials’. EUROCRYPT 1999, 1999 (LNCS, 1592), pp. 12–23.
-
-
15)
-
42. Murphy, S.: ‘The return of the cryptographic boomerang’, IEEE Trans. Inf. Theory, 2011, 57, pp. 2517–2521.
-
-
16)
-
15. Hong, S., Kim, J., Lee, S., et al: ‘Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192’. Int. Workshop on Fast Software Encryption 2005, 2005 (LNCS, 3557), pp. 368–383.
-
-
17)
-
41. Kim, J., Hong, S., Preneel, B., et al: ‘Related-key boomerang and rectangle attacks: theory and experimental analysis’, IEEE Trans. Inf. Theory, 2012, 58, pp. 4948–4966.
-
-
18)
-
17. Sun, X., Lai, X.: ‘Improved integral attacks on MISTY1’. Int. Workshop on Selected Areas in Cryptography 2009, 2009 (LNCS, 5867), pp. 266–280.
-
-
19)
-
3. New European Schemes for Signatures, Integrity, and Encryption (NESSIE): ‘Final report of European project IST-1999-12324’, 2004.
-
-
20)
-
12. Lai, X.: ‘Higher order derivatives and differential cryptanalysis’, in Blahut, R.E., Costello, D.R.Jr., Maurer, U., et al (Eds.): ‘Communications and cryptography: two-sides of one tapestry’ (Kluwer Academic Publisher, Dordrecht, Netherlands, 1994), pp. 227–233.
-
-
21)
-
32. Wagner, D.: ‘The boomerang attack’. Int. Workshop on Fast Software Encryption 1999, 1999 (LNCS, 1636), pp. 156–170.
-
-
22)
-
40. Lai, X., Massey, J.L., Murphy, S: ‘Markov ciphers and differential cryptanalysis’. EUROCRYPT 1991, 1991 (LNCS, 547), pp. 17–38.
-
-
23)
-
21. Biham, E.: ‘New types of cryptanalytic attacks using related keys’. EUROCRYPT 1993, 1993 (LNCS, 765), pp. 398–409.
-
-
24)
-
1. Matsui, M.: ‘New block encryption algorithm MISTY’. Int. Workshop on Fast Software Encryption 1997, 1997 (LNCS, 1267), pp. 54–68.
-
-
25)
-
24. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis’. CT-RSA 2013, 2013 (LNCS, 7779), pp. 389–404.
-
-
26)
-
14. Biham, E., Dunkelman, O., Keller, N.: ‘Related-key boomerang and rectangle attacks’. EUROCRYPT 2005, 2005 (LNCS, 3494), pp. 507–525.
-
-
27)
-
20. Dai, Y., Chen, S.: ‘Weak key class of MISTY1 for related-key differential attack’. INSCRYPT 2011, 2012 (LNCS, 7537), pp. 227–236.
-
-
28)
-
16. Kim, J., Kim, G., Hong, S., et al: ‘The related-key rectangle attack – application to SHACAL-1’. ACISP 2004, 2004 (LNCS, 3108), pp. 123–136.
-
-
29)
-
27. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’. CRYPTO 2015, 2015 (LNCS, 9215), pp. 413–432.
-
-
30)
-
5. Dunkelman, O., Keller, N.: ‘An improved impossible differential attack on MISTY1’. ASIACRYPT 2008, 2008 (LNCS, 5350), pp. 441–454.
-
-
31)
-
19. Chen, S., Dai, Y.: ‘Related-key amplified boomerang attack on 8-round MISTY1’. CHINACRYPT 2011, 2011, pp. 7–14.
-
-
32)
-
13. Lee, S., Kim, J., Hong, D., et al: ‘Weak key classes of 7-round MISTY 1 and 2 for related-key amplied boomerang attacks’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, 91-A, pp. 642–649.
-
-
33)
-
36. Biryukov, A., Khovratovich, D.: ‘Related-key cryptanalysis of the full AES-192 and AES-256’. ASIACRYPT 2009, 2009 (LNCS, 5912), pp. 1–18.
-
-
34)
-
10. Tsunoo, Y., Saito, T., Shigeri, M., et al: ‘Higher order differential attacks on reduced-round MISTY1’. ICISC 2008, 2009 (LNCS, 5461), pp. 415–431.
-
-
35)
-
31. Kelsey, J., Kohno, T., Schneier, B.: ‘Amplified boomerang attacks against reduced-round MARS and Serpent’. 7th Fast Software Encryption Workshop 2000, 2001 (LNCS, 1978), pp. 75–93.
-
-
36)
-
33. Biham, E., Shamir, A.: ‘Differential cryptanalysis of DES-like cryptosystems’, J. Cryptol., 1991, 4, pp. 3–72.
-
-
37)
-
23. Knudsen, L.R.: ‘Cryptanalysis of LOKI91’. ASIACRYPT 1992, 1993 (LNCS, 718), pp. 196–208.
-
-
38)
-
18. Knudsen, L.R., Wagner, D.: ‘Integral cryptanalysis’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 112–127.
-
-
39)
-
8. Kühn, U.: ‘Cryptanalysis of reduced-round MISTY’. EUROCRYPT 2001, 2001 (LNCS, 2045), pp. 325–339.
-
-
40)
-
22. Kelsey, J., Schneier, B., Wagner, D.: ‘Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES’. CRYPTO 1996, 1996 (LNCS, 1109), pp. 237–251.
-
-
41)
-
34. National Institute of Standards and Technology (NIST): ‘Advanced encryption standard (AES), FIPS-197’, 2001.
-
-
42)
-
25. Tsunoo, Y., Saito, T., Kawabata, T., et al: ‘Finding higher order differentials of MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2012, 95-A, pp. 1049–1055.
-
-
43)
-
7. Knudsen, L.R.: ‘DEAL – a 128-bit block cipher’. Technical report, Department of Informatics, University of Bergen, 1998.
-
-
44)
-
4. International Standardization of Organization (ISO): ‘Int. standard – ISO/IEC 18033-3, information technology – security techniques – encryption algorithms – part 3: block ciphers’, 2005.
-
-
45)
-
11. Knudsen, L.R.: ‘Truncated and higher order differentials’. Int. Workshop on Fast Software Encryption 1994, 1995 (LNCS, 1008), pp. 196–211.
-
-
1)