• Publications
  • Influence
Linear Cryptanalysis Method for DES Cipher
  • M. Matsui
  • Computer Science
  • EUROCRYPT
  • 2 January 1994
We introduce a new method for cryptanalysis of DES cipher, which is essentially a known-plaintext attack. As a result, it is possible to break 8-round DES cipher with 221 known-plaintexts andExpand
  • 2,394
  • 212
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced EncryptionExpand
  • 406
  • 49
The First Experimental Cryptanalysis of the Data Encryption Standard
  • M. Matsui
  • Computer Science
  • CRYPTO
  • 21 August 1994
This paper describes an improved version of linear cryptanalysis and its application to the first, successful computer experiment in breaking the full 16-round DES. The scenario is a known-plaintextExpand
  • 431
  • 42
New Block Encryption Algorithm MISTY
We propose secret-key cryptosystems MISTY1 and MISTY2, which are block ciphers with a 128-bit key, a 64-bit block and a variable number of rounds. MISTY is a generic name for MISTY1 and MISTY2. TheyExpand
  • 339
  • 37
Field test of quantum key distribution in the Tokyo QKD Network.
A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us toExpand
  • 568
  • 22
On Correlation Between the Order of S-boxes and the Strength of DES
This paper introduces a practical algorithm for deriving the best differential characteristic and the best linear expression of DES. Its principle is based on a duality between differentialExpand
  • 236
  • 17
A New Method for Known Plaintext Attack of FEAL Cipher
We propose a new known plaintext attack of FEAL cipher. Our method differs from previous statistical ones in point of deriving the extended key in definite way. As a result, it is possible to breakExpand
  • 221
  • 13
Key Collisions of the RC4 Stream Cipher
This paper studies "colliding keys" of RC4 that create the same initial state and hence generate the same pseudo-random byte stream. It is easy to see that RC4 has colliding keys when its key size isExpand
  • 36
  • 13
Speci cation of Camellia | a 128-bit Block Cipher
2 Notations and Conventions 3 2.1 Radix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . .Expand
  • 62
  • 11
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
We introduce a methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of roundExpand
  • 159
  • 7