• Publications
  • Influence
Linear Cryptanalysis Method for DES Cipher
  • M. Matsui
  • Computer Science
  • EUROCRYPT
  • 2 January 1994
TLDR
A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations. Expand
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
TLDR
It is confirmed that Camellia provides strong security against differential and linear cryptanalyses and at least comparable encryption speed in software and hardware. Expand
The First Experimental Cryptanalysis of the Data Encryption Standard
  • M. Matsui
  • Computer Science
  • CRYPTO
  • 21 August 1994
TLDR
An improved version of linear cryptanalysis is described and its application to the first, successful computer experiment in breaking the full 16-round DES with high success probability if 243 random plaintexts and their ciphertexts are available. Expand
New Block Encryption Algorithm MISTY
TLDR
The software implementation of MISTY1 with eight rounds can encrypt a data stream in CBC mode at a speed of 20Mbps and 40Mbps on Pentium/100MHz and PA-7200/120MHz, respectively. Expand
Field test of quantum key distribution in the Tokyo QKD Network.
TLDR
Two GHz-clocked QKD links enable the world-first secure TV conferencing over a distance of 45km to be demonstrated and detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network. Expand
On Correlation Between the Order of S-boxes and the Strength of DES
  • M. Matsui
  • Mathematics, Computer Science
  • EUROCRYPT
  • 9 May 1994
TLDR
A practical algorithm for deriving the best differential characteristic and the best linear expression of DES, based on a duality between differential cryptanalysis and linear cryptanalysis, and applicable to various block ciphers is introduced. Expand
A New Method for Known Plaintext Attack of FEAL Cipher
TLDR
A new known plaintext attack of FEAL cipher is proposed, which differs from previous statistical ones in point of deriving the extended key in definite way and shows a method to break FEAL-8 with 215 known plain Texts faster than an exhaustive search. Expand
Speci cation of Camellia | a 128-bit Block Cipher
2 Notations and Conventions 3 2.1 Radix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . .Expand
Key Collisions of the RC4 Stream Cipher
This paper studies "colliding keys" of RC4 that create the same initial state and hence generate the same pseudo-random byte stream. It is easy to see that RC4 has colliding keys when its key size isExpand
On the Power of Bitslice Implementation on Intel Core2 Processor
TLDR
It is demonstrated that some bitsliced ciphers have a remarkable performance gain on Intel's Core2 processor due to its enhanced SIMD architecture, and it is shown that KASUMI, a UMTS/GSM mobile standard block cipher, can be four times faster when implemented using a bitslice technique on this processor. Expand
...
1
2
3
4
5
...