Integral Cryptanalysis on Full MISTY1

@article{Todo2016IntegralCO,
  title={Integral Cryptanalysis on Full MISTY1},
  author={Yosuke Todo},
  journal={Journal of Cryptology},
  year={2016},
  volume={30},
  pages={920-959}
}
  • Yosuke Todo
  • Published 16 August 2015
  • Computer Science, Mathematics
  • Journal of Cryptology
MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY1, i.e., we show that 8-round MISTY1 with 5 FL layers does not have 128-bit security. Many attacks against MISTY1 have been proposed, but there is no attack against the full MISTY1. Therefore, our attack is the first cryptanalysis against the full MISTY1. We construct a new integral… 
A 2^70 Attack on the Full MISTY1
TLDR
A new attack on the full MISTY1 is presented, based on Todo's division property, along with a variety of refined key-recovery techniques, which shows that MISTy1 provides security of only $$2^{70}$$ -- significantly less than what was considered before.
Integral cryptanalysis on two block ciphers Pyjamask and uBlock
TLDR
The authors perform 9- and 11-round key-recovery attacks on uBlock-128 and Pyjamask-96, respectively, which are the best integral attacks available of the two ciphers presently.
Improved Integral Attack on HIGHT
TLDR
An improved integral attack against HIGHT is proposed and new 19-round integral characteristics are proposed by using the propagation of the division property, and they are improved by two rounds compared with previous integral characteristics.
Improved Integral Attack on Generalized Feistel Cipher
TLDR
Improved integral attack on block ciphers with Generalized Feistel Structure (GFS cipher) by considering the linear transformation of the S-boxes is considered, which can increase the round of integral distinguishers by one round for many S- boxes.
A Practical-time Attack on Reduced-round MISTY1
TLDR
6-round MISTY1 with 4 FL layers is shown to be attackable with 243 blocks of chosen plaintexts and 243.31 times of data encryption, the best practical-time attack on reduced- round MISTy1.
Integral Attacks on Some Lightweight Block Ciphers
At EUROCRYPT 2015, Todo proposed a new technique named division property, and it is a powerful technique to find integral distinguishers. The original division property is also named word-based
Integral characteristics of MISTY2 derived by division property
TLDR
This paper applies a new technique named division property to find efficient integral characteristics of MISTY2, and finds the 7-round integral characteristics, and compares them to the known higher order differential characteristics.
Integral Cryptanalysis of Reduced-round KASUMI
TLDR
This paper shows that 7-round KASUMI is attackable with 263 data complexity and 263.3 encryptions under the weak key conditions and finds new 4.5-round characteristics of KASumI for the first time.
On the Division Property of Simon48 and Simon64
Simon is a family of lightweight block ciphers published by the U.S. National Security Agency (NSA) in 2013. Due to its novel and bit-based design, integral cryptanalysis on Simon seems a tough job.
New Differential Bounds and Division Property of Lilliput: Block Cipher with Extended Generalized Feistel Network
TLDR
Security analysis of lightweight block cipher Lilliput, which is an instantiation of extended generalized Feistel network (EGFN) developed by Berger et al, shows that the lower bounds of the number of active S-boxes provided by the designers are incorrect.
...
...