New Block Encryption Algorithm MISTY

@inproceedings{Matsui1997NewBE,
  title={New Block Encryption Algorithm MISTY},
  author={Mitsuru Matsui},
  booktitle={FSE},
  year={1997}
}
  • M. Matsui
  • Published in FSE 20 January 1997
  • Computer Science, Mathematics
We propose secret-key cryptosystems MISTY1 and MISTY2, which are block ciphers with a 128-bit key, a 64-bit block and a variable number of rounds. MISTY is a generic name for MISTY1 and MISTY2. They are designed on the basis of the theory of provable security against differential and linear cryptanalysis, and moreover they realize high speed encryption on hardware platforms as well as on software environments. Our software implementation shows that MISTY1 with eight rounds can encrypt a data… 
Supporting Document of MISTY1
TLDR
The purpose of designing MISTY is to design secret-key cryptosystems that are applicable to various practical systems as widely as possible; for example, software stored in IC cards and hardware used in fast ATM networks.
Weak Keys of the Full MISTY1 Block Cipher for Related-Key Differential Cryptanalysis
TLDR
For the first time, a cryptographic weakness is exhibited in the full MISTY1 cipher (when used with the recommended 8 rounds), and it is shown that the MISTy1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an Ideal cipher.
MISTY , KASUMI and Camellia Cipher Algorithm Development
TLDR
In terms of security, MISTY has the major benefit of “provable security,” in which the security is proven mathematically against differential cryptanalysis and linear cryptanalysis, which are extremely powerful methods for cryptanalysis.
Improved Impossible Differential Attacks on Reduced-Round MISTY1
TLDR
This paper improves the impossible differential attack on 6-round MISTY1 with 4 FL layers introduced by Dunkelman et al. with a factor of 211 for the time complexity, and proposes an impossible differential attacked on 7- round MISTy1 with 3 FL layers, which needs 258 known plaintexts and 2124.4 7-round encryptions.
Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis
TLDR
For the very first time, the results exhibit a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and show that the MISTy1 cipher is distinguishable from a random function and thus cannot be regarded to be an ideal cipher.
Integral Cryptanalysis on Full MISTY1
TLDR
This paper proposes a key recovery attack on the full MISTY1, i.e., it shows that 8-round MISTy1 with 5 FL layers does not have 128-bit security, and constructs a new integral characteristic by using the propagation characteristic of the division property, which was proposed in EUROCRYPT 2015.
Higher Order Differential Attacks on Reduced-Round MISTY1
TLDR
It is shown that higher order differential attacks can be successful against 6-round and 7-round versions of MISTY1 with FL functions, which signifies the first successful attack on7-round MISTy1 without limiting conditions such as a weak key.
Security Analysis of 7-Round MISTY1 against Higher Order Differential Attacks
TLDR
Higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions and it is shown that resistance to the higher order differential attack is not substantially improved even in 7- round MISTy1 in which the key schedule is replaced by a pseudorandom function.
Weak-Key Classes of 7-Round MISTY 1 and 2 for Related-Key Amplified Boomerang Attacks
TLDR
This paper presents large collections of weak-key classes encompassing 273 and 270 weak keys for 7-round MISTY 1 and 2 for which they are vulnerable to a related-key amplified boomerang attack.
A Practical-time Attack on Reduced-round MISTY1
TLDR
6-round MISTY1 with 4 FL layers is shown to be attackable with 243 blocks of chosen plaintexts and 243.31 times of data encryption, the best practical-time attack on reduced- round MISTy1.
...
...

References

SHOWING 1-6 OF 6 REFERENCES
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
  • M. Matsui
  • Computer Science, Mathematics
    FSE
  • 1996
We introduce a methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round
Provable Security Against Differential Cryptanalysis
TLDR
It is shown that there exist functions such that the probabilities of differentials are less than or equal to 22 − n where n is the length of the plaintext block and an prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks.
Linear Approximation of Block Ciphers
  • K. Nyberg
  • Mathematics, Computer Science
    EUROCRYPT
  • 1994
TLDR
The results of this paper give the theoretical fundaments on which Matsui's linear cryptanalysis of the DES is based and it is shown how to achieve proven resistance against linear crypt analysis.
Stricter Evaluation for the Maximum Average of Di erential Probability and the Maximum Average of Linear Probability (in Japanese)
  • Proceedings of SCIS'96, SCIS96-4A
  • 1996
Linear Approximation of Block Ciphers Advances in Cryptology { Eurocrypt
  • Lecture Notes in Computer Science
  • 1994
Stricter Evaluation for the Maximum Average of Dierential Probability and the Maximum Average of Linear Probability
  • Proceedings of SCIS'96
  • 1996