• Corpus ID: 8570931

Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis

  title={Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis},
  author={Jiqiang Lu and Wun-She Yap and Yongzhuang Wei},
  journal={IACR Cryptol. ePrint Arch.},
The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, an European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present related-key differential and related-key amplified boomerang attacks on… 

Figures and Tables from this paper

Weak Keys of the Full MISTY1 Block Cipher for Related-Key Differential Cryptanalysis
For the first time, a cryptographic weakness is exhibited in the full MISTY1 cipher (when used with the recommended 8 rounds), and it is shown that the MISTy1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an Ideal cipher.
Improved Impossible Differential Attacks on Reduced-Round MISTY1
This paper improves the impossible differential attack on 6-round MISTY1 with 4 FL layers introduced by Dunkelman et al. with a factor of 211 for the time complexity, and proposes an impossible differential attacked on 7- round MISTy1 with 3 FL layers, which needs 258 known plaintexts and 2124.4 7-round encryptions.
Provably secure counter mode with related-key-based internal re-keying
A new internally re-keyed block cipher mode of operation called CTRR (”CounTer with Related-key Re-keying mode”) is proposed and it is proved its security under the assumption that the underlying cipher is secure in the related-key adversary model.
Improved Differential Analysis of Block Cipher PRIDE
An automatic search method is used to find out 56 iterative differential characteristics of PRIDE, containing 24 1-round iterative characteristics, and based on three of them a 15-round differential is constructed and a differential attack on the 19-round PRIDE is performed.
Lai-Massey Cipher Designs
This chapter provides several background concepts, the context, as well as some terminology and motivations for the material discussed in the rest of the book. In particular, we discuss block
Multidimensional Zero-Correlation Linear Attacks on Reduced-Round MISTY1
This paper first investigates the properties of the FL linear function and identifies some subkey-based linear approximations with zero-correlation over 5 rounds of MISTY1, and proposes the zero-Correlation linear attacks on 6-round MISTy1 with 4 FL layers as well as 7-rounder with 4FL layers.
Zero-Correlation Linear Cryptanalysis of Reduced-round MISTY1
The properties of the FL linear function are investigated and 232 subkey- dependent zero-correlation linear approximations over 5-round MISTY1 with 3 FL layers are identified, which have lower time complexity than previous attacks.


Attacking 44 Rounds of the SHACAL-2 Block Cipher Using Related-Key Rectangle Cryptanalysis
This paper observes that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, it can be checked the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, the Quartet can be discarded immediately.
Security Analysis of 7-Round MISTY1 against Higher Order Differential Attacks
Higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions and it is shown that resistance to the higher order differential attack is not substantially improved even in 7- round MISTy1 in which the key schedule is replaced by a pseudorandom function.
Cryptanalysis of Block Ciphers
This thesis proposes a new extension of differential cryptanalysis, which is called the impossible boomerang attack, and describes the early abort technique for (related-key) impossible differential crypt analysis and rectangle attacks.
Weak-Key Class of MISTY1 for Related-Key Differential Attack
To the best of the knowledge, the attack reported in this paper is the most powerful attack against MISTY1 with two related keys.
New Block Encryption Algorithm MISTY
  • M. Matsui
  • Computer Science, Mathematics
  • 1997
The software implementation of MISTY1 with eight rounds can encrypt a data stream in CBC mode at a speed of 20Mbps and 40Mbps on Pentium/100MHz and PA-7200/120MHz, respectively.
Markov Ciphers and Differential Cryptanalysis
It is shown that PES (8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds, and a new design principle for Markov ciphers, viz., that their transition probability matrices should not be symmetric is suggested.
Related-Key Cryptanalysis of the Full AES-192 and AES-256
This paper shows the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has much higher complexity.
A Related-Key Rectangle Attack on the Full KASUMI
The results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP networks cannot be proven at this time.
Related-key amplified boomerang attack on 8-round MISTY1
The research presented a 7-round related-key amplified boomerang distinguisher of MISTY1, which can accomplish an attack on the 8-round MISTy1 without the last FL lay.
Improved Integral Attacks on MISTY1
By exploring the key schedule weakness of the cipher, this work presents a chosen ciphertext attack on 6-round MISTY1 with all the FL layers with data complexity of 232 chosen cipher Texts and time complexity of 2126.09 encryptions, which has the least data complexity.