Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis

Jiqiang Lu; Wun She Yap; Yongzhuang Wei

doi:10.1007/978-3-642-36095-4_25

Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis

Jiqiang Lu^*
, Wun She Yap
, Yongzhuang Wei

^*此作品的通讯作者

Agency for Science, Technology and Research, Singapore
Multimedia University
Guilin University of Electronic Technology
CAS - Institute of Software

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

6 引用（Scopus）

摘要

The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present a related-key differential attack on the full MISTY1 under certain weak key assumptions: We describe 2 ^103.57 weak keys and a related-key differential attack on the full MISTY1 with a data complexity of 2⁶¹ chosen ciphertexts and a time complexity of 2^90.93 encryptions. For the first time, our result exhibits a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and shows that the MISTY1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an ideal cipher.

源语言	英语
主期刊名	Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings
页	389-404
页数	16
DOI	https://doi.org/10.1007/978-3-642-36095-4_25
出版状态	已出版 - 2013
已对外发布	是
活动	Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013 - San Francisco, CA, 美国期限: 25 2月 2013 → 1 3月 2013

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	7779 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013
国家/地区	美国
市	San Francisco, CA
时期	25/02/13 → 1/03/13

访问文件

10.1007/978-3-642-36095-4_25

其它文件与链接

链接到 Scopus 的出版物

引用此

Lu, J., Yap, W. S., & Wei, Y. (2013). Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis. 在 Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings (页码 389-404). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 7779 LNCS). https://doi.org/10.1007/978-3-642-36095-4_25

Lu, Jiqiang ; Yap, Wun She ; Wei, Yongzhuang. / Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis. Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings. 2013. 页码 389-404 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{48b3c39383274299826bddedac5e1e42,

title = "Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis",

abstract = "The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present a related-key differential attack on the full MISTY1 under certain weak key assumptions: We describe 2 103.57 weak keys and a related-key differential attack on the full MISTY1 with a data complexity of 261 chosen ciphertexts and a time complexity of 290.93 encryptions. For the first time, our result exhibits a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and shows that the MISTY1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an ideal cipher.",

keywords = "Block cipher, Differential cryptanalysis, MISTY1, Related-key cryptanalysis, Weak key",

author = "Jiqiang Lu and Yap, \{Wun She\} and Yongzhuang Wei",

year = "2013",

doi = "10.1007/978-3-642-36095-4\_25",

language = "英语",

isbn = "9783642360947",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "389--404",

booktitle = "Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings",

note = "Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013 ; Conference date: 25-02-2013 Through 01-03-2013",

}

Lu, J, Yap, WS & Wei, Y 2013, Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis. 在 Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 7779 LNCS, 页码 389-404, Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013, San Francisco, CA, 美国, 25/02/13. https://doi.org/10.1007/978-3-642-36095-4_25

Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis. / Lu, Jiqiang; Yap, Wun She; Wei, Yongzhuang.
Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings. 2013. 页码 389-404 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 7779 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis

AU - Lu, Jiqiang

AU - Yap, Wun She

AU - Wei, Yongzhuang

PY - 2013

Y1 - 2013

N2 - The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present a related-key differential attack on the full MISTY1 under certain weak key assumptions: We describe 2 103.57 weak keys and a related-key differential attack on the full MISTY1 with a data complexity of 261 chosen ciphertexts and a time complexity of 290.93 encryptions. For the first time, our result exhibits a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and shows that the MISTY1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an ideal cipher.

AB - The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present a related-key differential attack on the full MISTY1 under certain weak key assumptions: We describe 2 103.57 weak keys and a related-key differential attack on the full MISTY1 with a data complexity of 261 chosen ciphertexts and a time complexity of 290.93 encryptions. For the first time, our result exhibits a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and shows that the MISTY1 cipher is distinguishable from an ideal cipher and thus cannot be regarded to be an ideal cipher.

KW - Block cipher

KW - Differential cryptanalysis

KW - MISTY1

KW - Related-key cryptanalysis

KW - Weak key

UR - https://www.scopus.com/pages/publications/84874307068

U2 - 10.1007/978-3-642-36095-4_25

DO - 10.1007/978-3-642-36095-4_25

M3 - 会议稿件

AN - SCOPUS:84874307068

SN - 9783642360947

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 389

EP - 404

BT - Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings

T2 - Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013

Y2 - 25 February 2013 through 1 March 2013

ER -

Lu J, Yap WS, Wei Y. Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis. 在 Topics in Cryptology, CT-RSA 2013 - The Cryptographers' Track at the RSA Conference 2013, Proceedings. 2013. 页码 389-404. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-36095-4_25

Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此