nach oben

Journal of Cryptology

Erschienen in:

25.08.2016

Integral Cryptanalysis on Full MISTY1

verfasst von: Yosuke Todo

Erschienen in: Journal of Cryptology | Ausgabe 3/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY1, i.e., we show that 8-round MISTY1 with 5 FL layers does not have 128-bit security. Many attacks against MISTY1 have been proposed, but there is no attack against the full MISTY1. Therefore, our attack is the first cryptanalysis against the full MISTY1. We construct a new integral characteristic by using the propagation characteristic of the division property, which was proposed in EUROCRYPT 2015. We first improve the division property by optimizing the division property for a public S-box and then construct a 6-round integral characteristic on MISTY1. Finally, we recover the secret key of the full MISTY1 with \(2^{63.58}\) chosen plaintexts and \(2^{121}\) time complexity. Moreover, if we use \(2^{63.994}\) chosen plaintexts, the time complexity for our attack is reduced to \(2^{108.3}\). Note that our cryptanalysis is a theoretical attack. Therefore, the practical use of MISTY1 will not be affected by our attack.

Vorheriger Artikel Instantiability of RSA-OAEP Under Chosen-Plaintext Attack

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

A multiset allows multiple instances of the elements unlike a set.

If we know all accurate values in a multiset, we can divide the set of \(\varvec{u}\) into subsets whose evaluated value is 0 or 1. However, in the application to cryptanalysis, we evaluate the multiset whose elements are texts encrypted for several rounds. Such elements change depending on the subkeys and the constant bit of plaintexts. Therefore, we consider subsets whose sum is 0 for all subkeys, and otherwise, we consider the sum as unknown.

This observation was also provided by Theorem 3.1 in [5].

S. Babbage, L. Frisch, On MISTY1 higher order differential cryptanalysis, in ICISC. LNCS, vol. 2015, ed. by D. Won (Springer, 2000), pp. 22–36

A. Bar-On, A 2\({}^{\text{70}}\) attack on the full MISTY1. IACR Cryptology ePrint Archive 2015, 746 (2015). http://eprint.iacr.org/2015/746

A. Bar-On, Improved higher-order differential attacks on MISTY1, in FSE (2015)

E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in CRYPTO. LNCS, vol. 537, ed. by A. Menezes, S.A. Vanstone (Springer, 1990), pp. 2–21

C. Boura, A. Canteaut, On the influence of the algebraic degree of f\({}^{\text{-1 }}\) on the algebraic degree of G \(\circ \) F. IEEE Trans. Inf. Theory 59(1), 691–702 (2013)

A. Canteaut, M. Videau, Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis, in EUROCRYPT. LNCS, vol. 2332, ed. by L.R. Knudsen (Springer, 2002), pp. 518–533

CRYPTREC, Specifications of e-government recommended ciphers (2013). http://www.cryptrec.go.jp/english/method.html

J. Daemen, L.R. Knudsen, V. Rijmen, The block cipher square, in FSE. LNCS, vol. 1267, ed. by E. Biham (Springer, 1997), pp. 149–165

O. Dunkelman, N. Keller, An improved impossible differential attack on MISTY1, in ASIACRYPT. LNCS, vol. 5350, ed. by J. Pieprzyk (Springer, 2008), pp. 441–454

10.

N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, D. Whiting, Improved cryptanalysis of Rijndael, in FSE. LNCS, vol. 1978, ed. by B. Schneier (Springer, 2000), pp. 213–230

11.

Y. Hatano, H. Tanaka, T. Kaneko, Optimization for the algebraic method and its application to an attack of MISTY1. IEICE Trans. 87-A(1), 18–27 (2004)

12.

ISO/IEC: JTC1: ISO/IEC 18033, Security techniques—encryption algorithms—part 3: block ciphers (2005)

13.

L.R. Knudsen, Truncated and higher order differentials, in FSE. LNCS, vol. 1008, ed. by B. Preneel (Springer, 1994), pp. 196–211

14.

L.R. Knudsen, D. Wagner, Integral cryptanalysis, in FSE. LNCS, vol. 2365, ed. by J. Daemen, V. Rijmen (Springer, 2002), pp. 112–127

15.

X. Lai, Higher order derivatives and differential cryptanalysis, in Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276 (1994), pp. 227–233

16.

M. Matsui, Linear cryptanalysis method for DES cipher, in EUROCRYPT. LNCS, vol. 765, ed. by T. Helleseth (Springer, 1993), pp. 386–397

17.

M. Matsui, New structure of block ciphers with provable security against differential and linear cryptanalysis, in FSE. LNCS, vol. 1039, ed. by D. Gollmann (Springer, 1996), pp. 205–218

18.

M. Matsui, New block encryption algorithm MISTY, in FSE. LNCS, vol. 1267, ed. by E. Biham (Springer, 1997), pp. 54–68

19.

NESSIE: New European schemes for signatures, integrity, and encryption (2004). https://www.cosic.esat.kuleuven.be/nessie/

20.

K. Nyberg, Linear approximation of block ciphers, in EUROCRYPT. LNCS, vol. 950, ed. by A.D. Santis (Springer, 1994), pp. 439–444

21.

K. Nyberg, L.R. Knudsen, Provable security against a differential attack. J. Cryptol. 8(1), 27–37 (1995)

22.

H. Ohta, M. Matsui, A description of the MISTY1 encryption algorithm (2000). https://tools.ietf.org/html/rfc2994

23.

Y. Sasaki, L. Wang, Meet-in-the-middle technique for integral attacks against Feistel ciphers, in SAC. vol. 7707, ed. by L.R. Knudsen, H. Wu (Springer, 2012), pp. 234–251

24.

B. Sun, X. Hai, W. Zhang, L. Cheng, Z. Yang, New observation on division property. IACR Cryptology ePrint Archive, 459 (2015). http://eprint.iacr.org/2015/459

25.

H. Tanaka, K. Hisamatsu, T. Kaneko, Strength of MISTY1 without FL function for higher order differential attack, in AAECC-13. LNCS, vol. 1719, ed. by M.P.C. Fossorier, H. Imai, S. Lin, A. Poli (Springer, 1999), pp. 221–230

26.

Y. Todo, Integral cryptanalysis on full MISTY1, in CRYPTO Part I. LNCS, vol. 9215, ed. by R. Gennaro, M. Robshaw (Springer, 2015), pp. 413–432

27.

Y. Todo, Structural evaluation by generalized integral property, in EUROCRYPT Part I. LNCS, vol. 9056, ed. by E. Oswald, M. Fischlin (Springer, 2015b), pp. 287–314

28.

Y. Tsunoo, T. Saito, M. Shigeri, T. Kawabata, Higher order differential attacks on reduced-round MISTY1, in ICISC. LNCS, vol. 5461, ed. by P.J. Lee, J.H. Cheon (Springer, 2008), pp. 415–431

29.

H. Zhang, W. Wu, Structural evaluation for generalized Feistel structures and applications to LBlock and TWINE, in INDOCRYPT. LNCS, vol. 9462, ed. by A. Biryukov, V. Goyal (Springer, 2015), pp. 218–237

Titel: Integral Cryptanalysis on Full MISTY1
verfasst von: Yosuke Todo
Publikationsdatum: 25.08.2016
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 3/2017
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-016-9240-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2017

Lattices with Symmetry

Merkle’s Key Agreement Protocol is Optimal: An Attack on Any Key Agreement from Random Oracles

Short Signatures from Diffie–Hellman: Realizing Almost Compact Public Key

Instantiability of RSA-OAEP Under Chosen-Plaintext Attack

Locally Computable UOWHF with Linear Shrinkage

Reconciling Non-malleability with Homomorphic Encryption