Paper Search Console

Home Search Page About Contact

Journal Title

Title of Journal: J Cryptol

Search In Journal Title:

Abbravation: Journal of Cryptology

Search In Journal Abbravation:

Publisher

Springer US

Search In Publisher:

ISSN

1432-1378

Search In ISSN:
Search In Title Of Papers:

Integral Cryptanalysis on Full MISTY1

Authors: Yosuke Todo
Publish Date: 2016/08/25
Volume: 30, Issue: 3, Pages: 920-959
PDF Link

Abstract

MISTY1 is a block cipher designed by Matsui in 1997 It was well evaluated and standardized by projects such as CRYPTREC ISO/IEC and NESSIE In this paper we propose a key recovery attack on the full MISTY1 ie we show that 8round MISTY1 with 5 FL layers does not have 128bit security Many attacks against MISTY1 have been proposed but there is no attack against the full MISTY1 Therefore our attack is the first cryptanalysis against the full MISTY1 We construct a new integral characteristic by using the propagation characteristic of the division property which was proposed in EUROCRYPT 2015 We first improve the division property by optimizing the division property for a public Sbox and then construct a 6round integral characteristic on MISTY1 Finally we recover the secret key of the full MISTY1 with 26358 chosen plaintexts and 2121 time complexity Moreover if we use 263994 chosen plaintexts the time complexity for our attack is reduced to 21083 Note that our cryptanalysis is a theoretical attack Therefore the practical use of MISTY1 will not be affected by our attackLet F be a function that consists of m Sboxes where F i denotes the ith Sbox and the bit length and the algebraic degree is n i bits and d i respectively The input and the output take a value of mathbb F 2n 1 times mathbb F 2n 2 times cdots times mathbb F 2n m and mathbb X and mathbb Y denote the input multiset and the output multiset respectivelyLet F be a compression function by an XOR where the input x 1x 2 takes a value of mathbb F 2n times mathbb F 2n and the output is calculated as y=x 1oplus x 2 Let mathbb X and mathbb Y be the input multiset and the output multiset respectivelyLet F be a split function where the input x takes a value of mathbb F 2n and the output is calculated as y 1 Vert y 2=x where y 1y 2 takes a value of mathbb F 2n 1 times mathbb F 2nn 1 Let mathbb X and mathbb Y be the input multiset and the output multiset respectivelyLet F be a concatenation function where the input x 1x 2 takes a value of mathbb F 2n 1 times mathbb F 2n 2 and the output is calculated as y=x 1 Vert x 2 Let mathbb X and mathbb Y be the input multiset and the output multiset respectively

Keywords:

References

.
Search In Abstract Of Papers:
Other Papers In This Journal:
  1. Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs
  2. Resource Requirements of Private Quantum Channels and Consequences for Oblivious Remote State Preparation
  3. Formal Proofs for the Security of Signcryption
  4. Concurrent Knowledge Extraction in Public-Key Models
  5. Jacobian Coordinates on Genus 2 Curves
  6. On the Amortized Complexity of Zero-Knowledge Protocols
  7. On the Efficient Generation of Prime-Order Elliptic Curves
  8. Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles
  9. Accelerating Pollard’s Rho Algorithm on Finite Fields
  10. The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm
  11. Constant-Round Oblivious Transfer in the Bounded Storage Model
  12. The Discrete Logarithm Problem on Elliptic Curves of Trace One
  13. Short Signatures from Diffie–Hellman: Realizing Almost Compact Public Key
  14. Integral Cryptanalysis on Full MISTY1
  15. Universally Composable Symbolic Security Analysis
Search Result: