[Resource Topic] 2012/066: Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis

Welcome to the resource topic for 2012/066

Title:
Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis

Authors: Jiqiang Lu, Wen-She Yap, Yongzhuang Wei

Abstract:

The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, an European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present related-key differential and related-key amplified boomerang attacks on the full MISTY1 under certain weak key assumptions: We describe 2^{103.57} weak keys and a related-key differential attack on the full MISTY1 with a data complexity of 2^{61} chosen ciphertexts and a time complexity of 2^{87.94} encryptions; and we also describe 2^{92} weak keys and a related-key amplified boomerang attack on the full MISTY1 with a data complexity of 2^{60.5} chosen plaintexts and a time complexity of 2^{80.18} encryptions. For the very first time, our results exhibit a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and show that the MISTY1 cipher is distinguishable from a random function and thus cannot be regarded to be an ideal cipher.

ePrint: https://eprint.iacr.org/2012/066

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .