Integral Cryptanalysis on Full MISTY1
نویسندگان
چکیده
منابع مشابه
Improved Cryptanalysis of MISTY1
The block cipher MISTY1 [9] proposed for the NESSIE project [11] is a Feistel network augmented with key-dependent linear FL functions. The proposal allows a variable number of rounds provided that it is a multiple of four. Here we present a new attack – the Slicing Attack – on the 4-round version, which makes use of the special structure and position of these key-dependent linear FL functions....
متن کاملImproved Integral Attacks on MISTY1
We present several integral attacks on MISTY1 using the FO Relation, which is derived from Sakurai-Zheng Property used in previous attacks. The FO Relation is a more precise form of the Sakurai-Zheng Property such that the functions in the FO Relation depend on 16-bit inputs instead of 32-bit inputs used in previous attacks, and that the functions do not change for different keys while previous...
متن کاملA 2 Attack on the Full MISTY1
MISTY1 is a block cipher designed by Matsui in 1997. It is widely deployed in Japan, and is recognized internationally as a European NESSIE-recommended cipher and an ISO standard. After almost 20 years of unsuccessful cryptanalytic attempts, a first attack on the full MISTY1 was presented at CRYPTO 2015 by Todo. The attack, using a new technique called division property, requires almost the ful...
متن کاملWeak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis
The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, an European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorit...
متن کاملIntegral Cryptanalysis
This paper considers a cryptanalytic approach called integral cryptanalysis. It can be seen as a dual to differential cryptanalysis and applies to ciphers not vulnerable to differential attacks. The method is particularly applicable to block ciphers which use bijective components only.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Cryptology
سال: 2016
ISSN: 0933-2790,1432-1378
DOI: 10.1007/s00145-016-9240-x