Generic Attacks on Misty Schemes

  • Valérie Nachef
  • Jacques Patarin
  • Joana Treger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6212)


Misty schemes are classic cryptographic schemes used to construct pseudo-random permutations from 2n bits to 2n bits by using d pseudo-random permutations from n bits to n bits. These d permutations will be called the “internal” permutations, and d is the number of rounds of the Misty scheme. Misty schemes are important from a practical point of view since for example, the Kasumi algorithm based on Misty schemes has been adopted as the standard block cipher in the third generation mobile systems. In this paper we describe the best known “generic” attacks on Misty schemes, i.e. attacks when the internal permutations do not have special properties, or are randomly chosen. We describe known plaintext attacks (KPA), non-adaptive chosen plaintext attacks (CPA-1) and adaptive chosen plaintext and ciphertext attacks (CPCA-2) against these schemes. Some of these attacks were previously known, some are new. When d = 5 rounds, it is shown in [6] that a CPA-1 exists with complexity 2 n . We will present completely different attacks with d = 5 and the same complexity. We will also present new attacks for d ≤ 4 and d ≥ 6. For d ≥ 6 the complexity will be greater than 22n , so these attacks will be useful only when the number of rounds d is small.


Misty permutations pseudo-random permutations generic attacks on encryption schemes Block ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Personal Anonymous CommunicationGoogle Scholar
  2. 2.
    Specification of the 3GPP Confidentiality and Integrity Algorithm KASUMI,
  3. 3.
    Aiello, W., Venkatesan, R.: Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Coppersmith, D.: Luby-Rackoff: Four Rounds is not enough. Technical report, Technical Report RC20674, IBM Research Report (December 1996)Google Scholar
  5. 5.
    Gilbert, H., Minier, M.: New Results on the Pseudorandomness of Some Blockcipher Constructions. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 248–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Knudsen, L., Wagner, D.: Integral Cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Lai, X., Massey, J.L.: A Proposal for a New Block Encrytption Standard. In: Damgård, I. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
  8. 8.
    Matsui, M.: New Block Encrytpion Algorithm. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54–68. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Maurer, U., Pietrzak, K.: The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Patarin, J.: Generic Attacks on Feistel Schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 222–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Patarin, J.: Security of Random Feistel Schemes with 5 or more rounds. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Patarin, J.: A Proof of Security in O(2n) for the Benes Schemes. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 209–220. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 396–411. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 325–341. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Piret, G., Quisquater, J.-J.: Security of the MISTY structure in the luby-rackoff model: Improved results. In: Handschuh, H., Hasan, A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 100–115. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Sakurai, K., Zheng, Y.: On Non-Pseudorandomness from Block Ciphers with Provable Immunity Against Linear Cryptanalysis. IEICE Trans. Fundamentals E80-A(1) (January 1997) Google Scholar
  17. 17.
    Sugita, M.: Pseudorandomness of a Block Cipher MISTY. Technical report, Technical Report of IEIECE, ISEC 96-9Google Scholar
  18. 18.
    Sugita, M.: Pseudorandomness of a Block Cipher with Recursive Strictures. Technical report, Technical Report of IEIECE, ISEC 97-9Google Scholar
  19. 19.
    Treger, J., Patarin, J.: Generic Attacks on Feistel Networks with Internal Permutations. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 41–59. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Valérie Nachef
    • 1
  • Jacques Patarin
    • 2
  • Joana Treger
    • 2
  1. 1.Department of MathematicsUniversity of Cergy-Pontoise, CNRS UMR 8088Cergy-Pontoise CedexFrance
  2. 2.Université de VersaillesVersailles CedexFrance

Personalised recommendations