Integral Cryptanalysis on Full MISTY1

  • Yosuke Todo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9215)


MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY1, i.e., we show that 8-round MISTY1 with 5 FL layers does not have 128-bit security. Many attacks against MISTY1 have been proposed, but there is no attack against the full MISTY1. Therefore, our attack is the first cryptanalysis against the full MISTY1. We construct a new integral characteristic by using the propagation characteristic of the division property, which was proposed in 2015. We first improve the division property by optimizing a public S-box and then construct a 6-round integral characteristic on MISTY1. Finally, we recover the secret key of the full MISTY1 with \(2^{63.58}\) chosen plaintexts and \(2^{121}\) time complexity. Moreover, if we can use \(2^{63.994}\) chosen plaintexts, the time complexity for our attack is reduced to \(2^{107.9}\). Note that our cryptanalysis is a theoretical attack. Therefore, the practical use of MISTY1 will not be affected by our attack.


MISTY1 Integral attack Division property 


  1. 1.
    Babbage, S., Frisch, L.: On MISTY1 higher order differential cryptanalysis. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 22–36. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. 2.
    Bar-On, A.: Improved higher-order differential attacks on MISTY1. In: FSE (2015)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991) Google Scholar
  4. 4.
    Boura, C., Canteaut, A.: On the influence of the algebraic degree of f\({}^{\text{-1 }}\) on the algebraic degree of G \(\circ \) F. IEEE Trans. Inf. Theor. 59(1), 691–702 (2013)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Canteaut, A., Videau, M.: Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 518–533. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    CRYPTREC: Specifications of e-government recommended ciphers (2013).
  7. 7.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  8. 8.
    Dunkelman, O., Keller, N.: An improved impossible differential attack on MISTY1. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 441–454. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  9. 9.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.L.: Improved cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  10. 10.
    Hatano, Y., Tanaka, H., Kaneko, T.: Optimization for the algebraic method and its application to an attack of MISTY1. IEICE Trans. 87–A(1), 18–27 (2004)Google Scholar
  11. 11.
    ISO/IEC: JTC1: ISO/IEC 18033: Security techniques – encryption algorithms – part 3: Block ciphers (2005)Google Scholar
  12. 12.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  13. 13.
    Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  14. 14.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello Jr., D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, USA (1994)CrossRefGoogle Scholar
  15. 15.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) Google Scholar
  16. 16.
    Matsui, M.: New structure of block ciphers with provable security against differential and linear cryptanalysis. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 205–218. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Matsui, M.: New block encryption algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54–68. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  18. 18.
    NESSIE: New european schemes for signatures, integrity, and encryption (2004).
  19. 19.
    Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444. Springer, Heidelberg (1995) Google Scholar
  20. 20.
    Nyberg, K., Knudsen, L.R.: Provable security against a differential attack. J. Cryptology 8(1), 27–37 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Ohta, H., Matsui, M.: A description of the MISTY1 encryption algorithm (2000).
  22. 22.
    Sun, B., Hai, X., Zhang, W., Cheng, L., Yang, Z.: New observation on division property. IACR Cryptology ePrint Archive 2015, 459 (2015).
  23. 23.
    Tanaka, H., Hisamatsu, K., Kaneko, T.: Strength of MISTY1 without FL function for higher order differential attack. In: Fossorier, M.P.C., Imai, H., Lin, S., Poli, A. (eds.) AAECC 1999. LNCS, vol. 1719, pp. 221–230. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  24. 24.
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015) Google Scholar
  25. 25.
    Tsunoo, Y., Saito, T., Shigeri, M., Kawabata, T.: Higher order differential attacks on reduced-round MISTY1. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 415–431. Springer, Heidelberg (2009) CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations