New block encryption algorithm MISTY

  • Mitsuru Matsui
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1267)


We propose secret-key cryptosystems MISTY1 and MISTY2, which are block ciphers with a 128-bit key, a 64-bit block and a variable number of rounds. MISTY is a generic name for MISTY1 and MISTY2. They are designed on the basis of the theory of provable security against differential and linear cryptanalysis, and moreover they realize high speed encryption on hardware platforms as well as on software environments. Our software implementation shows that MISTY1 with eight rounds can encrypt a data stream in CBC mode at a speed of 20Mbps and 40Mbps on Pentium/100MHz and PA-7200/120MHz, respectively. For its hardware performance, we have produced a prototype LSI by a process of 0.5Μ CMOS gate-array and confirmed a speed of 450Mbps. In this paper, we describe the detailed specifications and design principles of MISTY1 and MISTY2.


  1. 1.
    Nyberg, K., Knudsen, L.,: Provable Security against Differential Cryptanalysis. Journal of Cryptology, Vol.8, no.1 (1995)Google Scholar
  2. 2.
    Nyberg, K.,: Linear Approximation of Block Ciphers. Advances in Cryptology — Eurocrypt’94, Lecture Notes in Computer Science 950, Springer Verlag (1994)Google Scholar
  3. 3.
    Aoki, K., Ohta, K.,: Stricter Evaluation for the Maximum Average of Differential Probability and the Maximum Average of Linear Probability (in Japanese). Proceedings of SCIS’96, SCIS96-4A (1996)Google Scholar
  4. 4.
    Matsui, M.,: New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis. Proceedings of the third international workshop of fast software encryption, Lecture Notes in Computer Science 1039, Springer Verlag (1996)Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Mitsuru Matsui
    • 1
  1. 1.Information Technology R&D CenterMitsubishi Electric CorporationKanagawaJapan

Personalised recommendations