A Related-Key Rectangle Attack on the Full KASUMI
KASUMI is an 8-round Feistel block cipher used in the confidentiality and the integrity algorithms of the 3GPP mobile communications. As more and more 3GPP networks are being deployed, more and more users use KASUMI to protect their privacy. Previously known attacks on KASUMI can break up to 6 out of the 8 rounds faster than exhaustive key search, and no attacks on the full KASUMI have been published.
In this paper we apply the recently introduced related-key boomerang and rectangle attacks to KASUMI, resulting in an attack that is faster than exhaustive search against the full cipher. We also present a related-key boomerang distinguisher for 6-round KASUMI using only 768 adaptively chosen plaintexts and ciphertexts encrypted or decrypted under four related keys.
Recently, it was shown that the security of the entire encryption system of the 3GPP networks cannot be proven using only the “ordinary” assumption that the underlying cipher (KASUMI) is a Pseudo-Random Permutation. It was also shown that if we assume that KASUMI is also secure with respect to differential-based related-key attacks then the security of the entire system can be proven. Our results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP cannot be proven at this time.
KeywordsBlock Cipher Choose Plaintext Attack Fast Software Encryption Conditional Characteristic Boomerang Attack
- 1.Ben-Aroya, I., Biham, E.: Differential Cryptanalysis of Lucifer. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 187–199. Springer, Heidelberg (1994)Google Scholar
- 5.Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
- 11.Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved Time-Memory Trade-offs with Multiple Data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. Selected Areas in Cryptography, pp. 113–131. Springer, Heidelberg (2006) (to appear)Google Scholar
- 15.Handschuh, H., Naccache, D.: SHACAL. In: Preproceedings of NESSIE first workshop, Leuven (2000)Google Scholar
- 26.Lai, X., Massey, J.L.: Proposal for a New Block Cipher Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
- 27.Matsui, M.: Block encryption algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 64–74. Springer, Heidelberg (1997)Google Scholar
- 28.US National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publications No. 46 (1977)Google Scholar
- 31.3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V.3.1.1 (2001)Google Scholar