Advertisement

A Related-Key Rectangle Attack on the Full KASUMI

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3788)

Abstract

KASUMI is an 8-round Feistel block cipher used in the confidentiality and the integrity algorithms of the 3GPP mobile communications. As more and more 3GPP networks are being deployed, more and more users use KASUMI to protect their privacy. Previously known attacks on KASUMI can break up to 6 out of the 8 rounds faster than exhaustive key search, and no attacks on the full KASUMI have been published.

In this paper we apply the recently introduced related-key boomerang and rectangle attacks to KASUMI, resulting in an attack that is faster than exhaustive search against the full cipher. We also present a related-key boomerang distinguisher for 6-round KASUMI using only 768 adaptively chosen plaintexts and ciphertexts encrypted or decrypted under four related keys.

Recently, it was shown that the security of the entire encryption system of the 3GPP networks cannot be proven using only the “ordinary” assumption that the underlying cipher (KASUMI) is a Pseudo-Random Permutation. It was also shown that if we assume that KASUMI is also secure with respect to differential-based related-key attacks then the security of the entire system can be proven. Our results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP cannot be proven at this time.

Keywords

Block Cipher Choose Plaintext Attack Fast Software Encryption Conditional Characteristic Boomerang Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ben-Aroya, I., Biham, E.: Differential Cryptanalysis of Lucifer. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 187–199. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys (Extended Abstract). Journal of Cryptology 7(4), 229–246 (1994)zbMATHCrossRefGoogle Scholar
  3. 3.
    Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Information Processing Letters 84(3), 117–124 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the Middle Attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Biham, E., Dunkelman, O., Keller, N.: The rectangle attack - rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Dunkelman, O., Keller, N.: New Results on Boomerang and Rectangle Attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  10. 10.
    Biryukov, A., Nakahara Jr., J., Preneel, B., Vandewalle, J.: New Weak-Key Class of IDEA. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 315–326. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved Time-Memory Trade-offs with Multiple Data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. Selected Areas in Cryptography, pp. 113–131. Springer, Heidelberg (2006) (to appear)Google Scholar
  12. 12.
    Blunden, M., Escott, A.: Related Key Attacks on Reduced Round KASUMI. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 277–285. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Brown, L., Pieprzyk, J., Seberry, J.: LOKI — A Cryptographic Primitive for Authentication and Secrecy Applications. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 229–236. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  14. 14.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES — the Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  15. 15.
    Handschuh, H., Naccache, D.: SHACAL. In: Preproceedings of NESSIE first workshop, Leuven (2000)Google Scholar
  16. 16.
    Hong, D., Kang, J.-S., Preneel, B., Riu, H.: A Concrete Security Analysis for 3GPP-MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 154–169. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Iwata, T., Kurosawa, K.: On the Correctness of Security Proofs for the 3GPP Confidentiality and Integrity Algorithms. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 306–318. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Iwata, T., Kohno, T.: New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 427–445. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Jakimoski, G., Desmedt, Y.: Related-Key Differential Cryptanalysis of 192-bit Key AES Variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Kang, J.-S., Shin, S.U., Hong, D., Yi, O.: Provable Security of KASUMI and 3GPP encryption mode. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 255–271. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Kelsey, J., Schneier, B., Wagner, D.: Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  23. 23.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-Key Rectangle Attack — Application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Hong, S., Kim, J., Kim, G., Lee, S., Preneel, B.: Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368–383. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Kühn, U.: Cryptanalysis of Reduced-Round MISTY. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 325–339. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Lai, X., Massey, J.L.: Proposal for a New Block Cipher Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Matsui, M.: Block encryption algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 64–74. Springer, Heidelberg (1997)Google Scholar
  28. 28.
    US National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publications No. 46 (1977)Google Scholar
  29. 29.
    Sorkin, A.: Lucifer, a Cryptographic Algorithm. Cryptologia 8(1), 22–41 (1984)CrossRefGoogle Scholar
  30. 30.
    Tanaka, H., Ishii, C., Kaneko, T.: On the Strength of KASUMI without FL Functions against Higher Order Differential Attack. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 14–21. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. 31.
    3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V.3.1.1 (2001)Google Scholar
  32. 32.
    Vaudenay, S.: Provable Security for Block Ciphers by Decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  33. 33.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 1
  • Nathan Keller
    • 2
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.Einstein Institute of MathematicsHebrew UniversityJerusalemIsrael

Personalised recommendations