Related Key Attacks on Reduced Round KASUMI
This paper describes related key attacks on five and six round KASUMI. The five round attack requires the encryption of approximately 219 chosen plaintext pairs X and X* under keys K and K* respectively where K and K* differ in only one bit, and requires a maximum of a little over 233 trials to recover the entire key. The six round attack requires a smaller number of chosen plaintext encryptions than the five round attack, and recovers the entire key in a maximum of 2112 trials.
- 1.S. Babbage, ”Design of Security Algorithms for Third Generation Mobile Telephony.” In Information Security Technical Report (Elsevier), (5), 2000.Google Scholar
- 2.E. Biham, ”New Types of Cryptanalytic Attacks Using Related Keys.” In Advances in Cryptology-EUROCRYPT’ 93, Lecture Notes in Computer Science (LNCS 765), Springer-Verlag, 1994.Google Scholar
- 3.E. Biham and A. Shamir, ”Differential Cryptanalysis of DES-like Cryptosystems.” In Journal of Cryptology, (4), 1991.Google Scholar
- 6.L. Knudsen, ”Cryptanalysis of LOKI91.” In Advances in Cryptology-AUSCRYPT’ 92, Lecture Notes in Computer Science (LNCS 718), Springer-Verlag, 1994.Google Scholar
- 8.K. Nyberg, ”Linear Approximation of Block Ciphers.” In Advances in Cryptology-EUROCRYPT’ 94, Lecture Notes in Computer Science (LNCS 950), Springer-Verlag, 1995.Google Scholar
- 9.K. Nyberg and L. Knudsen, ”Provable Security Against a Differential Attack.” In Journal of Cryptology, (8), 1995.Google Scholar