Improved Impossible Differential Attacks on Reduced-Round MISTY1
MISTY1 is a Feistel block cipher with a 64-bit block and a 128-bit key. It is one of the final NESSIE portfolio of block ciphers, and has been recommended for Japanese e-Government ciphers by the CRYPTREC project. In this paper, we improve the impossible differential attack on 6-round MISTY1 with 4 FL layers introduced by Dunkelman et al. with a factor of 211 for the time complexity. Furthermore, combing with the FL function properties and the key schedule algorithm, we propose an impossible differential attack on 7-round MISTY1 with 3 FL layers, which needs 258 known plaintexts and 2124.4 7-round encryptions. It is the first attack on 7-round MISTY1 in the known plaintext model to the best of our knowledge. Besides, we show an improved impossible differential attack on 7-round MISTY1 without FL layers with 292.2 7-round encryptions and 255 chosen plaintexts, which has lower time complexity than previous attacks.
KeywordsMISTY1 Impossible Differential Cryptanalysis Block Cipher
Unable to display preview. Download preview PDF.
- 1.Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
- 3.Dai, Y., Chen, S.: Weak key class of MISTY1 for related-key differential attack. In: Moti, Y., Wu, C.K. (eds.) INSCRYPT 2011 (2011) (to appear)Google Scholar
- 5.Igarashi, Y., Kaneko, T.: The 32nd-order Differential Attack on MISTY1 without FL Functions. In: 2008 International Symposium on Information Theory and its Applications, WTI-4-4 (2008)Google Scholar
- 6.Knudsen, L.R.: DEAL -a 128-bit block cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
- 10.Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. Communications and Cryptography: Two Sides of One Tapestry, pp. 227–233 (1994)Google Scholar
- 13.Lu, J., Yap, W., Wei, Y.: Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis, IACR Cryptology ePrint Archive 2012: 66 (2012)Google Scholar