Improved Impossible Differential Attacks on Reduced-Round MISTY1

  • Keting Jia
  • Leibo Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7690)


MISTY1 is a Feistel block cipher with a 64-bit block and a 128-bit key. It is one of the final NESSIE portfolio of block ciphers, and has been recommended for Japanese e-Government ciphers by the CRYPTREC project. In this paper, we improve the impossible differential attack on 6-round MISTY1 with 4 FL layers introduced by Dunkelman et al. with a factor of 211 for the time complexity. Furthermore, combing with the FL function properties and the key schedule algorithm, we propose an impossible differential attack on 7-round MISTY1 with 3 FL layers, which needs 258 known plaintexts and 2124.4 7-round encryptions. It is the first attack on 7-round MISTY1 in the known plaintext model to the best of our knowledge. Besides, we show an improved impossible differential attack on 7-round MISTY1 without FL layers with 292.2 7-round encryptions and 255 chosen plaintexts, which has lower time complexity than previous attacks.


MISTY1 Impossible Differential Cryptanalysis Block Cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  2. 2.
    Babbage, S., Frisch, L.: On MISTY1 Higher Order Differential Cryptanalysis. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 22–36. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Dai, Y., Chen, S.: Weak key class of MISTY1 for related-key differential attack. In: Moti, Y., Wu, C.K. (eds.) INSCRYPT 2011 (2011) (to appear)Google Scholar
  4. 4.
    Dunkelman, O., Keller, N.: An Improved Impossible Differential Attack on MISTY1. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 441–454. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Igarashi, Y., Kaneko, T.: The 32nd-order Differential Attack on MISTY1 without FL Functions. In: 2008 International Symposium on Information Theory and its Applications, WTI-4-4 (2008)Google Scholar
  6. 6.
    Knudsen, L.R.: DEAL -a 128-bit block cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
  7. 7.
    Knudsen, L.R., Wagner, D.: Integral Cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Kühn, U.: Cryptanalysis of Reduced-Round MISTY. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 325–339. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Kühn, U.: Improved Cryptanalysis of MISTY1. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 61–75. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. Communications and Cryptography: Two Sides of One Tapestry, pp. 227–233 (1994)Google Scholar
  11. 11.
    Lee, S., Kim, J., Hong, D., Lee, C., Sung, J., Hong, S., Lim, J.: Weak Key Classes of 7-round MISTY 1 and 2 for Related-key Amplied Boomerang Attacks. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 91-A(2), 642–649 (2008)CrossRefGoogle Scholar
  12. 12.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Lu, J., Yap, W., Wei, Y.: Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis, IACR Cryptology ePrint Archive 2012: 66 (2012)Google Scholar
  14. 14.
    Matsui, M.: New Block Encryption Algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54–68. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  15. 15.
    Sun, X., Lai, X.: Improved Integral Attacks on MISTY1. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 266–280. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Tanaka, H., Hatano, Y., Sugio, N., Kaneko, T.: Security Analysis of MISTY1. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 215–226. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Tsunoo, Y., Saito, T., Shigeri, M., Kawabata, T.: Higher Order Differential Attacks on Reduced-Round MISTY1. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 415–431. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Keting Jia
    • 1
  • Leibo Li
    • 2
  1. 1.Institute for Advanced StudyTsinghua UniversityChina
  2. 2.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityChina

Personalised recommendations