Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
The Rectangle Attack - Rectangling the Serpent
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
New Block Encryption Algorithm MISTY
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Related Key Attacks on Reduced Round KASUMI
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
New Results on Boomerang and Rectangle Attacks
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
An Improved Impossible Differential Attack on MISTY1
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
The boomerang attack on 5 and 6-round reduced AES
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Conditional estimators: an effective attack on A5/1
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
IEEE Transactions on Information Theory
Cryptography for network security: failures, successes and challenges
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Related-key attack on the full HIGHT
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Biclique cryptanalysis of the full AES
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Practical attack on the full MMB block cipher
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
EPCBC: a block cipher suitable for electronic product code encryption
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On related-key attacks and KASUMI: the case of a5/3
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
A related-key attack on block ciphers with weak recurrent key schedules
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Security analysis of the lightweight block ciphers XTEA, LED and piccolo
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Biclique attack on the full HIGHT
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Γ-MAC[H, P]: a new universal MAC scheme
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
SMSCrypto: A lightweight cryptographic framework for secure SMS transmission
Journal of Systems and Software
An experimental security analysis of two satphone standards
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced by the new A5/3 (and the soon to be announced A5/4) algorithm based on the block cipher KASUMI, which is a modified version of MISTY. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2-14. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2128 complexity of exhaustive search, which indicates that the changes made by ETSI's SAGE group in moving from MISTY to KASUMI resulted in a much weaker cipher.