On the Strength of KASUMI without FL Functions against Higher Order Differential Attack
ICISC '00 Proceedings of the Third International Conference on Information Security and Cryptology
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
Proceedings of the Third International Workshop on Fast Software Encryption
New Block Encryption Algorithm MISTY
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Almost perfect nonlinear power functions on GF(2n): the Welch case
IEEE Transactions on Information Theory
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Survey and benchmark of block ciphers for wireless sensor networks
ACM Transactions on Sensor Networks (TOSN)
An Improved Impossible Differential Attack on MISTY1
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Higher Order Differential Attacks on Reduced-Round MISTY1
Information Security and Cryptology --- ICISC 2008
WISA'07 Proceedings of the 8th international conference on Information security applications
Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
A fast calculus for the linearizing attack and its application to an attack on KASUMI
AAECC'06 Proceedings of the 16th international conference on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Weak-Key class of MISTY1 for related-key differential attack
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
MISTY1 is a block cipher whose design relies on an assertion of provable security against linear and differential cryptanalysis. Yet, a simplified and round reduced version of MISTY1 that does not alter the security provability can be attacked with higher order differential cryptanalysis. We managed to explain this attack by deriving the attacking property from the choice of an atomic component of the algorithm, namely one of the two MISTY1 S-boxes. This allowed us to classify the good and the bad S-boxes built with the same principles and to show that none of the S-boxes with optimal linear and differential properties has an optimal behaviour with respect to higher order differential cryptanalysis.