On MISTY1 Higher Order Differential Cryptanalysis

Authors:
Steve Babbage;Laurent Frisch
Affiliations:
-;-
Venue:
ICISC '00 Proceedings of the Third International Conference on Information Security and Cryptology
Year:
2000

Citing 4
Cited 9

On the Strength of KASUMI without FL Functions against Higher Order Differential Attack

ICISC '00 Proceedings of the Third International Conference on Information Security and Cryptology
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis

Proceedings of the Third International Workshop on Fast Software Encryption
New Block Encryption Algorithm MISTY

FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Almost perfect nonlinear power functions on GF(2n): the Welch case

IEEE Transactions on Information Theory

Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Survey and benchmark of block ciphers for wireless sensor networks

ACM Transactions on Sensor Networks (TOSN)
An Improved Impossible Differential Attack on MISTY1

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Higher Order Differential Attacks on Reduced-Round MISTY1

Information Security and Cryptology --- ICISC 2008
Security analysis of MISTY1

WISA'07 Proceedings of the 8th international conference on Information security applications
Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1

CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
A fast calculus for the linearizing attack and its application to an attack on KASUMI

AAECC'06 Proceedings of the 16th international conference on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Weak-Key class of MISTY1 for related-key differential attack

Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis

CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

MISTY1 is a block cipher whose design relies on an assertion of provable security against linear and differential cryptanalysis. Yet, a simplified and round reduced version of MISTY1 that does not alter the security provability can be attacked with higher order differential cryptanalysis. We managed to explain this attack by deriving the attacking property from the choice of an atomic component of the algorithm, namely one of the two MISTY1 S-boxes. This allowed us to classify the good and the bad S-boxes built with the same principles and to show that none of the S-boxes with optimal linear and differential properties has an optimal behaviour with respect to higher order differential cryptanalysis.