Weak-key classes of 7-round MISTY 1 and 2 for related-key amplified boomerang attacks

Eunjin Lee; Jongsung Kim; Deukjo Hong; Changhoon Lee; Jaechul Sung; Seokhie Hong; Jongin Lim

doi:10.1093/ietfec/e91-a.2.642

Weak-key classes of 7-round MISTY 1 and 2 for related-key amplified boomerang attacks

Eunjin Lee, Jongsung Kim, Deukjo Hong, Changhoon Lee, Jaechul Sung, Seokhie Hong, Jongin Lim

Dept. of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

15 Scopus citations

Abstract

In 1997, M. Matsui proposed secret-key cryptosystems called MISTY 1 and MISTY 2, which are 8-and 12-round block ciphers with a 64-bit block, and a 128-bit key. They are designed based on the principle of provable security against differential and linear cryptanalysis. In this paper we present large collections of weak-key classes encompassing 2⁷³ and 2⁷⁰ weak keys for 7-round MISTY 1 and 2 for which they are vulnerable to a related-key amplified boomerang attack. Under our weak-key assumptions, the related-key amplified boomerang attack can be applied to 7-round MISTY 1 and 2 with 2⁵⁴, 2⁵⁶ chosen plaintexts and 2^55.3 7-round MISTY 1 encryptions, 2⁶⁵ 7-round MISTY 2 encryptions, respectively.

Original language	English
Pages (from-to)	642-649
Number of pages	8
Journal	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Volume	E91-A
Issue number	2
DOIs	https://doi.org/10.1093/ietfec/e91-a.2.642
State	Published - 2008

Keywords

Block ciphers
MISTY 1
MISTY 2
Related-key amplified boomerang attack
Weak-key classes

Access to Document

10.1093/ietfec/e91-a.2.642

Cite this

@article{9cef5a0b63304da190ea745b4b80ea05,

title = "Weak-key classes of 7-round MISTY 1 and 2 for related-key amplified boomerang attacks",

abstract = "In 1997, M. Matsui proposed secret-key cryptosystems called MISTY 1 and MISTY 2, which are 8-and 12-round block ciphers with a 64-bit block, and a 128-bit key. They are designed based on the principle of provable security against differential and linear cryptanalysis. In this paper we present large collections of weak-key classes encompassing 273 and 270 weak keys for 7-round MISTY 1 and 2 for which they are vulnerable to a related-key amplified boomerang attack. Under our weak-key assumptions, the related-key amplified boomerang attack can be applied to 7-round MISTY 1 and 2 with 254, 256 chosen plaintexts and 255.3 7-round MISTY 1 encryptions, 265 7-round MISTY 2 encryptions, respectively.",

keywords = "Block ciphers, MISTY 1, MISTY 2, Related-key amplified boomerang attack, Weak-key classes",

author = "Eunjin Lee and Jongsung Kim and Deukjo Hong and Changhoon Lee and Jaechul Sung and Seokhie Hong and Jongin Lim",

year = "2008",

doi = "10.1093/ietfec/e91-a.2.642",

language = "English",

volume = "E91-A",

pages = "642--649",

journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",

issn = "0916-8508",

number = "2",

}

TY - JOUR

T1 - Weak-key classes of 7-round MISTY 1 and 2 for related-key amplified boomerang attacks

AU - Lee, Eunjin

AU - Kim, Jongsung

AU - Hong, Deukjo

AU - Lee, Changhoon

AU - Sung, Jaechul

AU - Hong, Seokhie

AU - Lim, Jongin

PY - 2008

Y1 - 2008

N2 - In 1997, M. Matsui proposed secret-key cryptosystems called MISTY 1 and MISTY 2, which are 8-and 12-round block ciphers with a 64-bit block, and a 128-bit key. They are designed based on the principle of provable security against differential and linear cryptanalysis. In this paper we present large collections of weak-key classes encompassing 273 and 270 weak keys for 7-round MISTY 1 and 2 for which they are vulnerable to a related-key amplified boomerang attack. Under our weak-key assumptions, the related-key amplified boomerang attack can be applied to 7-round MISTY 1 and 2 with 254, 256 chosen plaintexts and 255.3 7-round MISTY 1 encryptions, 265 7-round MISTY 2 encryptions, respectively.

AB - In 1997, M. Matsui proposed secret-key cryptosystems called MISTY 1 and MISTY 2, which are 8-and 12-round block ciphers with a 64-bit block, and a 128-bit key. They are designed based on the principle of provable security against differential and linear cryptanalysis. In this paper we present large collections of weak-key classes encompassing 273 and 270 weak keys for 7-round MISTY 1 and 2 for which they are vulnerable to a related-key amplified boomerang attack. Under our weak-key assumptions, the related-key amplified boomerang attack can be applied to 7-round MISTY 1 and 2 with 254, 256 chosen plaintexts and 255.3 7-round MISTY 1 encryptions, 265 7-round MISTY 2 encryptions, respectively.

KW - Block ciphers

KW - MISTY 1

KW - MISTY 2

KW - Related-key amplified boomerang attack

KW - Weak-key classes

UR - http://www.scopus.com/inward/record.url?scp=67049120785&partnerID=8YFLogxK

U2 - 10.1093/ietfec/e91-a.2.642

DO - 10.1093/ietfec/e91-a.2.642

M3 - Article

AN - SCOPUS:67049120785

SN - 0916-8508

VL - E91-A

SP - 642

EP - 649

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

IS - 2

ER -

Weak-key classes of 7-round MISTY 1 and 2 for related-key amplified boomerang attacks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this