Paper 2012/066

Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis

Jiqiang Lu, Wen-She Yap, and Yongzhuang Wei

Abstract

The MISTY1 block cipher has a 64-bit block length, a 128-bit user key and a recommended number of 8 rounds. It is a Japanese CRYPTREC-recommended e-government cipher, an European NESSIE selected cipher, and an ISO international standard. Despite of considerable cryptanalytic efforts during the past fifteen years, there has been no published cryptanalytic attack on the full MISTY1 cipher algorithm. In this paper, we present related-key differential and related-key amplified boomerang attacks on the full MISTY1 under certain weak key assumptions: We describe $2^{103.57}$ weak keys and a related-key differential attack on the full MISTY1 with a data complexity of $2^{61}$ chosen ciphertexts and a time complexity of $2^{87.94}$ encryptions; and we also describe $2^{92}$ weak keys and a related-key amplified boomerang attack on the full MISTY1 with a data complexity of $2^{60.5}$ chosen plaintexts and a time complexity of $2^{80.18}$ encryptions. For the very first time, our results exhibit a cryptographic weakness in the full MISTY1 cipher (when used with the recommended 8 rounds), and show that the MISTY1 cipher is distinguishable from a random function and thus cannot be regarded to be an ideal cipher.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Block cipherMISTY1Differential cryptanalysisAmplified boomerang attackRelated-key cryptanalysisWeak key.
Contact author(s)
lvjiqiang @ hotmail com
History
2012-02-23: received
Short URL
https://ia.cr/2012/066
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/066,
      author = {Jiqiang Lu and Wen-She Yap and Yongzhuang Wei},
      title = {Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2012/066},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/066}},
      url = {https://eprint.iacr.org/2012/066}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.