In this paper we pursue another direction, by focusing on attacks with a practical time complexity. The best previously-known attacks with practical complexity against MISTY1 could break either 4 rounds (out of 8), or 5 rounds in a modified variant in which some of the FL functions are removed. We present an attack on 5-round MISTY1 with all the FL functions present whose time complexity is 2^38 encryptions. When the FL functions are removed, we present a devastating (and experimentally verified) related-key attack on the full 8-round variant, requiring only 2^18 data and time.
While our attacks clearly do not compromise the security of the full MISTY1, they expose several weaknesses in MISTY1ís components, and improve our understanding of its security. Moreover, future designs which rely on MISTY1 as their base, should take these issues into close consideration.Category / Keywords: secret-key cryptography / Cryptanalysis, MISTY1, Practical-time, Slide, Related-Key Date: received 7 Jul 2013 Contact author: orrd at cs haifa ac il Available format(s): PDF | BibTeX Citation Version: 20130709:201342 (All versions of this report) Short URL: ia.cr/2013/431 Discussion forum: Show discussion | Start new discussion