Cryptology ePrint Archive: Report 2015/367

Improved Higher-Order Differential Attacks on MISTY1

Achiya Bar-On

Abstract: MISTY1 is a block cipher designed by Matsui in 1997. It is widely deployed in Japan, and is recognized internationally as an European NESSIE-recommended cipher and an ISO standard. Since its introduction, MISTY1 was subjected to extensive cryptanalytic efforts, yet no attack significantly faster than exhaustive key search is known on its full version. The best currently known attack is a higher-order differential attack presented by Tsunoo et al. in 2012 which breaks a reduced variant of MISTY1 that contains 7 of the 8 rounds and 4 of the 5 $FL$ layers in $2^{49.7}$ data and $2^{116.4}$ time.

In this paper, we present improved higher-order differential attacks on reduced-round MISTY1. Our attack on the variant considered by Tsunoo et al. requires roughly the same amount of data and only $2^{100.4}$ time (i.e., is $2^{16}$ times faster). Furthermore, we present the first attack on a MISTY1 variant with 7 rounds and all 5 $FL$ layers, requiring $2^{51.4}$ data and $2^{121}$ time. To achieve our results, we use a new higher-order differential characteristic for 4-round MISTY1, as well as enhanced key recovery algorithms based on the {\it partial sums} technique.

Category / Keywords: block cipher, MISTY1, higher-order differential attack, partial sums, integral attack, KASUMI

Original Publication (with minor differences): IACR-FSE-2015

Date: received 22 Apr 2015

Contact author: abo1000 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150423:131221 (All versions of this report)

Short URL: ia.cr/2015/367

Discussion forum: Show discussion | Start new discussion