|
For Full-Text PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
|
On Non-Pseudorandomness from Block Ciphers with Provable Immunity Against Linear Cryptanalysis
Kouichi SAKURAI Yuliang ZHENG
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E80-A
No.1
pp.19-24 Publication Date: 1997/01/25 Online ISSN:
DOI: Print ISSN: 0916-8508 Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security) Category: Keyword: block cipher, cryptography, Data Encryption Standard, differential cryptanalysis, linear cryptanalysis, pseudorandom permutation, security, secret-key block cipher,
Full Text: PDF>>
Summary:
Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudrandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic round-function in a transform used in DES. Cryptograohic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructiong pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3-round (4-round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation.
|
|
|