
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

On NonPseudorandomness from Block Ciphers with Provable Immunity Against Linear Cryptanalysis
Kouichi SAKURAI Yuliang ZHENG
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E80A
No.1
pp.1924 Publication Date: 1997/01/25
Online ISSN:
DOI:
Print ISSN: 09168508 Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security) Category: Keyword: block cipher, cryptography, Data Encryption Standard, differential cryptanalysis, linear cryptanalysis, pseudorandom permutation, security, secretkey block cipher,
Full Text: PDF(580.7KB)>>
Summary:
Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudrandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic roundfunction in a transform used in DES. Cryptograohic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructiong pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3round (4round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation.

