A Study on Higher Order Differential Attack of KASUMI

Nobuyuki SUGIO  Hiroshi AONO  Sadayuki HONGO  Toshinobu KANEKO  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E90-A   No.1   pp.14-21
Publication Date: 2007/01/01
Online ISSN: 1745-1337
DOI: 10.1093/ietfec/e90-a.1.14
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Symmetric Cryptography
KASUMI,  higher order differential attack,  linearizing attack,  bit-slice implementation,  

Full Text: PDF(286KB)>>
Buy this Article

This paper proposes novel calculuses of linearizing attack that can be applied to higher order differential attack. Higher order differential attack is a powerful and versatile attack on block ciphers. It can be roughly summarized as follows: (1) Derive an attack equation to estimate the key by using the higher order differential properties of the target cipher, (2) Determine the key by solving an attack equation. Linearizing attack is an effective method of solving attack equations. It linearizes an attack equation and determines the key by solving a system of linearized equations using approaches such as the Gauss-Jordan method. We enhance the derivation algorithm of the coefficient matrix for linearizing attack to reduce computational cost (fast calculus 1). Furthermore, we eliminate most of the unknown variables in the linearized equations by making the coefficient column vectors 0 (fast calculus 2). We apply these algorithms to an attack of the five-round variant of KASUMI and show that the attack complexity is equivalent to 228.9 chosen plaintexts and 231.2 KASUMI encryptions.