Security Analysis of 7-Round MISTY1 against Higher Order Differential Attacks

Yukiyasu TSUNOO  Teruo SAITO  Maki SHIGERI  Takeshi KAWABATA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E93-A   No.1   pp.144-152
Publication Date: 2010/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E93.A.144
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Cryptanalysis
block cipher,  CRYPTREC,  higher order differential attack,  MISTY1,  NESSIE,  

Full Text: PDF(322.6KB)>>
Buy this Article

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper shows that higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions. The attack on 7-round MISTY1 can recover a partial subkey with a data complexity of 254.1 and a computational complexity of 2120.8, which signifies the first successful attack on 7-round MISTY1 with no limitation such as a weak key. This paper also evaluates the complexity of this higher order differential attack on MISTY1 in which the key schedule is replaced by a pseudorandom function. It is shown that resistance to the higher order differential attack is not substantially improved even in 7-round MISTY1 in which the key schedule is replaced by a pseudorandom function.