Filters








53 Hits in 2.3 sec

Area-Efficient Hardware Architectures of MISTY1 Block Cipher

A. Yasir, N. Wu, X. Chen, M. Rehan Yahya
2018 Radioengineering  
In this paper, state-of-the-art hardware implementations of MISTY1 block cipher are presented for areaconstrained wireless applications.  ...  The proposed MISTY1 architectures are characterized of highly optimized transformation functions i.e. FL and {FO-XOR-EKG}.  ...  Considerable efforts are underway to optimize the hardware design / implementation of encryption algorithms for respective applications.  ... 
doi:10.13164/re.2018.0541 fatcat:epho4u7jzbc23h3j54x6vmviyi

A Practical-time Attack on Reduced-round MISTY1

Nobuyuki Sugio, Yasutaka Igarashi, Toshinobu Kaneko, Kenichi Higuchi
2016 Proceedings of the 2nd International Conference on Information Systems Security and Privacy  
We show 6-round MISTY1 with 4 FL layers is attackable with 2 43 blocks of chosen plaintexts and 2 43.31 times of data encryption. This is the best practical-time attack on reduced-round MISTY1.  ...  MISTY1 is a 64-bit block cipher supporting key length of 128 bits. In this paper, we focused on evaluating the security of MISTY1 against higher order differential attack.  ...  In the following, we refer to equation (8) as an attack equation for key recovery. Algebraic Method Shimoyama et al. proposed an effective method of solving equation (8) (T.  ... 
doi:10.5220/0005652202350242 dblp:conf/icissp/SugioIKH16 fatcat:3wrz6cumjng4xdv4airacidkqa

New block encryption algorithm MISTY [chapter]

Mitsuru Matsui
1997 Lecture Notes in Computer Science  
We propose secret-key cryptosystems MISTY1 and MISTY2, which are block ciphers with a 128-bit key, a 64-bit block and a variable number of rounds. MISTY is a generic name for MISTY1 and MISTY2.  ...  In this paper, we describe the detailed specications and design principles of MISTY1 and MISTY2.  ...  For a complete description of MISTY1 and MISTY2, see an appendix.  ... 
doi:10.1007/bfb0052334 fatcat:oxsdaipcvvhxvklhwybpww5x4y

Improved Higher-Order Differential Attacks on MISTY1 [chapter]

Achiya Bar-On
2015 Lecture Notes in Computer Science  
The best currently known attack is a higher-order differential attack presented by Tsunoo et al. in 2012 which breaks a reduced variant of MISTY1 that contains 7 of the 8 rounds and 4 of the 5 F L layers  ...  MISTY1 is a block cipher designed by Matsui in 1997. It is widely deployed in Japan, and is recognized internationally as an European NESSIE-recommended cipher and an ISO standard.  ...  It seems that the case of KASUMI will be harder, due to the higher algebraic degree of the modified F I function KASUMI uses.  ... 
doi:10.1007/978-3-662-48116-5_2 fatcat:cq2j3crncrftrjxmbn6ymzkvu4

Block Ciphers and Systems of Quadratic Equations [chapter]

Alex Biryukov, Christophe De Cannière
2003 Lecture Notes in Computer Science  
In this paper we compare systems of multivariate polynomials, which completely define the block ciphers Khazad, Misty1, Kasumi, Camellia, Rijndael and Serpent in the view of a potential danger of an algebraic  ...  re-linearization attack.  ...  We wish to thank the anonymous referees, whose comments helped to improve this paper. We would also like to thank Jin Hong for pointing out an error in a previous version of this paper.  ... 
doi:10.1007/978-3-540-39887-5_21 fatcat:imotge6z5va3ppofgzevxpib4u

On Integer Programming Problems Related to Soft-Decision Iterative Decoding Algorithms [chapter]

Tadao Kasami
1999 Lecture Notes in Computer Science  
of Block Codes p. 181 Near Optimal Decoding for TCM Using the BIVA and Trellis Shaping p. 191 An Optimality Testing Algorithm for a Decoded Codeword of Binary BlockCodes and Its Computational Complexity  ...  p. 201 Algebra II Recursive MDS-Codes and Pseudogeometries p. 211 Strength of MISTY1 without FL Function for Higher Order Differential Attack p. 221 Code Construction Quantum Reed-Solomon  ... 
doi:10.1007/3-540-46796-3_5 fatcat:nsr5gsh23vfsbcrktyoa3zeh3e

Integral Cryptanalysis on Full MISTY1

Yosuke Todo
2016 Journal of Cryptology  
However, in the application to cryptanalysis, we evaluate the values in the multiset whose elements are texts encrypted for several rounds.  ...  Moreover, if we can use 2 63.994 chosen plaintexts, the time complexity for our attack is reduced to 2 107.9 . Note that our cryptanalysis is a theoretical attack.  ...  Optimization for the algebraic method and its application to an attack of MISTY1. Lars R. Knudsen. Truncated and higher order differentials.  ... 
doi:10.1007/s00145-016-9240-x fatcat:65oaj4rdezgcfbuxv2turqrhly

Simple CCA-Secure Public Key Encryption from Any Non-Malleable Identity-Based Encryption [chapter]

Takahiro Matsuda, Goichiro Hanaoka, Kanta Matsuura, Hideki Imai
2009 Lecture Notes in Computer Science  
Linear Cryptanalysis with Applications on Reduced Round Serpent" Joo Yeon Cho, Miia Hermelin and Kaisa Nyberg "Almost fully optimized infinite classes of Boolean functions resistant to (fast) algebraic  ...  Generalized Universal Circuits for Secure Evaluation of Private Functions with Application to Data Classification" Ahmad-Reza Sadeghi and Thomas Schneider "Proving a shuffle using representations of the  ... 
doi:10.1007/978-3-642-00730-9_1 fatcat:c34x5qiy7bevporyayxwsezowq

Integral Cryptanalysis on Full MISTY1 [chapter]

Yosuke Todo
2015 Lecture Notes in Computer Science  
However, in the application to cryptanalysis, we evaluate the values in the multiset whose elements are texts encrypted for several rounds.  ...  Moreover, if we can use 2 63.994 chosen plaintexts, the time complexity for our attack is reduced to 2 107.9 . Note that our cryptanalysis is a theoretical attack.  ...  Optimization for the algebraic method and its application to an attack of MISTY1. Lars R. Knudsen. Truncated and higher order differentials.  ... 
doi:10.1007/978-3-662-47989-6_20 fatcat:ttefvucnjbendit4kqovixvvy4

Finding Bit-Based Division Property for Ciphers with Complex Linear Layers

Kai Hu, Qingju Wang, Meiqin Wang
2020 IACR Transactions on Symmetric Cryptology  
The computing scale of our model can be tackled by most of SMT/SAT solvers, which makes our method practical. For applications, we improve the previous BDP for LED and MISTY1.  ...  In order to solve this problem, Zhang and Rijmen propose the ZR method to link every valid trail with an invertible sub-matrix of the matrix corresponding to the linear layer, and then generate linear  ...  Acknowledgments We thank the anonymous reviewers for their valuable comments. We especially thank Anne Canteaut for helping prepare the final version.  ... 
doi:10.13154/tosc.v2020.i1.396-424 dblp:journals/tosc/HuWW20 fatcat:5jack4rq5rfixk4xapkvlvlm2u

Finding Bit-Based Division Property for Ciphers with Complex Linear Layer [article]

Kai Hu, Qingju Wang, Meiqin Wang
2020 IACR Cryptology ePrint Archive  
The computing scale of our model can be tackled by most of SMT/SAT solvers, which makes our method practical. For applications, we improve the previous BDP for LED and MISTY1.  ...  In order to solve this problem, Zhang and Rijmen propose the ZR method to link every valid trail with an invertible sub-matrix of the matrix corresponding to the linear layer, and then generate linear  ...  Acknowledgement We thank the anonymous reviewers for their valuable comments.  ... 
dblp:journals/iacr/HuWW20 fatcat:mcpjpvcjfjbjbih4k6zyrqenoe

Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis [chapter]

Anne Canteaut, Marion Videau
2002 Lecture Notes in Computer Science  
Here, we show that some properties of such functions enable to find a new upper bound for the degree of the product of its Boolean components.  ...  This result leads to a higher order differential attack on any 5-round Feistel ciphers using an almost bent substitution function.  ...  It can be expressed as a polynomial, called its algebraic normal form. The degree of f , denoted by deg(f ), is the degree of its algebraic normal form.  ... 
doi:10.1007/3-540-46035-7_34 fatcat:wyyfahn4rjhdvbdyjzqf35npo4

Security Evaluation of GOST 28147-89 in View of International Standardisation

Nicolas T. Courtois
2012 Cryptologia  
be developed previously, because only in the recent 5 years it became possible to show the existence of an appropriate last step for many such attacks, which is a low data complexity software algebraic  ...  In this paper we will explain the main ideas behind it and explain also the precise concept of "Black-box Algebraic Complexity Reduction".  ...  Our attacks and those in [12] inherit the ideas of all the attacks we mention above: they take a quite non-trivial method for algebraic description of S-boxes [9] , a particular method for algebraic  ... 
doi:10.1080/01611194.2011.632807 fatcat:cfzqczsla5fwvbinq4vowrip64

Automatic Search of Bit-Based Division Property for ARX Ciphers and Word-Based Division Property [chapter]

Ling Sun, Wei Wang, Meiqin Wang
2017 Lecture Notes in Computer Science  
Todo [41] implemented the search for a variety of AES-like ciphers with 4-bit S-boxes, and the 6-round integral distinguisher [40] for MISTY1 was obtained based on this method.  ...  Due to the newly identified division property, at Crypto 2015, MISTY1 [21] was broken by Todo for the first time.  ...  The integral attacks for CLEFIA-192 and CLEFIA-256 can be improved by one round, too. Applications to Other Ciphers.  ... 
doi:10.1007/978-3-319-70694-8_5 fatcat:36kombuzxnfofhgmcuvzilw6im

Integral Cryptanalysis on Two Block Ciphers Pyjamask and uBlock

Wenqiang Tian, Bin Hu
2020 IET Information Security  
This study takes advantage of the division property propagation of S-box to improve the optimal integral distinguisher searching algorithm, and further reduce its time complexity.  ...  The integral cryptanalysis is a powerful cryptanalytic technique for the security evaluation of block cipher.  ...  It is applicable to all SPN structure ciphers with S-boxes of the highest algebraic degree.  ... 
doi:10.1049/iet-ifs.2019.0624 fatcat:ew3e542wnbdxvnnz5oozt5fpqe
« Previous Showing results 1 — 15 out of 53 results