On non-pseudorandomness from block ciphers with provable immunity against linear cryptanalysis

Kouichi Sakurai, Yuliang Zheng

Research output: Contribution to journalArticle

23 Citations (Scopus)

Abstract

Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudorandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic round-function in a transform used in DES. Cryptographic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructing pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3-round (4-round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation. For comparison, we note that with three (four, respectively) rounds, transforms used in DES yield a pseudorandom (super pseudorandom, respectively) permutation. Another contribution of this paper is to show that a 3-round concatenation of transforms used in (the preliminary version of) the MISTY cipher has an algebraic property, which may open a door for various cryptanalytic attacks. These results clearly indicate that provable immunity against linear and differential cryptanalysis is not sufficient for designing a secure block cipher, and the security of the MISTY cipher will remain open until a close examination of its resistance is conducted against other cryptanalytic attacks than the linear or differential attack.

Original languageEnglish
Pages (from-to)19-24
Number of pages6
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE80-A
Issue number1
Publication statusPublished - Jan 1 1997

Fingerprint

Linear Cryptanalysis
Block Ciphers
Immunity
Cryptography
Transform
Attack
Differential Cryptanalysis
Permutation
Block Cipher
Concatenation
Encryption
Industry
Sufficient

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics

Cite this

@article{f48d98dddb294230ad08d07bf35a9996,
title = "On non-pseudorandomness from block ciphers with provable immunity against linear cryptanalysis",
abstract = "Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudorandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic round-function in a transform used in DES. Cryptographic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructing pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3-round (4-round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation. For comparison, we note that with three (four, respectively) rounds, transforms used in DES yield a pseudorandom (super pseudorandom, respectively) permutation. Another contribution of this paper is to show that a 3-round concatenation of transforms used in (the preliminary version of) the MISTY cipher has an algebraic property, which may open a door for various cryptanalytic attacks. These results clearly indicate that provable immunity against linear and differential cryptanalysis is not sufficient for designing a secure block cipher, and the security of the MISTY cipher will remain open until a close examination of its resistance is conducted against other cryptanalytic attacks than the linear or differential attack.",
author = "Kouichi Sakurai and Yuliang Zheng",
year = "1997",
month = "1",
day = "1",
language = "English",
volume = "E80-A",
pages = "19--24",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "1",

}

TY - JOUR

T1 - On non-pseudorandomness from block ciphers with provable immunity against linear cryptanalysis

AU - Sakurai, Kouichi

AU - Zheng, Yuliang

PY - 1997/1/1

Y1 - 1997/1/1

N2 - Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudorandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic round-function in a transform used in DES. Cryptographic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructing pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3-round (4-round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation. For comparison, we note that with three (four, respectively) rounds, transforms used in DES yield a pseudorandom (super pseudorandom, respectively) permutation. Another contribution of this paper is to show that a 3-round concatenation of transforms used in (the preliminary version of) the MISTY cipher has an algebraic property, which may open a door for various cryptanalytic attacks. These results clearly indicate that provable immunity against linear and differential cryptanalysis is not sufficient for designing a secure block cipher, and the security of the MISTY cipher will remain open until a close examination of its resistance is conducted against other cryptanalytic attacks than the linear or differential attack.

AB - Weakness of a block cipher, which has provable immunity against linear cryptanalysis, is investigated. To this end, the round transformation used in MISTY, which is a data encryption algorithm recently proposed by M. Matsui from Mitsubishi Electric Corporation, is compared to the round transformation of DES from the point of view of pseudorandom generation. An important property of the MISTY cipher is that, in terms of theoretically provable resistance against linear and differential cryptanalysis, which are the most powerful cryptanalytic attacks known to date, it is more robust than the Data Encryption Standard or DES. This property can be attributed to the application of a new round transform in the MISTY cipher, which is obtained by changing the location of the basic round-function in a transform used in DES. Cryptographic roles of the transform used in the MISTY cipher are the main focus of this paper. Our research reveals that when used for constructing pseudorandom permutations, the transform employed by the MISTY cipher is inferior to the transform in DES, though the former is superior to the latter in terms of strength against linear and differential attacks. More specifically, we show that a 3-round (4-round, respectively) concatenation of transforms used in the MISTY cipher is not a pseudorandom (super pseudorandom, respectively) permutation. For comparison, we note that with three (four, respectively) rounds, transforms used in DES yield a pseudorandom (super pseudorandom, respectively) permutation. Another contribution of this paper is to show that a 3-round concatenation of transforms used in (the preliminary version of) the MISTY cipher has an algebraic property, which may open a door for various cryptanalytic attacks. These results clearly indicate that provable immunity against linear and differential cryptanalysis is not sufficient for designing a secure block cipher, and the security of the MISTY cipher will remain open until a close examination of its resistance is conducted against other cryptanalytic attacks than the linear or differential attack.

UR - http://www.scopus.com/inward/record.url?scp=0030686751&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0030686751&partnerID=8YFLogxK

M3 - Article

VL - E80-A

SP - 19

EP - 24

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -