Multidimensional zero-correlation linear cryptanalysis of the block cipher KASUMI
نویسندگان
چکیده
The block cipher KASUMI, proposed by ETSI SAGE more than 10 years ago, is widely used for security in many synchronous wireless standards nowadays. For instance, the confidentiality and integrity of 3G mobile communications systems depend on the security of KASUMI. Up to now, there are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking. In this paper, combining with some observations on the FL, FO and FI functions, we select some special input/output masks to refine the general 5-round zero-correlation linear approximations and propose the 6-round zero-correlation linear attack on KASUMI. Moreover, under the weak keys conditions that the second keys of the FL function in round 2 and round 8 have the same value at 1st to 8th and 11th to 16th bit-positions, we expand the attack to 7-round KASUMI(2-8). These weak keys take 1/2 of the key space. The new zero-correlation linear attack on the 6-round needs about 2 encryptions with 2 known plaintexts and 2 memory bytes. For the attack under weak keys conditions on the last 7 round, the data complexity is about 2 known plaintexts, the time complexity is about 2 encryptions and the memory requirements are about 2 bytes.
منابع مشابه
Design Principles of the KASUMI Block Cipher
In this paper, we discuss some of theory of provable security against differential and linear cryptanalysis. We also review the design principles of the block cipher KASUMI—especially its resistance against the basic forms of linear and differential cryptanalysis.
متن کاملZero-correlation linear cryptanalysis of reduced-round LBlock
Zero-correlation linear attack is a new method for cryptanalysis of block ciphers developed by Bogdanov et al. in 2012. In this paper we adapt the matrix method to find zerocorrelation linear approximations. Then we present several zero-correlation linear approximations for 14 rounds of LBlock and describe a cryptanalysis for 22 rounds of the reduced LBlock. After biclique attacks on LBlock rev...
متن کاملZero-Correlation Linear Cryptanalysis of Block Ciphers
Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis – zero-correlation linear cryptanalysis – a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, ...
متن کاملLinear hulls with correlation zero and linear cryptanalysis of block ciphers
Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an...
متن کاملAn Approach of Zero Correlation Linear Cryptanalysis
Differential and Linear Cryptanalysis are two most popular techniques that have been widely used to attacks block ciphers to reveal its weakness in substitution and permutation network. Most of the block ciphers which are resistant against Differential and Linear Cryptanalysis may not be immune to their latest extensions such as Impossible Differential Cryptanalysis (IDC) and Zero Correlation L...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IET Information Security
دوره 10 شماره
صفحات -
تاریخ انتشار 2016