A Strength Evaluation of a Pseudorandom Number Generator MUGI against Linear Cryptanalysis
نویسندگان
چکیده
This paper reports the strength of a pseudorandom number generator MUGI, which was published as a stream cipher by Hitachi, Ltd. in 2001, against linear cryptanalysis. MUGI is one of the recommended ciphers of CRYPTREC, which is a project for the e-Government in Japan. It has two internal states called state and buffer, which are updated by a linear function λ and a non-linear function ρ. The non-linear function ρ and the linear function λ have already been analyzed, independently. In this paper, whole MUGI is analyzed by truncated linear cryptanalysis. The analysis of λ function is based on the state variables method. The result is combined to the result of the analysis of ρ function to make a trellis diagram. Viterbi search is conducted on the diagram to find the best possible linear path under 64-bit truncated linear cryptanalysis. As the result, the upper bound of the maximum linear characteristic probability is estimated as less than 2−138. Therefore, MUGI is secure against linear cryptanalysis. key words: truncated linear cryptanalysis, stream cipher, pseudorandom number generator, MUGI
منابع مشابه
On the Hardware Implementation of the MUGI Pseudorandom Number Generator
A high-speed hardware implementation of the MUGI pseudorandom number generator is presented in this paper. The MUGI generator is part of the ISO/IEC 18033-4: 2005 standard and it is expected to be used in many applications. The design has been coded in VHDL and FPGA devices have been used for its hardware implementation. A maximum throughput equal to 7 Gbps is achieved for a clock frequency of ...
متن کاملSecurity on Generalized Feistel Scheme with SP Round Function
This paper studies the security against differential/linear cryptanalysis and the pseudorandomness for a class of generalized Feistel scheme with SP round function called GFSP . We consider the minimum number of active s-boxes in some consecutive rounds of GFSP ,i.e., in four, eight and sixteen consecutive rounds, which provide the upper bound of the maximum differential/linear probabilities of...
متن کاملCryptographic Weaknesses in the Round Transformation Used in a Block Cipher with Provable Immunity Against Linear Cryptanalysis (Extended Abstract)
MISTY is a data encryption algorithm recently proposed by M Matsui from Mitsubishi Electric Corporation This paper focuses on cryptographic roles of the transform used in the MISTY cipher Our research reveals that when used for constructing pseudorandom permu tations the transform employed by the MISTY cipher is inferior to the transform in DES though the former is superior to the latter in ter...
متن کاملPseudorandom Permutation Families over Abelian Groups
We propose a general framework for differential and linear cryptanalysis of block ciphers when the block is not a bitstring. We prove piling-up lemmas for the generalized differential probability and the linear potential, and we study their lower bounds and average value, in particular in the case of permutations of Fp. Using this framework, we describe a toy cipher, that operates on blocks of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEICE Transactions
دوره 88-A شماره
صفحات -
تاریخ انتشار 2005