【 摘 要 】

The notion of pseudorandomness is the theoretical foundation on which to consider the soundness of a basic structure used in some block ciphers. We examine the pseudorandomness of the block cipher KASUMI, which will be used in the next-generation cellular phones. First, we prove that the four-round unbalanced MISTY-type transformation is pseudorandom in order to illustrate the pseudorandomness of the inside round function FI of KASUMI under an adaptive distinguisher model. Second, we show that the three-round KASUMI-like structure is not pseudorandom but the four-round KASUMI-like structure is pseudorandom under a non-adaptive distinguisher model.

【 授权许可】

   

【 预 览 】

附件列表

Files	Size	Format	View
20150520103953239.pdf	343KB	PDF	download

【 参考文献 】

• [1]M. Luby and C. Rackoff, "How to Construct Pseudorandom Permutations and Pseudorandom Functions," SIAM J. Comput., vol. 17, 1988, pp. 189-203.
• [2]J. Patarin, "How to Construct Pseudorandom and Super Pseudorandom Permutations from one Single Pseudorandom Function," Advances in Cryptology-Eurocrypt’92, LNCS 658, Springer-Verlag, 1992, pp. 256-266.
• [3]M. Naor and O. Reingold, "On the Construction of Pseurandom Permutations: Luby-Rackoff Revisited," J. Cryptology, vol. 12, 1999, pp. 29-66.
• [4]M. Matsui, "New Permutation of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis," Fast Software Encryption, LNCS 1039, Springer-Verlag, 1996, pp. 205-218.
• [5]M. Matsui, "New Block Encryption Algorithm MISTY," Fast Software Encryption’97, LNCS 1267, Springer-Verlag, 1997, pp. 54-68.
• [6]K. Sakurai and Y. Zheng, "On Non-Pseudorandomness from Block Ciphers with Provable Immunity against Linear Cryptanalysis," IEICE Trans. Fundamentals, vol. E80-A, no. 1, 1997, pp. 19-24.
• [7]H. Gilbert and M. Minier, "New Results on the Pseudorandomness of Some Block Cipher Constructions," FSE 2001, LNCS 2355, Springer-Verlag, 2002, pp. 248-266.
• [8]J.S. Kang, O.Y. Yi, D.W. Hong, and H.S. Cho, "Pseudorandomness of MISTY-Type Transformations and the Block Cipher KASUMI," ACISP2001, LNCS 2119, Springer-Verlag, 2001, pp. 60-73.
• [9]T. Iwata, T. Yoshino, T. Yuasa, and K. Kurosawa, "Round Security and Super-Pseudorandomness of MISTY Type Structure," FSE2001, LNCS 2355, Springer-Verlag, 2002, pp. 233-247.
• [10]T. Iwata, T. Yoshino, and K. Kurosawa, "Non-Cryptographic Primitive for Pseudorandom Permutation," FSE 2002, LNCS 2365, Springer-Verlag, 2002, pp. 149-163.
• [11]3G TS 35.201, Specification of the 3GPP Confidentiality and Integrity Algorithm; Document 1: f8 and f9 specifications, available at http://www.3gpp.org.
• [12]J.S. Kang, S.U. Shin, D.W. Hong, and O.Y. Yi, "Provable Security of KASUMI and 3GPP Encryption mode f8," ASIACRYPT 2001, LNCS 2248, Springer-Verlag, 2001, pp. 255-271.
• [13]M. Bellare, J. Kilian, and P. Rogaway, "The Security of Cipher Block Chaining Message Authentication Codes," Advances in Cryptology-Crypto’94, LNCS 839, Springer-Verlag, 1994, pp. 341-358.
• [14]M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, "A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation," 38th Symp. on Foundations of Computer Science (FOCS), IEEE Computer Society, 1997, pp. 394-403.
• [15]L.R. Knudsen, DEAL-A 128-Bit Block Cipher, Technical report 151, Univ. of Bergen, February 1998, available at http://www.ii.uib.no/\~larsr/newblock.html.
• [16]J. Patarin, "Generic Attacks on Feistel Schemes," ASIACRYPT 2001, LNCS 2248, Springer-Verlag, 2001, pp. 222-238.
• [17]3GPP SAGE, Report on the Evaluation of 3GPP Standard Confidentiality and Integrity Algorithms, SAGE version 2.0, 2001, available at http://www.3gpp.org.
• [18]U. Kuhn, "Cryptanalysis of Reduced-Round MISTY," Advances in Cryptology-Eurocrypt 2001, LNCS 2045, Springer-Verlag, 2001, pp. 325-339.