Zero-Correlation Linear Cryptanalysis of Reduced-round MISTY1

TL;DR

This paper introduces zero-correlation linear cryptanalysis techniques targeting reduced-round MISTY1, demonstrating lower complexity attacks on 7-round versions with and without FL layers, advancing cryptanalytic methods for this cipher.

Contribution

The paper identifies new zero-correlation linear approximations for MISTY1 and develops more efficient attacks on 7-round versions than previous methods.

Findings

Lower time complexity than previous attacks on 7-round MISTY1

Successful zero-correlation linear attack on 7-round with 4 FL layers

Effective analysis of subkey-dependent linear approximations

Abstract

The MISTY1 algorithm, proposed by Matsui in FSE 1997, is a block cipher with a 64-bit block size and a 128-bit key size. It was recommended by the European NESSIE project and the CRYPTREC project, and became one RFC in 2002 and an ISO standard in 2005, respectively. In this paper, we first investigate the properties of the FL linear function and identify 232 subkey- dependent zero-correlation linear approximations over 5-round MISTY1 with 3 FL layers. Fur- thermore, some observations on the FL, FO and FI functions are founded and based upon those observations, we select 27 subkey-dependent zero-correlation linear approximations and then, pro- pose the zero-correlation linear attacks on 7-round MISTY1 with 4 FL layers. Besides, for the case without FL layers, 27 zero-correlation linear approximations over 5-round MISTY1 are employed to the analysis of 7-round MISTY1. The zero-correlation linear attack on the 7-round with 4 FL layers needs about 2^{119:5} encryptions with 2^{62.9} known plaintexts and 2^61 memory bytes. For the attack on 7-round without FL layers, the data complexity is about 2^{63.9} known plaintexts, the time complexity is about 2^{81} encryptions and the memory requirements are about 2^{93} bytes. Both have lower time complexity than previous attacks.