ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

MISTY1

1998-01-20 12:12:46
from [Hironobu Suzuki] [Permanent Link] 


"W" == William H Geiger <whgiii(_at_)invweb(_dot_)net> writes:

 W> Anyone unfamiliar with Misty should look at the CP archives for
 W> the numerous posts by Nobuki Nakatuji. It has snake-oil written
 W> all over it.  This is exactly what is meant by 'pet' algorithm.

I read some emails 'about MISTY encryption Algorithm' from CP
archives.  Do you mention about MISTY1 has kept secret key while
encrypting?

My opinions are below.

1) Design of MISTY1 assume that a secret key is a session key which
will be disposed and never use it again.

2) lots of cipher program, included PGP, can't avoid "CORE DUMP
ATTACK"( core-dumped running process and do "gdb core"). Because
expansion key is fixed while encrypting.

3) MISTY1 is fast and is proved a strong cipher against DC, LC.


I mention about Nobuki Nakatuji. I've never heard his name until 18
hours ago.  Today, Nobuki e-mailed me and said "You need a permission
from MITI to open your MISTY1 code on your website, don't you?".

Nobuki seems he don't know about cryptography situation in Japan.

Fortunately, In Japan, programs for research or programs with known
technology are NOT required any permission from MITI. This export
condition is described in document which was issued from MITI export
department. So, there are many PGP program archive sites in Japan and
you can get it.

Most of Japanese cryptographers and real hackers who have made
so-high-tech programs, know about it because they're must write their
academic paper, AI or high-tech programs and do something like to
issue Internet Draft written by Matsui-san.

But Nobuki don't know about it.

MISTY's references are here.

   [1]  M. Matsui, "New Block Encryption Algorithm MISTY", Fast Software
        Encryption - 4th International Workshop (FSE'97), LNCS 1267,
        Springer Verlag, 1997, pp.54-68

   [2]  K. Nyberg and L.R. Knudsen, "Provable Security Against a
        Differential Attack", Journal of Cryptology, Vol.8, No.1, 1995,
        pp. 27-37

   [3]  K. Nyberg, "Linear Approximation of Block Ciphers", Advances in
        Cryptology - Eurocrypt'94, LNCS 950, Springer Verlag, 1995,
        pp.439-444

   [4]  M. Matsui, "New Structure of Block Ciphers with Provable
        Security Against Differential and Linear Cryptanalysis", Fast
        Software Encryption - Third International Workshop, LNCS 1039,
        Springer Verlag, 1996, pp.205-218

-- 
Hironobu SUZUKI        Independent Software Consultant
E-Mail: hironobu(_at_)h2np(_dot_)suginami(_dot_)tokyo(_dot_)jp
URL://www.pp.iij4u.or.jp/~h2np
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenPGP WG meeting minutes, Hal Finney
Next by Date:  Re: OpenPGP WG meeting minutes, nospam-seesignature
Previous by Thread:  Re: OpenPGP WG meeting minutes, William H. Geiger III
Next by Thread:  Re: OpenPGP WG meeting minutes, nospam-seesignature
Indexes:  [Date] [Thread] [Top] [All Lists]