| General | |
|---|---|
| Designers | Security Algorithms Group of Experts |
| Derived from | MISTY1 |
| Cipher detail | |
| Key sizes | 128 bits |
| Block sizes | 64 bits |
| Structure | Feistel network |
| Rounds | 8 |
| Best public cryptanalysis | |
| Related-key rectangle attack using 254.6 chosen plaintexts with a complexity of 276.1 | |
In cryptography, KASUMI, also termed A5/3 when used in GSM and GEA3 when used in GPRS, is a block cipher used in the confidentiality (f8) and integrity algorithms (f9) for 3GPP mobile communications.
KASUMI was designed by the Security Algorithms Group of Experts (SAGE), part of the European standards body ETSI.[1] Rather than invent a cipher from scratch, SAGE selected an existing algorithm, MISTY1, and optimised it slightly for implementation in hardware. Hence, MISTY1 and KASUMI are very similar — kasumi (霞) is the Japanese word for "mist" — and the cryptanalysis of one is likely to be readily adaptable to the other. KASUMI maintains an efficient implementation in software.
KASUMI has a block size of 64 bits and a key size of 128 bits. It is a Feistel cipher with eight rounds, and like MISTY1 and MISTY2, it has a recursive structure, with subcomponents also having a Feistel-like form.
Contents |
Analysis of cipher strength
In 2001, an impossible differential attack on six rounds of KASUMI was presented by Kühn (2001).[2]
In 2003 Elad Barkan, Eli Biham and Nathan Keller demonstrated man-in-the-middle attacks against the GSM protocol that allow avoiding the A5/3 cipher and thus breaking the protocol. This approach does not attack the A5/3 cipher, however.[3] The full version of their paper was published later in 2006.[4]
In 2005, Israeli researchers Eli Biham, Orr Dunkelman and Nathan Keller published a related-key rectangle (boomerang) attack on KASUMI that can break all 8 rounds faster than exhaustive search.[5] The attack requires 254.6 chosen plaintexts, each of which has been encrypted under one of four related keys, and has a time complexity equivalent to 276.1 KASUMI encryptions. While this is not a practical attack, it invalidates some proofs about the security of the 3GPP protocols that had relied on the presumed strength of KASUMI.
See also
References
- ^ "Universal Mobile Telecommunications System (UMTS); Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi specification". ETSI. 2007. http://www.etsi.org/website/document/algorithms/ts_135202v070000p.pdf.
- ^ Kühn, Ulrich. "Cryptanalysis of Reduced Round MISTY". EUROCRYPT 2001. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.7609.
- ^ Elad Barkan, Eli Biham, Nathan Keller. "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication". CRYPTO 2003. pp. 600-616. http://cryptome.org/gsm-crack-bbk.pdf.
- ^ Elad Barkan, Eli Biham, Nathan Keller. "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication by Barkan and Biham of Technion (Full Version)". http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/2006/CS/CS-2006-07.pdf.
- ^ Eli Biham, Orr Dunkelman, Nathan Keller. "A Related-Key Rectangle Attack on the Full KASUMI" (ps). ASIACRYPT 2005. pp. 443-461. http://www.ma.huji.ac.il/~nkeller/kasumi.ps.
External links
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
