KASUMI (block cipher)

From Wikipedia, the free encyclopedia

KASUMI
Designer(s): Security Algorithms Group of Experts
Derived from: MISTY1
Key size(s): 128 bits
Block size(s): 64 bits
Structure: Feistel network
Rounds: 8

In cryptography, KASUMI, also termed A5/3, is a block cipher used in the confidentiality (f8) and integrity algorithms (f9) for 3GPP mobile communications. A number of serious weaknesses in the cipher have been identified.

KASUMI was designed by the Security Algorithms Group of Experts (SAGE), part of the European standards body ETSI. Rather than invent a cipher from scratch, an existing algorithm, MISTY1, was selected by SAGE and slightly optimised for implementation in hardware. Hence, both MISTY1 and KASUMI are very similar — kasumi (霞) is the Japanese word for "misty" — and the cryptanalysis of one is likely to be readily adaptable to the other. KASUMI maintains an efficient implementation in software.

KASUMI has a block size of 64 bits and a key size of 128 bits. It is a Feistel cipher with eight rounds, and like MISTY1 and MISTY2, it has a recursive structure, with subcomponents also having a Feistel-like form.

In 2001, an impossible differential attack on six rounds of KASUMI was presented by Kühn (2001).

In 2005, Israeli researchers Eli Biham, Orr Dunkelman and Nathan Keller published a related-key rectangle (boomerang) attack on KASUMI that can break all 8 rounds faster than exhaustive search. The attack requires 254.6 chosen plaintexts, each of which has been encrypted under one of four related keys, and has a time complexity equivalent to 276.1 KASUMI encryptions. While this is not a practical attack, it invalidates some proofs about the security of the 3GPP protocols that had relied on the presumed strength of KASUMI.

In 2006 Elad Barkan, Eli Biham and Nathan Keller demonstrated attacks against A5/1 and A5/2, that allow attackers to tap GSM mobile phone conversations and decrypt them either in real-time, or at any later time. Protocol weaknesses allow recovery of the key, but the KASUMI algorithm is unaffected in itself.

[edit] See also

[edit] References

[edit] External links


Block ciphers
v  d  e
Algorithms: 3-Way | AES | Akelarre | Anubis | BaseKing | Blowfish | C2 | Camellia | CAST-128 | CAST-256 | CMEA | Cobra | Crab | CS-Cipher | DEAL | DES | DES-X | DFC | E2 | FEAL | FROG | G-DES | GOST | Grand Cru | Hasty Pudding Cipher | Hierocrypt | ICE | IDEA | IDEA NXT | Iraqi | KASUMI | KHAZAD | Khufu and Khafre | Libelle | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | Mercy | MESH | MISTY1 | MMB | MULTI2 | NewDES | NOEKEON | NUSH | Q | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SC2000 | SEED | Serpent | SHACAL | SHARK | Skipjack | SMS4 | Square | TEA | Triple DES | Twofish | XTEA
Design: Feistel network | Key schedule | Product cipher | S-box | SPN   Attacks: Brute force | Linear / Differential / Integral cryptanalysis | Mod n | Related-key | Slide | XSL
Standardization: AES process | CRYPTREC | NESSIE   Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key
Cryptography
v  d  e
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers
In other languages