NEC Software Hokuriku Ltd.

Japan

NEC Software Hokuriku Ltd.

Japan

Time filter

Source Type

Tsunoo Y.,NEC Corp | Kawabata T.,NEC Software Hokuriku Ltd. | Suzaki T.,NEC Corp | Kubo H.,NEC Software Hokuriku Ltd. | Saito T.,NEC Software Hokuriku Ltd.
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences | Year: 2010

A cache attack against DICING is presented. Cache attacks use CPU cache miss and hit information as side-channel information. DICING is a stream cipher that was proposed at eSTREAM. No effective attack on DICING has been reported before. Because DICING uses a keydependent S-box and there is no key addition before the first S-box layer, a conventional cache attack is considered to be difficult. We therefore investigated an access-driven cache attack that employs the special features of transformation L to give the chosen IV. We also investigated reduction of the computational complexity required to obtain the secret key from the information gained in the cache attack. We were able to obtain a 40-bit key differential given a total of 218 chosen IVs on a Pentium III processor. From the obtained key differential, the 128-bit secret key could be recovered with computational complexity of from 249 to 263. This result shows that the new cache attack, which is based on a different attack model, is also applicable in an actual environment. Copyright © 2010 The Institute of Electronics, Information and Communication Engineers.


Tsunoo Y.,NEC Corp | Saito T.,NEC Software Hokuriku Ltd. | Kawabata T.,NEC Software Hokuriku Ltd. | Nakagawa H.,NEC Software Hokuriku Ltd.
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences | Year: 2012

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it is recommended for Japanese e-Government ciphers by the CRYPTREC project. In this paper, we report on 12th order differentials in 3-round MISTY1 with FL functions and 44th order differentials in 4-round MISTY1 with FL functions both previously unknown. We also report that both data complexity and computational complexity of higher order differential attacks on 6-round MISTY1 with FL functions and 7-round MISTY1 with FL functions using the 46th order differential can be reduced to as much as 1/22 of the previous values by using multiple 44th order differentials simultaneously. Copyright © 2012 The Institute of Electronics, Information and Communication Engineers.


Minematsu K.,NEC Corp | Suzaki T.,NEC Corp | Shigeri M.,NEC Software Hokuriku Ltd.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

The maximum differential probability (MDP) is an important security measure for blockciphers. We investigate MDP of Type-2 generalized Feistel structure (Type-2 GFS), one of the most popular cipher architectures. Previously MDP of Type-2 GFS has been studied for partition number (number of sub-blocks) k = 2 by Aoki and Ohta, and k = 4 by Kim et al. These studies are based on ad-hoc case analysis and it seems rather difficult to analyze larger k by hand. In this paper, we abstract the idea of previous studies and generalize it for any k, and implement it using computers. We investigate Type-2 GFS of k = 4,6,8 and 10 with k + 1 rounds, and obtain O(pk) bound for all cases, when the round function is invertible and its MDP is p. The bound for k = 4 is improved from Kim et al. and those for larger k are new. We also investigate an improvement of Type-2 GFS proposed by Suzaki and Minematsu, and obtain similar bounds as Type-2. © 2011 Springer-Verlag.


Tsunoo Y.,NEC Corp | Saito T.,NEC Software Hokuriku Ltd. | Shigeri M.,NEC Software Hokuriku Ltd. | Kawabata T.,NEC Software Hokuriku Ltd.
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences | Year: 2010

MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper shows that higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions. The attack on 7-round MISTY1 can recover a partial subkey with a data complexity of 254.1 and a computational complexity of 2 120.8, which signifies the first successful attack on 7-round MISTY1 with no limitation such as a weak key. This paper also evaluates the complexity of this higher order differential attack on MISTY1 in which the key schedule is replaced by a pseudorandom function. It is shown that resistance to the higher order differential attack is not substantially improved even in 7-round MISTY1 in which the key schedule is replaced by a pseudorandom function. © 2010 The Institute of Electronics, Information and Communication Engineers.


An encryption evaluation device 100 is a device evaluating the security of a block cipher encrypting data of a predetermined size for each block by repeatedly executing, a predetermined number of rounds, a round process using a round function converting data based on a key. The encryption evaluation device 100 includes: a structure specification information accepting part 101 configured to accept structure specification information for specifying a structure of the block cipher; and a security index value calculating part 102 configured to specify a non-use number as the number of round functions that are not used in meet-in-the-middle attack, based on the accepted structure specification information, and calculate a security index value indicating a calculation amount required to specify the key by performing the meet-in-the-middle attack, based on the specified non-use number.


An encryption evaluation device 100 is a device evaluating the security of a block cipher encrypting data of a predetermined size for each block by repeatedly executing, a predetermined number of rounds, a round process using a round function converting data based on a key. The encryption evaluation device 100 includes: a structure specification information accepting part 101 configured to accept structure specification information for specifying a structure of the block cipher; and a security index value calculating part 102 configured to specify a non-use number as the number of round functions that are not used in meet-in-the-middle attack, based on the accepted structure specification information, and calculate a security index value indicating a calculation amount required to specify the key by performing the meet-in-the-middle attack, based on the specified non-use number.

Loading NEC Software Hokuriku Ltd. collaborators
Loading NEC Software Hokuriku Ltd. collaborators