A Meet-in-the-Middle Attack on the Full KASUMI

11 years 3 months ago
A Meet-in-the-Middle Attack on the Full KASUMI
KASUMI is a block cipher which consists eight Feistel rounds with a 128-bit key. The confidentiality and integrity of UMTS, GSM and GPRS mobile communications systems depend heavily on the security of the block cipher KASUMI. We find that the 16-bit subkey k3 has a linear relationship with some special plaintexts and the corresponding outputs of the 3-rd round function respectively. Considering this property, we explore a meet-in-the-middle attack on the full KASUMI by seperating the subkey k3 in the process of searching the secret key. At the same time, some collision properties and table-lookups are applied to reduce the time complexity. With 232 choose plaintexts, our attack needs 2125.8 encryptions with 248 memory to recover all the key. The time complexity can be improved to 2125 encryptions with optimal implementation. Although the attack is a slight advantage over the exhaustive search, it is the first attack on the full version of KASUMI with a single key. Key words: KASUMI,...
Keting Jia, Hongbo Yu, Xiaoyun Wang
Added 23 Dec 2011
Updated 23 Dec 2011
Type Journal
Year 2011
Where IACR
Authors Keting Jia, Hongbo Yu, Xiaoyun Wang
Comments (0)