Editing MISTY1

{{Short description|Block cipher}}
{{Redirect|MISTY||Misty (disambiguation){{!}}Misty}}

{{Infobox block cipher
| name          = MISTY1
| image         = 
| caption       = 
| designers     = {{Plainlist|
* [[Mitsuru Matsui|Mitsuru '''M'''atsui]],
* Tetsuya '''I'''chikawa,
* Toru '''S'''orimachi,
* Toshio '''T'''okita,
* Atsuhiro '''Y'''amagishi
}}
| publish date  = 1995
| derived from  = 
| derived to    = [[Camellia (cipher)|Camellia]], [[KASUMI (block cipher)|KASUMI]]
| related to    = 
| certification = [[CRYPTREC]] (Candidate), [[NESSIE]]
| key size      = 128 bits
| block size    = 64 bits
| structure     = Nested [[Feistel network]]
| rounds        = 4×''n'' (8 recommended)
| cryptanalysis = Integral cryptanalysis leading to full key recovery with 2<sup>63.9999</sup> chosen ciphertexts and 2<sup>79</sup> time, or 2<sup>64</sup> chosen ciphertexts and 2<sup>69.5</sup> time.<ref name="bar-on">{{cite web | author=Achiya Bar-On | date=30 July 2015 | title=A 2<sup>70</sup> Attack on the Full MISTY1 | url=https://eprint.iacr.org/2015/746.pdf}}</ref>
}}

In [[cryptography]], '''MISTY1''' (or '''MISTY-1''') is a [[block cipher]] designed in 1995 by [[Mitsuru Matsui]] and others for [[Mitsubishi Electric]].<ref>{{cite conference
 | author=Mitsuru Matsui
 | title=Block encryption algorithm MISTY
 | conference=[[Fast Software Encryption]], 4th International Workshop, FSE '97, LNCS 1267
 | url=https://books.google.com/books?id=5ARKxNUrw8UC&pg=PA54
 | pages=64–74
 | year=1997
| isbn=9783540632474
 }}</ref><ref>{{cite book
 | author=Mitsuru Matsui
 | chapter=Block encryption algorithm MISTY
 | title=Technical report of IEICE ISEC96-11
 |date=July 1996
 | url=http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf
 | archive-url=https://web.archive.org/web/20000823133547/http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf
 | archive-date=August 23, 2000
}}</ref>

MISTY1 is one of the selected algorithms in the [[Europe]]an [[NESSIE]] project, and has been among the cryptographic techniques recommended for Japanese government use by [[CRYPTREC]] in 2003; however, it was dropped to "candidate" by CRYPTREC revision in 2013. However, it was successfully broken in 2015 by Yosuke Todo using [[integral cryptanalysis]]; this attack was improved in the same year by Achiya Bar-On.<ref name="bar-on" />

"MISTY" can stand for "Mitsubishi Improved Security Technology"; it is also the initials of the researchers involved in its development: Matsui Mitsuru, Ichikawa Tetsuya, Sorimachi Toru, Tokita Toshio, and Yamagishi Atsuhiro.<ref>{{cite web
 |url         = http://global.mitsubishielectric.com/misty/about/road.html
 |title       = Episodes in the development of MISTY
 |archive-url  = https://web.archive.org/web/20050322134705/http://global.mitsubishielectric.com/misty/about/road.html
 |archive-date = 2005-03-22
}}</ref>

MISTY1 is covered by patents, although the algorithm is freely available for academic (non-profit) use in RFC 2994, and there's a GPLed implementation by Hironobu Suzuki (used by, e.g. [[Scramdisk]]).

==Security==
MISTY1 is a [[Feistel network]] with a variable number of rounds (any multiple of 4), though 8 are recommended. The cipher operates on 64-bit blocks and has a [[key size]] of 128 bits. MISTY1 has an innovative recursive structure; the round function itself uses a 3-round Feistel network. MISTY1 claims to be provably secure against [[linear cryptanalysis|linear]] and [[differential cryptanalysis]].

==KASUMI==
[[KASUMI (block cipher)|KASUMI]] is a successor of the MISTY1 cipher which was supposed to be stronger than MISTY1 and has been adopted as the standard encryption algorithm for European [[mobile phone]]s. In 2005, KASUMI was broken, and in 2010 a new paper was published (explained below) detailing a practical attack on the cipher; see the article for more details.

In the paper "Block Ciphers and Stream Ciphers" by [[Alex Biryukov]], it is noted that KASUMI, also termed A5/3, is a strengthened version of block cipher MISTY1 running in a Counter mode.<ref>{{cite web
  | author=Alex Biryukov
  | title=Block Ciphers and Stream Ciphers: The State of the Art
  | year=2004
  | url=http://citeseer.ist.psu.edu/biryukov04block.html
}}</ref>

However, in 2010 Dunkelman, Keller, and [[Adi Shamir|Shamir]] showed that KASUMI is not as strong as MISTY1;<ref>{{cite journal
| author=Orr Dunkelman and Nathan Keller and Adi Shamir
| title=A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony
| journal=Cryptology ePrint Archive
| year=2010
| url=http://eprint.iacr.org/2010/013
}}</ref> the KASUMI attack will not work against MISTY1.

==References==
{{Reflist}}

==External links==
* {{IETF RFC|2994|link=no}}
* [https://web.archive.org/web/20080725114826/http://global.mitsubishielectric.com/misty/about/about.html Mitsubishi - About MISTY]
* [http://www.ietf.org/ietf/IPR/MITSUBISHI-MISTY MISTY1 patent statement from Mitsubishi]
* [http://www.quadibloc.com/crypto/co040308.htm John Savard's description of MISTY]
* [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#MISTY1 SCAN's entry on MISTY1]

{{Cryptography navbox | block}}
{{Mitsubishi Electric}}

[[Category:Feistel ciphers]]
[[Category:Mitsubishi Electric products, services and standards]]