Download - Misty1
![Page 1: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/1.jpg)
Proposal of MISTY1 as a Block Cipher of Cipher Suites in TLS
Hirosato Tsuji Toshio Tokita Mitsubishi
Electric Corporation
![Page 2: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/2.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 2
Presentation Agenda
♦ Current Status and Next Steps of MISTY1 to support TLS
♦Block Cipher “MISTY1”
--- by Toshio Tokita
--- by Hirosato Tsuji
![Page 4: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/4.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 4
Overview♦Secret-key block cipher
64-bit block, 128-bit key, a variable number of rounds (8-round recommended)
proposed by M.Matsui (Mitsubishi) in 1996 at Fast Software Encryption Workshop “FSE4”
♦ Widely used in many applications: Governmental applications:
Public transportation systems, Secure network systems, etc,etc
Commercial products: S/MIME E-mail software, VPN(Routers/Hubs), Encryption LSI, PKI Software & services, etc, etc
![Page 5: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/5.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 5
Recent News♦ “KASUMI” has been adopted as a
mandatory algorithm for data confidentiality and data integrity in W-CDMA by 3GPP. (March, 2000)
♦ KASUMI will be also used in current GSM systems as an alternative for A5.
♦ KASUMI is a variant of MISTY1 designed for W-CDMA systems.
“KASUMI”=“MIST” 3GPP: 3rd Generation Partnership Project
![Page 6: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/6.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 6
Pointers♦ ISO9979 No.13 (algorithm registration)
♦ URL for Internet-Draft : http://www.ietf.org/internet-drafts/draft-ohta-misty1desc-02.txt
♦ Specifications http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf
♦ Royalty Free License http://www.mitsubishi.com/ghp_japan/misty/licensee.htm
MISTY1 essential patent is licensed under royalty free conditions.
![Page 7: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/7.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 7
Design Criteria
♦High security: – Provable security against differential and linear cryptanalysis
♦Multi platform:– High speed in both software and hardware implementations
♦Compact:– Low gate count and low power consumption in hardware
![Page 8: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/8.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 8
High security♦ MISTY1 is designed to be highly
secure as a 64-bit block cipher; particularly to be provably secure against differential and linear cryptanalysis.
� Differential Cryptanalysis Differential Cryptanalysis (Biham, Shamir 1990)– First DES attack faster than an exhaustive key search
� Linear Cryptanalysis Linear Cryptanalysis (Matsui 1993)– First successful computer experiment for breaking DES
Powerful Cryptographic AttacksPowerful Cryptographic Attacks
![Page 9: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/9.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 9
Multi Platform
♦ MISTY1 is designed to be sufficiently fast in
both software and hardware implementations. Ex1) Pentium III (800MHz) (Assembly Language Program)
Encryption speed 230Mbps
Ex2) ASIC H/W (Mitsubishi 0.35 micron CMOS Design Library)
Encryption speed 800Mbps
Gate size 50Kgates
![Page 10: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/10.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 10
Compact
♦ Encryption/decryption logics of MISTY1
can be realized in very compact size.
Ex) ASIC (Mitsubishi 0.35 micron CMOS Design Library)
Gate size 7.6Kgates
Encryption speed 72Mbps
Note:
A requirement for W-CDMA encryption algorithm:
“gate size must be smaller than 10Kgates”
![Page 11: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/11.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 11
Structure of MISTY
FO
FO
FO
FO
FI
FI
FI
S9
S7
S9
32
32
16
16
9
7
Pla in t e xt
C iphe r t e xt
FL FL
FL FL
FL FL
St ruc t ure o f MISTY1
Re c urs iv e s t ruc t ure 1 (FO func t ion)
Re c urs iv e s t ruc t re 2 (FI func t ion)
![Page 12: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/12.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 12
Hardware
M16C Core
Memory
Rnd. Num. Gen.
RSA core
MISTY1 core M16C(CPU)
![Page 13: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/13.jpg)
Current Status and Next Steps of MISTY1
to support TLS
Hirosato Tsuji
Mitsubishi Electric Corporation
![Page 14: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/14.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 14
Summary
♦ What is MISTY1?– High security, Multi platform, Compact,
Block cipher
♦ In this presentation– Actual Application of MISTY1– Proposal of MISTY1– Current Status to support TLS– Next Steps to support TLS
![Page 15: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/15.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 15
Actual Application of MISTY1 (1) Secure E-mail Systems
♦ S/MIME-based e-mail application♦ Extended S/MIME V2 specification♦ Implemented by Mitsubishi and other
Japanese venders♦ Interoperability had been confirmed
between these venders
![Page 16: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/16.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 16
Actual Application of MISTY1 (2) Secure Web Access Systems
♦ Secure Web Access Systems– provide authentication, access control,
integrity and confidentiality
♦ Implemented on the HTTP and TCP ( sorry, not on TLS )
♦ Contents is encrypted by MISTY1
![Page 17: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/17.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 17
Actual Application of MISTY1 (3) Other Apps based on MISTY Toolkit
♦ MISTY Cryptographic / PKI Toolkit– Content Encryption Algorithm in PKCS #7– Encryption Scheme ( Symmetric Cipher )
for PKCS #5 Password-based Encryption
♦ Other Apps implemented on Toolkit– Secure Contents Distribution Systems– Governmental Services
![Page 18: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/18.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 18
Proposal of MISTY1
♦ As ONE of block ciphers of Cipher Suites for TLS 1.0
♦ Reason to use MISTY1– Suitable Block Cipher– Royalty Free License
– Applied to Actual Internet Applications
![Page 19: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/19.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 19
Current Status to support TLS
♦ Submit Internet Draft of Description of MISTY1– posted.
♦ Make a presentation of MISTY1 at 48th IETF, Pittsburgh, PA– now.
![Page 20: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/20.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 20
Next Steps to support TLS
♦ Proceed Internet Draft of Description of MISTY1 to Informational RFC
♦ Submit Internet Draft of MISTY1-based Cipher Suites for TLS 1.0
♦ Request TLS WG to assign the Register Number of these Cipher Suites
![Page 21: Misty1](https://reader034.vdocuments.us/reader034/viewer/2022042716/55ae2ae61a28abb0108b4642/html5/thumbnails/21.jpg)
2000/08/01 48th IETF, Pittsburgh, PA, USA 21
Next Steps to support TLS (continued)
♦ Implementing TLS 1.0 with MISTY1– processing now with OpenSSL