- MISTY redirects here. For other meanings, see Misty
|Designers||Matsui, Ichikawa, Sorimachi, Tokita, Yamagishi|
|Successors||Camellia, MISTY2, KASUMI|
|Certification||CRYPTREC (Candidate), NESSIE|
|Key sizes||128 bits|
|Block sizes||64 bits|
|Structure||Nested Feistel network|
|Rounds||4×n (8 recommended)|
MISTY1 is one of the selected algorithms in the European NESSIE project, and has been among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003; however, it was dropped to "candidate" by CRYPTREC revision in 2013.
"MISTY" can stand for "Mitsubishi Improved Security Technology"; it is also the initials of the researchers involved in its development: Matsui Mitsuru, Ichikawa Tetsuya, Sorimachi Toru, Tokita Toshio, and Yamagishi Atsuhiro.
MISTY1 is covered by patents, although the algorithm is freely available for academic (non-profit) use in RFC 2994.
MISTY1 is a Feistel network with a variable number of rounds (any multiple of 4), though 8 are recommended. The cipher operates on 64-bit blocks and has a key size of 128 bits. MISTY1 has an innovative recursive structure; the round function itself uses a 3-round Feistel network. MISTY1 claims to be provably secure against linear and differential cryptanalysis.
KASUMI is a successor of the MISTY1 cipher which was supposed to be stronger than MISTY1 and has been adopted as the standard encryption algorithm for European mobile phones. In 2005, KASUMI was broken, and in 2010 a new paper was published (explained below) detailing a practical attack on the cipher; see the article for more details.
- Mitsuru Matsui (1997). "Block encryption algorithm MISTY". Fast Software Encryption, 4th International Workshop, FSE '97, LNCS 1267. pp. 64–74.
- Mitsuru Matsui (July 1996). "Block encryption algorithm MISTY". Technical report of IEICE ISEC96-11. Archived from the original on August 23, 2000.
- "Episodes in the development of MISTY".
- Alex Biryukov (2004). "Block Ciphers and Stream Ciphers: The State of the Art".
- Orr Dunkelman and Nathan Keller and Adi Shamir (2010). "A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony".
- Elad Barkan, Eli Biham and Nathan Keller, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication, CRYPTO 2003, pp. 600–616 (PDF).
- RFC 2994
- Mitsubishi - About MISTY
- MISTY1 patent statement from Mitsubishi
- John Savard's description of MISTY
- SCAN's entry on MISTY1