This attack is based on related keys, nothing very exploitable in practice... It's a theoretical break only.
Martin Robert Malmgren wrote: > Howdy all, > > I havent seen anyone refer to the actual scientific paper yet, last year > there where some mails about the slides. > > The paper by Dunkelman, Keller and Shamir is now up on the IACR web: > > http://eprint.iacr.org/2010/013.pdf > > I picked up the following interesting text from the abstract: > > "....These complexities are so small that we > have actually simulated the attack in less than two hours on a single PC, > and experimentally veriļ¬ed its correctness and complexity. Interestingly, > neither our technique nor any other published attack can break MISTY > in less than the 2^128 complexity of exhaustive search, which indicates > that the changes made by the GSM Association in moving from MISTY > to KASUMI resulted in a much weaker cryptosystem. " > > and this from the summary: > > "....Our main point was to show that contrary to the assurances of its > designers, the transition from > MISTY to KASUMI led to a much weaker cryptosystem, which should be > avoided in any application in > which related key attacks can be mounted. " > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
