Hierocrypt-L1/3の鍵スケジュール解析

Presentation	2002/11/8 Improved Key Schedule Analysis of Hierocrypt-L1/3 Shoji KANAMARU, Taizo SHIRAI, George ABE,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	We present a new method to obtain byte-wise linear relations between round keys for symmetric block cipher. Compared with the previous work by Furuya and Rijmen, our method targets not only given keys but also arbitrary keys. In addition, we greatly increase the number of byte-wise linear relations to 2^60-1 for Hierocrypt-L1 and 2^128-1, 2^152-1, and 2^168-1 for Hierocrypt-3 with 128,192, and 256 key bits, respectively. The existence of such huge numbers of simple relations contradicts cipher designer's expectation, and tends to pull the triggers for future attacks. Moreover, we find out that the padded secret key for Hierocrypt-3 with 192 key bits is not a desirable choice. Finally, we point out that the validity of a premise assumed in the provable security theory for Hierocrypt-L1/3 is questionable.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Hierocrypt-L1/3 / key schedule / linear relation / cipher design / provable security
Paper #	ISEC2002-91
Date of Issue

Paper Information
Registration To	Information Security (ISEC)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Improved Key Schedule Analysis of Hierocrypt-L1/3
Sub Title (in English)
Keyword(1)	Hierocrypt-L1/3
Keyword(2)	key schedule
Keyword(3)	linear relation
Keyword(4)	cipher design
Keyword(5)	provable security
1st Author's Name	Shoji KANAMARU
1st Author's Affiliation	UT Labs. Sony Co.()
2nd Author's Name	Taizo SHIRAI
2nd Author's Affiliation	UT Labs. Sony Co.
3rd Author's Name	George ABE
3rd Author's Affiliation	UT Labs. Sony Co.
Date	2002/11/8
Paper #	ISEC2002-91
Volume (vol)	vol.102
Number (no)	437
Page	pp.pp.-
#Pages	8
Date of Issue