際際滷

際際滷Share a Scribd company logo
Proposal of MISTY1
 as a Block Cipher of
 Cipher Suites in TLS
Hirosato Tsuji            Toshio
    Tokita        Mitsubishi
      Electric Corporation
Presentation Agenda
 Block Cipher MISTY1
    --- by Toshio Tokita

  Current Status and Next Steps of
   MISTY1 to support TLS
    --- by Hirosato Tsuji


2000/08/01    48th IETF, Pittsburgh, PA, USA 2
Block Cipher
    MISTY1

      Toshio Tokita
Mitsubishi Electric Corporation
   MISTY@isl.melco.co.jp
Overview
 Secret-key block cipher
       64-bit block, 128-bit key, a variable number
       of rounds (8-round recommended)
    proposed by M.Matsui (Mitsubishi) in 1996 at
    Fast Software Encryption Workshop FSE4

 Widely used in many applications:
Governmental applications:
 Public transportation systems, Secure network systems, etc,etc
Commercial products:
 S/MIME E-mail software, VPN(Routers/Hubs), Encryption LSI,
 PKI Software & services, etc, etc
2000/08/01      48th IETF, Pittsburgh, PA, USA 4
Recent News
 KASUMI has been adopted as a
  mandatory algorithm for data confidentiality
  and data integrity in W-CDMA by 3GPP.
  (March, 2000)

 KASUMI will be also used in current
  GSM systems as an alternative for A5.
 KASUMI is a variant of MISTY1
   designed for W-CDMA systems.
         3GPP: 3rd Generation Partnership Project
        KASUMI=MIST
2000/08/01     48th IETF, Pittsburgh, PA, USA 5
Pointers
  ISO9979 No.13 (algorithm registration)

  URL for Internet-Draft :
   http://www.ietf.org/internet-drafts/draft-ohta-
   misty1desc-02.txt
  Specifications
    http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf
  Royalty Free License
    http://www.mitsubishi.com/ghp_japan/misty/licensee.htm


       MISTY1 essential patent is licensed
                         under royalty free conditions.
2000/08/01      48th IETF, Pittsburgh, PA, USA 6
Design Criteria
High security:
    Provable security against differential and linear cryptanalysis


Multi platform:
    High speed in both software and hardware implementations


Compact:
    Low gate count and low power consumption in hardware



2000/08/01      48th IETF, Pittsburgh, PA, USA 7
High security
 MISTY1 is designed to be highly
   secure as a 64-bit block cipher;
   particularly to be provably secure
   against differential and linear
   cryptanalysis.
       Powerful Cryptographic Attacks

   Differential Cryptanalysis                (Biham, Shamir
   1990)
     First DES attack faster than an exhaustive key search
   Linear Cryptanalysis              (Matsui 1993)
    First successful computer experiment for breaking DES
2000/08/01      48th IETF, Pittsburgh, PA, USA 8
Multi Platform
 MISTY1 is designed to be sufficiently fast in
  both software and hardware implementations.

  Ex1) Pentium III (800MHz)         (Assembly Language Program)

            Encryption speed            230Mbps

  Ex2) ASIC H/W (Mitsubishi 0.35 micron CMOS Design Library)
         Encryption speed             800Mbps
         Gate size                      50Kgates


 2000/08/01       48th IETF, Pittsburgh, PA, USA 9
Compact
 Encryption/decryption logics of MISTY1
 can be realized in very compact size.

  Ex) ASIC (Mitsubishi 0.35 micron CMOS Design Library)
        Gate size                       7.6Kgates
        Encryption speed                72Mbps
Note:
   A requirement for W-CDMA encryption algorithm:
  gate size must be smaller than 10Kgates

2000/08/01        48th IETF, Pittsburgh, PA, USA 10
Structure of MISTY
              Pla in t e xt
        鐚鐚                鐚鐚             鐚鐚          鐚鐚                  鐚           鐚

         鐚鐚                    鐚鐚
                                          鐚鐚                           鐚鰹
                  鐚鐚



                  鐚鐚
                                          鐚鐚                           鐚鰹


         鐚鐚                    鐚鐚
                  鐚鐚
                                          鐚鐚                           鐚鰹




                  鐚鐚                Re c urs ive s t ruc t ure 1   Re c urs ive s t ruc t re 2

                                          鐚 鐚 func t ion鐚
                                           鐚                             鐚 Ifunc t ion鐚
                                                                         鐚
         鐚鐚                    鐚鐚




             C iphe r t e xt

        St ruc t ure of MI
                         STY1

2000/08/01              48th IETF, Pittsburgh, PA, USA 11
Hardware




       MISTY1 core         Memory      M16C(CPU)

RSA core                                M16C Core
           Rnd. Num.
2000/08/01 Gen.
              48th IETF, Pittsburgh, PA, USA 12
Current Status and
Next Steps of MISTY1
   to support TLS
        Hirosato Tsuji
Mitsubishi Electric Corporation
<hirosato@iss.isl.melco.co.jp>
Summary
 What is MISTY1?
    High security, Multi platform, Compact,
     Block cipher
 In this presentation
    Actual Application of MISTY1
    Proposal of MISTY1
    Current Status to support TLS
    Next Steps to support TLS
2000/08/01   48th IETF, Pittsburgh, PA, USA 14
Actual Application of MISTY1
             (1) Secure E-mail Systems

 S/MIME-based e-mail application
 Extended S/MIME V2 specification
 Implemented by Mitsubishi and other
  Japanese venders
 Interoperability had been confirmed
  between these venders

2000/08/01    48th IETF, Pittsburgh, PA, USA 15
Actual Application of MISTY1
             (2) Secure Web Access Systems

 Secure Web Access Systems
    provide authentication, access control,
     integrity and confidentiality
 Implemented on the HTTP and TCP
  ( sorry, not on TLS )
 Contents is encrypted by MISTY1

2000/08/01       48th IETF, Pittsburgh, PA, USA 16
Actual Application of MISTY1
     (3) Other Apps based on MISTY Toolkit

 MISTY Cryptographic / PKI Toolkit
   Content Encryption Algorithm in PKCS #7
   Encryption Scheme ( Symmetric Cipher )
    for PKCS #5 Password-based Encryption
 Other Apps implemented on Toolkit
   Secure Contents Distribution Systems
   Governmental Services

2000/08/01   48th IETF, Pittsburgh, PA, USA 17
Proposal of MISTY1
 As ONE of block ciphers of
  Cipher Suites for TLS 1.0
 Reason to use MISTY1
    Suitable Block Cipher
    Royalty Free License
    Applied to Actual Internet Applications



2000/08/01    48th IETF, Pittsburgh, PA, USA 18
Current Status to support TLS
 Submit Internet Draft of Description
  of MISTY1
    posted.
 Make a presentation of MISTY1
  at 48th IETF, Pittsburgh, PA
    now.



2000/08/01     48th IETF, Pittsburgh, PA, USA 19
Next Steps to support TLS
 Proceed Internet Draft of Description of
  MISTY1 to Informational RFC
 Submit Internet Draft of MISTY1-based
  Cipher Suites for TLS 1.0
 Request TLS WG to assign the Register
  Number of these Cipher Suites


2000/08/01   48th IETF, Pittsburgh, PA, USA 20
Next Steps to support TLS
                  (continued)

 Implementing TLS 1.0 with MISTY1
    processing now with OpenSSL




2000/08/01   48th IETF, Pittsburgh, PA, USA 21

More Related Content

Misty1

  • 1. Proposal of MISTY1 as a Block Cipher of Cipher Suites in TLS Hirosato Tsuji Toshio Tokita Mitsubishi Electric Corporation
  • 2. Presentation Agenda Block Cipher MISTY1 --- by Toshio Tokita Current Status and Next Steps of MISTY1 to support TLS --- by Hirosato Tsuji 2000/08/01 48th IETF, Pittsburgh, PA, USA 2
  • 3. Block Cipher MISTY1 Toshio Tokita Mitsubishi Electric Corporation MISTY@isl.melco.co.jp
  • 4. Overview Secret-key block cipher 64-bit block, 128-bit key, a variable number of rounds (8-round recommended) proposed by M.Matsui (Mitsubishi) in 1996 at Fast Software Encryption Workshop FSE4 Widely used in many applications: Governmental applications: Public transportation systems, Secure network systems, etc,etc Commercial products: S/MIME E-mail software, VPN(Routers/Hubs), Encryption LSI, PKI Software & services, etc, etc 2000/08/01 48th IETF, Pittsburgh, PA, USA 4
  • 5. Recent News KASUMI has been adopted as a mandatory algorithm for data confidentiality and data integrity in W-CDMA by 3GPP. (March, 2000) KASUMI will be also used in current GSM systems as an alternative for A5. KASUMI is a variant of MISTY1 designed for W-CDMA systems. 3GPP: 3rd Generation Partnership Project KASUMI=MIST 2000/08/01 48th IETF, Pittsburgh, PA, USA 5
  • 6. Pointers ISO9979 No.13 (algorithm registration) URL for Internet-Draft : http://www.ietf.org/internet-drafts/draft-ohta- misty1desc-02.txt Specifications http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf Royalty Free License http://www.mitsubishi.com/ghp_japan/misty/licensee.htm MISTY1 essential patent is licensed under royalty free conditions. 2000/08/01 48th IETF, Pittsburgh, PA, USA 6
  • 7. Design Criteria High security: Provable security against differential and linear cryptanalysis Multi platform: High speed in both software and hardware implementations Compact: Low gate count and low power consumption in hardware 2000/08/01 48th IETF, Pittsburgh, PA, USA 7
  • 8. High security MISTY1 is designed to be highly secure as a 64-bit block cipher; particularly to be provably secure against differential and linear cryptanalysis. Powerful Cryptographic Attacks Differential Cryptanalysis (Biham, Shamir 1990) First DES attack faster than an exhaustive key search Linear Cryptanalysis (Matsui 1993) First successful computer experiment for breaking DES 2000/08/01 48th IETF, Pittsburgh, PA, USA 8
  • 9. Multi Platform MISTY1 is designed to be sufficiently fast in both software and hardware implementations. Ex1) Pentium III (800MHz) (Assembly Language Program) Encryption speed 230Mbps Ex2) ASIC H/W (Mitsubishi 0.35 micron CMOS Design Library) Encryption speed 800Mbps Gate size 50Kgates 2000/08/01 48th IETF, Pittsburgh, PA, USA 9
  • 10. Compact Encryption/decryption logics of MISTY1 can be realized in very compact size. Ex) ASIC (Mitsubishi 0.35 micron CMOS Design Library) Gate size 7.6Kgates Encryption speed 72Mbps Note: A requirement for W-CDMA encryption algorithm: gate size must be smaller than 10Kgates 2000/08/01 48th IETF, Pittsburgh, PA, USA 10
  • 11. Structure of MISTY Pla in t e xt 鐚鐚 鐚鐚 鐚鐚 鐚鐚 鐚 鐚 鐚鐚 鐚鐚 鐚鐚 鐚鰹 鐚鐚 鐚鐚 鐚鐚 鐚鰹 鐚鐚 鐚鐚 鐚鐚 鐚鐚 鐚鰹 鐚鐚 Re c urs ive s t ruc t ure 1 Re c urs ive s t ruc t re 2 鐚 鐚 func t ion鐚 鐚 鐚 Ifunc t ion鐚 鐚 鐚鐚 鐚鐚 C iphe r t e xt St ruc t ure of MI STY1 2000/08/01 48th IETF, Pittsburgh, PA, USA 11
  • 12. Hardware MISTY1 core Memory M16C(CPU) RSA core M16C Core Rnd. Num. 2000/08/01 Gen. 48th IETF, Pittsburgh, PA, USA 12
  • 13. Current Status and Next Steps of MISTY1 to support TLS Hirosato Tsuji Mitsubishi Electric Corporation <hirosato@iss.isl.melco.co.jp>
  • 14. Summary What is MISTY1? High security, Multi platform, Compact, Block cipher In this presentation Actual Application of MISTY1 Proposal of MISTY1 Current Status to support TLS Next Steps to support TLS 2000/08/01 48th IETF, Pittsburgh, PA, USA 14
  • 15. Actual Application of MISTY1 (1) Secure E-mail Systems S/MIME-based e-mail application Extended S/MIME V2 specification Implemented by Mitsubishi and other Japanese venders Interoperability had been confirmed between these venders 2000/08/01 48th IETF, Pittsburgh, PA, USA 15
  • 16. Actual Application of MISTY1 (2) Secure Web Access Systems Secure Web Access Systems provide authentication, access control, integrity and confidentiality Implemented on the HTTP and TCP ( sorry, not on TLS ) Contents is encrypted by MISTY1 2000/08/01 48th IETF, Pittsburgh, PA, USA 16
  • 17. Actual Application of MISTY1 (3) Other Apps based on MISTY Toolkit MISTY Cryptographic / PKI Toolkit Content Encryption Algorithm in PKCS #7 Encryption Scheme ( Symmetric Cipher ) for PKCS #5 Password-based Encryption Other Apps implemented on Toolkit Secure Contents Distribution Systems Governmental Services 2000/08/01 48th IETF, Pittsburgh, PA, USA 17
  • 18. Proposal of MISTY1 As ONE of block ciphers of Cipher Suites for TLS 1.0 Reason to use MISTY1 Suitable Block Cipher Royalty Free License Applied to Actual Internet Applications 2000/08/01 48th IETF, Pittsburgh, PA, USA 18
  • 19. Current Status to support TLS Submit Internet Draft of Description of MISTY1 posted. Make a presentation of MISTY1 at 48th IETF, Pittsburgh, PA now. 2000/08/01 48th IETF, Pittsburgh, PA, USA 19
  • 20. Next Steps to support TLS Proceed Internet Draft of Description of MISTY1 to Informational RFC Submit Internet Draft of MISTY1-based Cipher Suites for TLS 1.0 Request TLS WG to assign the Register Number of these Cipher Suites 2000/08/01 48th IETF, Pittsburgh, PA, USA 20
  • 21. Next Steps to support TLS (continued) Implementing TLS 1.0 with MISTY1 processing now with OpenSSL 2000/08/01 48th IETF, Pittsburgh, PA, USA 21