This document summarizes a presentation made at the 48th IETF meeting proposing the block cipher MISTY1 for use in TLS cipher suites. MISTY1 is a 64-bit block cipher with a 128-bit key that was designed for high security, multi-platform use, and compact implementation. The presentation reviewed the current status and applications of MISTY1, and outlined next steps to submit an Internet Draft for MISTY1 and propose MISTY1-based cipher suites for TLS 1.0.
1 of 21
Downloaded 10 times
More Related Content
Misty1
1. Proposal of MISTY1
as a Block Cipher of
Cipher Suites in TLS
Hirosato Tsuji Toshio
Tokita Mitsubishi
Electric Corporation
2. Presentation Agenda
Block Cipher MISTY1
--- by Toshio Tokita
Current Status and Next Steps of
MISTY1 to support TLS
--- by Hirosato Tsuji
2000/08/01 48th IETF, Pittsburgh, PA, USA 2
3. Block Cipher
MISTY1
Toshio Tokita
Mitsubishi Electric Corporation
MISTY@isl.melco.co.jp
4. Overview
Secret-key block cipher
64-bit block, 128-bit key, a variable number
of rounds (8-round recommended)
proposed by M.Matsui (Mitsubishi) in 1996 at
Fast Software Encryption Workshop FSE4
Widely used in many applications:
Governmental applications:
Public transportation systems, Secure network systems, etc,etc
Commercial products:
S/MIME E-mail software, VPN(Routers/Hubs), Encryption LSI,
PKI Software & services, etc, etc
2000/08/01 48th IETF, Pittsburgh, PA, USA 4
5. Recent News
KASUMI has been adopted as a
mandatory algorithm for data confidentiality
and data integrity in W-CDMA by 3GPP.
(March, 2000)
KASUMI will be also used in current
GSM systems as an alternative for A5.
KASUMI is a variant of MISTY1
designed for W-CDMA systems.
3GPP: 3rd Generation Partnership Project
KASUMI=MIST
2000/08/01 48th IETF, Pittsburgh, PA, USA 5
6. Pointers
ISO9979 No.13 (algorithm registration)
URL for Internet-Draft :
http://www.ietf.org/internet-drafts/draft-ohta-
misty1desc-02.txt
Specifications
http://www.mitsubishi.com/ghp_japan/misty/misty_e_b.pdf
Royalty Free License
http://www.mitsubishi.com/ghp_japan/misty/licensee.htm
MISTY1 essential patent is licensed
under royalty free conditions.
2000/08/01 48th IETF, Pittsburgh, PA, USA 6
7. Design Criteria
High security:
Provable security against differential and linear cryptanalysis
Multi platform:
High speed in both software and hardware implementations
Compact:
Low gate count and low power consumption in hardware
2000/08/01 48th IETF, Pittsburgh, PA, USA 7
8. High security
MISTY1 is designed to be highly
secure as a 64-bit block cipher;
particularly to be provably secure
against differential and linear
cryptanalysis.
Powerful Cryptographic Attacks
Differential Cryptanalysis (Biham, Shamir
1990)
First DES attack faster than an exhaustive key search
Linear Cryptanalysis (Matsui 1993)
First successful computer experiment for breaking DES
2000/08/01 48th IETF, Pittsburgh, PA, USA 8
9. Multi Platform
MISTY1 is designed to be sufficiently fast in
both software and hardware implementations.
Ex1) Pentium III (800MHz) (Assembly Language Program)
Encryption speed 230Mbps
Ex2) ASIC H/W (Mitsubishi 0.35 micron CMOS Design Library)
Encryption speed 800Mbps
Gate size 50Kgates
2000/08/01 48th IETF, Pittsburgh, PA, USA 9
10. Compact
Encryption/decryption logics of MISTY1
can be realized in very compact size.
Ex) ASIC (Mitsubishi 0.35 micron CMOS Design Library)
Gate size 7.6Kgates
Encryption speed 72Mbps
Note:
A requirement for W-CDMA encryption algorithm:
gate size must be smaller than 10Kgates
2000/08/01 48th IETF, Pittsburgh, PA, USA 10
11. Structure of MISTY
Pla in t e xt
鐚鐚 鐚鐚 鐚鐚 鐚鐚 鐚 鐚
鐚鐚 鐚鐚
鐚鐚 鐚鰹
鐚鐚
鐚鐚
鐚鐚 鐚鰹
鐚鐚 鐚鐚
鐚鐚
鐚鐚 鐚鰹
鐚鐚 Re c urs ive s t ruc t ure 1 Re c urs ive s t ruc t re 2
鐚 鐚 func t ion鐚
鐚 鐚 Ifunc t ion鐚
鐚
鐚鐚 鐚鐚
C iphe r t e xt
St ruc t ure of MI
STY1
2000/08/01 48th IETF, Pittsburgh, PA, USA 11
12. Hardware
MISTY1 core Memory M16C(CPU)
RSA core M16C Core
Rnd. Num.
2000/08/01 Gen.
48th IETF, Pittsburgh, PA, USA 12
13. Current Status and
Next Steps of MISTY1
to support TLS
Hirosato Tsuji
Mitsubishi Electric Corporation
<hirosato@iss.isl.melco.co.jp>
14. Summary
What is MISTY1?
High security, Multi platform, Compact,
Block cipher
In this presentation
Actual Application of MISTY1
Proposal of MISTY1
Current Status to support TLS
Next Steps to support TLS
2000/08/01 48th IETF, Pittsburgh, PA, USA 14
15. Actual Application of MISTY1
(1) Secure E-mail Systems
S/MIME-based e-mail application
Extended S/MIME V2 specification
Implemented by Mitsubishi and other
Japanese venders
Interoperability had been confirmed
between these venders
2000/08/01 48th IETF, Pittsburgh, PA, USA 15
16. Actual Application of MISTY1
(2) Secure Web Access Systems
Secure Web Access Systems
provide authentication, access control,
integrity and confidentiality
Implemented on the HTTP and TCP
( sorry, not on TLS )
Contents is encrypted by MISTY1
2000/08/01 48th IETF, Pittsburgh, PA, USA 16
17. Actual Application of MISTY1
(3) Other Apps based on MISTY Toolkit
MISTY Cryptographic / PKI Toolkit
Content Encryption Algorithm in PKCS #7
Encryption Scheme ( Symmetric Cipher )
for PKCS #5 Password-based Encryption
Other Apps implemented on Toolkit
Secure Contents Distribution Systems
Governmental Services
2000/08/01 48th IETF, Pittsburgh, PA, USA 17
18. Proposal of MISTY1
As ONE of block ciphers of
Cipher Suites for TLS 1.0
Reason to use MISTY1
Suitable Block Cipher
Royalty Free License
Applied to Actual Internet Applications
2000/08/01 48th IETF, Pittsburgh, PA, USA 18
19. Current Status to support TLS
Submit Internet Draft of Description
of MISTY1
posted.
Make a presentation of MISTY1
at 48th IETF, Pittsburgh, PA
now.
2000/08/01 48th IETF, Pittsburgh, PA, USA 19
20. Next Steps to support TLS
Proceed Internet Draft of Description of
MISTY1 to Informational RFC
Submit Internet Draft of MISTY1-based
Cipher Suites for TLS 1.0
Request TLS WG to assign the Register
Number of these Cipher Suites
2000/08/01 48th IETF, Pittsburgh, PA, USA 20
21. Next Steps to support TLS
(continued)
Implementing TLS 1.0 with MISTY1
processing now with OpenSSL
2000/08/01 48th IETF, Pittsburgh, PA, USA 21