Posted Jan 12, 2010 16:26 UTC (Tue) by quotemstr
In reply to: UMTS
Parent article: GSM encryption crack made public
The full-round version of KASUMI was just broken with a related-key attack:
In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2^-14. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 2^26 data, 2^30 bytes of memory, and 2^32 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2^128 complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem.
Now, like I said saying, for the love of all that's good and right, just use AES
to post comments)