Kasumi Cryptosystem

8/18/2019 Kasumi Cryptosystem

1/17

Kasumi Cryptosystem

1.Algorithm

KASUMI algorithm processes the 64-bit word in two 32-bit halves, let ! " and right ! "# $he

inp%t word is concatenation o the let and right halves o the irst ro%nd

In each ro%nd the right hal is &'( with the o%tp%t o the ro%nd %nction ater which the halves

are swapped)

where K*i, K'i, KIi are ro%nd +es or the ith ro%nd#

$he ro%nd %nctions or even and odd ro%nds are slightl dierent# In each case the ro%nd

%nction is a composition o two %nctions *i and 'i# or an odd ro%nd

and or an even ro%nd

#

$he o%tp%t is the concatenation o the o%tp%ts o the last ro%nd#

#

.oth * and ' %nctions divide the 32-bit inp%t data to two /6-bit halves# $he * %nction is an

irreversible bit manip%lation while the ' %nction is an irreversible three ro%nd eistel-li+e

networ+#

2.Logic/design elements used in the algorithm

$he /20-bit +e K is divided into eight /6-bit s%b +es K i)


2/17

Function FL

$he 32-bit inp%t 1 o is divided to two /6-bit halves # irst the let hal

o the inp%t is Aed bitwise with ro%nd +e and rotated let b one bit# $he res%lt o

that is &'(ed to the right hal o the inp%t to get the right hal o the o%tp%t #

$hen the right hal o the o%tp%t is '(ed bitwise with the ro%nd +e and rotated let

b one bit# $he res%lt o that is &'(ed to the let hal o the inp%t to get the let hal o the

o%tp%t #

'%tp%t o the %nction is concatenation o the let and right halves #

Function FO

$he 32-bit inp%t x o is divided into two /6-bit halves , and

passed thro%gh three ro%nds o a eistel networ+#

In each o the three ro%nds !inde1ed b j that ta+es val%es /, 2, and 3" the let hal is modiied to

get the new right hal and the right hal is made the let hal o the ne1t ro%nd#

$he o%tp%t o the %nction is #


3/17

KASUMI 5'(K *'5

3. Cryptanalysis of Algorithm


4/17

a) Strength of the algorithm

• rovide 7onidentialit as well as Integirt#

• It %sing both ' and * combination or encrption#

!) "ea#ness of the algorithm

• Slowness o encrption) an entire bloc+ m%st be acc%m%lated beore encrption 8

decrption can begin#

• 9rror propagation) An error in one smbol ma corr%pt the entire bloc+#

c) Attac#s possi!le

• Sandwich Attac+

• .oomerang attac+s

d) Attac#s impossi!le

• *inear Attac+

• .r%te orce Attac+

e) $enefits

• More aster

• More hardware riendl

• (ob%st

• More diic%lt to crac+ compare to p%blic +e crptograph

• (e:%ired *ess 7omp%ting ower to be created than e:%ivalent private +es in

p%blic-+e crptograph

• encrpt 64-bit :%antities s%ch as 9S bloc+s

f) %ra&!ac#s • KASUMI is am%ch wea+er crptosstem

g) Computational po&er and other resources re'uired


5/17

Kas%mi is the sec%re architect%re; Schroeppel claimed it to be twice as ast as its nearest

competitor, and three times as ast as the other candidates, and that its perormance on a

32-bit machine was ade:%ate# $he Kas%mi ciphers +e set%p was rated as relativel slow;

7omp%tational power7 compiles badl with several compilers ? platorms#

(. Applications

• @SM

•97S, enhanced circ%it-switched data

• @(S pac+et radio service

• 9@(S, enhanced @(S

• UM$S

. *rogram

>eader ile

8---------------------------------------------------------

Kas%mi#h

---------------------------------------------------------8

tpede %nsigned char %0;

tpede %nsigned short %/6;

tpede %nsigned int %32;

void KeSched%le! %0 +e ";

void Kas%mi! %0 data, int tpe ";

C Code

Kas%mi#c


6/17

-----------------------------------------------------------------------

Bincl%de CKas%mi#hC

8--------- /6 bit rotate let ------------------------------------------8

Bdeine ('*/6!a,b" !%/6"!!aDDb"E!aFF!/6-b"""

8------- %nions) %sed to remove CendianC iss%es ------------------------8

tpede %nion G

%32 b32;

%/6 b/6H2;

%0 b0H4;

J 5'(;

tpede %nion G

%/6 b/6;

%0 b0H2;

J 5'(;

8-------- globals) $he s%b+e arras -----------------------------------8

static %/6 K*i/H0, K*i2H0;

static %/6 K'i/H0, K'i2H0, K'i3H0;

static %/6 KIi/H0, KIi2H0, KIi3H0;

8---------------------------------------------------------------------

I!"

$he I %nction !ig 3"# It incl%des the S and SL tables#

$ransorms a /6-bit val%e#

---------------------------------------------------------------------8

static %/6 I! %/6 in, %/6 s%b+e "

G

U/6 nine, seven;

Static %/6 SH < G

4, N, 62, 6, 22, 34, L4, L6, 30, 6, 63, L3, 2, /0,/23, 33,

,//3, 3L,//4, 2/, 6, 6, /2, 4, 3, 46, 2, 2,///,/24, 0/,

3, L,/2/, L, 2, 6N, 0, 40,/N/,/2, 4N,/2N,/N4, N, /, 43,


7/17

2N,/22, 2, 6/, 23,/NL, /3,/NN, , /, /6, , 02, /N,/N, L0,

//,//6, 6, //, 0L,/N6, N,/2,//0, LL, 06, 6L, 3N, ,/26, 0,

//2, /, /, , L, /4, LN, 04, L/, 0, 3,/N3, 32, L, 20, 66,

/N2, 3/, 26, 4, , 4, 0, L2, 3, 4, 0N, 4L, 60, 2L,//, 44,

64,/N,/N0, 24,//N, 03, 36, 0, 42, /L, /, 4/, 00,//L, L, 3J;

Static %/6 SL H < G

/6,23L,/6/,3L,3L/,334, L,330, 30,226, 40,30,42,30, LN,3L,

/03,23,/4,33/,4/,34N, /,362,3N6,NN,262, 02,2/6,/L,36,/,

/,24/,40L, 3,2N6, /, N,333, 44,24,30, 0,/43,22N, 0/,4NN,

L, 3,3/,24, 4,23,2/0,4N,42,264,/2,4L4,3/,2LN,3LL, 6,

/6,/L,3L,/2/,2,40N,423,2/2,24N, 20,462,/6,4N6,N,200,223,

N/,4N,24L,26, 0L,/06,22/,420,/64, 4,44N,/L6,40,42/,3N,/63,

232,/0,/34,34, /3,2N,4L/,/42,/L/, 6L,/L3,42,/2,22,366,/3,

344,3NN,26,242,43,32N,//3,20, //,243, 0,3/, 36, L3,4L6, 2,

40,446,402, 4/, 60,/6,4,/3/,326,4N3,33L, 2N, 3L,//,442,/24,

4,304,N0, 3,//2,/N,4L,//,/26,/6L, 3,260,2L,32/,/60,364,

363,2L2, 46,4LL,3L3,32,324, 24,46,26,/,46N,400,426,3NL,22L,

43L,N6,2N0,2/,34L,4N/,434,236, /6,2NL,3L, 2, 6,/2N,/LL,2,

46,4/6,22,20,246, 6, 03,3N,42N,34,/3,N2, 6, 6/,244,202,

/3,222,4/0, 6,306,360,26/,/N/,46,2L/,/L,43N, 4L, L,/66,33N,

20N,303,33,/20,302,4N0,/,4L,36,300,24,/N,4L,4/, 62,44,

/32,22,2N3,3/6,234, /4,3N/, L/,N3,206,424,2//,34,3N,/4N,34,

3,/N3,/2,42, /L,2/4,43,/46,4L0,3/4,444,23N,26,32L,/L0,20,

N,//6, 0,4/N, /N,2N,/N,//,23/, 4,/3L,46, 2L, 06,N, 32,

2, 26,342,/N,3/3,4LN,43/,230,4//,32,/4L,43, 4N,//L,/4,3,

/0,233,30L, /,440,23,32, ,//N,/0,322, /2,46L,3L2,36L,/LN,

/,/NL,3,/3,/0/, 00, ,3N0,26N,404, L0,22,3N,2,4/2,///,

336,3/0, 4,N4,4L2,2L,3N4, ,33,43, 2/,3,3N3,332,403, /0,

4, 0, 2,4L,44,20L,/NN,26L,2L6,40,2N,/N6, 3/,/N4,433, 04,

4/4,406,3L4, L6, LL,/4,//,/40,4/3,36/,4NL,2,/62,2/,3N2,2N/,

266,3/,343,/44,44/,36,/N0,2L0,2/, 34,/02,NL,/30,2/N,33,/33,

3//,32,320,/4/,3L6,346,/23,3/L,4N,20/,42L,220,443,40/, L2,4N4,

40,422,240,2L, 23,2/3,/3N,466, 22,2/,203, N,2L4,36N,4/L,/2,


8/17

3/2,3, ,460,/L4, 2,//,2L,463,20,224,44,24,/0, 0N,3L0,

204,33,/N,3LN,2LL,4/,4N,/04, ,2NN,340, 63,2N4,/00, 33,4/,

L, 3N,3/N,2/L, L4,/6N,/2L,4L3, 64,/L,263,/N2,/0L,2N,//4,4N2,

430,4,30,/22,/L2, 42,30/, ,/4,//0,/0N,44L,2L3,323,/36,30N,

43, 66, 6N,4,34/,44,2N2,432, 0,23, /,36,436,464, L,46/J;

8 $he si1teen bit inp%t is split into two %ne:%al halves,

nine bits and seven bits - as is the s%b +e8

nine < !%/6"!inFF";

seven < !%/6"!in?N1";

8 ow r%n the vario%s operations 8

nine < !%/6"!SLHnine = seven";

seven < !%/6"!SHseven = !nine ? N1"";

seven =< !s%b+eFFL";

nine =< !s%b+e?N1/";

nine < !%/6"!SLHnine = seven";

seven < !%/6"!SHseven = !nine ? N1"";

in < !%/6"!!sevenDDL" O nine";

ret%rn! in ";

J

8---------------------------------------------------------------------

$he '!" %nction#

$ransorms a 32-bit val%e# Uses Dinde1F to identi the

appropriate s%b+es to %se#

---------------------------------------------------------------------8

static %32 '! %32 in, int inde1 "

G

%/6 let, right;

8 Split the inp%t into two /6-bit words 8

let < !%/6"!inFF/6";

right < !%/6" in;


9/17

8 ow appl the same basic transormation three times 8

let =< K'i/Hinde1;

let < I! let, KIi/Hinde1 ";

let =< right;

right =< K'i2Hinde1;

right < I! right, KIi2Hinde1 ";

right =< let;

let =< K'i3Hinde1;

let < I! let, KIi3Hinde1 ";

let =< right;

in < !rightDD/6"Olet;

ret%rn! in ";

J

8---------------------------------------------------------------------

*!"

$he *!" %nction#

$ransorms a 32-bit val%e# Uses Dinde1F to identi the

appropriate s%b+es to %se#

---------------------------------------------------------------------8

static %32 *! %32 in, int inde1 "

G

%/6 l, r, a, b;

8 split o%t the let and right halves 8

l < !%/6"!inFF/6";

r < !%/6"!in";

8 do the *!" operations

8

a < !%/6" !l ? K*i/Hinde1";

r =< ('*/6!a,/";

b < !%/6"!r E K*i2Hinde1";

l =< ('*/6!b,/";


10/17

8 p%t the two halves bac+ together 8

in < !lDD/6" O r;

ret%rn! in ";

J

8---------------------------------------------------------------------

Kas%mi!"

---------------------------------------------------------------------8

void Kas%mi! %0 data "

G

%32 let, right, temp;

5'( d;

int n;

8 Start b getting the data into two 32-bit words !9ndean correct" 8

d < !5'("data;

let < !dHN#b0HNDD24"O!dHN#b0H/DD/6"O!dHN#b0H2DD0"O!dHN#b0H3"; right <

!dH/#b0HNDD24"O!dH/#b0H/DD/6"O!dH/#b0H2DD0"O!dH/#b0H3"; n < N;

doG temp < *! let, n ";

temp < '! temp, nOO ";

right =< temp;

temp < '! right, n ";

temp < *! temp, nOO ";

let =< temp;

Jwhile! nD


11/17

8---------------------------------------------------------------------

Ke Sched%le!"

.%ild the +e sched%le# Most C+eC operations %se /6-bit

s%b+es so we b%ild %/6-siPed arras that are CendianC correct#

---------------------------------------------------------------------8

void Ke Sched%le! %0 + "

G

static %/6 7H < G

N1N/23,N146,N10LA.,N179, N197,N1.AL0,N164,N132/N J;

%/6 +eH0, KprimeH0;

5'( +/6;

int n;

8 Start b ens%ring the s%b +es are 9ndean correct on a /6-bit basis 8

+/6 < !5'( "+;

or! n


12/17

+.Sample input and Output

Ke) 2. 6 4 L 02 7 .3 NN L 27 4L /N 40 0/ 40

Inp%t ) 9A N2 4 /4 A 7 4 04

o%tp%t ) / L. 2 /7 N. 4


13/17


14/17


15/17


16/17

,.-eferences

1. 3rd @eneration artnership roRect, $echnical Speciication @ro%p Services and Sstem

Aspects, 3@ Sec%rit,KASUMI Speciication, 3#/#/ !2NN/"

2. .iham, 9#, %n+elman, '#, Keller, #) A (elated-Ke (ectangle Attac+ on the %ll

KASUMI# In) (o, .# !ed#" ASIA7(T$ 2NN# *7S, vol# 300, pp# 44346/# Springer,

>eidelberg !2NN"

3. .alderas-7ontreras, $omas; 7%mplido, (ene; eregrino-Uribe, 7la%dia) 'n the design

and implementation o a (IS7 processor e1tension or the KASUMI encrption

algorithm !2NN0"

4. @eneral (eport on the esign, Speciication and 9val%ation o 3@ Standard

7onidentialit and Integrit AlgorithmsC# 3@!2NNL"

. K# Via, 7# (echberger, and 5ang, W@reen crptanalsis) meet-in-the-middle

+erecover or the %ll +as%mi cipher,X $ech# (ep# 2N//8466, !2N//"#

http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdf


17/17

+. http)88en#wi+ipedia#org8wi+i8KASUM

,. www#trincoll#ed%8depts8cpsc8crptograph8inde1#html

Documents

Kasumi Cryptosystem