Subject: kasumi notes
An Amateur's Notes on the Weaknesses
of the Kasumi Encryption Algorithm
Kasumi[1] is a 64-bit block cipher with a 128 bit key. Clearly
with a key of such length one must analyze the algorithm to break it;
naif brute force fails. So here are some early observations to interest those
more capable than I. Perhaps the cipher won't be the easiest path in
the phuture phones, but the privacy/MAC protocols or the key management
will be the open window.
Kasumi is an 8 round Feistel cipher.
Kasumi has a very simple key schedule, and is fully pipeline-able,
much like DES. It uses gratitous xors with hardwired constants in
its key schedule, which probably indicate amateur design rather
than subversion, at least in this frill.
It uses only 2 S-tables, 7 bits in, 7 out; or 9 in, 9 out. The
S tables are readily implemented in logic or a LUT. In logic,
the 7 -> 7 S-table has a maximum comlexity of 13 xor terms, each with no more than
3 logical-ands. The 9 -> 9 table has a complexity of 12 xor terms each with no more
than 2 ands.
There may of course be faster boolean reductions.
Kasumi uses a "FI" function which alternately truncates data and pads with zeroes.
This is
inside an *asymmetric* mini-Feistel structure, with 9 and 7 bits partitioning a 16 bit
word.
Asymmetric Feistels are weaker than symmetric ones (see Schneier et al on McGuffin
IIRC).
Have fun!
[1] Specs of the 3GPP Confid. & Integr Algs, Doc 2: KASUMI Spec
Version 1.0 23 Dec 99 copy on jya.com
