RFC 2994 (rfc2994) - Page 1 of 10
A Description of the MISTY1 Encryption Algorithm
Alternative Format: Original Text Document
Network Working Group H. Ohta
Request for Comments: 2994 M. Matsui
Category: Informational Mitsubishi Electric Corporation
November 2000
A Description of the MISTY1 Encryption Algorithm
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document describes a secret-key cryptosystem MISTY1, which is
block cipher with a 128-bit key, a 64-bit block and a variable number
of rounds. It documents the algorithm description including key
scheduling part and data randomizing part.
1. Introduction
This document describes a secret-key cryptosystem MISTY1, which is
block cipher with a 128-bit key, a 64-bit block and a variable number
of rounds. It is designed on the basis of the theory of provable
security against differential and linear cryptanalysis, and moreover
it realizes high-speed encryption on hardware platforms as well as on
software environments. As the result of weighing strength and speed,
8-rounds of MISTY1 is recommended and used in most cases.
Our implementation shows that MISTY1 with eight rounds can encrypt a
data stream in CBC mode at a speed of 57Mbps and 40Mbps on Pentium
II/266MHz and PA-7200/120MHz, respectively. For its hardware
performance, we have produced a prototype LSI by a process of 0.8-
micron CMOS gate-array and confirmed a speed of 512Mbps.
2. Algorithm Description
Algorithm [1] could be divided into two parts, namely "key scheduling
part" and "data randomizing part". Key scheduling part takes a 128-
bit input key and produces a 128-bit expanded key. Data randomizing
Ohta & Matsui Informational
