Abstract
MULTI2 is the block cipher used in the ISDB standard for scrambling digital multimedia content. MULTI2 is used in Japan to secure multimedia broadcasting, including recent applications like HDTV and mobile TV. It is the only cipher specified in the 2007 Japanese ARIB standard for conditional access systems. This paper presents a theoretical break of MULTI2 (not relevant in practice), with shortcut key recovery attacks for any number of rounds. We also describe equivalent keys and linear attacks on reduced versions with up 20 rounds (out of 32), improving on the previous 12-round attack by Matsui and Yamagishi. Practical attacks are presented on up to 16 rounds.
Chapter PDF
Similar content being viewed by others
References
Aoki, K., Kurokawa, K.: A study on linear cryptanalysis of Multi2 (in Japanese). In: The 1995 Symposium on Cryptography and Information Security, SCIS 1995 (1995)
ARIB. STD B25 v. 5.0 (2007), http://www.arib.or.jp/
Biham, E.: New types of cryptanalytic attacks using related keys. Journal of Cryptology 7(4), 229–246 (1994)
Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)
Biryukov, A., Wagner, D.: Advanced slide attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)
BS Conditional Access Systems Co., Ltd., http://www.b-cas.co.jp/
Hitachi: Japanese laid-open patent application no. H1-276189 (1998)
ISO. Algorithm registry entry 9979/0009 (1994)
Katagi, T., Inoue, T., Shimoyama, T., Tsujii, S.: A correlation attack on block ciphers with arithmetic operations (in Japanese). In: SCIS (2003), reference no. SCIS2003 5D-2
Matsui, M.: Linear cryptoanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1993)
Matsui, M., Yamagishi, A.: On a statistical attack of secret key cryptosystems. Electronics and Communications in Japan, Part III: Fundamental Electronic Science (English translation of Denshi Tsushin Gakkai Ronbunshi) 77(9), 61–72 (1994)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Takaragi, K., Nakagawa, F., Sasaki, R.: U.S. patent no. 4982429 (1989)
Takaragi, K., Nakagawa, F., Sasaki, R.: U.S. patent no. 5103479 (1990)
Weinmann, R.-P., Wirt, K.: Analysis of the DVB common scrambling algorithm. In: 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS). Springer, Heidelberg (2004)
Wikipedia. Mobaho! (accessed February 5, 2009)
Wirt, K.: Fault attack on the DVB common scrambling algorithm. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 577–584. Springer, Heidelberg (2005)
Yoshimura, T.: Conditional access system for digital broadcasting in Japan. Proceedings of the IEEE 94(1), 318–322 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aumasson, JP., Nakahara, J., Sepehrdad, P. (2009). Cryptanalysis of the ISDB Scrambling Algorithm (MULTI2). In: Dunkelman, O. (eds) Fast Software Encryption. FSE 2009. Lecture Notes in Computer Science, vol 5665. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03317-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-03317-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03316-2
Online ISBN: 978-3-642-03317-9
eBook Packages: Computer ScienceComputer Science (R0)