|Successors||Camellia, MISTY2, KASUMI|
|Certification||CRYPTREC (Candidate), NESSIE|
|Key sizes||128 bits|
|Block sizes||64 bits|
|Structure||Nested Feistel network|
|Rounds||4×n (8 recommended)|
|Best public cryptanalysis|
|Integral cryptanalysis leading to full key recovery with 263.9999 chosen ciphertexts and 279 time, or 264 chosen ciphertexts and 269.5 time.|
MISTY1 is one of the selected algorithms in the European NESSIE project, and has been among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003; however, it was dropped to "candidate" by CRYPTREC revision in 2013. However, it was successfully broken in 2015 by Yosuke Todo using integral cryptanalysis; this attack was improved in the same year by Achiya Bar-On.
"MISTY" can stand for "Mitsubishi Improved Security Technology"; it is also the initials of the researchers involved in its development: Matsui Mitsuru, Ichikawa Tetsuya, Sorimachi Toru, Tokita Toshio, and Yamagishi Atsuhiro.
MISTY1 is a Feistel network with a variable number of rounds (any multiple of 4), though 8 are recommended. The cipher operates on 64-bit blocks and has a key size of 128 bits. MISTY1 has an innovative recursive structure; the round function itself uses a 3-round Feistel network. MISTY1 claims to be provably secure against linear and differential cryptanalysis.
KASUMI is a successor of the MISTY1 cipher which was supposed to be stronger than MISTY1 and has been adopted as the standard encryption algorithm for European mobile phones. In 2005, KASUMI was broken, and in 2010 a new paper was published (explained below) detailing a practical attack on the cipher; see the article for more details.