Common-key cryptography using a common key in encryption and decryption includes block ciphers based on an encryption system which divides, for example, data into blocks and encrypts the data on a block basis. Such block ciphers include those produced by stepwise encryption of a plaintext with repeated transformation using, as a parameter, a session key calculated from a common key such as DES or MISTY.
A cipher is estimated by actually making attempts to decipher the cipher in order to prove that the cipher can be utilized safely in a society. Known examples of such cryptanalysis include: the brute-force search method which is capable of finding a key by using all putative keys in conducting encryption or decryption if a pair of plaintext and ciphertext is given; the differential cryptanalysis which is adapted to find a session key to be used at the final round of transformation on condition that there is a high probability that a relationship holds between the exclusive-OR between the plaintexts of two pairs of plaintext and ciphertext and the exclusive-OR between the ciphertexts of the two pairs; and the higher order differential cryptanalysis adapted to find a session key by an algebraic method such that a ciphertext outputted at the final round of transformation is expressed using a Boolean polynomial of the corresponding plaintext and a higher order differential of this polynomial is considered to be a constant to be used as a condition for presuming the session key.
However, since any one of such methods is presently employed to find one key, these methods will not contribute to a reduction in the amount of calculation required to find session keys for plural rounds for the purpose of estimating a cipher more precisely if they are employed in each of the rounds simply.