MORUS算法的抗碰撞性分析

关杰; 施泰荣; 李俊志; 张沛

doi:10.11999/JEIT161185

MORUS算法的抗碰撞性分析

doi: 10.11999/JEIT161185

基金项目:

国家自然科学基金(61572516, 61272041, 61272488)

计量
- 文章访问数: 1110
- HTML全文浏览量: 177
- PDF下载量: 283
- 被引次数: 0
出版历程
- 收稿日期: 2016-11-03
- 修回日期: 2017-03-06
- 刊出日期: 2017-07-19

Analysis of MORUS Against Collision Attack

Funds:

The National Natural Science Foundation of China (61572516, 61272041, 61272488)

摘要

摘要: MORUS算法是CAESAR竞赛第3轮的候选认证加密算法之一，该文评估了MORUS-640-128算法对碰撞攻击的安全性。由碰撞关系确定一系列非线性方程，采用分块分析的方法，从非线性方程中找到消息字差分间的信息泄漏规律，首次给出了算法在两步后发生碰撞的必要条件集，确定了输入差分的字分布情况。在此基础上，将碰撞的必要条件转化成伪布尔函数最优化问题，利用混合整数规划模型进行求解。实验结果显示算法发生碰撞时，输入差的汉明重量至少为28，其碰撞概率小于2-140 ，得到了比文献[7]更紧致的概率上界(原为2-130)。结果表明MORUS-640-128算法具备良好的抗碰撞攻击能力。
- CAESAR竞赛 /
- MORUS算法 /
- 碰撞攻击 /
- 差分重量下界
Abstract: MORUS is an authenticated stream cipher, which is selected is third-round candidate of the ongoing CAESAR competition. In this work, the security of MORUS-640-128 against collision attack is evaluated. The partition method is utilized to find the information leakage between the word differences of message in the nonlinear function determined by the collision. The necessary conditions of collision after two steps are proposed for the first time. The distribution of input difference is determined. Furthermore, necessary conditions are turned into Pseudo-Boolean optimization problems. With the usage of mixed integer programming, it is found that the weight of message difference must be higher than 28 with the collision probability less than 2-140 , which is a better upper bound than ref. [7] 2-130. The result shows that MORUS-640-128 has a good performance on resistance against collision attack.
- CAESAR competition /
- MORUS /
- Collision attack /
- Lower bound of difference weight

HTML全文

参考文献(13)

BELLARE M and NAMPREMPRE C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm[J]. Journal of Cryptology, 2008, 21(4): 469-491. doi: 10.1007/s00145-008-9026-x.

DOBRAUNING C, EICHLSEDER M, and MENDEL F. Heuristic tool for linear cryptanalysis with applications to CAESAR candidates[C]. Advances in Cryptology ASIACRYPT 2015, Auckland, New Zealand, 2015: 490-509. doi: 10.1007/978-3-662-48800-3_20.

DEY P, ROHIT S R, SARKAR S, et al. Differential fault analysis on Tiaoxin and AEGIS family of ciphers[C]. Security in Computing and Communications 2016, Jaipur, India, 2016: 74-86. doi: 10.1007/978-981-10-2738-3_7.

PEYRIN T, SIM S, WANG L, et al. Cryptanalysis of JAMBU[C]. Fast Software Encryption 2015, Istanbul, Turkey, 2015: 264-281. doi: 10.1007/978-3-662-48116-5_13.

SALAM M, BARTLETT H, PIEPRZYK J, et al. Investigating cube attack on the authenticated encryption stream cipher ACORN[C]. Applications and Techniques in Information Security 2016, Cairns, QLD, Australia, 2016: 15-26. doi: 10.1007/978-981-10-2741-3_2.

MILEVA A, DIMITROVA V, and VELICHKOV V. Analysis of the authenticated cipher MORUS (v1)[C]. Cryptography and Information Security in the Balkans 2015, Koper, Slovenia, 2015: 45-59. doi: 10.1007/978-3-319-29172-7_4.

张沛, 关杰, 李俊志, 等. MORUS算法初始化过程的混乱与扩散性质研究[J]. 密码学报, 2015, 2(6): 536-548. doi: 10.13868/j.cnki.jcr.000100.

ZHANG Pei, GUAN Jie, LI Junzhi, et al. Research on the confusion and diffusion properties of the initialization of MORUS[J]. Journal Cryptologic Research, 2015, 2(6): 536-548. doi: 10.13868/j.cnki.jcr.000100.

WANG Xiaoyun and YU Hongbo. How to break MD5 and other hash functions[C]. Advances in Cryptology EUROCRYPT 2005, Aarhus, Denmark, 2005: 19-35. doi: 10.1007/11426639_2.

FUHR T, LEURENT G, and SUDER V. Collision attacks against CAESAR candidatesForgery and key-recovery against AEZ and Marble[C]. Advances in Cryptology ASIACRYPT 2015, Auckland, New Zealand, 2015: 510-532. doi: 10.1007/978-3-662-48800-3_21.

PEYRIN T. Collision attack on Grindahl[J]. Journal of Cryptology, 2015, 28(4): 879-898. doi: 10.1007/s00145- 014-9186-9.

BERTSIMAS D and WEISMANTEL R. Optimization over Integers[M]. Massachusetts, USA, Dynamic Ideas, 2005: 73-82.

ACHTERBERG T. SCIP: Solving Constraint Integer Programs[J]. Mathematical Programming Computation, 2009, 1(1): 1-41. doi: 10.1007/s12532-008-0001-1.

施引文献

资源附件(0)

访问统计