高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

μ2算法的积分攻击和不可能差分攻击

胡斌 张贵显

胡斌, 张贵显. μ2算法的积分攻击和不可能差分攻击[J]. 电子与信息学报, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638
引用本文: 胡斌, 张贵显. μ2算法的积分攻击和不可能差分攻击[J]. 电子与信息学报, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638
HU Bin, ZHANG Guixian. Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm[J]. Journal of Electronics & Information Technology, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638
Citation: HU Bin, ZHANG Guixian. Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm[J]. Journal of Electronics & Information Technology, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638

μ2算法的积分攻击和不可能差分攻击

doi: 10.11999/JEIT210638
基金项目: 国家自然科学基金(61802438)
详细信息
    作者简介:

    胡斌:男,博士生导师,研究方向为密码学与信息安全

    张贵显:男,硕士生,研究方向为对称密码的设计与分析

    通讯作者:

    张贵显 zgxxgz111@126.com

  • 中图分类号: TN918.1

Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm

Funds: The National Natural Science Foundation of China (61802438)
  • 摘要: $ {\mu }^{\text{2}} $算法是由Yeoh等人设计的一种轻量级分组密码算法(doi: 10.1007/978-981-15-0058-9-27),该算法全轮共15轮,采用TYPE-II广义Feistel结构,Yeoh等人在设计文档中对$ {\mu ^{\text{2}}} $算法抵抗差分分析、线性分析的能力进行了评估,但$ {\mu ^{\text{2}}} $算法抵抗积分攻击和不可能差分分析的能力目前尚不清楚。该文给出了$ {\mu ^{\text{2}}} $算法的8轮和9轮积分区分器和9轮不可能差分,利用8轮积分区分器,对9轮$ {\mu ^{\text{2}}} $算法进行了积分攻击,攻击的时间复杂度为${2^{76}}$次9轮加密,数据复杂度为${2^{48}}$,存储复杂度为${2^{48}}$;利用9轮不可能差分,对11轮$ {\mu ^{\text{2}}} $算法进行了不可能差分分析,攻击的时间复杂度为${2^{49}}$次11轮加密,数据复杂度为${2^{64}}$对明文。结果表明,9轮的$ {\mu ^{\text{2}}} $算法不能抵抗积分攻击,11轮的$ {\mu ^{\text{2}}} $算法不能抵抗不可能差分分析。另外,该文对$ {\mu ^{\text{2}}} $算法抵抗差分攻击的能力进一步评估并证明4轮$ {\mu ^{\text{2}}} $算法的差分特征的最大概率为${{\text{2}}^{{{ - 39}}}}$,与设计报告指出的4轮差分特征的概率不超过${2^{ - 3{\text{6}}}}$相比结果更为紧致。
  • 图  1  ${\mu ^{\text{2}}}$算法结构图

    图  2  S-P结构图

    图  3  F函数图示

    图  4  ${\mu ^2}$算法的9轮不可能差分

    图  5  ${\mu ^2}$算法的11轮不可能差分攻击

    表  1  S盒

    $x$0123456789101112131415
    $S[x]$C56B90AD3EF84712
    下载: 导出CSV

    表  2  积分区分器

    轮数区分器
    8轮输入cccccccccccccccc, aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa
    输出 ????????????????, ????????????????, bbbbbbbbbbbbbbbb, ????????????????
    输入aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa, cccccccccccccccc, aaaaaaaaaaaaaaaa
    输出bbbbbbbbbbbbbbbb, ????????????????, ????????????????, ????????????????
    9轮输入aaaaaaaaaaaaaaac, aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa
    输出bbbbbbbbbbbbbbbb, ????????????????, ????????????????, ????????????????
    输入aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaaa, aaaaaaaaaaaaaaac, aaaaaaaaaaaaaaaa
    输出 ????????????????, ????????????????, bbbbbbbbbbbbbbbb, ????????????????
    下载: 导出CSV

    表  3  4轮${\mu ^2}$算法最优差分特征

    轮数输入差分
    第1轮输入0000000000000000000000001011011110100101000000100010000100000101
    第2轮输入0000000010110111101001010000000000000000000000000000000000000000
    第3轮输入0000000000000000000000000000000000000000000000000000000010110111
    第4轮输入0000000000000000000000000000000000000000101101110000000000000000
    第4轮输出0000000000000000000000000000000000000000101101111000010100000001
    下载: 导出CSV
  • [1] KNUDSEN L and WAGNER D. Integral cryptanalysis: Extended abstract[C]. The 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127.
    [2] TODO Y. Structural evaluation by generalized integral property[C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 2015: 287–314.
    [3] TODO Y. Integral cryptanalysis on full MISTY1[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 413–432.
    [4] TODO Y and MORII M. Bit-based division property and application to Simon family[C]. The 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 357–377.
    [5] XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. The 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 2016: 648–678.
    [6] HU Kai and WANG Meiqin. Automatic search for a variant of division property using three subsets[C]. Cryptographers’ Track at the RSA Conference, San Francisco, USA, 2019: 412–432.
    [7] WANG Senpeng, HU Bin, GUAN Jie, et al. MILP-aided method of searching division property using three subsets and applications[C]. The 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 2019: 398–427.
    [8] HU Kai, SUN Siwei, WANG Meiqin, et al. An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums[C]. The 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, 2020: 446–476.
    [9] BIHAM E and SHAMIR A. Differential Cryptanalysis of the Data Encryption Standard[M]. New York: Springer, 1993: 11–32.
    [10] MOUHA N, WANG Qingju, GU Dawu, et al. Differential and linear cryptanalysis using mixed-integer linear programming[C]. The 7th International Conference on Information Security and Cryptology, Beijing, China, 2012: 57–76. doi: /10.1007/978-3-642-34704-7_5.
    [11] WU Shengbao and WANG Mingsheng. Security evaluation against differential cryptanalysis for block cipher structures[EB/OL]. https://eprint.iacr.org/2011/551.pdf, 2011.
    [12] SUN Siwei, HU Lei, WANG Peng, et al. Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers[C]. The 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, China, 2014: 158–178.
    [13] SUN Siwei, HU Lei, WANG Meiqin, et al. Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties[EB/OL]. https://eprint.iacr.org/2014/747.pdf, 2014.
    [14] SASAKI Y and TODO Y. New algorithm for modeling s-box in MILP based differential and division trail search[C]. The 10th International Conference for Information Technology and Communications, Bucharest, Romania, 2017: 150–165.
    [15] ZHOU Chunning, ZHANG Wentao, DING Tianyou, et al. Improving the MILP-based security evaluation algorithm against differential/linear cryptanalysis using a divide-and-conquer approach[EB/OL]. https://eprint.iacr.org/2019/019.pdf, 2019.
    [16] BOURA C and COGGIA D. Efficient MILP modelings for sboxes and linear layers of SPN ciphers[J]. IACR Transactions on Symmetric Cryptology, 2020, 2020(3): 327–361. doi: 10.13154/tosc.v2020.i3.327-361
    [17] BIHAM E, BIRYUKOV A, and SHAMIR A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials[J]. Journal of Cryptology, 2005, 18(4): 291–311. doi: 10.1007/s00145-005-0129-3
    [18] KNUDSEN L R. DEAL-A 128-bit block cipher[EB/OL]. https://www.researchgate.net/publication/2452654_DEAL_-_A_128-bit_Block_Cipher, 2014.
    [19] YEOH W Z, TEH J S, and SAZALI M I S B M. µ2: A lightweight block cipher[C]. The 6th Computational Science and Technology, Kota Kinabalu, Malaysia, 2019: 281–290.
  • 加载中
图(5) / 表(3)
计量
  • 文章访问数:  558
  • HTML全文浏览量:  350
  • PDF下载量:  83
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-06-28
  • 修回日期:  2022-02-26
  • 录用日期:  2022-03-10
  • 网络出版日期:  2022-03-20
  • 刊出日期:  2022-09-19

目录

    /

    返回文章
    返回