Evaluation and Application of the Upper Bound Probability of the Truncated Differential
-
摘要: 截断差分分析是差分分析的一个变形。为说明一个密码算法能够抵抗截断差分分析,需要给出截断差分概率的上界。Masayuki Kanda等人就密码算法中S盒为GF(256)上的乘法逆变换和仿射双射变换复合而成时,提出了截断差分概率的上界一个猜想。该文就一般双射S盒给出了该概率上界问题的一个估计,Masayuki Kanda的猜想是该估计所考虑问题的一个特例,在一些情况下,该估计给出的上界与Masayuki Kanda的猜想接近。利用该结论可以衡量密码算法截断差分传递链概率的上界。该结论为分组密码抗截断差分分析的可证明安全性提供了理论依据。Abstract: Truncated differential cryptanalysis is a variant of differential cryptanalysis. In order to evaluate the ability of a block cipher against the truncated differential cryptanalysis, it is needed to give out the upper bound of the probability of the truncated differential chain. Masayuki Kanda et al. propose a conjecture about the upper bound of the probability of the truncated differential when the S-boxes in block cipher are the combination of the inverse function and a bijective affine transformation in GF(256). This paper gives out an evaluation about the upper bound of the probability of the truncated differential by assuming the S-boxes as bijective S-boxes and Masayuki Kandas conjecture is the special case of the problem that the evaluation considers. In some cases, the upper bound given by the evaluation is approaching to the conjecture. This conclusion can serve to evaluate the upper bound probability of the truncated differential chain. The results provide further support for the provable security of a block cipher against the truncated differential cryptanalysis in theory.
-
计量
- 文章访问数: 1945
- HTML全文浏览量: 122
- PDF下载量: 617
- 被引次数: 0
下载:
