輕量級分組密碼算法ESF的相關(guān)密鑰不可能差分分析

謝敏; 曾琦雅

doi:10.11999/JEIT180576

輕量級分組密碼算法ESF的相關(guān)密鑰不可能差分分析

doi: 10.11999/JEIT180576

謝敏^,,
曾琦雅

西安電子科技大學(xué)綜合業(yè)務(wù)網(wǎng)理論及關(guān)鍵技術(shù)國家重點實驗室 ??西安 ??710071

基金項目: 國家重點研發(fā)計劃(2016YFB0800601)，國家自然科學(xué)基金委員會-通用聯(lián)合基金重點項目(U1636209)，“十三五”國家密碼發(fā)展基金(MMJJ20180219)

詳細(xì)信息

作者簡介:
謝敏：女，1976年生，副教授，研究方向為編碼和密碼

曾琦雅：女，1993年生，碩士，研究方向為分組密碼算法分析

通訊作者:
謝敏　mxie@xidian.edu.cn

中圖分類號: TN918.1
計量
- 文章訪問數(shù): 2936
- HTML全文瀏覽量: 1018
- PDF下載量: 89
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-06-11
- 修回日期: 2018-12-19
- 網(wǎng)絡(luò)出版日期: 2018-12-26
- 刊出日期: 2019-05-01

Related-key Impossible Differential Cryptanalysis on Lightweight Block Cipher ESF

Min XIE^,,
Qiya ZENG

State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710077, China

Funds: The National Key Research and Development Program of China (2016YFB0800601), The Key Project of the General Joint Fund of the National Natural Science of China (U1636209), National Cryptographic Development Fund of the 13th Five-Year Plan (MMJJ20180219)

摘要

摘要:
八陣圖算法(ESF)是一種具有廣義Feistel結(jié)構(gòu)的輕量級分組密碼算法，可用在物聯(lián)網(wǎng)環(huán)境下保護(hù)射頻識別(RFID)標(biāo)簽等資源受限的環(huán)境中，目前對該算法的安全性研究主要為不可能差分分析。該文通過深入研究S盒的特點并結(jié)合ESF密鑰擴展算法的性質(zhì)，研究了ESF抵抗相關(guān)密鑰不可能差分攻擊的能力。通過構(gòu)造11輪相關(guān)密鑰不可能差分區(qū)分器，在此基礎(chǔ)上前后各擴展2輪，成功攻擊15輪ESF算法。該攻擊的時間復(fù)雜度為2^40.5次15輪加密，數(shù)據(jù)復(fù)雜度為2^61.5個選擇明文，恢復(fù)密鑰比特數(shù)為40 bit。與現(xiàn)有結(jié)果相比，攻擊輪數(shù)提高的情況下，時間復(fù)雜度降低，數(shù)據(jù)復(fù)雜度也較為理想。
- 輕量級分組密碼 /
- ESF算法 /
- 相關(guān)密鑰 /
- 不可能差分分析
Abstract:
Eight-Sided Fortress (ESF) is a lightweight block cipher with a generalized Feistel structure, which can be used in resource-constrained environments such as protecting Radio Frequency IDentification (RFID) tags in the internet of things. At present, the research on the security of ESF mainly adopts the impossible differential cryptanalysis. The ability of ESF to resist the related-key impossible differential cryptanalysis is studied based on the characteristics of its S-boxes and key schedule. By constructing an 11-round related-key impossible differential distinguisher, an attack on 15-round ESF is proposed by adding 2-round at the top and 2-round at the bottom. This attack has a time complexity of 2^40.5 15-round encryptions and a data complexity of 2^61.5 chosen plaintexts with 40 recovered key-bit. Compared with published results, the time complexity is decreased and the data complexity is ideal with the number of attack rounds increased.
- Lightweight block cipher /
- ESF algorithm /
- Related-key /
- Impossible differential attack

HTML全文

圖 1 ESF算法加密流程

下載: 全尺寸圖片幻燈片

圖 2 ESF算法輪函數(shù)

下載: 全尺寸圖片幻燈片

圖 3 ESF算法的11輪相關(guān)密鑰不可能差分區(qū)分器

下載: 全尺寸圖片幻燈片

圖 4 ESF算法的15輪相關(guān)密鑰不可能差分路徑

下載: 全尺寸圖片幻燈片

表 1 符號約定

符號	意義
$K$	80 bit主密鑰
${K_i}$	第$i\,$輪的32 bit輪密鑰
${K_{i, j}}$	${K_i}$的第$j$個半字節(jié)
$K_{i, j}^l$	${K_{i, j}}$的第$l$位
${L_i}$	第$i\,$輪輸出密文的左邊32 bit
${R_i}$	第$i\,$輪輸出密文的右邊32 bit
$ < < < 7$	循環(huán)左移7位
$ \oplus $	按位異或運算符
$\|\|$	二進(jìn)制字符聯(lián)接
${[i]_2}$	常數(shù)$i\,$的二進(jìn)制表示

下載: 導(dǎo)出CSV

表 2 15輪相關(guān)密鑰差分路徑

$\Delta K = (00000200000000000000)$
$\Delta {K_1}$	$0000 0200$	$\Delta {K_9}$	$0000 0000$
$\Delta {K_2}$	$0040 0000$	$\Delta {K_{10}}$	$0000 0000$
$\Delta {K_3}$	$0000 0000$	$\Delta {K_{11}}$	$0000 0000$
$\Delta {K_4}$	$0000 0000$	$\Delta {K_{12}}$	$0000 0000$
$\Delta {K_5}$	$0000 0000$	$\Delta {K_{13}}$	$0000 0020$
$\Delta {K_6}$	$0000 0000$	$\Delta {K_{14}}$	$0004 0000$
$\Delta {K_7}$	$0000 0080$	$\Delta {K_{15}}$	$*000 0000$
$\Delta {K_8}$	$0010 0000$	–	–

下載: 導(dǎo)出CSV

表 3 ESF算法的攻擊結(jié)果比較

攻擊方法	輪數(shù)	時間復(fù)雜度	數(shù)據(jù)復(fù)雜度	文獻(xiàn)
不可能差分	11	${2^{75.5}}$	${2^{59}}$	[4]
不可能差分	11	${2^{32}}$	${2^{53}}$	[5]
不可能差分	12	${2^{60.43}}$	${2^{53}}$	[6]
相關(guān)密鑰差分	13	${2^{66}}$	${2^{47}}$	[8]
相關(guān)密鑰不可能差分	15	${2^{40.5}}$	${2^{61.5}}$	本文

下載: 導(dǎo)出CSV

參考文獻(xiàn)(16)

WU Wenling and ZHANG Lei. LBlock: A lightweight block cipher[C]. Proceedings of 9th International Conference on Applied Cryptography and Network Security, Nerja, Spain, 2011: 327–344. doi: 10.1007/978-3-642-21554-4_19.

IZADI M, SADEGHIYAN B, SADEGHIAN S, et al. MIBS: A new light-weight block cipher[C]. Proceedings of CANS 2009, Ishikawa, Japan, 2009: 334–348. doi: 10.1007/978-3-642-10433-6_22.

BOGDANOV A, KNUDSEN L, LEANDER G, et al. PRESENT: An ultra-lightweight block cipher[C]. Proceedings of Cryptographic Hardware and Embedded Systems, Vienna, Austria, 2007: 450–466. doi: 10.1007/978-3-540-74735-2_31.

劉宣, 劉楓, 孟帥. 輕量級分組密碼算法ESF的不可能差分分析[J]. 計算機工程與科學(xué), 2013, 35(9): 89–95. doi: 10.3969/j.issn.1007-130X.2013.09.014

LIU Xuan, LIU Feng, and MENG Shuai. Impossible differential cryptanalysis of lightweight block ciper ESF[J]. Computer and Engineering Science, 2013, 35(9): 89–95. doi: 10.3969/j.issn.1007-130X.2013.09.014

陳玉磊, 衛(wèi)宏儒. ESF算法的不可能差分密碼分析[J]. 計算機科學(xué), 2016, 43(8): 89–91. doi: 10.11896/j.issn.1002-137X.2016.8.018

CHEN Yulei and WEI Hongru. Impossible differential cryptanalysis of ESF[J]. Computer Science, 2016, 43(8): 89–91. doi: 10.11896/j.issn.1002-137X.2016.8.018

高紅杰, 衛(wèi)宏儒. 用不可能差分法分析12輪ESF算法[J]. 計算機科學(xué), 2017, 44(8): 147–150. doi: 10.11896/j.issn.1002-137X.2017.10.028

GAO Hongjie and WEI Hongru. Impossible differential attack on 12-round block cipher ESF[J]. Computer Science, 2017, 44(8): 147–150. doi: 10.11896/j.issn.1002-137X.2017.10.028

尹軍, 馬楚炎, 宋健, 等. 輕量級分組密碼算法ESF的安全性分析[J]. 計算機研究與發(fā)展, 2017, 54(10): 2224–2231. doi: 10.7544/issn1000-1239.2017.20170455

YIN Jun, MA Chuyan, SONG Jian, et al. Security analysis of lightweight block cipher ESF[J]. Journal of Computer Research and Development, 2017, 54(10): 2224–2231. doi: 10.7544/issn1000-1239.2017.20170455

尹軍, 宋健, 曾光, 等. 輕量級分組密碼算法ESF的相關(guān)密鑰差分分析[J]. 密碼學(xué)報, 2017, 4(4): 333–344. doi: 10.13868/j.cnki.jcr.000186

YIN Jun, SONG Jian, ZENG Guang, et al. Related-key differential attack on lightweight block cipher ESF[J]. Journal of Cryptologic Research, 2017, 4(4): 333–344. doi: 10.13868/j.cnki.jcr.000186

KNUDSEN L. Crypatanalysis of LOKI[C] Proceedings of Advances in Cryptology, Gold Coast, Australia, 1991: 22–35.

BIHAM E. New types of cryptanalytic attacks using related keys[J]. Journal of Cryptology, 1994, 7(4): 229–246. doi: 10.1007/BF00203965

BIHAM E, BIRYUKOV A, and SHAMIR A. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials[C]. Proceedings of Advances in Cryptolog EUROCRYPT'99. Prague, CZ, 1999: 12–23. doi: 10.1007/3-540-48910-x_2.

JIANG Zilong and JIN Chenhui. Impossible differential cryptanalysis of 8-round Deoxys-BC-256[J]. IEEE Access, 2018, 6: 8890–8895. doi: 10.1109/ACCESS.2018.2808484

徐洪, 蘇鵬暉, 戚文峰. 減輪SPECK算法的不可能差分分析[J]. 電子與信息學(xué)報, 2017, 39(10): 2479–2486. doi: 10.11999/JEIT170049

XU Hong, SU Penghui, and QI Wenfeng. Impossible differential cryptanalysis of reduced-round SPECK[J]. Journal of Electronics &Information Technology, 2017, 39(10): 2479–2486. doi: 10.11999/JEIT170049

付立仕, 金晨輝. MIBS-80的13輪不可能差分分析[J]. 電子與信息學(xué)報, 2016, 38(4): 848–855. doi: 10.11999/JEIT150673

FU Lishi and JIN Chenhui. Impossible differential cryptanalysis on 13-round MIBS-80[J]. Journal of Electronics &Information Technology, 2016, 38(4): 848–855. doi: 10.11999/JEIT150673

XIE Min, LI Jingjing, and ZANG Yuechuan. Related-key impossible differential cryptanalysis of LBlock[J]. Chinese Journal of Electronics, 2017, 26(1): 35–41. doi: 10.1049/cje.2016.06.031

CHENG Lu, XU Peng, and WEI Yuechuan. New related-key impossible differential attack on MIBS-80[C]. Proceedings of 2016 International Conference on Intelligent Networking and Collaborative Systems, Ostrawva, CZ, 2016: 203–206. doi: 10.1109/incos.2016.41.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問統(tǒng)計