一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機號碼
標(biāo)題
留言內(nèi)容
驗證碼

全輪超輕量級分組密碼PFP的相關(guān)密鑰差分分析

嚴(yán)智廣 韋永壯 葉濤

嚴(yán)智廣, 韋永壯, 葉濤. 全輪超輕量級分組密碼PFP的相關(guān)密鑰差分分析[J]. 電子與信息學(xué)報. doi: 10.11999/JEIT240782
引用本文: 嚴(yán)智廣, 韋永壯, 葉濤. 全輪超輕量級分組密碼PFP的相關(guān)密鑰差分分析[J]. 電子與信息學(xué)報. doi: 10.11999/JEIT240782
YAN Zhiguang, WEI Yongzhuang, YE Tao. Related-key Differential Cryptanalysis of Full-round PFP Ultra-lightweight Block Cipher[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT240782
Citation: YAN Zhiguang, WEI Yongzhuang, YE Tao. Related-key Differential Cryptanalysis of Full-round PFP Ultra-lightweight Block Cipher[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT240782

全輪超輕量級分組密碼PFP的相關(guān)密鑰差分分析

doi: 10.11999/JEIT240782
基金項目: 國家自然科學(xué)基金 (62162016, 62402132)
詳細信息
    作者簡介:

    嚴(yán)智廣:男,碩士,研究方向為密碼學(xué)、信息安全

    韋永壯:男,博士,教授,博導(dǎo),廣西密碼學(xué)與信息安全重點實驗室主任,研究方向為密碼學(xué)與信息安全

    葉濤:男,博士,講師,研究方向為對稱密碼算法設(shè)計與分析

    通訊作者:

    葉濤 yetao@guet.edu.cn

  • 中圖分類號: TN918; TP309

Related-key Differential Cryptanalysis of Full-round PFP Ultra-lightweight Block Cipher

Funds: The National Natural Science Foundation of China (62162016, 62402132)
  • 摘要: 2017年,PFP作為一種超輕量級分組密碼被提出,而因其卓越的實現(xiàn)性能備受業(yè)界廣泛關(guān)注。該算法不僅硬件開銷需求低(僅需約1355 GE(等效門))、功耗小,而且加解密速度快(其速度甚至比國際著名算法 PRESENT的實現(xiàn)速度快1.5倍),非常適合在物聯(lián)網(wǎng)環(huán)境中使用。在PFP算法的設(shè)計文檔中,作者聲稱該算法具有足夠的能力抵御差分攻擊、線性攻擊及不可能差分攻擊等多種密碼攻擊方法。然而該算法是否存在未知的安全漏洞是目前研究的難點。該文基于可滿足性模理論(SMT),結(jié)合PFP算法輪函數(shù)特點,構(gòu)建兩種區(qū)分器自動化搜索模型。實驗測試結(jié)果表明:該算法在32輪加密中存在概率為2–62的相關(guān)密鑰差分特征。由此,該文提出一種針對全輪PFP算法的相關(guān)密鑰恢復(fù)攻擊,即只需263個選擇明文和248次全輪加密便可破譯出80 bit的主密鑰。這說明該算法無法抵抗相關(guān)密鑰差分攻擊。
  • 圖  1  PFP算法加密流程

    圖  2  32輪相關(guān)密鑰差分區(qū)分器向后擴展2輪

    表  1  PFP算法攻擊結(jié)果對比

    攻擊方法攻擊
    輪數(shù)
    恢復(fù)主密鑰
    比特數(shù)(bit)
    數(shù)據(jù)
    復(fù)雜度
    時間
    復(fù)雜度
    文獻
    不可能差分632237.00265.00[7]
    不可能差分936236.00258.00[19]
    不可能差分1052246.00275.00[20]
    積分攻擊1240262.39263.12[21]
    差分攻擊2648260.00254.30[22]
    差分攻擊2973259.00278.14本文
    相關(guān)密鑰差分攻擊3480263.00248.00本文
    下載: 導(dǎo)出CSV

    表  2  PFP算法的S盒

    x 0 1 2 3 4 5 6 7 8 9 A B C D E F
    S[x] C 5 6 B 9 0 A D 3 E F 8 4 7 1 2
    下載: 導(dǎo)出CSV

    表  3  S盒的差分分布表

    輸入差分輸出差分
    0123456789ABCDEF
    016000000000000000
    10004000404000400
    20002042000202220
    30202204200220000
    40000042202202020
    50200200002224200
    60020002020042004
    70420002020002004
    80002000202040204
    90020402020002040
    A0022040020200220
    B0200200042220200
    C0020040222200020
    D0242200200220000
    E0022002222002200
    F0400400000000044
    下載: 導(dǎo)出CSV

    表  4  PFP算法的差分界

    輪數(shù) 最大期望差分特征概率 輪數(shù) 最大期望差分特征概率
    單密鑰 相關(guān)密鑰 單密鑰 相關(guān)密鑰
    1 20 20 18 2–44 2–34
    2 2–2 20 19 2–46 2–36
    3 2–4 20 20 2–48 2–38
    4 2–6 20 21 2–51 2–40
    5 2–8 20 22 2–54 2–42
    6 2–12 2–3 23 2–56 2–44
    7 2–16 2–5 24 2–58 2–46
    8 2–18 2–9 25 2–61 2–48
    9 2–21 2–14 26 2–64 2–50
    10 2–24 2–18 27 2–66 2–52
    11 2–26 2–20 28 2–68 2–54
    12 2–28 2–22 29 2–71 2–56
    13 2–31 2–24 30 2–74 2–58
    14 2–34 2–26 31 2–76 2–60
    15 2–36 2–28 32 2–78 2–62
    16 2–38 2–30 33 2–81 2–64
    17 2–41 2–32 34 2–84 2–66
    下載: 導(dǎo)出CSV

    表  5  差分特征概率為2–61的25輪差分區(qū)分器

    輪數(shù)左分支差分右分支差分輪數(shù)左分支差分右分支差分
    00x00040D000x00000900130x000009000x00000900
    10x000009000x00000900140x000009000x00000D00
    20x000009000x00000D00150x00000D000x00000D00
    30x00000D000x00000D00160x00000D000x00000900
    40x00000D000x00000900170x000009000x00000900
    50x000009000x00000900180x000009000x00000D00
    60x000009000x00000D00190x00000D000x00000D00
    70x00000D000x00000D00200x00000D000x00000900
    80x00000D000x00000900210x000009000x00000900
    90x000009000x00000900220x000009000x00000D00
    100x000009000x00000D00230x00000D000x00000D00
    110x00000D000x00000D00240x00000D000x00000900
    120x00000D000x00000900250x000009000x00040D00
    下載: 導(dǎo)出CSV

    表  6  差分特征概率為2–62的32輪相關(guān)密鑰差分區(qū)分器

    輪數(shù)左右分支差分相關(guān)密鑰差分輪數(shù)左右分支差分相關(guān)密鑰差分
    00x8BBBBA22D11111770xD111117777444445DDDD170xD11111778BBBBA220x8BBBBA22222EEEE88888
    10xD11111778BBBBA220x8BBBBA22222EEEE88888180x8BBBBA22D11111770xD111117777444445DDDD
    20x8BBBBA22D11111770xD111117777444445DDDD190xD11111778BBBBA220x8BBBBA22222EEEE88888
    30xD11111778BBBBA220x8BBBBA22222EEEE88888200x8BBBBA22D11111770xD111117777444445DDDD
    40x8BBBBA22D11111770xD111117777444445DDDD210xD11111778BBBBA220x8BBBBA22222EEEE88888
    50xD11111778BBBBA220x8BBBBA22222EEEE88888220x8BBBBA22D11111770xD111117777444445DDDD
    60x8BBBBA22D11111770xD111117777444445DDDD230xD11111778BBBBA220x8BBBBA22222EEEE88888
    70xD11111778BBBBA220x8BBBBA22222EEEE88888240x8BBBBA22D11111770xD111117777444445DDDD
    80x8BBBBA22D11111770xD111117777444445DDDD250xD11111778BBBBA220x8BBBBA22222EEEE88888
    90xD11111778BBBBA220x8BBBBA22222EEEE88888260x8BBBBA22D11111770xD111117777444445DDDD
    100x8BBBBA22D11111770xD111117777444445DDDD270xD11111778BBBBA220x8BBBBA22222EEEE88888
    110xD11111778BBBBA220x8BBBBA22222EEEE88888280x8BBBBA22D11111770xD111117777444445DDDD
    120x8BBBBA22D11111770xD111117777444445DDDD290xD11111778BBBBA220x8BBBBA22222EEEE88888
    130xD11111778BBBBA220x8BBBBA22222EEEE88888300x8BBBBA22D11111770xD111117777444445DDDD
    140x8BBBBA22D11111770xD111117777444445DDDD310xD11111778BBBBA220x8BBBBA22222EEEE88888
    150xD11111778BBBBA220x8BBBBA22222EEEE88888320x8BBBBA22D1111177-
    160x8BBBBA22D11111770xD111117777444445DDDD
    下載: 導(dǎo)出CSV

    表  7  相關(guān)密鑰下PFP算法密鑰恢復(fù)階段的復(fù)雜度計算

    步數(shù) 猜測密鑰 篩選后剩余明密文對數(shù)量 時間復(fù)雜度
    1 ${K_{33}}[31,30,29,28]$ ${2^{m - 33 - 4}}$ $ 2 \cdot {2^{m - 33}} \cdot {2^4} $
    2 ${K_{33}}[23,22,21,20]$ ${2^{m - 37 - 4}}$ $ 2 \cdot {2^{m - 37}} \cdot {2^8} $
    3 ${K_{33}}[15,14,13,12]$ ${2^{m - 41 - 4}}$ $ 2 \cdot {2^{m - 41}} \cdot {2^{12}} $
    4 ${K_{33}}[7,6,5,4]$ ${2^{m - 45 - 4}}$ $ 2 \cdot {2^{m - 45}} \cdot {2^{16}} $
    5 ${K_{33}}[27,26,25,24]$ ${2^{m - 49 - 3}}$ $ 2 \cdot {2^{m - 49}} \cdot {2^{20}} $
    6 ${K_{33}}[19,18,17,16]$ ${2^{m - 52 - 3}}$ $ 2 \cdot {2^{m - 52}} \cdot {2^{24}} $
    7 ${K_{33}}[11,10,9,8]$ ${2^{m - 55 - 3}}$ $ 2 \cdot {2^{m - 55}} \cdot {2^{28}} $
    8 ${K_{33}}[3,2,1,0]$ ${2^{m - 58 - 3}}$ $ 2 \cdot {2^{m - 58}} \cdot {2^{32}} $
    9 ${K_{32}}[31,30,29,28]$ ${2^{m - 61 - 4}}$ $ 2 \cdot {2^{m - 61}} \cdot {2^{32}} $
    總和 ${2^{m - 24}} + {2^{m - 26}}$
    下載: 導(dǎo)出CSV
  • [1] National Institute of Standards and Technology, DWORKIN M J, BARKER E, et al. Advanced encryption standard[R]. 197, 2001. doi: 10.6028/NIST.FIPS.197.
    [2] WU Wenling and ZHANG Lei. LBlock: A lightweight block cipher[C]. The 9th International Conference on Applied Cryptography and Network Security, Nerja, Spain, 2011: 327–344. doi: 10.1007/978-3-642-21554-4_19.
    [3] GUO Jian, PEYRIN T, POSCHMANN A, et al. The LED block cipher[C]. The 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, Japan, 2011: 326–341. doi: 10.1007/978-3-642-23951-9_22.
    [4] BANIK S, PANDEY S K, PEYRIN T, et al. GIFT: A small present: Towards reaching the limit of lightweight encryption[C]. The 19th International Conference on Cryptographic Hardware and Embedded Systems, Taipei, China, 2017: 321–345. doi: 10.1007/978-3-319-66787-4_16.
    [5] BEAULIEU R, TREATMAN-CLARK S, SHORS D, et al. The SIMON and SPECK lightweight block ciphers[C]. Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference, San Francisco, USA, 2015: 1–6. doi: 10.1145/2744769.2747946.
    [6] BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT: An ultra-lightweight block cipher[C]. The 9th International Workshop, Vienna, Austria, 2007: 450–466. doi: 10.1007/978-3-540-74735-2_31.
    [7] 黃玉劃, 代學(xué)俊, 時陽陽, 等. 基于Feistel結(jié)構(gòu)的超輕量級分組密碼算法(PFP)[J]. 計算機科學(xué), 2017, 44(3): 163–167. doi: 10.11896/j.issn.1002-137X.2017.03.036.

    HUANG Yuhua, DAI Xuejun, SHI Yangyang, et al. Ultra-lightweight block cipher algorithm (PFP) based on Feistel structure[J]. Computer Science, 2017, 44(3): 163–167. doi: 10.11896/j.issn.1002-137X.2017.03.036.
    [8] BIHAM E and SHAMIR A. Differential cryptanalysis of DES-like cryptosystems[J]. Journal of Cryptology, 1991, 4(1): 3–72. doi: 10.1007/BF00630563.
    [9] MATSUI M. Linear cryptanalysis method for DES cipher[C]. The Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT’93), Lofthus, Norway, 1993: 386–397. doi: 10.1007/3-540-48285-7_33.
    [10] HADIPOUR H, SADEGHI S and EICHLSEDER M. Finding the impossible: Automated search for full impossible-differential, zero-correlation, and integral attacks[C]. The 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT 2023), Lyon, France, 2023: 128–157. doi: 10.1007/978-3-031-30634-1_5.
    [11] HADIPOUR H, GERHALTER S, SADEGHI S, et al. Improved search for integral, impossible differential and zero-correlation attacks[J]. IACR Transactions on Symmetric Cryptology, 2024, 2024(1): 234–325. doi: 10.46586/tosc.v2024.i1.234-325.
    [12] LAI Xuejia. Higher order derivatives and differential cryptanalysis[M]. BLAHUT R E, COSTELLO D J, MAURER U, et al. Communications and Cryptography: Two Sides of One Tapestry. Boston: Springer, 1994: 227–233. doi: 10.1007/978-1-4615-2694-0_23.
    [13] AHMADIAN Z, KHALESI A, M’FOUKH D, et al. Truncated differential cryptanalysis: New insights and application to QARMAv1-n and QARMAv2–64[J]. Designs, Codes and Cryptography, 2024, 92(12): 4549–4591. doi: 10.1007/s10623-024-01486-8.
    [14] BIHAM E. New types of cryptanalytic attacks using related keys[J]. Journal of Cryptology, 1994, 7(4): 229–246. doi: 10.1007/BF00203965.
    [15] ROHIT R and SARKAR S. Reconstructing s-boxes from cryptographic tables with MILP[J]. IACR Transactions on Symmetric Cryptology, 2024, 2024(3): 200–237. doi: 10.46586/tosc.v2024.i3.200-237.
    [16] CHAKRABORTY D, HADIPOUR H, NGUYEN P H, et al. Finding complete impossible differential attacks on AndRX ciphers and efficient distinguishers for ARX designs[J]. IACR Transactions on Symmetric Cryptology, 2024, 2024(3): 84–176. doi: 10.46586/tosc.v2024.i3.84-176.
    [17] WANG Dachao, WANG Baocang, and SUN Siwei. SAT-aided automatic search of boomerang distinguishers for ARX ciphers[J]. IACR Transactions on Symmetric Cryptology, 2023, 2023(1): 152–191. doi: 10.46586/tosc.v2023.i1.152-191.
    [18] ERLACHER J, MENDEL F, and EICHLSEDER M. Bounds for the security of ascon against differential and linear cryptanalysis[J]. IACR Transactions on Symmetric Cryptology, 2022, 2022(1): 64–87. doi: 10.46586/tosc.v2022.i1.64-87.
    [19] 沈璇, 王欣玫, 何俊, 等. PFP算法改進的不可能差分分析[J]. 計算機科學(xué), 2020, 47(7): 263–267. doi: 10.11896/jsjkx.200200034.

    SHEN Xuan, WANG Xinmei, HE Jun, et al. Revised impossible differential cryptanalysis of PFP block cipher[J]. Computer Science, 2020, 47(7): 263–267. doi: 10.11896/jsjkx.200200034.
    [20] 趙光耀, 沈璇, 余波, 等. 縮減輪的超輕量級分組密碼算法PFP的不可能差分分析[J]. 計算機應(yīng)用, 2023, 43(9): 2784–2788. doi: 10.11772/j.issn.1001-9081.2022091395.

    ZHAO Guangyao, SHEN Xuan, YU Bo, et al. Impossible differential cryptanalysis of reduced-round ultra-lightweight block cipher PFP[J]. Journal of Computer Applications, 2023, 43(9): 2784–2788. doi: 10.11772/j.issn.1001-9081.2022091395.
    [21] 劉道瞳, 袁征, 魏錦鵬, 等. 輕量級分組密碼算法PFP和SLIM的積分分析[J]. 密碼學(xué)報, 2023, 10(3): 609–621. doi: 10.13868/j.cnki.jcr.000617.

    LIU Daotong, YUAN Zheng, WEI Jinpeng, et al. Integral cryptanalysis of lightweight block cipher PFP and SLIM[J]. Journal of Cryptologic Research, 2023, 10(3): 609–621. doi: 10.13868/j.cnki.jcr.000617.
    [22] 李艷俊, 李寅霜, 楊明華, 等. 輕量級PFP算法的差分攻擊[J]. 計算機工程與應(yīng)用, 2023, 59(21): 296–302. doi: 10.3778/j.issn.1002-8331.2305-0193.

    LI Yanjun, LI Yinshuang, YANG Minghua, et al. Differential attack on lightweight PFP algorithm[J]. Computer Engineering and Applications, 2023, 59(21): 296–302. doi: 10.3778/j.issn.1002-8331.2305-0193.
    [23] COOK S A. The complexity of theorem-proving procedures[C]. The Third Annual ACM Symposium on Theory of Computing (STOC’71), Shaker Heights, USA, 1971: 151–158. doi: 10.1145/800157.805047.
    [24] DE MOURA L and BJ?RNER N. Z3: An efficient SMT solver[C]. The 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2008), Budapest, Hungary, 2008: 337–340. doi: 10.1007/978-3-540-78800-3_24.
    [25] BARRETT C, CONWAY C L, DETERS M, et al. CVC4[C]. The 23rd International Conference on Computer aided verification (CAV 2011), Snowbird, USA, 2011: 171–177.
    [26] CIMATTI A, GRIGGIO A, SCHAAFSMA B J, et al. The MathSAT5 SMT solver[C]. The 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2013), Rome, Italy, 2013: 93–107. doi: 10.1007/978-3-642-36742-7_7.
    [27] BRUMMAYER R and BIERE A. Boolector: An efficient SMT solver for bit-vectors and arrays[C]. The 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2009), York, UK, 2009: 174–177. doi: 10.1007/978-3-642-00768-2_16.
    [28] GANESH V and DILL D L. A decision procedure for bit-vectors and arrays[C]. The 19th International Conference on Computer Aided Verification (CAV 2007), Berlin, Germany, 2007: 519–531. doi: 10.1007/978-3-540-73368-3_52.
    [29] STUMP A, BARRETT C W, and DILL D L. CVC: A cooperating validity checker[C]. The 14th International Conference on Computer Aided Verification (CAV 2002), Copenhagen, Denmark, 2002: 500–504. doi: 10.1007/3-540-45657-0_40.
    [30] SEL?UK A A. On probability of success in linear and differential cryptanalysis[J]. Journal of Cryptology, 2008, 21(1): 131–147. doi: 10.1007/s00145-007-9013-7.
  • 加載中
圖(2) / 表(7)
計量
  • 文章訪問數(shù):  281
  • HTML全文瀏覽量:  58
  • PDF下載量:  127
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2024-09-11
  • 修回日期:  2024-12-30
  • 網(wǎng)絡(luò)出版日期:  2025-01-11

目錄

    /

    返回文章
    返回