摘要
对分组密码进行截断差分攻击时,部分S盒会产生很多组子密码候选值,导致暴力攻击剩余密钥位时消耗大量时间.本文详细分析了截断差分算法中出现多组密钥候选值的原因,并分析了其出现的概率.提出两种改进截断差分攻击方案,减少候选子密码的数量并提高了攻击效率.第1种方法基于各轮S盒子密钥的非独立性,利用轮密钥在初始密钥中的重复位得到最终的候选值,最终筛选出只有一组候选值的概率达到40%左右.第2种方法将计算得到的8个S盒的所有6比特候选子密钥进行计数,选取出现频率最高的密钥,最终使48比特的候选密码个数缩减为一个.通过对六轮DES密码算法攻击的实验数据分析得知:第2种方法能够恢复出唯一的48比特子密码.
In the process of the truncated differential attack to block cipher,some substitution-boxes(Sboxes)will have a great deal of cipher candidate values,which will use a lot of time when the remaining key is attacked by violence.This paper mainly analyzes the reasons and the related probability of the emergence of multi sets of recommended values,and then puts forward two improvement schemes to reduce the number of the candidate key and improve the efficiency of the attack.The first method uses the incomplete dependence among round keys,and makes full use of the identical key that is in the first and in the final round.But the probability of one set of candidate value is about 40%.The second method uses the whole 6bits candidate key in 8S-boxes,and obtains the final key by counting the numbers of values.Using this method can reduce the number of 48 bits candidate to 1with the probability close to one.Through the 6-round DES attack experimental results,the second method can recover the initial key with the probability close to one.
出处
《北京交通大学学报》
CAS
CSCD
北大核心
2017年第2期28-35,共8页
JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金
国家自然科学基金青年科学基金(61502030
61402035)
中央高校基本科研业务费专项基金(2016JBM020)~~
关键词
差分分析
数据加密标准
截断差分
S盒
分组密码
differential cryptanalysis
data encryption standard
truncated differential
S-boxes
block cipher
作者简介
刘伟(1991-),女,河北唐山人,硕士.研究方向为信息安全.email:14120405@ljtu.edu.cn.
