轻量级分组密码mCrypton-64的biclique分析

Biclique Cryptanalysis on Light-weight Block Cipher mCrypton-64

在线阅读下载PDF

导出

摘要 Bogdanov等人在2011年亚密会上提出了一种新的针对分组密码的密钥恢复攻击,称为biclique攻击,该攻击方法在构造biclique结构的基础上结合了中间相遇攻击的思想,可以有效降低攻击的时间复杂度和数据复杂度.此后这一方法被广泛用于分组密码的安全性分析.mCrypton作为一种新的能够在资源有限的硬件环境下高效运行轻量级分组密码,其安全性备受关注.本文首先介绍了biclique攻击的一般方法,并给出了一个d维biclique的完整定义.接着,我们说明了如何通过分析密码的密钥扩展算法,找出两条较短的且相互独立的差分路径,进而完成biclique结构的构造并利用该biclique结构进行全轮攻击.在此基础上,我们给出轻量级分组密码mCrypton-64的算法描述,并利用biclique攻击对其进行分析.mCrypton-64整体采用了SP结构,其分组长度为64比特,密钥长度为64比特,其加密过程包括非线性替换、比特置换、行列换位和密钥加.最后,我们针对mCrypton-64的密钥扩展算法找到了两条相互独立的差分路径,进而构造出一个11~12轮的4维biclique,利用它对全轮mCrypton-64进行了攻击,攻击的数据复杂度为2^(32),计算复杂度为2^(63.115),均好于已有的结果. A new key-recovery attack on block ciphers was proposed by Boganov et al in ASIACRYPT 2011, called biclique attack. This attack can effectively reduce time and data complexity by combining the idea of meet-in-the-middle attack on the basis of constructing biclique structure. Since then, biclique attack has widely been used in the security analysis of block ciphers. mCrypton as a new light-weight block cipher can operate efficiently in hardware environment of limited resources, however its security is a great concern. In this paper, we first introduce a general method of biclique attack and provide a complete definition of d-dimensional biclique. Then, we demonstrate how to construct a biclique and how to attack a full-round block cipher by searching for two short and independent differentials and analyzing the key expansion algorithm of the cipher. Next, we describe the light-weight block cipher mCrypton-64. mCrypton-64 is an SP Network, whose block size and key length are both 64 bits. The encryption function of mCrypton-64 includes 4 operations, they are non-linear substitution, bit permutation, column-to-row transposition and key addition. Last, we construct two independent differentials for mCrypton-64, and construct a 4-dimensional biclique of round 11~12, which is used to attack the full-round mCrypton with data complexity of 2^(32) and computing complexity of 2^(63.115), both of them are better than the current known results.

作者袁征李铎

机构地区北京电子科技学院西安电子科技大学

出处《密码学报》 CSCD 2016年第6期564-572,共9页 Journal of Cryptologic Research

关键词 BICLIQUE mCrypton 轻量级分组密码 biclique mCrypton light-weight block cipher

分类号 TN918.4 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献1

1龚征,刘树生,温雅敏,唐韶华.缩减轮数PRESENT算法的Biclique分析[J].计算机学报,2013,36(6):1139-1148. 被引量：6

二级参考文献23

1Juels A, Weis S A. Authenticating pervasive devices withhuman protocols//Proceedings of the Advances in Cryptology(CRYPTO 2005). Santa Barbara, California, USA, 2005:293-198.
2Bogdanov A, et al. Hash functions and RFID tags: Mind thegap//Proceedings of the Cryptographic Hardware andEmbedded Systems(CHES 2008). Washington DC,USA,2008: 283-299.
3Moradi A,et al. Pushing the limits: A very compact and athreshold implementation of AES//Proceedings of theAdvances in Cryptology-EUROCRYPT 2011. Tallinn, Estonia,2011: 69-88.
4Bogdanov A, et al. PRESENT: An ultra-lightweight blockcipher//Proceedings of the Cryptographic Hardware andEmbedded Systems(CHES 2007). Vienna, Austria, 2007:450-466.
5Nakahara J, Rijmen Jr V, Preneel B,et al. The MESHblock ciphers//Proceedings of the 4th International Work-shop on Information Security Applications(WISA 2003).Jeju Island,Korea, 2003: 458-473.
6Nakahara J Jr. Fast variants of the MESH block ciphers//Proceedings of the 5 th International Conference on Cryptolo-gy in India(Indocrypt 2004). Chennai, India, 2004: 162-174.
7Wu W, Zhang L. LBlock: A lightweight block cipher//Proceedings of the 9 th International Conference on AppliedCryptography and Network Security(ACNS 2011). Nerja(Malaga),Spain, 2011: 327-344.
8Gong Z.,Nikova S,Law Y. KLEIN: A new family of light-weight block ciphers//Proceedings of the 7th Workshop onRFID Security and Privacy(RFIDSec 2011).Amherst,Massachusetts, USA, 2011: 1-18.
9Wang M. Differential cryptanalysis of reduced-round PRES-ENT/ /Proceedings of the 1st International Conference onCryptology in Africa(AFRICACRYPT 2008). Casablanca,Morocco, 2008: 40-49.
10Collard B, Standaert F X. A statistical saturation attack? against the block cipher PRESENT//Proceedings of theTopics in Cryptology(CT-RSA 2009). San Francisco, CA,USA, 2009: 95-210.

共引文献5

1李浪,李仁发,邹祎,贺位位.PRESENT密码硬件语言实现及其优化研究[J].小型微型计算机系统,2013,34(10):2272-2274. 被引量：7
2王亚楠,杨永生,毕海英,高金萍.基于PRESENT算法的智能卡芯片存储加密[J].清华大学学报（自然科学版）,2013,53(12):1708-1712. 被引量：3
3陈伟建,赵思宇,邹瑞杰,张晓宁.PRESENT密码的差分故障攻击[J].电子科技大学学报,2019,48(6):865-869. 被引量：6
4李玮,朱晓铭,谷大武,李嘉耀,蔡天培.PRESENT轻量级密码的中间相遇统计故障分析[J].计算机学报,2023,46(2):353-370. 被引量：4
5徐林宏,郭建胜,崔竞一,李明明.Piccolo算法的Biclique分析[J].密码学报,2019,6(2):150-164.

1李云强,张小勇,王爱兰.AES-128 Biclique结构的分布特征[J].电子与信息学报,2016,38(1):135-140. 被引量：2
2徐田敏,陈少真.对全轮AES-128的Biclique攻击[J].信息工程大学学报,2012,13(5):527-530. 被引量：2
3张曙港,陈少真.对全轮AES-128算法的低数据Biclique攻击[J].信息工程大学学报,2016,17(3):323-327.
4陈少真,刘佳.对全轮3D分组密码算法的Biclique攻击[J].计算机学报,2014,37(5):1063-1070. 被引量：2
5董晓丽,张雪锋,侯红霞,赵庆兰.8～10轮AES-128的biclique攻击[J].武汉大学学报（理学版）,2013,59(6):573-577.
6张曙港,陈少真.对全轮Square算法的低数据Biclique攻击[J].信息工程大学学报,2015,16(4):394-398.
7王涛,王允建,倪艳凤.基于粒子群算法的谐振式无线输能网络优化[J].电子测量技术,2017,40(3):89-93. 被引量：1
8邹剑,吴文玲,吴双,董乐.对缩减轮数DHA-256的原像与伪碰撞攻击[J].通信学报,2013,34(6):8-15. 被引量：1
9叶禹康.测量散射参数的交互换位双信号方法及其应用[J].固体电子学研究与进展,1994,14(3):272-276.
10向楠,戴紫彬,武清芳.基于LPS交换网络的快速比特置换指令系统设计[J].电子技术应用,2007,33(2):138-141.

密码学报

2016年第6期

浏览历史

内容加载中请稍等...

轻量级分组密码mCrypton-64的biclique分析

参考文献1

二级参考文献23

共引文献5

相关作者

相关机构

相关主题

浏览历史