Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
低能耗轻量级分组密码(low energy lightweight block cipher,LELBC)算法是一种基于置换-替换-置换(permutation-substitution-permutation,PSP)结构的轻量级分组密码算法,主要适用于计算能力、存储空间及功耗受限的物联网终端设备,通...低能耗轻量级分组密码(low energy lightweight block cipher,LELBC)算法是一种基于置换-替换-置换(permutation-substitution-permutation,PSP)结构的轻量级分组密码算法,主要适用于计算能力、存储空间及功耗受限的物联网终端设备,通过对数据加密实现数据安全保障,因此对该算法安全性的准确评估尤为关键。为了深入研究该算法的安全性,首先建立S盒的差分-线性连通表,然后基于约束规划(constraint programming,CP)方法对S盒组件、中间层和整体结构进行数学建模,搜索得到概率为2-25.96的9轮差分-线性区分器,并进一步在这个区分器的基础上分别向前添加1轮,向后添加2轮,实现了对LELBC算法的12轮密钥恢复攻击,其中数据复杂度为228个明文,时间复杂度为2114.42次12轮加密。研究结果表明,相较于整体16轮,LELBC算法仍然具有足够轮数的安全冗余。展开更多
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
