网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (3): 149-155.doi: 10.11959/j.issn.2096-109x.2021046

• 学术论文 • 上一篇    下一篇

LowMC实例的差分枚举攻击效果分析

葛欣欣1,2, 李智虎3, 王美琴1,2, 胡凯1,2   

  1. 1 山东大学网络空间安全学院(研究院),山东 青岛 266237
    2 山东大学密码技术和信息安全教育部重点实验室,山东 青岛 266237
    3 中国电力科学研究院有限公司,北京 100192
  • 修回日期:2021-03-15 出版日期:2021-06-15 发布日期:2021-06-01
  • 作者简介:葛欣欣(1997- ),女,吉林四平人,山东大学硕士生,主要研究方向为分组密码分析
    李智虎(1975- ),男,安徽望江人,中国电力科学研究院有限公司高级工程师,主要研究方向为密码理论和密码工程
    王美琴(1974- ),女,宁夏银川人,山东大学教授、博士生导师,主要研究方向为对称密码算法的设计和分析
    胡凯(1992- ),男,山东临沂人,山东大学博士生,主要研究方向为对称密码的分析
  • 基金资助:
    国家自然科学基金(62002201);国家自然科学基金(62032014);国家重点研发计划(2018YFA0704702);山东省重大科技创新项目(2019JZZY010133);山东省自然科学基金重大基础研究项目(ZR202010220025)

Effect of the difference enumeration attack on LowMC instances

Xinxin GE1,2, Zhihu LI3, Meiqin WANG1,2, Kai HU1,2   

  1. 1 School of Cyber Science and Technology, Shandong University, Qingdao 266237, China
    2 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao 266237, China
    3 China Electric Power Research Institute, Beijing 100192, China
  • Revised:2021-03-15 Online:2021-06-15 Published:2021-06-01
  • Supported by:
    The National Natural Science Foundation of China(62002201);The National Natural Science Foundation of China(62032014);The National Key R&D Pro-gram of China(2018YFA0704702);The Major Scientific and Technological Innovation Project of Shandong Province(2019JZZY010133);The Major Basic Research Project of Natural Science Foundation of Shandong Province(ZR202010220025)

摘要:

LowMC是具有低乘法复杂度特征的算法。针对低数据量和少量S盒参数下的LowMC实例,差分枚举攻击被提出,理论上可以攻击全轮LowMC算法。考虑到这种攻击是在线性层完全随机的条件下给出的,对LowMC算法在真实的线性层下抵抗差分枚举攻击的强度进行了研究。通过对关键起始轮数的研究发现,差分枚举攻击并非总是可以达到理论攻击轮数。对于某一些关键起始轮数比理论值小的LowMC实例,差分枚举攻击甚至会失败。由于LowMC算法的轮数设置基于现有攻击的效果,该分析对LowMC算法的轮数设计具有重要意义。

关键词: 分组密码, LowMC算法, 差分枚举攻击, 关键起始轮数

Abstract:

The LowMC is an algorithm with low multiplicative complexities.For the parameter with limited data complexities and low number of S-boxes, the difference enumeration attack was proposed, which could theoretically attack all rounds of the LowMC.Considering that the original attack is based on the random linear layer,the strength of LowMC algorithm against differential enumeration attacks under a specific linear layer deserves more study.The difference enumeration attack cannot reach theoretical rounds through the research on the so-called key initial round.In terms of some LowMC instances, the key initial round is smaller than the theoretical value, which leads to the failure of the difference enumeration attack.Since the number of rounds of the LowMC is completely based on existing attacks, the analysis is of great significance to the rounds design of the LowMC.

Key words: block cipher, LowMC algorithm, difference enumeration attack, key initial round

中图分类号: 

No Suggested Reading articles found!