TWINE算法的相关密钥不可能飞来去器攻击

doi:10.11959/j.issn.1000-436x.2019152

通信学报 ›› 2019, Vol. 40 ›› Issue (9): 184-192.doi: 10.11959/j.issn.1000-436x.2019152

TWINE算法的相关密钥不可能飞来去器攻击

谢敏,田峰,李嘉琪

西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安 710071

修回日期:2019-05-22 出版日期:2019-09-25 发布日期:2019-09-28
作者简介:谢敏（1976- ），女，湖南桃源人，博士，西安电子科技大学副教授，主要研究方向为编码与密码。|田峰（1995- ），男，河南安阳人，西安电子科技大学硕士生，主要研究方向为分组密码算法的分析。|李嘉琪（1993- ），男，陕西榆林人，西安电子科技大学硕士生，主要研究方向为分组密码算法的分析。
基金资助:
国家重点研发计划基金资助项目(2016YFB0800601);国家自然科学基金资助项目(U1636209);“十三五”国家密码发展基金资助项目(MMJJ20180219)

Related-key impossible boomerang cryptanalysis on TWINE

Min XIE,Feng TIAN,Jiaqi LI

State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China

Revised:2019-05-22 Online:2019-09-25 Published:2019-09-28
Supported by:
The National Key Research and Development Program of China(2016YFB0800601);The National Natural Science Foundation of China(U1636209);The National Cryptography Development Fund of the 13th Five-Year Plan(MMJJ20180219)

摘要/Abstract

摘要：

为了评估轻量级分组密码算法TWINE的安全性，利用相关密钥不可能飞来去器的方法对其进行了分析。构造了由16轮和17轮两条路径组成的相关密钥不可能飞来去器区分器，并将16轮和17轮的路径向前扩展4轮、向后分别扩展3轮和2轮，完成对23轮TWINE密码算法（80 bit密钥）的攻击。实验结果表明，该攻击的数据复杂度为262.05个明文，时间复杂度为270.49次23轮加密，与现有算法相比有明显优势。

关键词: TWINE算法, 轻量级分组密码, 不可能飞来去器, 相关密钥

Abstract:

In order to evaluate the security of the lightweight block cipher TWINE,the method of related-key impossible boomerang cryptanalysis was applied and a related-key impossible boomerang distinguisher consisting of 16-round and 17-round paths was constructed.Based on this new distinguisher,an attack on 23-round TWINE was mounted successfully by concatenating 4-round to the beginning and 2-round for the 17-round path and 3-round for the 16-round path to the end respectively.The attack on 23-round TWINE required data complexity of only 2 62.05plaintexts and computational complexity of about 2 70.4923-round encryptions.Compared with published cryptanalysis results,the proposed attack has obvious advantages.

Key words: TWINE algorithm, lightweight block cipher, impossible boomerang, related-key

中图分类号:

TN918.1

谢敏,田峰,李嘉琪. TWINE算法的相关密钥不可能飞来去器攻击[J]. 通信学报, 2019, 40(9): 184-192.

Min XIE,Feng TIAN,Jiaqi LI. Related-key impossible boomerang cryptanalysis on TWINE[J]. Journal on Communications, 2019, 40(9): 184-192.

图/表 15

表1

表2

图1

图2

表3

表4

表5

表6

图3

表7

图4

图5

图6

图7

表8

参考文献 20

[1]	HONG D , SUNG J , HONG S ,et al. HIGHT:a new block cipher suitable for low-resource device[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2006: 46-59.
[2]	BOGDANOV A , KNUDSEN L R , LEANDER G ,et al. PRESENT:an ultra-lightweight block cipher[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2007: 450-466.
[3]	IZADI M , SADEGHIYAN B , SADEGHIAN S S ,et al. MIBS:a new lightweight block cipher[C]// 8th International Conference on Cryptology and Network Security. Springer, 2009: 334-348.
[4]	WU W L , ZHANG L . LBlock:a lightweight block cipher[C]// 9th International Conference on Applied Cryptography and Network Security. Springer, 2011: 327-344.
[5]	BORGHOFF J , CANTEAUT A , GüNEYSU T ,et al PRINCE - a low-latency block cipher for pervasive computing applications[C]// 18th International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2012: 208-225.
[6]	SHIBUTANI K , ISODE T , HIWATARI H ,et al. Piccolo:an ultra-lightweight blockcipher[C]// 13th International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2011: 342-357.
[7]	SUZAKI T , MINEMATSU K , SORIOKA S ,et al. TWINE:a lightweight block cipher for multiple platforms[C]// 19th International Conference on Selected Areas in Cryptography. Springer, 2012: 339-354.
[8]	ZHENG X X , JIA K T . Impossible differential attack on reduced-round TWINE[C]// 16th International Conference on Information Security and Cryptology. Springer, 2013: 123-143.
[9]	WANG Y F , WU W L . Improved multidimensional zero-correlation linear cryptanalysis and applications to LBlock and TWINE[C]// 19th Australasian Conference on Information Security and Privacy. Springer, 2014: 1-16.
[10]	COBAN M , KARAKOC F , ?ZKAN B .et al Biclique cryptanalysis of TWINE[C]// 11th International Conference on Cryptology and Network Security. Springer, 2012: 43-55.
[11]	MOHAMED T , YOUSSEF A . Generalized MitM attacks on full TWINE[J]. Information Processing Letters, 2016,116(2): 128-135.
[12]	WEI Y C , XU P , RONG Y S . Related-key impossible differential cryptanalysis on lightweight cipher TWINE[J]. Journal of Ambient Intelligence and Humanized Computing, 2019,10(2): 509-517.
[13]	LU J Q . Cryptanalysis of block cipher[R]. London:University of London, 2016.
[14]	谢敏, 牟彦利 . LBlock 算法的相关密钥不可能飞来去器分析[J]. 通信学报, 2017,38(5): 66-71.
	XIE M , MU Y L . Related-key impossible boomerang cryptanalysis on LBlock[J]. Journal on Communications, 2017,38(5): 66-71.
[15]	BIHAM E . New types of cryptanalytic attacks using related key[J]. Journal of Cryptology, 1994,7(4): 229-246.
[16]	BIHAM E , BIRUUKOV A , SHAMIR A . Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 1999: 12-23.
[17]	WAGNER D , . The boomerang attack[C]// 6th International Workshop on Fast Software Encryption. Springer, 1999: 156-170.
[18]	陈平, 廖福成, 卫宏儒 . 对轻量级密码算法 MIBS 的相关密钥不可能差分攻击[J]. 通信学报, 2014,35(2): 190-193.
	CHEN P , LIAO F C , WEI H R . Related-key impossible differential attack on a lightweight block cipher[J]. Journal on Communications, 2014,35(2): 190-193.
[19]	MA X S , QIAO K X . Related-key rectangle attack on round-reduced Khudra block cipher[C]// The 9th International Conference on Network and System Security. Springer, 2015: 331-344.
[20]	SASAKI Y , . Related-key boomerang attacks on full ANU lightweight block cipher[C]// 16th International Conference on Applied Cryptography and Network Security. Springer, 2018: 421-439.

轮数	轮密钥差分	轮数	轮密钥差分
1	00000020	8	00020000
2	00000000	9	00000000
3	00000000	10	00000000
4	02000000	11	00002000
5	00000000	12	00000000
6	00000200	13	00000000
7	00000000	14	20000000

攻击方式	轮数	数据复杂度	时间复杂度	算法
饱和攻击	22	2 ⁶²	2 ^68.43	文献[7]
不可能差分	23	2 ^57.85	2 ^79.09	文献[8]
零相关线性	23	2 ^62.1	2 ^72.15	文献[9]
相关密钥不可能飞来去器	23	2 ^62.05	2 ^70.49	本文算法
Biclique attack	36	2 ⁶⁰	2 ^79.10	文献[10]
generalized MITM	36	2	2 ^78.74	文献[11]

TWINE算法的相关密钥不可能飞来去器攻击

Related-key impossible boomerang cryptanalysis on TWINE

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 20

相关文章 12

Metrics

推荐阅读 0

i	CON_i	i	CON_i
1	1	19	0F
2	2	20	1E
3	4	21	3C
4	8	22	3B
5	10	23	35
6	20	24	29
7	3	25	11
8	6	26	22
9	0C	27	7
10	18	28	0E
11	30	29	1C
12	23	30	38
13	5	31	33
14	0A	32	25
15	14	33	9
16	28	34	12
17	13	35	24
18	26	—	—

[1]	蒋梓龙, 金晨辉. Saturnin算法的不可能差分分析[J]. 通信学报, 2022, 43(3): 53-62.
[2]	谢敏,李嘉琪,田峰. FeW的差分故障攻击[J]. 通信学报, 2020, 41(4): 143-149.
[3]	武小年,李迎新,韦永壮,孙亚平. GRANULE和MANTRA算法的不可能差分区分器分析[J]. 通信学报, 2020, 41(1): 94-101.
[4]	高杨,王永娟,王磊,王涛. 轻量级分组密码算法TWINE差分故障攻击的改进[J]. 通信学报, 2017, 38(Z2): 178-184.
[5]	谢敏,牟彦利. LBlock算法的相关密钥不可能飞来去器分析[J]. 通信学报, 2017, 38(5): 66-71.
[6]	崔杰,左海风,仲红. 对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击[J]. 通信学报, 2017, 38(11): 13-23.
[7]	黄静,赵新杰,张帆,郭世泽,周平,陈浩,杨建. PRESENT代数故障攻击的改进与评估[J]. 通信学报, 2016, 37(8): 144-156.
[8]	陈平,廖福成,卫宏儒. 对轻量级密码算法MIBS的相关密钥不可能差分攻击[J]. 通信学报, 2014, 35(2): 190-193.
[9]	陈平，廖福成，卫宏儒. 对轻量级密码算法MIBS的相关密钥不可能差分攻击[J]. 通信学报, 2014, 35(2): 23-193.
[10]	张鹏,李瑞林,李超. 对完整轮数ARIRANG加密模式的相关密钥矩形攻击[J]. 通信学报, 2011, 32(8): 15-22.
[11]	韦永壮,胡予濮. 42轮SHACAL-2新的相关密钥矩形攻击[J]. 通信学报, 2009, 30(1): 7-11.
[12]	阳少平,胡予濮,钟名富. 相关密钥不可能差分31轮SHACAL-2攻击[J]. 通信学报, 2007, 28(11A): 54-58.

x	S(x)	x	S(x)
0	C	8	8
1	0	9	3
2	F	10	D
3	A	11	7
4	2	12	1
5	B	13	E
6	9	14	6
7	5	15	4

x	IP(x)	x	IP(x)
0	0	8	4
1	8	9	12
2	1	10	5
3	9	11	13
4	2	12	6
5	10	13	14
6	3	14	7
7	11	15	15

x	P₁(x)
0	2
1	0
2	3
3	1
4	6
5	4
6	7
7	5

x	P₂(x)
0	0
1	2
2	6
3	4
4	3
5	1
6	5
7	7