GRANULE和MANTRA算法的不可能差分区分器分析

doi:10.11959/j.issn.1000-436x.2020025

通信学报 ›› 2020, Vol. 41 ›› Issue (1): 94-101.doi: 10.11959/j.issn.1000-436x.2020025

GRANULE和MANTRA算法的不可能差分区分器分析

武小年^1,²,李迎新^1,³,韦永壮¹,孙亚平¹

¹ 桂林电子科技大学广西密码学与信息安全重点实验室，广西桂林 541004
² 保密通信重点实验室，四川成都 610041
³ 广西高校云计算与复杂系统重点实验室，广西桂林 541004

修回日期:2019-12-12 出版日期:2020-01-25 发布日期:2020-02-11
作者简介:武小年（1972- ），男，湖北监利人，桂林电子科技大学副教授，主要研究方向为分布式计算、信息安全|李迎新（1991- ），男，河南南阳人，桂林电子科技大学硕士生，主要研究方向为信息安全|韦永壮（1976- ），男，壮族，广西百色人，博士，桂林电子科技大学教授，主要研究方向为密码学、信息安全|孙亚平（1993- ），女，山东菏泽人，桂林电子科技大学硕士生，主要研究方向为信息安全
基金资助:
保密通信重点实验室基金资助项目(6142103190103);国家自然科学基金资助项目(61572148);国家自然科学基金资助项目(61872103);广西科技计划基金资助项目(AB18281019);广西自然科学基金资助项目(2018GXNSFAA294036);广西密码学与信息安全重点实验室基金资助项目(GCIS201705);广西高校云计算与复杂系统重点实验室基金资助项目(YF16205);广西研究生教育创新计划基金资助项目(YCSW2018138);广西研究生教育创新计划基金资助项目(YCBZ2018051)

Impossible differential distinguisher analysis of GRANULE and MANTRA algorithm

Xiaonian WU^1,²,Yingxin LI^1,³,Yongzhuang WEI¹,Yaping SUN¹

¹ Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China
² Science and Technology on Communication Security Laboratory,Chengdu 610041,China
³ Guangxi Colleges Key Laboratory of Cloud Computing and Complex Systems,Guilin 541004,China

Revised:2019-12-12 Online:2020-01-25 Published:2020-02-11
Supported by:
The Foundation of Science and Technology on Communication Security Laboratory(6142103190103);The National Natural Science Foundation of China(61572148);The National Natural Science Foundation of China(61872103);The Key Research and Development Plan of Guangxi(AB18281019);The Natural Science Foundation of Guangxi(2018GXNSFAA294036);Guangxi Key Laboratory of Cryptography and Information Security(GCIS201705);Guangxi Colleges Key Laboratory of Cloud Computing and Complex Systems(YF16205);The Innovation Project of Guangxi Graduate Education(YCSW2018138);The Innovation Project of Guangxi Graduate Education(YCBZ2018051)

摘要/Abstract

摘要：

轻量级分组密码算法GRANULE和MANTRA结构简单，加密速度快且易于软硬件实现，特别适用于资源受限环境。为对这2种算法进行安全性分析，提出一种不可能差分区分器的自动化搜索方法。基于GRANULE和MANTRA算法结构特性，通过分析其S盒的差分分布表得到S盒差分特征，再利用中间相遇思想，分别对从加/解密方向得到的差分路径进行遍历，筛选出概率为 0 的最优差分路径。分析结果表明，GRANULE 算法存在144个不同的7轮不可能差分区分器；MANTRA算法存在52个不同的9轮不可能差分区分器。与已有结果相比较，新发现的区分器轮数均是目前最高的。

关键词: 轻量级分组密码算法, S盒, 不可能差分区分器, 自动搜索

Abstract:

The lightweight block cipher algorithms called GRANULE and MANTRA have a simple structure,fast encryption speed,and they can be easy implemented in software and hardware.Two algorithms are especially suitable for resource-constrained environments.To analyze the security of two algorithms,an automatic search method of impossible differential distinguishers was proposed.Based on the structural characteristics of the GRANALE and MANTRA,the S-box differential characteristics were obtained by analyzing the S-box differential distribution table,and then the idea of intermediate encounter was used to traverse from the difference path obtained from the encryption/decryption direction seperately to select the optimal differential path with probability 0.The analysis results show that there are 144 different 7-round impossible differential distinguishers in the GRANULE,and 52 different 9-round impossible differential distinguishers in the MANTRA.Compared with the existing results,the rounds of the proposed distinguisher is currently the highest.

Key words: lightweight block cipher algorithm, S-box, impossible differential distinguisher, automatic search

中图分类号:

TP309

武小年,李迎新,韦永壮,孙亚平. GRANULE和MANTRA算法的不可能差分区分器分析[J]. 通信学报, 2020, 41(1): 94-101.

Xiaonian WU,Yingxin LI,Yongzhuang WEI,Yaping SUN. Impossible differential distinguisher analysis of GRANULE and MANTRA algorithm[J]. Journal on Communications, 2020, 41(1): 94-101.

图/表 12

图1

表1

图2

表2

表3

表4

表5

图3

图4

表6

表7

表8

参考文献 19

[1]	BIHAM E , SHAMIR A . Differential cryptanalysis of DES-like cryptosystems[J]. Journal of CRYPTOLOGY, 1991,4(1): 3-72.
[2]	MATSUI M , . Linear cryptanalysis method for DES cipher[C]// Workshop on the Theory and Application of of Cryptographic Techniques. 1993: 386-397.
[3]	KNUDSEN L . DEAL-a 128-bit block cipher[J].,1998,258(2):216. Complexity, 1998,258(2):216.
[4]	BIHAM E , BIRYUKOV A , SHAMIR A . Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials[C]// EUROCRYPT’99. 1999: 12-23.
[5]	KNUDSEN L , WAGNER D . Integral cryptanalysis[C]// International Workshop on Fast Software Encryption. 2002: 112-127.
[6]	LI M M , GUO J S , CUI J Y ,et al. Impossible differential cryptanalysis of speck[C]// Chinese Conference on Trusted Computing and Information Security. 2018: 16-31.
[7]	SHAHMIRZADI A R , AZIMI S A , SALMASIZADEH M ,et al. Impossible differential cryptanalysis of reduced-round Midori64 block cipher[J]. ISeCure, 2018,10(1): 3-14.
[8]	陈平, 廖福成, 卫宏儒 . 对轻量级密码算法 MIBS 的相关密钥不可能差分攻击[J]. 通信学报, 2014,35(2): 190-193+201.
	CHEN P , LIAO F C , WEI H R . Related-key impossible differential attack on a lightweight block cipher MIBS[J]. Journal on Communications, 2014,35(2): 190-193+201.
[9]	WU S B , WANG M S . Automatic search of truncated impossible differentials for word-oriented block ciphers[C]// International Conference on Cryptology. 2012: 283-302.
[10]	LUO Y Y , LAI X J . Improvements for finding impossible differentials of block cipher structures[J]. Security and Communication Networks, 2017,2017: 1-9.
[11]	SASAKI Y , TODO Y . New impossible differential search tool from design and cryptanalysis aspects[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2017: 185-215.
[12]	韩亚, 王明生 . ARX结构分组密码积分区分器的自动化搜索[J]. 通信学报, 2018,39(5): 103-110.
	HAN Y , WANG M S . Automatic method for searching integral distinguishers of ARX block ciphers[J]. Journal on Communications, 2018,39(5): 103-110.
[13]	张仕伟, 陈少真 . SIMON 不可能差分及零相关路径自动化搜索算法[J]. 软件学报, 2018,29(11): 3544-3553.
	ZHANG S W , CHEN S Z . Automatic search algorithm for impossible differential trials and zero-correlation linear trials in SIMON[J]. Journal of Software, 2018,29(11): 3544-3553.
[14]	ZHANG K , GUAN J , HU B . Automatic search of impossible differentials and zero-correlation linear hulls for ARX ciphers[J]. China Communications, 2018,15(2): 54-66.
[15]	BANSOD G , PATIL A , PISHAROTY N . GRANULE:an ultra lightweight cipher design for embedded security[R]. Cryptology ePrint Archive,Report 2018/600, 2018.
[16]	BANSOD G , PISHAROTY N , PATIL A . MANTRA:an ultra lightweight cipher design for ubiquitous computing[J]. International Journal of Ad Hoc and Ubiquitous Computing, 2018,28(1): 13-26.
[17]	石淑英, 何骏 . GRANULE算法的不可能差分分析[J]. 计算机工程, 2019,45(10): 134-138.
	SHI S Y , HE J . Impossible differential cryptanalysis of GRANULE[J]. Computer Engineering, 2019,45(10): 134-138.
[18]	TEZCAN C . Improbable differential attacks on present using undisturbed bits[J]. Journal of Computational ＆ Applied Mathematics, 2014,259(259): 503-511.
[19]	BOGDANOV A , RIJMEN V . Linear hulls with correlation zero and linear cryptanalysis of block ciphers[J]. Designs,Codes and Cryptography, 2014,70(3): 369-383.

输入差分								输出差分
输入差分	0	1	2	3	4	5	6	7	8	9	a	b	c	d	e	f
0	16	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
1	0	0	0	0	0	0	0	0	2	2	2	2	2	2	2	2
2	0	0	0	4	0	0	4	0	0	0	2	2	0	0	2	2
3	0	4	0	0	0	4	0	0	0	0	2	2	0	0	2	2
4	0	0	0	4	0	0	4	0	0	0	2	2	0	0	2	2
5	0	0	0	0	0	0	4	4	2	2	0	0	2	2	0	0
6	0	0	0	0	0	0	0	0	4	4	0	0	4	4	0	0
7	0	4	0	0	0	4	4	4	0	0	0	0	0	0	0	0
8	0	0	0	2	2	2	0	2	0	0	0	2	2	2	0	2
9	0	2	4	0	2	0	0	0	2	0	0	0	0	2	0	4
a	0	0	0	2	2	2	0	2	0	0	0	2	2	0	2	0
b	0	2	4	0	2	0	0	0	0	2	0	0	2	0	4	0
c	0	0	0	2	2	2	0	2	2	2	0	2	0	0	0	2
d	0	2	4	0	2	0	0	0	0	2	0	4	2	0	0	0
e	0	0	0	2	2	2	0	2	2	2	2	0	0	0	2	0
f	0	2	4	0	2	0	0	0	2	0	4	0	0	2	0	0

输入差分	输出差分
0001	1***
0010	*1
0100	*1
0110	10
0111	0***

输入差分	输出差分
0010	1***
1101	1***
1111	0***

不可能差分输入(ΔL₀\|\|ΔR₀)	不可能差分输出(ΔL₇\|\|ΔR₇)
0,0,0,0,v ₆,0,0,0	0,0,0,v ₄,0,0,0,0
0,0,0,0,v ₅,0,0,0	0,0,0,v ₄,0,0,0,0
0,0,0,0,0,0,0,v ₀	0,v ₀,0,0,0,0,0,0
0,0,0,0,0,0,0,v ₀	0,0,v ₄,0,0,0,0,0
0,0,0,0,v ₇,0,0,0	0,0,0,v ₄,0,0,0,0

不可能差分输入(ΔL₀\|\|ΔR₀)	不可能差分输出(ΔL₇\|\|ΔR₇)
0,0,0,0,0,0,0,v ₃	0,0,0,v ₁,0,0,0,0
0,0,0,0,0,0,0,v ₂	0,v ₅,0,0,0,0,0,0
0,0,0,0,0,0,0,v ₁	0,v ₅,0,0,0,0,0,0
0,0,0,0,0,0,0,v ₁	v ₁,0,0,0,0,0,0,0
0,0,0,0,0,0,0,v ₁	0,v ₄,0,0,0,0,0,0

GRANULE和MANTRA算法的不可能差分区分器分析

Impossible differential distinguisher analysis of GRANULE and MANTRA algorithm

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 19

相关文章 8

Metrics

推荐阅读 0

算法名称	分析方法	区分器轮数	个数	对比文献
	不可能差分分析	5	9	文献[17]
GRANULE	不可能差分分析	7	144	本文方法
	不可能差分分析	6	38	文献[10]
	零相关线性分析	6	—	文献[15]
	不可能差分分析	9	52	本文方法
MANTRA	不可能差分分析	6	52	文献[10]
	零相关线性分析	8	—	文献[16]

[1]	张岚, 何良生, 郁滨. SPS结构大规模S盒设计与分析[J]. 通信学报, 2023, 44(2): 27-40.
[2]	刘正斌, 李永强, 朱朝熹. 分组密码最小活跃S盒个数快速搜索算法[J]. 通信学报, 2023, 44(1): 118-128.
[3]	关杰,黄俊君. 一类新的基于元胞自动机的S盒的密码学性质研究[J]. 通信学报, 2019, 40(5): 192-200.
[4]	姜久兴,厚娇,黄海,赵玉迎,冯新新. 低面积复杂度AES低熵掩码方案的研究[J]. 通信学报, 2019, 40(5): 201-210.
[5]	袁峰,江继军,杨旸,许盛伟. 与3类向量值密码函数仿射等价的函数数量研究[J]. 通信学报, 2017, 38(11): 84-92.
[6]	王永娟,任泉宇,张诗怡. 轻量级分组密码Klein的差分故障攻击[J]. 通信学报, 2016, 37(Z1): 111-115.
[7]	赵新杰,王韬,王素贞,吴杨. MIBS深度差分故障分析研究[J]. 通信学报, 2010, 31(12): 82-89.
[8]	殷新春,杨洁,谢立. 密钥控制的多S盒Rijndael算法[J]. 通信学报, 2007, 28(9): 125-132.

x	S[x]
0	e
1	7
2	8
3	4
4	1
5	9
6	2
7	f
8	5
9	a
a	b
b	0
c	6
d	c
e	d
f	3

x	S[x]
0	2
1	5
2	d
3	a
4	f
5	3
6	4
7	9
8	b
9	0
a	6
b	c
c	8
d	e
e	1
f	7