对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击

doi:10.11959/j.issn.1000-436x.2017214

通信学报 ›› 2017, Vol. 38 ›› Issue (11): 13-23.doi: 10.11959/j.issn.1000-436x.2017214

对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击

崔杰,左海风,仲红

安徽大学计算机科学与技术学院，安徽合肥 230039

修回日期:2017-08-10 出版日期:2017-11-01 发布日期:2017-12-13
作者简介:崔杰（1980-），男，河南淮阳人，博士，安徽大学副教授、硕士生导师，主要研究方向为网络与信息安全。|左海风（1992-），男，安徽宿州人，安徽大学硕士生，主要研究方向为分组密码的设计与分析。|仲红（1965-），女，安徽固镇人，博士，安徽大学教授、博士生导师，主要研究方向为网络与信息安全。
基金资助:
国家自然科学基金资助项目(61502008);国家自然科学基金资助项目(6157200);安徽省自然科学基金资助项目(1508085QF132)

Biclique cryptanalysis on lightweight block ciphers I-PRESENT-80 and I-PRESENT-128

Jie CUI,Hai-feng ZUO,Hong ZHONG

College of Computer Science and Technology,Anhui University,Hefei 230039,China

Revised:2017-08-10 Online:2017-11-01 Published:2017-12-13
Supported by:
The National Natural Science Foundation of China(61502008);The National Natural Science Foundation of China(6157200);The Natural Science Foundation of Anhui Province(1508085QF132)

摘要/Abstract

摘要：

I-PRESENT是一种适用于RFID、无线传感节点等资源受限环境的代换——置换型分组密码。利用中间筛选技术来构造I-PRESENT的biclique结构，首次对全轮I-PRESENT-80和I-PRESENT-128算法进行了biclique攻击。结果表明，biclique对I-PRESENT-80和I-PRESENT-128攻击的数据复杂度分别为2²⁶和2³⁶个选择密文；攻击的时间复杂度分别为2^79.48和2^127.33次加密。攻击在时间复杂度和数据复杂度上均优于穷举。利用提出的I-PRESENT的密钥相关性技术，攻击的时间复杂度可以进一步降低到2^78.61和2^126.48。

关键词: 轻量级分组密码, PRESENT, 预计算匹配, biclique攻击

Abstract:

I-PRESENT was a lightweight SPN block cipher for resource-constraint environments such as RFID tags and sensor networks.The biclique structures of I-PRESENT with sieve-in-the-middle technique was an constracted.The biclique cryptanalysis schemes on full-round I-PRESENT-80 and I-PRESENT-128 were proposed for the first time.The results show that the data complexity of the biclique cryptanalysis on I-PRESENT-80 and I-PRESENT-128 is 2 ²⁶ and 2³⁶ chosen ciphertexts respectively，and the time complexity on them is 2 ^79.48 and 2 ^127.33 encryptions respectively.The time and data complexity are better than that of the exhaustive attack.In addition,the time complexity on them can be reduced to 2 ^78.61 and 2^126.48 encryptions by using related-key technology of I-PRESENT.

Key words: lightweight block cipher, PRESENT, matching-with-precomputations, biclique cryptanalysis

中图分类号:

TN918.1

崔杰,左海风,仲红. 对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击[J]. 通信学报, 2017, 38(11): 13-23.

Jie CUI,Hai-feng ZUO,Hong ZHONG. Biclique cryptanalysis on lightweight block ciphers I-PRESENT-80 and I-PRESENT-128[J]. Journal on Communications, 2017, 38(11): 13-23.

图/表 10

图1

表1

I-PRESENT的S盒映射关系"

x	s (x)	$s^{- 1} (x)$	$\hat{s} (x)$
0	D	8	E
1	6	2	A
2	1	F	2
3	F	9	C
4	4	4	4
5	8	7	8
6	B	1	F
7	5	E	D
8	0	5	5
9	3	C	9
A	A	A	1
B	C	6	B
C	9	B	3
D	E	0	7
E	7	D	0
F	2	3	6

表1

表2

图2

图3

图4

图5

图6

图7

图8

参考文献 20

[1]	BOGDANOV A , KNUDSEN L R , LEANDER G ,et al. PRESENT:an ultra-lightweight block cipher[C]// Internation Workshop on Cryptographic Hardware and Embedded Systems. 2007: 450-466.
[2]	DE C , DUNKELMAN O,KNE?EVI? M . KATAN and KTANTAN-a family of small and efficient hardware-oriented block ciphers[M]// Cryptographic Hardware and Embedded Systems-CHES 2009. Springer,Berlin,Heidelberg, 2009: 272-288.
[3]	WU W , ZHANG L . LBlock:a lightweight block cipher[C]// Applied Cryptography and Network Security,9th InternationalConference. 2011: 327-344.
[4]	GUO J , PEYRIN T , POSCHMANN A ,et al. The LED block cipher[M]// Cryptographic Hardware and Embedded Systems. 2011: 326-341.
[5]	BORGHOFF J , CANTEAUT A , GüNEYSU T ,et al. PRINCE-A low-latency block cipher for pervasive computing applications[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2012: 208-225.
[6]	BEAULIEU R , SHORS D , SMITH J ,et al. The simon and speck families of lightweight block ciphers[J]. Cryptology ePrint Archive, 2013.
[7]	ZABA M R , JAMIL N , RUSLI M E ,et al. I-PRESENT:an involutive lightweight block cipher[J]. Journal of Information Security, 2014,5(3): 114-122.
[8]	KHOVRATOVICH D , RECHBERGER C , SAVELIEVA A . Bicliques for preimages:attacks on skein-512 and the SHA-2 family[C]// International Conference on FAST Software Encryption. 2012: 244-263.
[9]	BOGDANOV A , KHOVRATOVICH D , RECHBERGER C . Biclique cryptanalysis of the full AES[C]// The Theory and Application of Cryptology and Information Security. 2011: 344-371.
[10]	陈少真, 刘佳 . 对全轮3D分组密码算法的Biclique攻击[J]. 计算机学报. 2014,37(5): 1063-1070.
	CHEN S Z , LIU J . Biclique cryptanalysis on full 3D block cipher[J]. Chinese Journal of Computers, 2014,37(5): 1063-1070.
[11]	MALA H . Biclique-based cryptanalysis of the block cipher SQUARE[J]. Iet Information Security, 2014,8(3): 207-212.
[12]	HONG D , KOO B , KWON D . Biclique attack on the Full HIGHT[C]// International Conference on Information Security and Cryptology. 2011: 365-374.
[13]	WANG Y , WU W , YU X . Biclique cryptanalysis of reduced-round piccolo block cipher[C]// International Conference on Information Security Practice and Experience. 2012: 337-352.
[14]	CHEN S Z , XU T M , CHEN S Z ,et al. Biclique attack of the full ARIA-256[C]// IACR Cryptology ePrint Archive. 2012.
[15]	WANG Y , WU W , YU X ,et al. Security on LBlock against biclique cryptanalysis[M]// Information Security Applications. 2012: 1-14.
[16]	COBAN M , KARAKOC F , BOZTAS ? . Biclique cryptanalysis of TWINE[C]// CANS. 2012: 43-55.
[17]	KHOVRATOVICH D , LEURENT G , RECHBERGER C . Narrowbicliques:cryptanalysis of full IDEA[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2012: 392-410.
[18]	AHMADIAN Z , SALMASIZADEH M , AREF M R . Biclique cryptanalysis of the full-round KLEIN block cipher[J]. Information Security Iet, 2015,9(5): 294-301.
[19]	SHAKIBA M , DAKHILALIAN M , MALA H . Non-isomorphic biclique cryptanalysis and its application to full-round mCrypton[J]. IACR Cryptology ePrint Archive, 2013:141.
[20]	CANTEAUT A , NAYA-PLASENCIA M , VAYSSIERE B . Sieve-inthe-middle:improved MITM attacks[M]// Cryptology-CRYPTO 2013. Springer,Berlin,Heidelberg, 2013: 222-240.

对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击

Biclique cryptanalysis on lightweight block ciphers I-PRESENT-80 and I-PRESENT-128

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 20

相关文章 11

Metrics

推荐阅读 0

x	y	x	y	x	y	x	y
0	0	16	4	32	8	48	12
1	16	17	20	33	24	49	28
2	32	18	36	34	40	50	44
3	48	19	52	35	56	51	60
4	1	20	5	36	9	52	13
5	17	21	21	37	25	53	29
6	33	22	37	38	41	54	45
7	49	23	53	39	57	55	61
8	2	24	6	40	10	56	14
9	18	25	22	41	26	57	30
10	34	26	38	42	42	58	46
11	50	27	54	43	58	59	62
12	3	28	7	44	11	60	15
13	19	29	23	45	27	61	31
14	35	30	39	46	43	62	47
15	51	31	55	47	59	63	63

[1]	蒋梓龙, 金晨辉. Saturnin算法的不可能差分分析[J]. 通信学报, 2022, 43(3): 53-62.
[2]	谢敏,李嘉琪,田峰. FeW的差分故障攻击[J]. 通信学报, 2020, 41(4): 143-149.
[3]	武小年,李迎新,韦永壮,孙亚平. GRANULE和MANTRA算法的不可能差分区分器分析[J]. 通信学报, 2020, 41(1): 94-101.
[4]	谢敏,田峰,李嘉琪. TWINE算法的相关密钥不可能飞来去器攻击[J]. 通信学报, 2019, 40(9): 184-192.
[5]	高杨,王永娟,王磊,王涛. 轻量级分组密码算法TWINE差分故障攻击的改进[J]. 通信学报, 2017, 38(Z2): 178-184.
[6]	谢敏,牟彦利. LBlock算法的相关密钥不可能飞来去器分析[J]. 通信学报, 2017, 38(5): 66-71.
[7]	黄静,赵新杰,张帆,郭世泽,周平,陈浩,杨建. PRESENT代数故障攻击的改进与评估[J]. 通信学报, 2016, 37(8): 144-156.
[8]	张兴，韩冬，曹光辉，贾旭. 基于PRESENT算法的RFID安全认证协议[J]. 通信学报, 2015, 36(Z1): 65-74.
[9]	陈平，廖福成，卫宏儒. 对轻量级密码算法MIBS的相关密钥不可能差分攻击[J]. 通信学报, 2014, 35(2): 23-193.
[10]	陈平,廖福成,卫宏儒. 对轻量级密码算法MIBS的相关密钥不可能差分攻击[J]. 通信学报, 2014, 35(2): 190-193.
[11]	吴克辉,赵新杰,王韬,郭世泽,刘会英. PRESENT密码代数故障攻击[J]. 通信学报, 2012, 33(8): 85-92.

x	y	x	y	x	y	x	y
0	0	16	4	32	8	48	12
1	16	17	20	33	24	49	28
2	32	18	36	34	40	50	44
3	48	19	52	35	56	51	60
4	1	20	5	36	9	52	13
5	17	21	21	37	25	53	29
6	33	22	37	38	41	54	45
7	49	23	53	39	57	55	61
8	2	24	6	40	10	56	14
9	18	25	22	41	26	57	30
10	34	26	38	42	42	58	46
11	50	27	54	43	58	59	62
12	3	28	7	44	11	60	15
13	19	29	23	45	27	61	31
14	35	30	39	46	43	62	47
15	51	31	55	47	59	63	63

x	y	x	y	x	y	x	y
0	0	16	4	32	8	48	12
1	16	17	20	33	24	49	28
2	32	18	36	34	40	50	44
3	48	19	52	35	56	51	60
4	1	20	5	36	9	52	13
5	17	21	21	37	25	53	29
6	33	22	37	38	41	54	45
7	49	23	53	39	57	55	61
8	2	24	6	40	10	56	14
9	18	25	22	41	26	57	30
10	34	26	38	42	42	58	46
11	50	27	54	43	58	59	62
12	3	28	7	44	11	60	15
13	19	29	23	45	27	61	31
14	35	30	39	46	43	62	47
15	51	31	55	47	59	63	63