通信学报 ›› 2023, Vol. 44 ›› Issue (1): 39-48.doi: 10.11959/j.issn.1000-436x.2023023

• 学术论文 • 上一篇    下一篇

基于MILP的轻量级密码算法ACE的差分分析

刘帅, 关杰, 胡斌, 马宿东   

  1. 信息工程大学密码工程学院,河南 郑州 450001
  • 修回日期:2022-11-11 出版日期:2023-01-25 发布日期:2023-01-01
  • 作者简介:刘帅(1993- ),男,山东泰安人,信息工程大学博士生,主要研究方向为认证加密算法的分析与应用等
    关杰(1974- ),女,河南郑州人,博士,信息工程大学教授,主要研究方向为密码理论和密码算法分析等
    胡斌(1971- ),男,河南信阳人,博士,信息工程大学教授,主要研究方向为对称密码算法分析等
    马宿东(1996- ),男,安徽宿州人,信息工程大学博士生,主要研究方向为序列密码算法的分析等
  • 基金资助:
    国家自然科学基金资助项目(61802437);国家自然科学基金资助项目(62102448)

Differential analysis of lightweight cipher algorithm ACE based on MILP

Shuai LIU, Jie GUAN, Bin HU, Sudong MA   

  1. School of Cryptography Engineering, Information Engineering University, Zhengzhou 450001, China
  • Revised:2022-11-11 Online:2023-01-25 Published:2023-01-01
  • Supported by:
    The National Natural Science Foundation of China(61802437);The National Natural Science Foundation of China(62102448)

摘要:

研究了轻量级密码算法ACE的差分性质。首先定义了n维环形与门组合,充分分析了该结构中与门之间的相互关系,仅利用O(n)个表达式给出其精确的MILP差分刻画,将ACE算法中的非线性操作转化为32维环形与门组合,从而给出了ACE算法的MILP差分模型。其次根据MILP模型求解器Gurobi的求解特点,给出了快速求解ACE的MILP差分模型的方法。对于3~6步的ACE置换,得到了最优差分链,利用多差分技术给出了更高概率的差分对应,从而给出了 ACE 置换为 3 步的认证加密算法 ACE- AE-128 的差分伪造攻击与哈希算法ACE- H-256的差分碰撞攻击,成功概率为2-90.52,并证明了4步ACE置换达到了128 bit的差分安全边界。实际上,n维环形与门组合的MILP差分刻画具有更多的应用场景,可应用于SIMON、Simeck等密码算法的分析中。

关键词: 轻量级密码算法, 混合整数线性规划, 环形与门组合, 差分分析

Abstract:

The differential property of the lightweight cipher algorithm ACE was researched.n-dimension ring AND-gate combination was defined and its differential property was described accurately by only O(n) expressions with the MILP method by analyzing the relationship among AND gates.The nonlinear operation of ACE was transformed to the 32-dimension ring AND-gate combination and the MILP differential model of ACE was proposed.According to the characteristics of Gurobi solver, a model for fast solving the MILP differential model of ACE was given.For ACE permutation with 3 to 6 steps, the optimal differential characteristic was obtained and its probability was improved by multi-difference technique.The differential forge attack on authenticated encryption algorithm ACE- AE-128 and the differential collision attack on hash algorithm ACE- H-256 was given with 3-step ACE permutation, and the success probability was 2-90.52.And it was proved that the 4-steps ACE permutation arrived the differential security bound of 128 bit.Actually, the MILP differential description of ring AND-gate combination can be applied on more cipher algorithms, such as SIMON, Simeck.

Key words: lightweight cipher algorithm, MILP, ring AND-gate combination, differential analysis

中图分类号: 

No Suggested Reading articles found!