轻量级分组密码算法分析

发布时间：2018-06-14 12:21

本文选题：中间相遇攻击 + 轻量级分组密码　；参考：《东华大学》2014年硕士论文

【摘要】：随着物联网的发展,RFID芯片和无线传感网络等微型计算设备的应用越来越广泛,给人们的生活带来了极大的便利。与此同时,如何确保信息的安全性,越来越引起人们的重视。因为微型计算设备资源受限,所以既追求效率又要保证安全性的轻量级分组密码算法应运而生。 KTANTAN[1]是由Christophe De Canniere, Orr Dunkelman和Miroslav Knezevic在2009年密码硬件和嵌入式系统国际会议(CHES)上提出的一个轻量级分组密码算法,具有硬件实现简单和低功耗等特点。它采用了基于非线性反馈移位寄存器(NLFSR)的轮函数结构和线性密钥编排,可以抵抗差分分析、线性分析和其他一些攻击。KTANTAN是一族分组密码算法,明文分组长度可以是32、48和64位,相应的算法分别称为KTANTAN32、KTANTAN48和KTANTAN64。密钥长度都是80位,进行254轮加密。目前已知的对KTANTAN的分析方法有相关功耗分析、相关密钥中间相遇代数攻击、中间相遇攻击等。轻量级分组密码算法在设计时力求寻找执行效率与安全性的最佳平衡点。然而当执行效率提高时,算法的安全性必然会受到影响,所以对算法安全性的分析显得尤为重要。本文以KTANTAN为例,对轻量级分组密码算法的安全性进行评估。结合KTANTAN的加密结构和特点,尝试运用3维及以上的中间相遇攻击方法对KTANTAN的安全性进行分析,接着利用分段-连接、间接部分匹配、预计算等各种技术对攻击方法进行改进,取得以下成果： 1.依据KTANTAN的结构特点,猜测中间状态X和Y,将整个加密算法分成三个连续的区间,利用3维中间相遇攻击方法对KTANTAN进行分析,给出了攻击步骤,以及攻击过程的时间复杂度和数据复杂度。 2.研究了结合分段-连接和间接部分匹配技术的3维中间相遇攻击对KTANTAN32的攻击过程,得到更优的攻击结果,数据复杂度为3个明密文对,时间复杂度为267.63次加密运算。 3.在上述攻击的基础上,继续对3维中间相遇攻击进行改进——猜测Y的一部分比特,通过调整X和Y的位置,取得更好的攻击结果：时间复杂度为266.77次加密运算,数据复杂度为3个明文对。 4.研究了结合数据预处理和缓存技术的3维中间相遇攻击对KTANTAN进行攻击,减少了攻击过程中重复计算的次数,将时间复杂度进一步降低至265.17次加密运算。 5.简要分析3维中间相遇攻击方法对KTANTAN64/128攻击和4维及以上的中间相遇攻击对KTANTAN32/64/128算法的攻击。
[Abstract]:With the development of Internet of things, RFID chip and wireless sensor network and other micro-computing devices are more and more widely used, which brings great convenience to people's life. At the same time, how to ensure the security of information has attracted more and more attention. Because of the limited resources of microcomputing equipment, So the lightweight block cipher algorithm, which is both efficient and secure, comes into being. KTANTAN [1] is a lightweight algorithm proposed by Christophe de Canniere, Orr Dunkelman and Miroslav Knezevic at the 2009 International Conference on cryptography hardware and embedded Systems (CHESs), which was presented by Christophe de Canniere, Orr Dunkelman and Miroslav Knezevic. Stage block cipher algorithm, It has the characteristics of simple hardware implementation and low power consumption. It adopts round function structure based on nonlinear feedback shift register and linear key arrangement, which can resist differential analysis. Linear analysis and some other attacks. KTANTAN is a family of block cipher algorithms. The corresponding algorithms are called KTAN32 KTANTAN48 and KTANTAN64. respectively. Key length is 80 bits, 254 rounds of encryption. The known analysis methods for KTANTAN include correlation power analysis, key intermediate encounter algebraic attack, middle encounter attack and so on. The lightweight block cipher algorithm is designed to find the best balance between execution efficiency and security. However, when the execution efficiency is improved, the security of the algorithm is bound to be affected, so it is particularly important to analyze the security of the algorithm. This paper takes KTANTAN as an example to evaluate the security of lightweight block cipher algorithm. Combined with the encryption structure and characteristics of KTANTAN, this paper attempts to analyze the security of KTANTAN by using three dimensional and more middle encounter attack methods, and then improves the attack method by using piecewise connection, indirect partial matching, prediction and other techniques. The following results have been achieved: 1. According to the structural characteristics of KTANTAN, the intermediate states X and Y are conjectured, and the whole encryption algorithm is divided into three consecutive intervals. And attack process time complexity and data complexity. 2. In this paper, the attack process of 3-dimensional intermediate encounter attack against KTANTAN32 with piecewise connection and indirect partial matching techniques is studied. The result is better. The data complexity is 3 ciphertext pairs and the time complexity is 267.63 encryption operations. On the basis of the above attacks, we continue to improve the three dimensional intermediate encounter attack-guess some bits of Y, and get better result by adjusting the position of X and Y: the time complexity is 266.77 encryption operations. The data complexity is 3 plaintext pairs. 4. This paper studies the attack of KTANTAN with data preprocessing and buffer technology, which reduces the number of repeated computations and further reduces the time complexity to 265.17 encryption operations. 5. This paper briefly analyzes the attack on KTANTAN64 / 128 and 4-dimensional intermediate encounter attack on KTANTAN32 / 64 / 128 algorithm.
【学位授予单位】：东华大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【参考文献】