轻量级分组密码算法ESF的安全性分析

发布时间：2018-01-25 23:00

本文关键词： 差分密码分析线性密码分析不可能差分零相关线性逼近 ESF MILP　出处：《计算机研究与发展》2017年10期 　论文类型：期刊论文

【摘要】：自动化分析是当前对密码算法进行安全性评估的重要方法之一,具有高效、易实现的特点.对面向位的分组密码,自从Sun等人在2014年亚洲密码年会上提出基于MILP问题的差分和线性自动化搜索方法,该方法受到了许多密码学者的关注.目前,针对求解多轮密码算法MILP模型,如何减少变量和约束不等式的研究工作相对较少,还有很多问题有待解决.根据异或操作的差分传播模式,在2017年欧洲密码年会上,Sasaki等人给出了不带假设变量的新约束不等式,该约束不等式在降低变量和约束数量的前提下保留了异或操作的差分传播性质.同时,对于S盒的性质,当输入差分变量(线性掩码)非零时,该S盒必定活跃,Sun等人用了4个约束不等式来刻画该性质,经过简单的变换,可以用1个约束来表示该性质.基于这些精炼的约束和自动化搜索方法,针对轻量级分组密码算法ESF,建立单密钥下精炼的差分和线性MILP模型,首次给出了ESF算法在单密钥情形下的差分和线性分析结果,得到了15轮ESF算法差分最小活跃S盒数量为19和16轮ESF算法线性最小活跃S盒数量为15.此外,还搜索到了轮数最长的不可能差分和零相关线性逼近区分器.
[Abstract]:Automated analysis is one of the most important methods to evaluate the security of cryptographic algorithms. It has the characteristics of high efficiency and easy implementation. Since Sun et al proposed a differential and linear automated search method based on the MILP problem at the Asian Cryptography Conference in 2014, this method has attracted the attention of many cryptographers. For solving the MILP model of multi-wheeled cryptographic algorithm, the research work on how to reduce variables and constraint inequalities is relatively few, there are still many problems to be solved. According to the difference propagation mode of XOR operation. In 2017, Sasaki et al presented a new constraint inequality without assumed variables at the European Cryptography Conference. The constraint inequality preserves the differential propagation property of the XOR operation while reducing the number of variables and constraints. At the same time, for the S-box property, the input differential variable (linear mask) is not 00:00. The S-box must be active and Sun et al used four constraint inequalities to characterize this property. After a simple transformation, the property can be represented by a constraint based on these refined constraints and automated search methods. For the lightweight block cipher algorithm, the differential and linear MILP models of refinement under the single secret key are established, and the difference and linear analysis results of the ESF algorithm in the case of single secret key are presented for the first time. The minimum number of S-boxes of 15 rounds of ESF algorithm is 19 and 16 rounds of ESF algorithm is 15. In addition, the number of least active S-boxes is 15. An impossibility difference and zero correlation linear approximation discriminator with the longest number of wheels is also found.
【作者单位】：数学工程与先进计算国家重点实验室(中国人民解放军信息工程大学);中国科学院信息工程研究所;中国科学院大学;国防科学技术大学;陆军航空兵学院;
【基金】：国家自然科学基金项目(61502532,61379150,61772519,61309016,61502529) 数学工程与先进计算国家重点实验室开放基金课题(2016A02) 河南省重点科技攻关计划项目(122102210126,092101210502)~~
【分类号】：TN918.1
【正文快照】： This work was supported by the National Natural Science Foundation of China(61502532,61379150,61772519,61309016,61502529),the Open Foundation of the State Key Laboratory of Mathematical Engineering and Advanced Computing(2016A02),and the Key Scientific a

【相似文献】