徐林宏,郭建胜,崔竞一,李明明.Piccolo算法的相关密钥-不可能差分攻击.软件学报,2019,30(8):2349-2361 |
Piccolo算法的相关密钥-不可能差分攻击 |
Related-key Impossible Differential Attack on Piccolo |
投稿时间:2018-05-22 修订日期:2018-09-21 |
DOI:10.13328/j.cnki.jos.005762 |
中文关键词: 轻量级分组密码 Piccolo 相关密钥-不可能差分 密码分析 |
英文关键词:lightweight block cipher Piccolo related-key impossible differential cryptanalysis |
基金项目:信息保障技术重点实验室开放基金(KJ-17-003) |
|
摘要点击次数: 1737 |
全文下载次数: 856 |
中文摘要: |
现有的对于Piccolo算法的安全性分析结果中,除Biclique分析外,以低于穷举搜索的复杂度最长仅攻击至14轮Piccolo-80和18轮Piccolo-128算法.通过分析Piccolo算法密钥扩展的信息泄漏规律,结合算法等效结构,利用相关密钥-不可能差分分析方法,基于分割攻击思想,分别给出了15轮Piccolo-80和21轮Piccolo-128含前向白化密钥的攻击结果.当选择相关密钥量为28时,攻击所需的数据复杂度分别为258.6和262.3,存储复杂度分别为260.6和264.3,计算复杂度分别为278和282.5;在选择相关密钥量为24时,攻击所需的数据复杂度均为262.6和262.3,存储复杂度分别为264.6和264.3,计算复杂度分别为277.93和2124.45.分析结果表明,仅含前向白化密钥的15轮Piccolo-80算法和21轮Piccolo-128算法在相关密钥-不可能差分攻击下是不安全的. |
英文摘要: |
The existing security analysis results for Piccolo attack only up to 14-round Piccolo-80 and 18-round Piccolo-128 with lower complexity than exhaustive analysis, except for biclique analysis. By analyzing the information disclosure law of the key-schedule algorithm of Piccolo, the related-key impossible differential cryptanalysis method is used to give the attack results on 15-round Piccolo-80 and 21-round Piccolo-128 with pre-whitening keys respectively. When 28 related-keys are used, the data complexity of the attack is 258.6 and 262.3, the memory complexity is 260.6 and 264.3, and the computational complexity is 278 and 282.5 respectively. When 24 related-keys are used, the data complexity, memory complexity, and computational complexity of attack are 262.6, 262.3; 264.6, 264.3; 277.93, 2124.45 respectively. The analysis shows that the 15-round Piccolo-80 and 21-round Piccolo-128 with pre-whitening keys are insecure under the related-key impossible differential attack. |
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |