分组密码9轮Rijndael-192的不可能差分攻击

doi:10.3969/j.issn.1671-1122.2020.04.005

信息网络安全 ›› 2020, Vol. 20 ›› Issue (4): 40-46.doi: 10.3969/j.issn.1671-1122.2020.04.005

分组密码9轮Rijndael-192的不可能差分攻击

董晓丽¹(), 商帅¹, 陈杰²

1.西安邮电大学网络空间安全学院,西安 710121
2.西安电子科技大学通信工程学院,西安 710071

收稿日期:2019-09-15 出版日期:2020-04-10 发布日期:2020-05-11
通讯作者: 董晓丽 E-mail:dxl_xaut@163.com
作者简介:
作者简介：董晓丽（1982—）,女,山西,讲师,博士,主要研究方向为分组密码的分析;商帅（1997—）,男,河南,本科,主要研究方向为网络安全;陈杰（1979—）,女,湖南,副教授,博士,主要研究方向为密码算法分析、安全协议设计。
基金资助:
国家自然科学基金[61772418];陕西省自然科学基础研究计划青年项目[2017JQ6010];“十三五”密码发展基金[MMJJ20180219]

Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192

DONG Xiaoli¹(), SHANG Shuai¹, CHEN Jie²

1. School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
2. School of Telecommunication Engineering, Xidian University, Xi’an 710071, China

Received:2019-09-15 Online:2020-04-10 Published:2020-05-11
Contact: Xiaoli DONG E-mail:dxl_xaut@163.com

摘要/Abstract

摘要：

由于分组密码具有速度快、标准化、便于软硬件实现的特点,在信息安全领域有着广泛的应用,因此有必要研究分组密码的安全性。不可能差分攻击是针对分组密码有效的攻击方法之一,文章主要研究了分组密码Rijndael-192的9轮不可能差分攻击。文章依据列混淆变换差分分支数为5的性质,构造了一种5轮Rijndael-192不可能差分区分器;然后基于该区分器,利用S盒的性质和密钥扩展方案的弱点,对9轮Rijndael-192进行了密钥恢复攻击。结果表明,针对密钥长度为192的9轮Rijndael-192攻击方法,数据复杂度为2^176.6个选择明文,时间复杂度为2^188.2次加密,存储复杂度为2¹²⁰个块,与已有的结果相比,该方法在数据复杂度、时间复杂度和存储复杂度上都有所降低;针对密钥长度为224和256的9轮Rijndael-192攻击,数据复杂度为2^178.2个选择明文,时间复杂度为2^197.8次加密,存储复杂度为2¹²⁰个块,与已有的结果相比,该方法的数据和存储复杂度有所降低。

关键词: 密码分析, 分组密码, Rijndael, 不可能差分攻击

Abstract:

With high speed, easy standardization and easy implement in hardware and software, block cipher has a wide range of applications in the field of information security. It is necessary to study the security of block cipher. Impossible differential attack is one of the effective attack methods against block cipher. In this paper, we focus on impossible differential (ID) attacks on Rijndael-192. According to the property that the difference branch number of the MixColumns is 5, a new 5-round impossible differential is proposed; then based on this impossible differential, with property of S-box and the key schedule weakness, the key recovery on the 9-round Rijndael-192 is given. It is shown or the attack on 9-round Rijndael-192 with key size of 192, it requires data complexity of about 2^176.6 chosen plaintexts ,time complexity of about 2^188.2 encryptions and memory complexity of about 2¹²⁰ blocks, which is better than previous known results in terms of the data, time and memory complexity; for the attack on 9-round Rijndael-192 with key size of 224 and 256, it requires data complexity of about 2^178.2 chosen plaintexts, time complexity of about 2^197.8 encryptions and memory complexity of about 2¹²⁰blocks,which is better than previous known results in terms of the data and memory complexity.

Key words: crypt analysis, block cipher, Rijndael, impossible differential attack

中图分类号:

TP309

董晓丽, 商帅, 陈杰. 分组密码9轮Rijndael-192的不可能差分攻击[J]. 信息网络安全, 2020, 20(4): 40-46.

DONG Xiaoli, SHANG Shuai, CHEN Jie. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192[J]. Netinfo Security, 2020, 20(4): 40-46.

图/表 3

参考文献 15

[1]	DAEMEN J, RIJMEN V.The Design of Rijndael: AES: the Advanced Encryption Standard[M]. Berlin Heidelberg: Springer-Verlag, 2002.
[2]	GAURAVARA M, KNUDSEN LR, MATUSIEWICZ K, et al. Grøstl-a SHA-3 candidate[EB/OL]., Submission to NIST2008, 2019-7-15.
[3]	FERGUSON N, KELSEY J, LUCKS S, et al.Improved Cryptanalysis of Rijndael[C]//ACM. Fast Software Encryption 2000, April 10-12, 2000, New York, USA. New York: ACM, 1978: 213-230.
[4]	NAKAHAR A J, FREITAS D S, PHAN RC.New Multiset Attacks on Rijndael with Large Blocks[C]// Springer. Progress in Cryptology-Mycrypt 2005, September 28-30, 2005, Kuala Lumpur, Malaysia. Berlin: Springer-Verlag, LNCS, 2005: 277-295.
[5]	GALICE S, MINIER M.Improving Integral Attacks against Rijndael-256 up to 9 Rounds[C]// Springer. Progress in Cryptology-AFRICACRYPT 2008, June 11-14, 2008, Casablanca, Morocco. Berlin: Springer-Verlag, LNCS, 2008: 1-15.
[6]	LI Yanjun, WU Wenling.Improved Integral Attacks on Rijndael[J]. Journal of Information Science and Engineering, 2011, 27(6): 2031-2045.
[7]	ZHANG Lei, WU Wenling, PARK J H, et al.Improved Impossible Differential Attacks on Large-block Rijndael[C]// Springer. Information Security2008, September 15-18, 2008, Taipei, China. Berlin: Springer-Verlag, LNCS, 2008, 5222: 298-315.
[8]	WANG Qingju, GU Dawu, RIJMEN V, et al.Improved Impossible Differential Attacks on Large-block Rijndael.[C]// Springer. Information Security and Cryptology 2012, November 28-30, 2012, Seoul, Korea. Berlin: Springer-Verlag, LNCS, 2012: 126-140.
[9]	MINIER M.Improving Impossible-differential Attacks against Rijndael-160 and Rijndael-224[J]. Designs Codes & Cryptography, 2017, 82(1-2): 117-129.
[10]	CUI Jingyi, GUO Jiansheng, LIU Yipeng.Cryptanalysis of Rijndael-192/224 in Single Key Setting[C]// Springer. Chinese Conference on Trusted Computing and Information Security 2017, September 14-17, Changsha, China. Singapore: Springer, 2017: 97-111.
[11]	LIU Ya, SHI Yifan, GU Dawu, et al.Improved Impossible Differential Cryptanalysis of Large-block Rijndael[J]. Science China Information Sciences, 2019, 62(3): 32-101.
[12]	KNUDSEN L R. DEAL-a 128-bit Block Cipher[R]. Norway: Department of Informatics, University of Bergen, 1998.
[13]	BIHAM E, BIRYUKOV A, SHAMIR A.Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials[C]// Springer. Advances in Cryptology-EUROCRYPT1999, May 2-6, 1999, Prague, Czech Republic. Berlin: Springer-Verlag, 1999: 12-23.
[14]	DERBEZ P, FOUQUE PA, JEAN J.Improved Key Recovery Attacks on Reduced-round AES in the Single-key Setting[C]// Springer. Advances in Cryptology-EUROCRYPT 2013, May 26-30, 2013, Athens, Greece. Berlin: Springer-Verlag, 2013: 371-387.
[15]	LU Jiqiang.Cryptanalysis of Block Ciphers[D]. London: Royal Holloway University of London, 2008.

轮数	密钥长度	数据复杂度	时间复杂度	存储复杂度	攻击类型	来源
7	all	2¹²⁸-2¹¹⁹	2¹²⁰	small	部分和	文献[3]
7	160,192,224,256	2^130.5	2¹⁴⁴	small	多重集	文献[4]
8	192,224,256	2¹⁵⁸	2^177.4	small	不可能差分	文献[7]
8	192,224,256	2¹⁷⁹	2^81.4	small	不可能差分	文献[7]
9	192	2^183.4	2^188.4	2^163.1	不可能差分	文献[11]
9	192	2^176.6	2^188.2	2¹²⁰	不可能差分	本文方案
9	224,256	2^183.4	2^188.4	2^163.1	不可能差分	文献[11]
9	224,256	2^178.2	2^197.8	2¹²⁰	不可能差分	本文方案

分组密码9轮Rijndael-192的不可能差分攻击

Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 15

相关文章 9

编辑推荐

Metrics

本文评价

	Rijndael-128	Rijndael-160	Rijndael-192	Rijndael-224	Rijndael-256
k=128	10	11	12	13	14
k =160	11	11	12	13	14
k =192	12	12	12	13	14
k =224	13	13	13	13	14
k =256	14	14	14	14	14

[1]	向永谦, 宋智琪, 王天宇. 一种基于双明文的数据对称加密算法[J]. 信息网络安全, 2018, 18(7): 69-78.
[2]	王勇. 新型数学难题及其在分组密码中的应用研究[J]. 信息网络安全, 2014, 15(11): 79-82.
[3]	张平, 陈长松, 胡红钢. 基于分组密码的认证加密工作模式[J]. 信息网络安全, 2014, 15(11): 8-10.
[4]	. 基于分组密码的认证加密工作模式[J]. , 2014, 14(11): 8-.
[5]	. 新型数学难题及其在分组密码中的应用研究[J]. , 2014, 14(11): 79-.
[6]	苏烈华;李恒训;李锁雷. 基于时空折中算法的密码分析系统设计与实现[J]. , 2013, 13(5): 0-0.
[7]	杨佳;鲁青远. C2密码及其安全性研究[J]. , 2011, 11(3): 0-0.
[8]	李卷孺;谷大武;张媛媛. 一种针对特定结构SPN密码算法的差分故障攻击[J]. , 2009, 9(4): 0-0.
[9]	范永清. 密码学及其在现代通讯中的应用[J]. , 2009, 9(3): 0-0.