引用本文
  • 曹文芹,张文涛.分组密码算法的仿射线性密码分析[J].信息安全学报,已采用    [点击复制]
  • Wenqin Cao,Wentao Zhang.Affine linear cryptanalysis of block cipher[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 1315次   下载 225  
分组密码算法的仿射线性密码分析
曹文芹, 张文涛
0
(中国科学院信息工程研究所信息安全国家重点实验室 北京 中国)
摘要:
仿射线性密码分析是分组密码多维线性密码分析的一个新的变体。多维线性密码分析使用了线性子空间中所有的非零线性逼近,而仿射线性密码分析舍弃了多维线性子空间中对容量贡献较小或者没有贡献的一半线性逼近,仅从保留的仿射子空间提取信息构造了更有效的卡方检验统计量对分组密码进行攻击。为了进一步提高攻击的效率,Nyberg猜想舍弃仿射统计量中得分较小的项,利用剩余项仍可以构造服从卡方分布的统计检验统计量。本文证明了该猜想是正确的,并给出了该猜想的一个应用方法。利用PRESENT和Serpent算法验证了此模型的有效性,对PRESENT进行了26和27轮密钥恢复攻击,分析了Serpent算法仿射线性逼近的数据复杂度。
关键词:  多维线性分析  仿射线性分析  PRESENT
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.20
投稿时间:2021-03-11修订日期:2021-04-27
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目)
Affine linear cryptanalysis of block cipher
Wenqin Cao, Wentao Zhang
(State Key Laboratory Of Information Security,Institute of Information Engineering,#$NLChinese Academy of Sciences)
Abstract:
Affine linear cryptanalysis is a new variant of multidimensional linear cryptanalysis method for block ciphers. Multidimensional linear cryptanalysis uses all nonzero linear approximations in a multidimensional linear subspaces, but it discards a whole half-space of linear approximations, which contributes little or nothing to multidimensional linear crypt-analysis, and only extracts information from the reserved affine subspace to construct more effective test statistics to attack block ciphers. In order to further improve the efficiency of the attack, Nyberg conjectured that discarding the terms with low scores of affine statistic, and the sum of the remaining terms is also a statistic that follows chi square distribution. This paper proves that the conjecture is correct, and gives an application method of this conjecture. PRESENT and Serpent algorithms are used to verify the validity of the model. We perform 26 and 27 rounds of key recovery attacks against PRESENT by the model, and analyze the data complexity of affine linear cryptanalysis on 4 rounds Serpent.
Key words:  multidimensional linear cryptanalysis  affine linear cryptanalysis  PRESENT