摘要
针对轻量级分组密码算法SIMON的安全性分析,对SIMON32/64算法抵抗立方攻击的能力和算法内部结构对密钥比特的混淆和扩散性能力进行了评估。基于SIMON类算法的密钥编排特点和轮函数结构,结合立方分析的基本思想,利用FPGA测试平台设计了一个SIMON32/64的立方攻击和密钥中比特检测算法。攻击结果表明,在立方变元取6维至24维时,对于7轮SIMON32/64算法,通过立方攻击能够直接恢复47 bit密钥,攻击时间复杂度约为218.08;对于8轮SIMON32/64算法,能够直接恢复39 bit密钥,攻击时间复杂度约为225.00。对于10轮、11轮SIMON32/64算法,通过立方测试均能够捕获到密钥中比特。
Focusing on the safety analysis of the SIMON lightweight block cipher,this paper proposed a method on this algorithm against the cube attack and cube neutral-bit detection. Using the FPGA test platform,this paper proposed a SIMON32 /64 cube attack and cube neutral-bit detection algorithm by combining the basic idea of cube analysis. Simulation experiments show that when the cube variables are in the range of 6 to 24 dimensions,refering to 7-round SIMON32 /64 algorithm,the algorithm can recover 47 bit key directly with time complexity of 218. 08 by using cube attack. Moreover,it can recover 39 bit key on 8-round SIMON32 /64 algorithm with time complexity of 225. 00 by using cube attack. With regard to 10-round,11-round SIMON32/64 algorithm,it can capture neutral secret key bits by using cube test.
引文
[1]Beaulieu R,Shors D,Smith J,et al.The SIMON and SPECK families of lightweight block ciphers,report 2013/404[R].[S.l.]:IACR,2013.
[2]A1Khzaimi H,Lauridsen M M.Cryptanalysis of the SIMON family of block ciphers[R].[S.l.]:IACR Cryptology e Print Archive,2013.
[3]Abed F,List E,Lucks S,et al.Differential and linear cryptanalysis of reduced-round SIMON,report 2013/526[R].[S.l.]:IACR Cryptology e Print Archive,2013.
[4]Biryukov A,Roy A,Velichkov V.Differential analysis of block ciphers SIMON and SPECK[C]//Proc of the 21st International Workshop on Fast Software Encryption.Berlin:Springer,2014:546-570.
[5]Wang Ning,Wang Xiaoyun,Jia Keting,et al.Improved differential attacks on reduced SIMON versions,report 2014/48[R].Jinan:Shandong University,2014.
[6]Wang Qingju,Liu Zhiqiang,Vancl K,et al.Cryptanalysis of reduced-round SIMON32 and SIMON48[C]//Proc of the 15th International Conference on Progress in Cryptology.[S.l.]:Spring International Publishing,2014:143-160.
[7]Alizadeh J,Alkhzaimi H A,Aref M R,et al.Improved linear cryptanalysis of round reduced SIMON,report 2014/681 2014[R/OL].http://eprint.iacr.org/2014/681.pdf.
[8]Tupsarnudre H,Bisht S,Mukhopadhyay D.Differential fault analysis on the families of SIMON and SPECK ciphers[C]//Proc of Workshop on Fault Diagnosis and Tolerance in Cryptography.[S.l.]:IEEE Press,2014:40-48.
[9]Dinur I,Shamir A.Cube attacks on tweakable black box polynomials[C]//Proc of Annual International Conference on the Theory and Application of Cryptographic Techniques.Berlin:Springer,2009:278-299.
[10]Aumasson J P,Dinur I,Meier W,et al.Cube tester and key recovery attacks on reduced-round MD6 and Trivium[C]//Proc of Fast Software Encryption.Berlin:Springer,2009:1-22.
[11]Mroczkowski P,Szmidt J.The algebraic cryptanalysis of the block cipher Katan32 using modified cube attack[R].Warsaw,Poland:Military University of Technology,2011:345-354.
[12]Mroczkowski P,Szmidt J.The cube attack on stream cipher trivium and quadraticity tests[C]//Proc of the 10th Central European Conference on Cryptology.2010:309-318.
[13]Dinur I,Shamir A.Breaking grain-128 with dynamic cube attacks[C]//Proc of the 18th International Workshop on Fast Software Encryption.Berlin:Springer,2011:167-187.
[14]Wu Wenliang,Zhang Lei.LBlock:a lightweight block cipher[C]//Proc of the 9th International Conference on Applied Cryptography and Network Security.Berlin:Springer,2011:327-344.
[15]Islam S,Afzal M,Rashdi A.On the security of LBlock against the cube attack and side channel cube attack.Security Engineering and Intelligence Informatics[C]//Lecture Notes in Computer Science,vol8128.Berlin:Springer,2013:105-121.