改进的Keccak算法4轮区分器
|
摘要
Keccak算法是新一代Hash函数标准SHA-3的获胜算法。如何构造一个好的区分器是当前Hash函数中的研究热点。该文在分析Keccak算法及算法中各个置换性质的基础上,通过线性分析方法和差分分析方法,研究了整体Keccak算法的差分传播特性。利用Keccak旋转变换和z周期性质,成功构造出4轮Keccak置换的区分器。通过分析Keccak算法的旋转对的传播特性,对Morawiecki区分器的构造方法进行了修正改进。实验结果表明该区分随机置换和Keccak变换的区分概率更大,区分效果比Morawiecki构造的区分器区分效果更好。
The Keccak algorithm is selected as the new Hash function standard of SHA-3 fianally. How to construct a good distinguisher is a hot topic in cryptanalysis of the Hash function at present. In this paper, on the base of the permutation property, we research the differential propagation characteristics of the Keccak algorithm by the linear and differential cryptanalysis methods. By using the Keccak rotation transform characteristics and z cycle properties, we construct the distinguisher of the 4-round Keccak permutation successfully. Then we improve the 4-round Morawiecki' distinguisher of the Keccak algorithm by using the propagation characteristics of the rotational pair. The research results show that our improved rotational distinguisher can distinguish the random permutation from the Keccak permutation with a higher probability, and the distinguish effect is better than Morawiecki's distinguisher.
The Keccak algorithm is selected as the new Hash function standard of SHA-3 fianally. How to construct a good distinguisher is a hot topic in cryptanalysis of the Hash function at present. In this paper, on the base of the permutation property, we research the differential propagation characteristics of the Keccak algorithm by the linear and differential cryptanalysis methods. By using the Keccak rotation transform characteristics and z cycle properties, we construct the distinguisher of the 4-round Keccak permutation successfully. Then we improve the 4-round Morawiecki' distinguisher of the Keccak algorithm by using the propagation characteristics of the rotational pair. The research results show that our improved rotational distinguisher can distinguish the random permutation from the Keccak permutation with a higher probability, and the distinguish effect is better than Morawiecki's distinguisher.
引文
[1]National Institute of Standards and Technology.SHA-3competition(2007-2012)[S/OL].[2014-01-01].http://csrc.nist.gov/groups/ST/hash/sha-3/index.html.
[2]CHANG Shu-jen,RAY P,WILLIAM E B,et al.Third round report of the SHA-3 cryptographic Hash algorithm competition[M].Washington,America:U.S.Department of Commerce,2012.
[3]DINUR I,DUNKELMAN O,SHAMIR A.New attacks on keccak-224 and keccak-256[C]//19th International Workshop,Fast Software Encryption 2012.Washington:Springer-Verlag,2012,7549:442-461.
[4]PAWE?M,JOSEF P,MARIAN S.Rotational cryptanalysis of round-reduced Keccak[C]//20th International Workshop,Fast Software Encryption 2013.Singapore:Springer-Verlag,2014,8424:241-262.
[5]JEAN J,NAYA P M,PEYRIN T.Improved rebound attack on the finalist gr?stl[C]//19th International Workshop,Fast Software Encryption 2012.Washington:Springer-Verlag:2012,7549:110-126.
[6]李倩男,李云强,蒋淑静,等.Keccak类非线性变换的差分性质研究[J].通信学报,2012,33(9):140-146.LI Qian-nan,LI Yun-qiang,JIANG Shu-jing,et al.Research on differential properties of Keccak-like nonlinear transform[J].Journal on Communications,2012,33(9):140-146.
[7]PAWEL S,GERGOR L,CHRISTOF P.Keccak und der SHA-2[J].Datenschutz Und Datensicherheit,2013,37(11):712-719.
[8]MARíA N P,ANDREA R,WILLI M.Practical analysis of reduced-round Keccak[C]//12th International Conference on Cryptology.Chennai,India:Springer-Verlag,2011,7107:236-254.
[9]MOSTAFA T,PATRICK S.Differential power analysis of MAC-Keccak at any key-length[C]//8th International Workshop on Security,IWSEC 2013.Okinawa,Japan:Springer-Verlag,2013,8231:68-82.
[10]ELENA A,BART M,BART P.Open problems in Hash function security[J].Designs,Codes and Cryptography,2015,77(2):611-631.
[11]SUGIER J.Low cost FPGA devices in high speed implementations of Keccak-f Hash algorithm[C]//Proceedings of the 9th International Conference on Dependability and Complex Systems Dep Co SRELCOMEX.Runów,Poland:Springer-Verlag,2014,286:433-441.
[12]KUILA S,SAHA D,PAL M,et al.Practical distinguishers against 6-round Keccak-f exploiting self-symmetry[C]//7th International Conference on Cryptology.Marrakesh,Africa:Springer-Verlag,2014,8469:88-108.
[13]SOURAV D,WILLI M.Differential biases in reducedround Keccak[C]//7th International Conference on Cryptology.Marrakesh,Africa:Springer-Verlag,2014,8469:241-262.
[14]Federal Information Processing Standards Publication.SHA-3 standard:Permutation-based Hash and extendableoutput functions[S/OL].[2014-01-10].http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf.
[2]CHANG Shu-jen,RAY P,WILLIAM E B,et al.Third round report of the SHA-3 cryptographic Hash algorithm competition[M].Washington,America:U.S.Department of Commerce,2012.
[3]DINUR I,DUNKELMAN O,SHAMIR A.New attacks on keccak-224 and keccak-256[C]//19th International Workshop,Fast Software Encryption 2012.Washington:Springer-Verlag,2012,7549:442-461.
[4]PAWE?M,JOSEF P,MARIAN S.Rotational cryptanalysis of round-reduced Keccak[C]//20th International Workshop,Fast Software Encryption 2013.Singapore:Springer-Verlag,2014,8424:241-262.
[5]JEAN J,NAYA P M,PEYRIN T.Improved rebound attack on the finalist gr?stl[C]//19th International Workshop,Fast Software Encryption 2012.Washington:Springer-Verlag:2012,7549:110-126.
[6]李倩男,李云强,蒋淑静,等.Keccak类非线性变换的差分性质研究[J].通信学报,2012,33(9):140-146.LI Qian-nan,LI Yun-qiang,JIANG Shu-jing,et al.Research on differential properties of Keccak-like nonlinear transform[J].Journal on Communications,2012,33(9):140-146.
[7]PAWEL S,GERGOR L,CHRISTOF P.Keccak und der SHA-2[J].Datenschutz Und Datensicherheit,2013,37(11):712-719.
[8]MARíA N P,ANDREA R,WILLI M.Practical analysis of reduced-round Keccak[C]//12th International Conference on Cryptology.Chennai,India:Springer-Verlag,2011,7107:236-254.
[9]MOSTAFA T,PATRICK S.Differential power analysis of MAC-Keccak at any key-length[C]//8th International Workshop on Security,IWSEC 2013.Okinawa,Japan:Springer-Verlag,2013,8231:68-82.
[10]ELENA A,BART M,BART P.Open problems in Hash function security[J].Designs,Codes and Cryptography,2015,77(2):611-631.
[11]SUGIER J.Low cost FPGA devices in high speed implementations of Keccak-f Hash algorithm[C]//Proceedings of the 9th International Conference on Dependability and Complex Systems Dep Co SRELCOMEX.Runów,Poland:Springer-Verlag,2014,286:433-441.
[12]KUILA S,SAHA D,PAL M,et al.Practical distinguishers against 6-round Keccak-f exploiting self-symmetry[C]//7th International Conference on Cryptology.Marrakesh,Africa:Springer-Verlag,2014,8469:88-108.
[13]SOURAV D,WILLI M.Differential biases in reducedround Keccak[C]//7th International Conference on Cryptology.Marrakesh,Africa:Springer-Verlag,2014,8469:241-262.
[14]Federal Information Processing Standards Publication.SHA-3 standard:Permutation-based Hash and extendableoutput functions[S/OL].[2014-01-10].http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf.