高级搜索

SIMON64算法的积分分析

徐洪 方玉颖 戚文峰

引用本文: 徐洪, 方玉颖, 戚文峰. SIMON64算法的积分分析[J]. 电子与信息学报, doi: 10.11999/JEIT190230 shu
Citation:  Hong XU, Yuying FANG, Wenfeng QI. Integral Attacks on SIMON64[J]. Journal of Electronics and Information Technology, doi: 10.11999/JEIT190230 shu

SIMON64算法的积分分析

    作者简介: 徐洪: 女,1979年生,硕士生导师,主要研究方向为对称密码的设计与分析;
    方玉颖: 男,1994年生,硕士生,研究方向为分组密码分析;
    戚文峰: 男,1963年生,教授,主要研究方向为对称密码的设计与分析
    通讯作者: 方玉颖,fangyywy@163.com
  • 基金项目: 十三五国家密码发展基金(MMJJ20180204, MMJJ20170103)

摘要: SIMON系列算法自提出以来便受到了广泛关注。积分分析方面,Wang,Fu和Chu等人给出了SIMON32和SIMON48算法的积分分析,该文在已有的分析结果上,进一步考虑了更长分组的SIMON64算法的积分分析。基于Xiang等人找到的18轮积分区分器,该文先利用中间相遇技术和部分和技术给出了25轮SIMON64/128算法的积分分析,接着利用等价密钥技术进一步降低了攻击过程中需要猜测的密钥量,并给出了26轮SIMON64/128算法的积分分析。通过进一步的分析,该文发现高版本的SIMON算法具有更好抵抗积分分析的能力。

English

    1. [1]

      KNUDSEN L and WAGNER D. Integral cryptanalysis[C]. The 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127.

    2. [2]

      DAEMEN J, KNUDSEN L, and RIJMEN V. The block cipher Square[C]. The 4th International Workshop on Fast Software Encryption, Haifa, Israel, 1997: 149–165.

    3. [3]

      FERGUSON N, KELSEY J, LUCKS S, et al. Improved cryptanalysis of rijndael[C]. The 7th International Workshop on Fast Software Encryption, New York, USA, 2001: 213–230.

    4. [4]

      TODO Y. Integral cryptanalysis on full MISTY1[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 413–432.

    5. [5]

      BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK families of lightweight block ciphers[EB/OL]. https: //eprint.iacr.org/2013/404, 2013.

    6. [6]

      ABED F, LIST E, LUCKS S, et al. Differential cryptanalysis of round-reduced SIMON and SPECK[C]. The 21st International Workshop on Fast Software Encryption, London, UK, 2015: 525–545.

    7. [7]

      BIRYUKOV A, ROY A, and VELICHKOV V. Differential analysis of block ciphers SIMON and SPECK[C]. The 21st International Workshop on Fast Software Encryption, London, UK, 2015: 546–570.

    8. [8]

      KÖLBL S, LEANDER G, and TIESSEN T. Observations on the SIMON block cipher family[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 161–185.

    9. [9]

      QIAO Kexin, HU Lei, and SUN Siwei. Differential analysis on simeck and simon with dynamic key-guessing techniques[C]. The 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, 2017: 64–85.

    10. [10]

      LIU Zhengbin, LI Yongqiang, and WANG Mingsheng. Optimal differential trails in SIMON-like ciphers[J]. IACR Transactions on Symmetric Cryptology, 2017, 2017(1): 358–379. doi: 10.13154/tosc.v2017.i1.358-379

    11. [11]

      WANG Ning, WANG Xiaoyun, JIA Keting, et al. Differential attacks on reduced SIMON versions with dynamic key-guessing techniques[J]. Science China Information Sciences, 2018, 61(9): 098103. doi: 10.1007/s11432-017-9231-5

    12. [12]

      ALIZADEH J, ALKHZAIMI H A, AREF M R, et al. Cryptanalysis of SIMON variants with connections[C]. The 10th International Workshop on Radio Frequency Identification: Security and Privacy Issues, Oxford, United Kingdom, 2014: 90–107.

    13. [13]

      ABDELRAHEEM N A, ALIZADEH J, ALKHZAIMI H A, et al. Improved linear cryptanalysis of reduced-round SIMON[EB/OL]. https: //eprint.iacr.org/2014/681, 2014.

    14. [14]

      CHEN Huaifeng and WANG Xiaoyun. Improved linear hull attack on round-reduced Simon with dynamic key-guessing techniques[C]. The 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 428–449.

    15. [15]

      WANG Qingju, LIU Zhiqiang, VARICI K, et al. Cryptanalysis of reduced-round SIMON32 and SIMON48[C]. The 15th International Conference on Cryptology in India, New Delhi, India, 2014: 143–160.

    16. [16]

      BOURA C, NAYA-PLASENCIA M, and SUDER V. Scrutinizing and improving impossible differential attacks: Applications to CLEFIA, Camellia, LBlock and Simon[C]. The 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, China, 2014: 179–199.

    17. [17]

      陈展, 王宁. SIMON算法的不可能差分分析[J]. 密码学报, 2015, 2(6): 505–514. doi: 10.13868/j.cnki.jcr.000097
      CHEN Zhan and WANG Ning. Impossible differential cryptanalysis of reduced-round SIMON[J]. Journal of Cryptologic Research, 2015, 2(6): 505–514. doi: 10.13868/j.cnki.jcr.000097

    18. [18]

      YU Xiaoli, WU Wenling, SHI Zhenqing, et al. Zero-correlation linear cryptanalysis of reduced-round SIMON[J]. Journal of Computer Science and Technology, 2015, 30(6): 1358–1369. doi: 10.1007/s11390-015-1603-5

    19. [19]

      XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. The 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 2016: 648–678.

    20. [20]

      FU Kai, SUN Ling, and WANG Meiqin. New integral attacks on SIMON[J]. IET Information Security, 2017, 11(5): 277–286. doi: 10.1049/iet-ifs.2016.0241

    21. [21]

      CHU Zhihui, CHEN Huaifeng, WANG Xiaoyun, et al. Improved integral attacks on SIMON32 and SIMON48 with dynamic key-guessing techniques[J]. Security and Communication Networks, 2018, 2018: 5160237. doi: 10.1155/2018/5160237

    1. [1]

      海昕, 唐学海, 李超. 对Zodiac算法的中间相遇攻击. 电子与信息学报,

    2. [2]

      郭瑞, 金晨辉. 低轮FOX64算法的零相关-积分分析. 电子与信息学报,

    3. [3]

      伊文坛, 鲁林真, 陈少真. 轻量级密码算法MIBS的零相关和积分分析. 电子与信息学报,

    4. [4]

      苏崇茂, 韦永壮, 马春波. 10轮3D分组密码算法的中间相遇攻击. 电子与信息学报,

    5. [5]

      谢敏, 曾琦雅. 轻量级分组密码算法ESF的相关密钥不可能差分分析. 电子与信息学报,

    6. [6]

      郭建胜, 崔竞一, 罗伟, 刘翼鹏. MD-64算法的相关密钥-矩形攻击. 电子与信息学报,

    7. [7]

      吴疆, 尤飞, 蒋平. 基于回归分析和主成分分析的噪声方差估计方法. 电子与信息学报,

    8. [8]

      郭小路, 陶海红, 杨东. 联合图形约束和稳健主成分分析的地面动目标检测算法. 电子与信息学报,

    9. [9]

      常威威, 郭雷, 刘坤, 付朝阳. 基于Contourlet变换和主成分分析的高光谱数据噪声消除方法. 电子与信息学报,

    10. [10]

      肖志涛, 史文静, 耿磊, 吴骏, 张芳. 基于相位信息和主成分分析的对称性检测方法. 电子与信息学报,

    11. [11]

      宋荣功, 詹榜华, 胡正名. 基于Simmons多部分共享协议的密钥托管方案. 电子与信息学报,

    12. [12]

      毛可飞, 陈杰, 刘建伟. 层次身份基认证密钥协商方案的安全性分析和改进. 电子与信息学报,

    13. [13]

      向东, 刘鑫, 徐奕. 基于电路状态信息和冲突分析的部分扫描设计. 电子与信息学报,

    14. [14]

      霍雷刚, 冯象初. 基于主成分分析和字典学习的高光谱遥感图像去噪方法. 电子与信息学报,

    15. [15]

      潘兴德, 郭军. 余弦调制滤波器组的时频分析的等价性及其应用. 电子与信息学报,

    16. [16]

      陈善学, 张燕琪. 基于自适应波段聚类主成分分析和反向传播神经网络的高光谱图像压缩. 电子与信息学报,

    17. [17]

      张华, 陈智雄, 肖国镇. 基于对的组密钥协商协议及其分析. 电子与信息学报,

    18. [18]

      李光球. 基于TCM的UEP16QAM和64QAM方案. 电子与信息学报,

    19. [19]

      李贞, 吕述望, 王永传, 王安胜. 差分分析中的特征概率计算问题研究. 电子与信息学报,

    20. [20]

      孙晓蓉, 王育民. Internet/Intranet互联环境中的安全认证和密钥分配. 电子与信息学报,

  • 图 1  SIMON算法的轮函数

    图 2  SIMON 64算法的18轮积分区分器

    图 3  25轮积分分析的密钥恢复过程

    图 4  计算${X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {24} \right\}}}$的过程

    图 5  计算${\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$的过程

    图 6  等价密钥技术示意图

    图 7  SIMON64/128算法的26轮积分分析

    图 8  计算$ \oplus {M_1}$的过程

    图 9  计算$ \oplus {M_{\rm{2}}}$的过程

    表 1  计算$ \oplus \left( {{X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {24} \right\}}}} \right)$的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)${K_{24,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)${X_{24,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19),
    ${Y_{24,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)
    ${2^{24} } \cdot {2^{63} } \cdot \dfrac{ {24} }{ {32 \cdot 25} } \approx {2^{81.94} }$
    (2)${K_{23,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19)${X_{2{\rm{3}},\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14),
    ${Y_{23,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19)
    ${2^{43} } \cdot {2^{43} } \cdot \dfrac{ {19} }{ {32 \cdot 25} } \approx {2^{80.61} }$
    (3)${K_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)${X_{2{\rm{2}},\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9),
    ${Y_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)
    ${2^{57} } \cdot {2^{33} } \cdot \dfrac{ {14} }{ {32 \cdot 25} } \approx {2^{84.16} }$
    (4)${K_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)${X_{2{\rm{1}},\left\{ {16,22,23,29,30} \right\}}}$(5),
    ${Y_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)
    ${2^{66} } \cdot {2^{23} } \cdot \dfrac{9}{ {32 \cdot 25} } \approx {2^{82.53} }$
    (5)${K_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${X_{{\rm{20,}}\left\{ {{\rm{24,31}}} \right\}}}$(2), ${Y_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${2^{71} } \cdot {2^{14} } \cdot \dfrac{5}{ {32 \cdot 25} } \approx {2^{77.68} }$
    (6)${K_{{\rm{19,}}\left\{ {{\rm{24,31}}} \right\}}}$(2)${X_{18,\left\{ {24,31} \right\}}}$(2), ${X_{18,\left\{ {24} \right\}}} \wedge {X_{18,\left\{ {31} \right\}}}$(1)${2^{73} } \cdot {2^7} \cdot \dfrac{3}{ {32 \cdot 25} } \approx {2^{71.95} }$
    下载: 导出CSV

    表 2  计算$ \oplus {\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$的复杂度

    步骤猜测密钥(bit数)统计状态(bit数)时间复杂度
    (1)${K_{24,\left\{ {0,2\sim 4,6\sim 29} \right\}}}$(28)${X_{2{\rm{4}},\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23), ${Y_{24,\left\{ {0,2\sim 4,6\sim 29} \right\}}}$(28)${2^{28} } \cdot {2^{63} } \cdot \dfrac{ {28} }{ {32 \cdot 25} } \approx {2^{86.17} }$
    (2)${K_{23,\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23)${X_{2{\rm{3}},\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16), ${Y_{23,\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23)${2^{51} } \cdot {2^{51} } \cdot \dfrac{ {23} }{ {32 \cdot 25} } \approx {2^{96.88} }$
    (3)${K_{22,\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16)${X_{2{\rm{2}},\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9), ${Y_{22,\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16)${2^{67} } \cdot {2^{39} } \cdot \dfrac{ {16} }{ {32 \cdot 25} } \approx {2^{100.36} }$
    (4)${K_{21,\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9)${X_{2{\rm{1}},\left\{ {0,22,28,29} \right\}}}$(4), ${Y_{21,\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9)${2^{76} } \cdot {2^{25} } \cdot \dfrac{9}{ {32 \cdot 25} } \approx {2^{94.53} }$
    (5)${K_{20,\left\{ {0,22,28,29} \right\}}}$(4)${X_{{\rm{20}},\left\{ {30} \right\}}}$(1), ${Y_{20,\left\{ {0,22,28,29} \right\}}}$(4)${2^{80} } \cdot {2^{13} } \cdot \dfrac{4}{ {32 \cdot 25} } \approx {2^{85.36} }$
    (6)${K_{19,\left\{ {30} \right\}}}$(1)${X_{{\rm{18,}}\left\{ {{\rm{31}}} \right\}}}$(1), $ \oplus {\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$ (1)${2^{81} } \cdot {2^5} \cdot \dfrac{2}{ {32 \cdot 25} } \approx {2^{77.36} }$
    下载: 导出CSV

    表 3  计算$ \oplus {M_1}$值的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)$ - $${X_{25,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24),
    ${Y_{25,\left\{ {0\sim 4,6\sim 29} \right\}}}$(29)
    ${2^{63} } \cdot \dfrac{ {29} }{ {32 \cdot 26} } \approx {2^{58.16} }$
    (2)$K_{25,\left\{ {0\sim 4,6\sim 11,13\sim 18,20\sim 29} \right\}}^{\rm{*}}$(27)${X_{{\rm{24,}}\left\{ {{\rm{4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31}}} \right\}}}$(19),
    ${Y_{2{\rm{4}},\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)
    ${2^{27} } \cdot {2^{53} } \cdot \dfrac{ {24} }{ {32 \cdot 26} } \approx {2^{74.89} }$
    (3)$K_{{\rm{24,}}\left\{ {{\rm{2,5,9,12,16,19,23,26,30}}} \right\}}^{\rm{*}}$(9)${X_{23,\left\{ {2,3,9,10,16,17,23,24,28} \right\}}}$(9),
    ${Y_{23,\left\{ {6,10,13,17,20,24,27,31} \right\}}}$(8), ${X_{24,\left\{ {4,11,18,25} \right\}}}$(4)
    ${2^{36} } \cdot {2^{43} } \cdot \dfrac{8}{ {32 \cdot 26} } \approx {2^{72.30} }$
    (4)$K_{24,\left\{ {3,10,17,24,28} \right\}}^*$(5)${X_{23,\left\{ {0,3,4,6\sim 8,10\sim 15,17\sim 22,25\sim 29} \right\}}}$(23),
    ${Y_{23,\left\{ {4,11,18,25} \right\}}}$(4), ${X_{24,\left\{ {2,12,16,19,23,26,30} \right\}}}$(7)
    ${2^{41} } \cdot {2^{21} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{54.30} }$
    (5)$K_{24,\left\{ {4,8,11,15,18,22,25,29} \right\}}^*$(8)${X_{23,\left\{ {{\rm{0,6,}}7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14),
    ${Y_{{\rm{23,}}\left\{ {{\rm{4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31}}} \right\}}}$(19)
    ${2^{49} } \cdot {2^{34} } \cdot \dfrac{ {19} }{ {32 \cdot 26} } \approx {2^{77.55} }$
    (6)$K_{23,\left\{ {4,11,18,25} \right\}}^*$(4)${X_{22,\left\{ {4,5,11,12,18,19,25,26,30} \right\}}}$(9),
    ${Y_{{\rm{22,}}\left\{ {{\rm{12,19,26}}} \right\}}}$(3), ${X_{{\rm{23,}}\left\{ {{\rm{6,13,20,27}}} \right\}}}$(4)
    ${2^{53} } \cdot {2^{33} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{77.88} }$
    (7)$K_{23,\left\{ {5,12,19,26} \right\}}^*$(4)${X_{22,\left\{ {5,6,8,10,12\sim 17,19\sim 24,26\sim 31} \right\}}}$(22),
    ${Y_{22,\left\{ {6,13,20,27} \right\}}}$(4), ${X_{23,\left\{ {0,7,14,18,21,25,28} \right\}}}$(7)
    ${2^{57} } \cdot {2^{16} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{65.30} }$
    (8)$K_{23,\left\{ {6,10,13,17,20,24,27,31} \right\}}^*$(8)${X_{22,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9),
    ${Y_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)
    ${2^{65} } \cdot {2^{33} } \cdot \dfrac{ {14} }{ {32 \cdot 26} } \approx {2^{92.11} }$
    (9)$K_{22,\left\{ {0,7,14,21,28} \right\}}^*$(5)${X_{21,\left\{ {6,12,13,19,20,27,28} \right\}}}$(7),
    ${Y_{21,\left\{ {8,15,22,29} \right\}}}$(4), ${X_{22,\left\{ {14,21,28} \right\}}}$(3)
    ${2^{70} } \cdot {2^{23} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{85.30} }$
    (10)$K_{22,\left\{ {6,13,20,27} \right\}}^*$(4)${X_{21,\left\{ {12,16,18,19,22,23,25,26,29,30} \right\}}}$(10),
    ${Y_{21,\left\{ {14,21,28} \right\}}}$(3), ${X_{22,\left\{ {20,27} \right\}}}$(2)
    ${2^{74} } \cdot {2^{14} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{79.88} }$
    (11)$K_{22,\left\{ {12,19,26} \right\}}^*$(4)${X_{21,\left\{ {16,22,23,29,30} \right\}}}$(5),
    ${Y_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)
    ${2^{77} } \cdot {2^{15} } \cdot \dfrac{9}{ {32 \cdot 26} } \approx {2^{85.47} }$
    (12)$K_{21,\left\{ {8,15,22,29} \right\}}^*$(4)${X_{20,\left\{ {14,20,21,24,27,28,31} \right\}}}$(7),
    ${Y_{20,\left\{ {16,23,30} \right\}}}$(3), ${X_{21,\left\{ {22,29} \right\}}}$(2)
    ${2^{81} } \cdot {2^{14} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{86.88} }$
    (13)$K_{21,\left\{ {14,21,28} \right\}}^*$(3)${X_{20,\left\{ {24,31} \right\}}}$(2), ${Y_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${2^{84} } \cdot {2^{12} } \cdot \dfrac{5}{ {32 \cdot 26} } \approx {2^{88.62} }$
    (14)$K_{20,\left\{ {16,23,30} \right\}}^*$(3)${X_{19,\left\{ 0 \right\}}}$(1), ${Y_{19,\left\{ {24,31} \right\}}}$(2)${2^{ {\rm{87} } } } \cdot { {\rm{2} }^{\rm{7} } } \cdot \dfrac{ {\rm{2} } }{ {32 \cdot 26} } \approx {2^{ {\rm{85} }{\rm{.30} } } }$
    (15)$K_{19,\left\{ {24,31} \right\}}^*$(2)$\left( {{X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {{\rm{24}}} \right\}}}} \right) \oplus {X_{19,\left\{ 0 \right\}}}$(1)${2^{ {\rm{89} } } } \cdot { {\rm{2} }^{\rm{3} } } \cdot \dfrac{ {\rm{1} } }{ {32 \cdot 26} } \approx {2^{ {\rm{82} }{\rm{.30} } } }$
    下载: 导出CSV

    表 4  计算$ \oplus {M_{\rm{2}}}$值的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)$ - $${X_{25,\left\{ {2\sim 4,8\sim 11,14\sim 18,20\sim 24,28,29} \right\}}}$(19),
    ${Y_{25,\left\{ {0\sim 3,6\sim 10,12\sim 23,26\sim 28} \right\}}}$(24)
    ${2^{63} } \cdot \dfrac{ { {\rm{24} } } }{ {32 \cdot 26} } \approx {2^{5{\rm{7} }{\rm{.89} } } }$
    (2)$K_{25\left\{ {0\sim 3,6\sim 10,12\sim 17,19\sim 23,26\sim 28} \right\}}^*$(22)${X_{24,\left\{ {4,5,10\sim 12,16\sim 19,22\sim 25,30} \right\}}}$(14),
    ${Y_{24,\left\{ {2\sim 4,8\sim 11,14\sim 18,20\sim 24,28,29} \right\}}}$(19)
    ${2^{ {\rm{22} } } } \cdot { {\rm{2} }^{ {\rm{43} } } } \cdot \dfrac{ { {\rm{19} } } }{ {32 \cdot 26} } \approx {2^{ {\rm{59} }{\rm{.55} } } }$
    (3)$K_{24\left\{ {2\sim 4,8\sim 11,14\sim 18,21\sim 24,28,29} \right\}}^*$(18)${X_{23,\left\{ {6,12,13,18\sim 20,24\sim 27} \right\}}}$(10),

    ${Y_{23,\left\{ {4,5,10\sim 12,16\sim 19,22\sim 25,30} \right\}}}$(14)
    ${2^{ {\rm{40} } } } \cdot { {\rm{2} }^{ {\rm{33} } } } \cdot \dfrac{ { {\rm{14} } } }{ {32 \cdot 26} } \approx {2^{ {\rm{67} }{\rm{.11} } } }$
    (4)$K_{23,\left\{ {4,5,10\sim 12,16\sim 19,23\sim 25,30} \right\}}^*$(13)${X_{22,\left\{ {14,20,21,26\sim 28} \right\}}}$(6), ${Y_{22,\left\{ {6,12,13,18\sim 20,24\sim 27} \right\}}}$(10)${2^{ {\rm{5} }3} } \cdot { {\rm{2} }^{ {\rm{24} } } } \cdot \dfrac{ { {\rm{1} }0} }{ {32 \cdot 26} } \approx {2^{ {\rm{70} }{\rm{.63} } } }$
    (5)$K_{22\left\{ {6,12,13,18\sim 20,25\sim 27} \right\}}^*$(9)${X_{21,\left\{ {22,28,29} \right\}}}$(3), ${Y_{21,\left\{ {14,20,21,26\sim 28} \right\}}}$(6)${2^{6{\rm{2} } } } \cdot { {\rm{2} }^{ {\rm{16} } } } \cdot \dfrac{ {\rm{6} } }{ {32 \cdot 26} } \approx {2^{ {\rm{70} }{\rm{.89} } } }$
    (6)$K_{21\left\{ {14,20,21,27,28} \right\}}^*$(5)${X_{20,\left\{ {30} \right\}}}$(1), ${Y_{20,\left\{ {22,28,29} \right\}}}$(3)${2^{6{\rm{7} } } } \cdot { {\rm{2} }^{\rm{9} } } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{ {\rm{67} }{\rm{.89} } } }$
    (6)$K_{20\left\{ {22,29} \right\}}^*$(2)$ \oplus {Y_{19,\left\{ {30} \right\}}}$(1)${2^{6{\rm{9} } } } \cdot { {\rm{2} }^{\rm{4} } } \cdot \dfrac{ {\rm{1} } }{ {32 \cdot 26} } \approx {2^{ {\rm{63} }{\rm{.30} } } } $
    下载: 导出CSV

    表 5  SIMON算法的积分分析(分组长度64/96/128-bit)

    算法区分器轮数数据量(CP)攻击轮数猜测密钥量(bit)攻击复杂度(E)
    SIMON64/9618${{\rm{2}}^{63}}$2573${{\rm{2}}^{{\rm{95}}}}$
    SIMON64/12818${{\rm{2}}^{63}}$26102${{\rm{2}}^{127}}$
    SIMON96/9622${{\rm{2}}^{{\rm{95}}}}$2864${{\rm{2}}^{{\rm{95}}}}$
    SIMON96/14422${{\rm{2}}^{{\rm{95}}}}$30138${{\rm{2}}^{{\rm{95}}}}$
    SIMON128/12826${{\rm{2}}^{{\rm{127}}}}$3398${{\rm{2}}^{{\rm{127}}}}$
    SIMON128/19226${{\rm{2}}^{{\rm{127}}}}$35187${{\rm{2}}^{{\rm{127}}}}$
    SIMON128/25626${{\rm{2}}^{{\rm{127}}}}$36241${{\rm{2}}^{{\rm{127}}}}$
    下载: 导出CSV
  • 加载中
图(9)表(5)
计量
  • PDF下载量:  9
  • 文章访问数:  106
  • HTML全文浏览量:  65
文章相关
  • 通讯作者:  方玉颖, fangyywy@163.com
  • 收稿日期:  2019-04-09
  • 录用日期:  2019-12-04
  • 网络出版日期:  2019-12-10
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

返回文章