高级搜索

SIMON64算法的积分分析

徐洪 方玉颖 戚文峰

引用本文: 徐洪, 方玉颖, 戚文峰. SIMON64算法的积分分析[J]. 电子与信息学报, 2020, 42(3): 720-728. doi: 10.11999/JEIT190230 shu
Citation:  Hong XU, Yuying FANG, Wenfeng QI. Integral Attacks on SIMON64[J]. Journal of Electronics and Information Technology, 2020, 42(3): 720-728. doi: 10.11999/JEIT190230 shu

SIMON64算法的积分分析

    作者简介: 徐洪: 女,1979年生,硕士生导师,主要研究方向为对称密码的设计与分析;
    方玉颖: 男,1994年生,硕士生,研究方向为分组密码分析;
    戚文峰: 男,1963年生,教授,主要研究方向为对称密码的设计与分析
    通讯作者: 方玉颖,fangyywy@163.com
  • 基金项目: 十三五国家密码发展基金(MMJJ20180204, MMJJ20170103)

摘要: SIMON系列算法自提出以来便受到了广泛关注。积分分析方面,Wang,Fu和Chu等人给出了SIMON32和SIMON48算法的积分分析,该文在已有的分析结果上,进一步考虑了更长分组的SIMON64算法的积分分析。基于Xiang等人找到的18轮积分区分器,该文先利用中间相遇技术和部分和技术给出了25轮SIMON64/128算法的积分分析,接着利用等价密钥技术进一步降低了攻击过程中需要猜测的密钥量,并给出了26轮SIMON64/128算法的积分分析。通过进一步的分析,该文发现高版本的SIMON算法具有更好抵抗积分分析的能力。

English

    1. [1]

      KNUDSEN L and WAGNER D. Integral cryptanalysis[C]. The 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127.

    2. [2]

      DAEMEN J, KNUDSEN L, and RIJMEN V. The block cipher Square[C]. The 4th International Workshop on Fast Software Encryption, Haifa, Israel, 1997: 149–165.

    3. [3]

      FERGUSON N, KELSEY J, LUCKS S, et al. Improved cryptanalysis of rijndael[C]. The 7th International Workshop on Fast Software Encryption, New York, USA, 2001: 213–230.

    4. [4]

      TODO Y. Integral cryptanalysis on full MISTY1[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 413–432.

    5. [5]

      BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK families of lightweight block ciphers[EB/OL]. https: //eprint.iacr.org/2013/404, 2013.

    6. [6]

      ABED F, LIST E, LUCKS S, et al. Differential cryptanalysis of round-reduced SIMON and SPECK[C]. The 21st International Workshop on Fast Software Encryption, London, UK, 2015: 525–545.

    7. [7]

      BIRYUKOV A, ROY A, and VELICHKOV V. Differential analysis of block ciphers SIMON and SPECK[C]. The 21st International Workshop on Fast Software Encryption, London, UK, 2015: 546–570.

    8. [8]

      KÖLBL S, LEANDER G, and TIESSEN T. Observations on the SIMON block cipher family[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 161–185.

    9. [9]

      QIAO Kexin, HU Lei, and SUN Siwei. Differential analysis on simeck and simon with dynamic key-guessing techniques[C]. The 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, 2017: 64–85.

    10. [10]

      LIU Zhengbin, LI Yongqiang, and WANG Mingsheng. Optimal differential trails in SIMON-like ciphers[J]. IACR Transactions on Symmetric Cryptology, 2017(1): 358–379. doi: 10.13154/tosc.v2017.i1.358-379

    11. [11]

      WANG Ning, WANG Xiaoyun, JIA Keting, et al. Differential attacks on reduced SIMON versions with dynamic key-guessing techniques[J]. Science China Information Sciences, 2018, 61(9): 098103. doi: 10.1007/s11432-017-9231-5

    12. [12]

      ALIZADEH J, ALKHZAIMI H A, AREF M R, et al. Cryptanalysis of SIMON variants with connections[C]. The 10th International Workshop on Radio Frequency Identification: Security and Privacy Issues, Oxford, United Kingdom, 2014: 90–107.

    13. [13]

      ABDELRAHEEM N A, ALIZADEH J, ALKHZAIMI H A, et al. Improved linear cryptanalysis of reduced-round SIMON[EB/OL]. https: //eprint.iacr.org/2014/681, 2014.

    14. [14]

      CHEN Huaifeng and WANG Xiaoyun. Improved linear hull attack on round-reduced Simon with dynamic key-guessing techniques[C]. The 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 428–449.

    15. [15]

      WANG Qingju, LIU Zhiqiang, VARICI K, et al. Cryptanalysis of reduced-round SIMON32 and SIMON48[C]. The 15th International Conference on Cryptology in India, New Delhi, India, 2014: 143–160.

    16. [16]

      BOURA C, NAYA-PLASENCIA M, and SUDER V. Scrutinizing and improving impossible differential attacks: Applications to CLEFIA, Camellia, LBlock and Simon[C]. The 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, China, 2014: 179–199.

    17. [17]

      陈展, 王宁. SIMON算法的不可能差分分析[J]. 密码学报, 2015, 2(6): 505–514. doi: 10.13868/j.cnki.jcr.000097
      CHEN Zhan and WANG Ning. Impossible differential cryptanalysis of reduced-round SIMON[J]. Journal of Cryptologic Research, 2015, 2(6): 505–514. doi: 10.13868/j.cnki.jcr.000097

    18. [18]

      YU Xiaoli, WU Wenling, SHI Zhenqing, et al. Zero-correlation linear cryptanalysis of reduced-round SIMON[J]. Journal of Computer Science and Technology, 2015, 30(6): 1358–1369. doi: 10.1007/s11390-015-1603-5

    19. [19]

      XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. The 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 2016: 648–678.

    20. [20]

      FU Kai, SUN Ling, and WANG Meiqin. New integral attacks on SIMON[J]. IET Information Security, 2017, 11(5): 277–286. doi: 10.1049/iet-ifs.2016.0241

    21. [21]

      CHU Zhihui, CHEN Huaifeng, WANG Xiaoyun, et al. Improved integral attacks on SIMON32 and SIMON48 with dynamic key-guessing techniques[J]. Security and Communication Networks, 2018: 5160237. doi: 10.1155/2018/5160237

    1. [1]

      陈华, 习伟, 范丽敏, 焦志鹏, 冯婧怡. 密码产品的侧信道分析与评估. 电子与信息学报, 2020, 42(0): 1-10.

    2. [2]

      赵海霞, 韦永壮, 刘争红. 一种变体BISON分组密码算法及分析. 电子与信息学报, 2020, 42(7): 1796-1802.

    3. [3]

      刘文斌, 王兵, 方刚, 石晓龙, 许鹏. 基于中值的JS散度可变剪接差异分析研究. 电子与信息学报, 2020, 42(6): 1392-1400.

    4. [4]

      许鹏, 王兵, 方刚, 石晓龙, 刘文斌. 基于可变剪接紊乱的乳腺癌亚型预测分析. 电子与信息学报, 2020, 42(6): 1348-1354.

    5. [5]

      贺利芳, 陈俊, 张天骐. 短参考多用户差分混沌移位键控通信系统性能分析. 电子与信息学报, 2020, 42(0): 1-8.

    6. [6]

      佟鑫, 李莹, 陈岚. SVM算法在硬件木马旁路分析检测中的应用. 电子与信息学报, 2020, 42(7): 1643-1651.

    7. [7]

      付进, 李静, 孙思博. 平台运动对声学导航圆交汇模型的影响及误差分析. 电子与信息学报, 2020, 42(7): 1652-1660.

    8. [8]

      方维维, 刘梦然, 王云鹏, 李阳阳, 安竹林. 面向物联网隐私数据分析的分布式弹性网络回归学习算法. 电子与信息学报, 2020, 42(0): 1-9.

    9. [9]

      许欢, 苏树智, 颜文婧, 邓瀛灏, 谢军. 面向图像识别的测地局部典型相关分析方法. 电子与信息学报, 2020, 42(0): 1-6.

    10. [10]

      贺利芳, 吴雪霜, 张天骐. 正交多用户短参考差分混沌移位键控通信系统性能分析. 电子与信息学报, 2020, 42(0): 1-9.

    11. [11]

      张颖君, 陈恺, 鲍旭华. 一种基于程序执行时间量化分析的软件水印方法. 电子与信息学报, 2020, 41(0): 1-9.

    12. [12]

      晋守博, 魏章志, 李耀红. 基于大通讯时滞的二阶多智能体系统的一致性分析. 电子与信息学报, 2020, 42(0): 1-6.

    13. [13]

      刘坤, 吴建新, 甄杰, 王彤. 基于阵列天线和稀疏贝叶斯学习的室内定位方法. 电子与信息学报, 2020, 42(5): 1158-1164.

    14. [14]

      陈勇, 刘曦, 刘焕淋. 基于特征通道和空间联合注意机制的遮挡行人检测方法. 电子与信息学报, 2020, 42(6): 1486-1493.

    15. [15]

      柳娟, 谢文彬, 汪改英, 汤敏丽. 基于DNA和限制性核酸内切酶的基本逻辑门设计. 电子与信息学报, 2020, 42(6): 1332-1339.

    16. [16]

      牛莹, 张勋才. 基于变步长约瑟夫遍历和DNA动态编码的图像加密算法. 电子与信息学报, 2020, 42(6): 1383-1391.

    17. [17]

      张天骐, 范聪聪, 葛宛营, 张天. 基于ICA和特征提取的MIMO信号调制识别算法. 电子与信息学报, 2020, 41(0): 1-8.

    18. [18]

      蒲磊, 冯新喜, 侯志强, 余旺盛. 基于自适应背景选择和多检测区域的相关滤波算法. 电子与信息学报, 2020, 41(0): 1-7.

    19. [19]

      王粉花, 赵波, 黄超, 严由齐. 基于多尺度和注意力融合学习的行人重识别. 电子与信息学报, 2020, 42(0): 1-8.

    20. [20]

      李根, 马彦恒, 侯建强, 徐公国. 基于Keystone变换和扰动重采样的机动平台大斜视SAR成像方法. 电子与信息学报, 2020, 42(0): 1-8.

  • 图 1  SIMON算法的轮函数

    图 2  SIMON 64算法的18轮积分区分器

    图 3  25轮积分分析的密钥恢复过程

    图 4  计算${X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {24} \right\}}}$的过程

    图 5  计算${\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$的过程

    图 6  等价密钥技术示意图

    图 7  SIMON64/128算法的26轮积分分析

    图 8  计算$ \oplus {M_1}$的过程

    图 9  计算$ \oplus {M_{\rm{2}}}$的过程

    表 1  计算$ \oplus \left( {{X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {24} \right\}}}} \right)$的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)${K_{24,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)${X_{24,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19),
    ${Y_{24,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)
    ${2^{24} } \cdot {2^{63} } \cdot \dfrac{ {24} }{ {32 \cdot 25} } \approx {2^{81.94} }$
    (2)${K_{23,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19)${X_{2{\rm{3}},\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14),
    ${Y_{23,\left\{ {4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31} \right\}}}$(19)
    ${2^{43} } \cdot {2^{43} } \cdot \dfrac{ {19} }{ {32 \cdot 25} } \approx {2^{80.61} }$
    (3)${K_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)${X_{2{\rm{2}},\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9),
    ${Y_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)
    ${2^{57} } \cdot {2^{33} } \cdot \dfrac{ {14} }{ {32 \cdot 25} } \approx {2^{84.16} }$
    (4)${K_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)${X_{2{\rm{1}},\left\{ {16,22,23,29,30} \right\}}}$(5),
    ${Y_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)
    ${2^{66} } \cdot {2^{23} } \cdot \dfrac{9}{ {32 \cdot 25} } \approx {2^{82.53} }$
    (5)${K_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${X_{{\rm{20,}}\left\{ {{\rm{24,31}}} \right\}}}$(2), ${Y_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${2^{71} } \cdot {2^{14} } \cdot \dfrac{5}{ {32 \cdot 25} } \approx {2^{77.68} }$
    (6)${K_{{\rm{19,}}\left\{ {{\rm{24,31}}} \right\}}}$(2)${X_{18,\left\{ {24,31} \right\}}}$(2), ${X_{18,\left\{ {24} \right\}}} \wedge {X_{18,\left\{ {31} \right\}}}$(1)${2^{73} } \cdot {2^7} \cdot \dfrac{3}{ {32 \cdot 25} } \approx {2^{71.95} }$
    下载: 导出CSV

    表 2  计算$ \oplus {\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$的复杂度

    步骤猜测密钥(bit数)统计状态(bit数)时间复杂度
    (1)${K_{24,\left\{ {0,2\sim 4,6\sim 29} \right\}}}$(28)${X_{2{\rm{4}},\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23), ${Y_{24,\left\{ {0,2\sim 4,6\sim 29} \right\}}}$(28)${2^{28} } \cdot {2^{63} } \cdot \dfrac{ {28} }{ {32 \cdot 25} } \approx {2^{86.17} }$
    (2)${K_{23,\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23)${X_{2{\rm{3}},\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16), ${Y_{23,\left\{ {4,5,8,10\sim 12,14\sim 30} \right\}}}$(23)${2^{51} } \cdot {2^{51} } \cdot \dfrac{ {23} }{ {32 \cdot 25} } \approx {2^{96.88} }$
    (3)${K_{22,\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16)${X_{2{\rm{2}},\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9), ${Y_{22,\left\{ {6,12,13,16,18\sim 20,22\sim 30} \right\}}}$(16)${2^{67} } \cdot {2^{39} } \cdot \dfrac{ {16} }{ {32 \cdot 25} } \approx {2^{100.36} }$
    (4)${K_{21,\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9)${X_{2{\rm{1}},\left\{ {0,22,28,29} \right\}}}$(4), ${Y_{21,\left\{ {14,20,21,24,26\sim 28,30,31} \right\}}}$(9)${2^{76} } \cdot {2^{25} } \cdot \dfrac{9}{ {32 \cdot 25} } \approx {2^{94.53} }$
    (5)${K_{20,\left\{ {0,22,28,29} \right\}}}$(4)${X_{{\rm{20}},\left\{ {30} \right\}}}$(1), ${Y_{20,\left\{ {0,22,28,29} \right\}}}$(4)${2^{80} } \cdot {2^{13} } \cdot \dfrac{4}{ {32 \cdot 25} } \approx {2^{85.36} }$
    (6)${K_{19,\left\{ {30} \right\}}}$(1)${X_{{\rm{18,}}\left\{ {{\rm{31}}} \right\}}}$(1), $ \oplus {\left( {{X_{18}} \oplus {X_{19}}} \right)_{\left\{ {30} \right\}}}$ (1)${2^{81} } \cdot {2^5} \cdot \dfrac{2}{ {32 \cdot 25} } \approx {2^{77.36} }$
    下载: 导出CSV

    表 3  计算$ \oplus {M_1}$值的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)$ - $${X_{25,\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24),
    ${Y_{25,\left\{ {0\sim 4,6\sim 29} \right\}}}$(29)
    ${2^{63} } \cdot \dfrac{ {29} }{ {32 \cdot 26} } \approx {2^{58.16} }$
    (2)$K_{25,\left\{ {0\sim 4,6\sim 11,13\sim 18,20\sim 29} \right\}}^{\rm{*}}$(27)${X_{{\rm{24,}}\left\{ {{\rm{4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31}}} \right\}}}$(19),
    ${Y_{2{\rm{4}},\left\{ {2\sim 5,8\sim 12,14\sim 19,21\sim 26,28\sim 30} \right\}}}$(24)
    ${2^{27} } \cdot {2^{53} } \cdot \dfrac{ {24} }{ {32 \cdot 26} } \approx {2^{74.89} }$
    (3)$K_{{\rm{24,}}\left\{ {{\rm{2,5,9,12,16,19,23,26,30}}} \right\}}^{\rm{*}}$(9)${X_{23,\left\{ {2,3,9,10,16,17,23,24,28} \right\}}}$(9),
    ${Y_{23,\left\{ {6,10,13,17,20,24,27,31} \right\}}}$(8), ${X_{24,\left\{ {4,11,18,25} \right\}}}$(4)
    ${2^{36} } \cdot {2^{43} } \cdot \dfrac{8}{ {32 \cdot 26} } \approx {2^{72.30} }$
    (4)$K_{24,\left\{ {3,10,17,24,28} \right\}}^*$(5)${X_{23,\left\{ {0,3,4,6\sim 8,10\sim 15,17\sim 22,25\sim 29} \right\}}}$(23),
    ${Y_{23,\left\{ {4,11,18,25} \right\}}}$(4), ${X_{24,\left\{ {2,12,16,19,23,26,30} \right\}}}$(7)
    ${2^{41} } \cdot {2^{21} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{54.30} }$
    (5)$K_{24,\left\{ {4,8,11,15,18,22,25,29} \right\}}^*$(8)${X_{23,\left\{ {{\rm{0,6,}}7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14),
    ${Y_{{\rm{23,}}\left\{ {{\rm{4\sim 6,10\sim 13,16\sim 20,23\sim 27,30,31}}} \right\}}}$(19)
    ${2^{49} } \cdot {2^{34} } \cdot \dfrac{ {19} }{ {32 \cdot 26} } \approx {2^{77.55} }$
    (6)$K_{23,\left\{ {4,11,18,25} \right\}}^*$(4)${X_{22,\left\{ {4,5,11,12,18,19,25,26,30} \right\}}}$(9),
    ${Y_{{\rm{22,}}\left\{ {{\rm{12,19,26}}} \right\}}}$(3), ${X_{{\rm{23,}}\left\{ {{\rm{6,13,20,27}}} \right\}}}$(4)
    ${2^{53} } \cdot {2^{33} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{77.88} }$
    (7)$K_{23,\left\{ {5,12,19,26} \right\}}^*$(4)${X_{22,\left\{ {5,6,8,10,12\sim 17,19\sim 24,26\sim 31} \right\}}}$(22),
    ${Y_{22,\left\{ {6,13,20,27} \right\}}}$(4), ${X_{23,\left\{ {0,7,14,18,21,25,28} \right\}}}$(7)
    ${2^{57} } \cdot {2^{16} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{65.30} }$
    (8)$K_{23,\left\{ {6,10,13,17,20,24,27,31} \right\}}^*$(8)${X_{22,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9),
    ${Y_{22,\left\{ {0,6,7,12\sim 14,18\sim 21,25\sim 28} \right\}}}$(14)
    ${2^{65} } \cdot {2^{33} } \cdot \dfrac{ {14} }{ {32 \cdot 26} } \approx {2^{92.11} }$
    (9)$K_{22,\left\{ {0,7,14,21,28} \right\}}^*$(5)${X_{21,\left\{ {6,12,13,19,20,27,28} \right\}}}$(7),
    ${Y_{21,\left\{ {8,15,22,29} \right\}}}$(4), ${X_{22,\left\{ {14,21,28} \right\}}}$(3)
    ${2^{70} } \cdot {2^{23} } \cdot \dfrac{4}{ {32 \cdot 26} } \approx {2^{85.30} }$
    (10)$K_{22,\left\{ {6,13,20,27} \right\}}^*$(4)${X_{21,\left\{ {12,16,18,19,22,23,25,26,29,30} \right\}}}$(10),
    ${Y_{21,\left\{ {14,21,28} \right\}}}$(3), ${X_{22,\left\{ {20,27} \right\}}}$(2)
    ${2^{74} } \cdot {2^{14} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{79.88} }$
    (11)$K_{22,\left\{ {12,19,26} \right\}}^*$(4)${X_{21,\left\{ {16,22,23,29,30} \right\}}}$(5),
    ${Y_{21,\left\{ {8,14,15,20\sim 22,27\sim 29} \right\}}}$(9)
    ${2^{77} } \cdot {2^{15} } \cdot \dfrac{9}{ {32 \cdot 26} } \approx {2^{85.47} }$
    (12)$K_{21,\left\{ {8,15,22,29} \right\}}^*$(4)${X_{20,\left\{ {14,20,21,24,27,28,31} \right\}}}$(7),
    ${Y_{20,\left\{ {16,23,30} \right\}}}$(3), ${X_{21,\left\{ {22,29} \right\}}}$(2)
    ${2^{81} } \cdot {2^{14} } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{86.88} }$
    (13)$K_{21,\left\{ {14,21,28} \right\}}^*$(3)${X_{20,\left\{ {24,31} \right\}}}$(2), ${Y_{20,\left\{ {16,22,23,29,30} \right\}}}$(5)${2^{84} } \cdot {2^{12} } \cdot \dfrac{5}{ {32 \cdot 26} } \approx {2^{88.62} }$
    (14)$K_{20,\left\{ {16,23,30} \right\}}^*$(3)${X_{19,\left\{ 0 \right\}}}$(1), ${Y_{19,\left\{ {24,31} \right\}}}$(2)${2^{ {\rm{87} } } } \cdot { {\rm{2} }^{\rm{7} } } \cdot \dfrac{ {\rm{2} } }{ {32 \cdot 26} } \approx {2^{ {\rm{85} }{\rm{.30} } } }$
    (15)$K_{19,\left\{ {24,31} \right\}}^*$(2)$\left( {{X_{18,\left\{ {31} \right\}}} \wedge {X_{18,\left\{ {{\rm{24}}} \right\}}}} \right) \oplus {X_{19,\left\{ 0 \right\}}}$(1)${2^{ {\rm{89} } } } \cdot { {\rm{2} }^{\rm{3} } } \cdot \dfrac{ {\rm{1} } }{ {32 \cdot 26} } \approx {2^{ {\rm{82} }{\rm{.30} } } }$
    下载: 导出CSV

    表 4  计算$ \oplus {M_{\rm{2}}}$值的复杂度

    步骤猜测密钥(比特数)统计状态(比特数)时间复杂度
    (1)$ - $${X_{25,\left\{ {2\sim 4,8\sim 11,14\sim 18,20\sim 24,28,29} \right\}}}$(19),
    ${Y_{25,\left\{ {0\sim 3,6\sim 10,12\sim 23,26\sim 28} \right\}}}$(24)
    ${2^{63} } \cdot \dfrac{ { {\rm{24} } } }{ {32 \cdot 26} } \approx {2^{5{\rm{7} }{\rm{.89} } } }$
    (2)$K_{25\left\{ {0\sim 3,6\sim 10,12\sim 17,19\sim 23,26\sim 28} \right\}}^*$(22)${X_{24,\left\{ {4,5,10\sim 12,16\sim 19,22\sim 25,30} \right\}}}$(14),
    ${Y_{24,\left\{ {2\sim 4,8\sim 11,14\sim 18,20\sim 24,28,29} \right\}}}$(19)
    ${2^{ {\rm{22} } } } \cdot { {\rm{2} }^{ {\rm{43} } } } \cdot \dfrac{ { {\rm{19} } } }{ {32 \cdot 26} } \approx {2^{ {\rm{59} }{\rm{.55} } } }$
    (3)$K_{24\left\{ {2\sim 4,8\sim 11,14\sim 18,21\sim 24,28,29} \right\}}^*$(18)${X_{23,\left\{ {6,12,13,18\sim 20,24\sim 27} \right\}}}$(10),

    ${Y_{23,\left\{ {4,5,10\sim 12,16\sim 19,22\sim 25,30} \right\}}}$(14)
    ${2^{ {\rm{40} } } } \cdot { {\rm{2} }^{ {\rm{33} } } } \cdot \dfrac{ { {\rm{14} } } }{ {32 \cdot 26} } \approx {2^{ {\rm{67} }{\rm{.11} } } }$
    (4)$K_{23,\left\{ {4,5,10\sim 12,16\sim 19,23\sim 25,30} \right\}}^*$(13)${X_{22,\left\{ {14,20,21,26\sim 28} \right\}}}$(6), ${Y_{22,\left\{ {6,12,13,18\sim 20,24\sim 27} \right\}}}$(10)${2^{ {\rm{5} }3} } \cdot { {\rm{2} }^{ {\rm{24} } } } \cdot \dfrac{ { {\rm{1} }0} }{ {32 \cdot 26} } \approx {2^{ {\rm{70} }{\rm{.63} } } }$
    (5)$K_{22\left\{ {6,12,13,18\sim 20,25\sim 27} \right\}}^*$(9)${X_{21,\left\{ {22,28,29} \right\}}}$(3), ${Y_{21,\left\{ {14,20,21,26\sim 28} \right\}}}$(6)${2^{6{\rm{2} } } } \cdot { {\rm{2} }^{ {\rm{16} } } } \cdot \dfrac{ {\rm{6} } }{ {32 \cdot 26} } \approx {2^{ {\rm{70} }{\rm{.89} } } }$
    (6)$K_{21\left\{ {14,20,21,27,28} \right\}}^*$(5)${X_{20,\left\{ {30} \right\}}}$(1), ${Y_{20,\left\{ {22,28,29} \right\}}}$(3)${2^{6{\rm{7} } } } \cdot { {\rm{2} }^{\rm{9} } } \cdot \dfrac{3}{ {32 \cdot 26} } \approx {2^{ {\rm{67} }{\rm{.89} } } }$
    (6)$K_{20\left\{ {22,29} \right\}}^*$(2)$ \oplus {Y_{19,\left\{ {30} \right\}}}$(1)${2^{6{\rm{9} } } } \cdot { {\rm{2} }^{\rm{4} } } \cdot \dfrac{ {\rm{1} } }{ {32 \cdot 26} } \approx {2^{ {\rm{63} }{\rm{.30} } } } $
    下载: 导出CSV

    表 5  SIMON算法的积分分析(分组长度64/96/128-bit)

    算法区分器轮数数据量(CP)攻击轮数猜测密钥量(bit)攻击复杂度(E)
    SIMON64/9618${{\rm{2}}^{63}}$2573${{\rm{2}}^{{\rm{95}}}}$
    SIMON64/12818${{\rm{2}}^{63}}$26102${{\rm{2}}^{127}}$
    SIMON96/9622${{\rm{2}}^{{\rm{95}}}}$2864${{\rm{2}}^{{\rm{95}}}}$
    SIMON96/14422${{\rm{2}}^{{\rm{95}}}}$30138${{\rm{2}}^{{\rm{95}}}}$
    SIMON128/12826${{\rm{2}}^{{\rm{127}}}}$3398${{\rm{2}}^{{\rm{127}}}}$
    SIMON128/19226${{\rm{2}}^{{\rm{127}}}}$35187${{\rm{2}}^{{\rm{127}}}}$
    SIMON128/25626${{\rm{2}}^{{\rm{127}}}}$36241${{\rm{2}}^{{\rm{127}}}}$
    下载: 导出CSV
  • 加载中
图(9)表(5)
计量
  • PDF下载量:  23
  • 文章访问数:  438
  • HTML全文浏览量:  248
文章相关
  • 通讯作者:  方玉颖, fangyywy@163.com
  • 收稿日期:  2019-04-09
  • 录用日期:  2019-12-04
  • 网络出版日期:  2019-12-10
  • 刊出日期:  2020-03-01
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

返回文章