摘要
研究了ARIA在不可能差分分析下的安全性.通过对算法扩散层的分析,给出了ARIA中间状态在加密过程的差分传递性质.在此基础上证明了6轮ARIA不存在使得输入输出差分重量小于10的不可能差分路径,同时证明了在输入输出差分重量为10的情况下6轮ARIA只存在2类形式的不可能差分路径.利用构造出的这2类不可能差分路径,从理论上证明了6轮ARIA不可能差分攻击的最优结果为:2120个选择明文和294.5次6轮加密.
The security of the block cipher ARIA against impossible differential cryptanalysis is studied.First,we analyze the diffusion layer of ARIA and indicate some differential characters of the intermediate state through the encryption transformation.On the basis of these,we show that there is no 6-round impossible differential with the input-and-output differential weight less than ten and that there are only two kinds of 6-round impossible differential with the input-and-output differential weight of ten.Both kinds of the best impossible differentials can be found and can be used to attack the 6-round ARIA with the best results:the data complexity being 2120 chosen plaintexts and the time complexity being 294.5 encryptions of 6-round ARIA.
出处
《中国科学院研究生院学报》
CAS
CSCD
北大核心
2011年第2期266-273,共8页
Journal of the Graduate School of the Chinese Academy of Sciences
