摘要
分析了面向字序列的流密码体制祖冲之算法(ZUC)的安全性。ZUC算法使用128比特的初始密钥和128比特的初始向量,生成32比特的密钥字序列。其整体结构由线性反馈移位寄存器(LFSR)、比特重组(BR)和非线性函数F组成。文中先猜一部分内部单元,然后去推导剩余的,从而得知密钥生成所用的全部内部单元。其穷尽搜索复杂度为O(2128),文中所讲述的方法复杂度为O(212 6)。因此减少了搜索复杂度。实际应用的ZUC算法中前32步只用来初始化,没有生成密钥,而且丢弃第33步的结果。而文中是让算法初始化两步,从第三步开始进行密钥流的输出,进而说明ZUC算法的安全性,这也说明ZUC在前33步不输出密钥的初衷是为了增进安全性,避免受到此类攻击。
ZUC is a word-oriented stream cipher. It uses a 128-bit initial key and a 12g-bit initial vector to produce a kcystream of 32- bit words named by ancient mathematician Zu Chongzhi. ZUC consists of a linear feedback shift register { LFSR ), bit-reorganization ( BR)and a nonlinear function F. In this paper it first guesses some of the internal states and deducees the others. The time complexity is O( 2^(126) ) , which is far from O( 2^(128) ) ,the complexity of the exhaustive key search. The first 32 steps of ZUC is the initialization stage and it doesn ' t produce keystream. And the step 33 discards its result. But this work lets it initial 2 steps and produce keystream from the step three. So it proves the security of the algorithm and avoids the attack of this type.
出处
《计算机技术与发展》
2012年第6期151-155,共5页
Computer Technology and Development
基金
山东省自然基金(Y2008G01)
山东省高等学校优秀青年教师国内访问学者项目
山东省高等学校基于身份的特殊数字签名的应用研究(ZR2011FQ032)