变形ARIA密码算法的新攻击

New Attacks on a Variant ARIA Cipher

下载PDF

导出

摘要 ARIA密码是韩国官方公布的分组密码标准算法,其分组长度为128比特,支持128比特、192比特、256比特3种密钥长度.该文检验变形ARIA,即采用相同S盒的ARIA算法抵抗中间相遇攻击的能力.利用ARIA算法结构,分别构造4、5、6轮变形ARIA的相遇区分器,并由此给出7轮ARIA-192、8轮ARIA-192、9轮ARIA-256的新攻击.结果表明,如果ARIA密码算法采用相同的S盒,那么其安全性将明显降低.该文还进一步说明:如果分组密码算法的非线性层与线性层组合不当,在采用时空折中方法时往往可打破数据复杂度和预处理时间复杂度等量交换的瓶颈,进而提高攻击效率. ARIA cipher is a standard block cipher published by South Korean. Its block size is 128 bits and supports three key lengths： 128 bits, 192 bits, and 256 bits. In this paper, the security of a variant ARIA cipher using the same S boxes against the meet-in-the-middle attack is examined. Based on the structure of the cipher, we design 4-round, 5-round, and 6-round distinguishers, respectively. Moreover, some new attacks on 7-round ARIA-192, 8-round ARIA-192, and 9-round ARIA-256 are proposed. It is shown that the security of ARIA will be reduced significantly if the cipher only uses a nonlinear S box. Furthermore, if the linear and nonlinear layers are not properly combined, one can break the equivalent tradeoff between the dada complexity and the preprocess time complexity under a dada-time-memory tradeoff attack. In this case, a more effective attack may be obtained.

作者韦永壮苏崇茂马春波

机构地区桂林电子科技大学广西信息科学实验中心中国科学院软件研究所

出处《应用科学学报》 CAS CSCD 北大核心 2013年第6期650-654,共5页 Journal of Applied Sciences

基金国家自然科学基金(No.61100185) 广西自然科学基金(No.2011GXNSFB018071) 广西无线宽带通信与信号处理重点实验室(桂林电子科技大学)主任基金(No.11101) 保密通信重点实验室基金(No.9140C110404110C1106) 中国博士后科学基金(No.2011M500419)资助

关键词分组密码 ARIA算法中间相遇攻击时间复杂度 block cipher, ARIA cipher, meet-in4he-middle attack, time complexity

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献18

1DAESUNG K, AESUNG K, SANGWOO P, SOOHAK S, YAEKWON S, JUNGHWAN S, YONGJIN Y, EJOONC Y, SANGJIN L, JAEON L, SEONGTAEK C, DAEWAN H, JIN H. New block cipher: ARIA [C]//Information Secu- rity and Cryptology-ICISC 2003, 2004: 432-445.
2NIST. Advanced encryption standard(AES) [OL]. [2011-11-17]. http://csrc.nist.gov/publications/fips /fips197/Fips-197.pdf. November 26, 2001.
3DAEMEN J, RIJNMEN V. The design of rijndael AES: the advanced encryption standard [M]. Berlin: Springer-Verlag, 2002: 30-45.
4BIRYUKOV A, CANNIERE C, LANO J, PRENEEL B, ORS S. Security and performance anal- ysis of ARIA. version 1.2lOLl. [2011-11-17]. http://cloud.ttongfly.net/t/attachment/1321529635. pdf, January 7, 2004.
5吴文玲,张文涛,冯登国.Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia[J].Journal of Computer Science & Technology,2007,22(3):449-456. 被引量：22
6LI S H, SONG C Y. Improved impossible differen- tial cryptanalysis of ARIA [C]//Information Security and Assurance, 2008: 129-132.
7Du C H, CHEN J Z. Impossible differential cryptanal- ysis of ARIA reduced to 7 rounds [C]//Cryptology and Network Security, 2010: 20-30.
8LI S H, ZHANG H N, WANG X V. Dedicated linear attack on ARIA version 1.0 [J]. Tsinghua Science and Technology, 2009, 14(2): 212-217.
9L1 Y J, Wu W L, ZHANG L. Integral attacks on reduced-round ARIA block cipher [C]//Information Security, Practice and Experience, 2010: 19-29.
10TANG X H, SUN B, LI R L, LI C. A meet-in-the- middle attack on reduced-round ARIA [J]. Journal of Systems and Software, 2011, 84(10): 1685-1692.

二级参考文献12

1吴文玲.Pseudorandomness of Camellia-Like Scheme[J].Journal of Computer Science & Technology,2006,21(1):82-88. 被引量：6
2吴文玲,张文涛,冯登国.Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia[J].Journal of Computer Science & Technology,2007,22(3):449-456. 被引量：22
3Kwon D, Kim J, and Park S, et al.. New block cipher: ARIA[C]. ICISC 2003, LNCS 2971: 432-445.
4Biryukov A, Canniere D C, and Lano J, et al.. Security and performance analysis of ARIA. Version 1.2. Dept. Electrical Engineering-ESAT/S CD-COSIC Katholieke Universiteit Leuven Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium Jan. 7. 2004.
5Fleischmann E, Gorski M, and Lucks S. Attacking reduced rounds of the ARIA block cipher. Cryptology ePrint Archive: Report 2009/334, http://eprint.iacr.org/2009/334. 2009.
6Fleischmann E, Forler C, and Gorski M, et al.. New boomerang attacks on ARIA[C]. INDOCRYPT 2010, LNCS 6498: 163-175.
7Li Yan-jun, Wu Wen-ling, and Zhang Lei. Integral attacks on reduced-round ARIA block cipher[C]. ISPEC 2010, LNCS 6047: 19-29.
8Tang Xue-hai, Sun Bing, and Li Rui-lin, et al.. A meet-in- the-middle attack on ARIA. Cryptology ePrint Archive:Report 2010/168, http://eprint.iacr.org/2010/168. 2010.
9Demirci H, Selcuk A A, and Ture E. A new meet-in-the- middle attack on the IDEA Block Cipher[C]. SAC 2003, LNCS 3006: 117-129.
10Demirci H and Selcuk A A. A meet-in-the-middle attack on 8-round AES[C]. FSE 2008, LNCS 5086: 116-126.

共引文献25

1吴文玲,张蕾.不可能差分密码分析研究进展[J].系统科学与数学,2008,28(8):971-983. 被引量：11
2张庆贵.不可能差分攻击中的明文对筛选方法[J].计算机工程,2010,36(2):127-129. 被引量：11
3唐学海,李超,王美一,屈龙江.3D密码的不可能差分攻击[J].电子与信息学报,2010,32(10):2516-2520. 被引量：11
4张磊,郭建胜.6轮ARIA的最优不可能差分分析[J].中国科学院研究生院学报,2011,28(2):266-273.
5赵新杰,郭世泽,王韬,刘会英.ARIA访问驱动Cache计时模板攻击[J].华中科技大学学报（自然科学版）,2011,39(6):62-65. 被引量：3
6郑秀林,鲁艳蓉,连至助.对低轮Camellia算法不可能差分密码分析的研究[J].北京电子科技学院学报,2011,19(2):1-10.
7陈少真,鲁林真.对8轮ARIA算法的差分枚举攻击[J].电子与信息学报,2011,33(7):1770-1774. 被引量：3
8崔霆,金晨辉.分组密码Cauchy型MDS扩散结构的几点注记[J].电子学报,2011,39(7):1603-1607. 被引量：2
9苏崇茂.7轮ARIA-256的不可能差分新攻击[J].计算机应用,2012,32(1):45-48. 被引量：5
10崔霆,金晨辉.嵌套代替-扩散网络的CLEFIA结构零相关线性逼近的构造[J].电子与信息学报,2012,34(1):227-230. 被引量：2

1刘佳,陈少真.对ARIA算法的不可能飞去来攻击[J].信息工程大学学报,2013,14(3):275-281.
2李永光,曾光,韩文报.利用扩散层固定点对ARIA密码攻击的改进[J].四川大学学报（自然科学版）,2015,52(2):325-330.
3李曼曼,陈少真.对ARIA算法中间相遇攻击的改进[J].通信学报,2015,36(3):277-282. 被引量：2
4崔霆,金晨辉.两类扩散结构特征向量的研究与应用[J].电子与信息学报,2011,33(4):854-857. 被引量：1
5苏崇茂.7轮ARIA-256的不可能差分新攻击[J].计算机应用,2012,32(1):45-48. 被引量：5
6吴文玲,张文涛,冯登国.Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia[J].Journal of Computer Science & Technology,2007,22(3):449-456. 被引量：22
7周世祥,温巧燕,杨义先.SPN结构线性层的设计[J].山东理工大学学报（自然科学版）,2003,17(1):46-50. 被引量：1
8张庆贵.不可能差分攻击中的明文对筛选方法[J].计算机工程,2010,36(2):127-129. 被引量：11
9崔灵果,曹元大.一种SPN线性层的设计方法[J].计算机工程,2005,31(20):8-9. 被引量：3
10裴玉芳,孙文胜.一种基于能效的中继选择和功率分配方案[J].南阳理工学院学报,2016,8(4):8-12. 被引量：2

应用科学学报

2013年第6期

浏览历史

内容加载中请稍等...

变形ARIA密码算法的新攻击

参考文献18

二级参考文献12

共引文献25

相关作者

相关机构

相关主题

浏览历史