Trivium序列密码的线性性质和代数性质

Analysis on Linear and Algebraic Property of Trivium Stream Cipher

导出

摘要 Trivium是C.De Canniere和B.Preneel在2005年为欧洲eSTREAM项目设计的序列密码,Trivium被选为最终的7个算法之一。Trivium的内部状态为288比特,密钥长度为80比特。文中给出Trivium的分组密码迭代模型,在这个模型下,利用计算程序得出了Trivium各轮输出关于内部状态的线性逼近及其线性逼近概率,当初始化轮数超过246时,其输出关于输入的线性逼近概率不大于1/2+2^(-41)。利用计算机搜索程序,给出Trivium在轮的代数方程规模,利用1 152个输出比特,得到的二次方程组包含6788个变量、11 232个方程,从实验上证明了Trivium算法能抗线性攻击和代数攻击。 Trivium is a stream cipher designed by C. De Canni^re and B. Preneel for the European project eSTREAM in 2005. Trivium, selected as one of the final seven stream ciphers,has an internal state size of 288 bits and a key length of 80 bits. In this paper,a block cipher based iterative model for Trivium is proposed. Based on this model,the linear approximation probability for output bits and internal states of each round are computed. When the iterative rounds exceed 246, this probability is less than 1/2＋2 41. Meanwhile, the scale of algebraic equations for each round of Trivium is estimated by a search program. With 1 152 output bits, the quadratic equation system containing 6 788 variants and 11 232 equations is obtained. Experimental results indicate that Trivium can successfully resist Linear attack and alge- braic attack.

作者申兵霍家佳

机构地区保密通信重点实验室

出处《信息安全与通信保密》 2013年第12期113-116,共4页 Information Security and Communications Privacy

关键词 Trivium序列密码线性攻击代数攻击 Trivium stream cipher linear attack algebraic attack

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献7

1DE CANNIERE C, PRENEEL B. Trivium Specifica- tions [ EB/OL ]. ( 2007 - 3 - 29 ) [ 2007 - 4- 15 ]. ht- tp://www, ecrypt, eu. org/stream/p3ciphers/trivium/ trivium p3. pdf.
2RADDUM H. Cryptanalytic Results on TRIVIUM [ EB/ OL]. (2006-4-20) [2007-4-15]. http://www. ecrypt, eu. org/stream/.
3MAXIMOV A, BIRYUKOV A. Two Trivial Attacks on Trivium. SASC 2007- The State of the Art of Stream Ciphers[ C]. 2007.
4TURAN M S, KARA O. Linear Approximations for 2- round Trivium. SASC 2007- The State of the Art of Stream Ciphers[ C]. 2007.
5VIELHABER M, Breaking ONE. Fivium by AIDA an Algebraic IV Differential Attack [ EB/OL ]. (2007-10 -28) [2007-10-29]. http://eprint, iacr. org/2007/ 413. pdf.
6Matsui. Linear Cryptanalysis Method for DES Cipher. EUROCRYPT[ C ]. New York : Springer- Verlag New York, Inc. 1994:386-397.
7COURTOIS N, PIEPRZYK J. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations [ C ]. New York : Springer-Verlag New York, Inc. 2002:267-287.

1燕善俊,余昭平.DES线性攻击的一点注记[J].信息安全与通信保密,2005,27(7):93-95.
2刘佳,杜淑琴,谢芳清.SMS4算法S盒代数性质的研究[J].电脑与电信,2008(1):11-13. 被引量：1
3董军武.4轮AES零相关线性壳的存在性[J].安徽师范大学学报（自然科学版）,2017,40(2):116-124.
4李申华,张海纳,王小云.Dedicated Linear Attack on ARIA Version 1.0[J].Tsinghua Science and Technology,2009,14(2):212-217.
5孙文龙,关杰,刘建东.针对简化版Trivium算法的线性分析[J].计算机学报,2012,35(9):1890-1896. 被引量：5
6赵俊阁,姜浩伟,李永杰.Wep协议抗线性攻击缺陷分析及改进[J].计算机与数字工程,2006,34(9):102-104.
7董向忠,关杰.SIMON类算法轮函数的线性性质[J].山东大学学报（理学版）,2015,50(9):49-54. 被引量：2
8李晓伟,王军光.一种降低OFDM系统峰均比改进的SLM算法[J].企业技术开发（中旬刊）,2012,31(7):75-76.
9廖卫民.一种加载随机预言模型的RSA公钥密码体制[J].信息技术与标准化,2005(1):20-23.
10廖卫民.加载随机预言模型可完善RSA公钥密码体制[J].华南金融电脑,2005,13(2):36-38.

信息安全与通信保密

2013年第12期

浏览历史

内容加载中请稍等...

Trivium序列密码的线性性质和代数性质

参考文献7

相关作者

相关机构

相关主题

浏览历史