Improved Linear Cryptanalysis of CAST-256

Improved Linear Cryptanalysis of CAST-256

导出

摘要 CAST-256, a first-round AES （Advanced Encryption Standard） candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with ]28-bit block accepting 128, 160, 192, 224 or 256 bits keys. Its S-boxes are non-surjective with 8-bit input and 32-bit output. Wang et al. identified a 21-round linear approximation and gave a key recovery attack on 24-round CAST-256. In ASIACRYPT 2012, Bogdanov et al. presented the multidimensional zero-correlation linear cryptanalysis of 28 rounds of CAST-256. By observing the property of the concatenation of forward quad-round and reverse quad-round and choosing the proper active round function, we construct a linear approximation of 26-round CAST-256 and recover partial key information on 32 rounds of CAST-256. Our result is the best attack according to the number of rounds for CAST-256 without weak-key assumption so far. CAST-256, a first-round AES （Advanced Encryption Standard） candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with ]28-bit block accepting 128, 160, 192, 224 or 256 bits keys. Its S-boxes are non-surjective with 8-bit input and 32-bit output. Wang et al. identified a 21-round linear approximation and gave a key recovery attack on 24-round CAST-256. In ASIACRYPT 2012, Bogdanov et al. presented the multidimensional zero-correlation linear cryptanalysis of 28 rounds of CAST-256. By observing the property of the concatenation of forward quad-round and reverse quad-round and choosing the proper active round function, we construct a linear approximation of 26-round CAST-256 and recover partial key information on 32 rounds of CAST-256. Our result is the best attack according to the number of rounds for CAST-256 without weak-key assumption so far.

作者赵静远王美琴温隆

机构地区 Key Laboratory of Cryptologic Technology and Information Security School of Mathematics

出处《Journal of Computer Science & Technology》 SCIE EI CSCD 2014年第6期1134-1139,共6页 计算机科学技术学报（英文版）

基金 supported by the National Basic Research 973 Program of China under Grant No.2013CB834205 the National Natural Science Foundation of China under Grant Nos.61133013,61070244 and 61103237 the Program for New Century Excellent Talents in University of China under Grant No.NCET-13-0350 the Interdisciplinary Research Foundation of Shandong University under Grant No.2012JC018

关键词 CAST-256 linear cryptanalysis block cipher Generalized-Feistel-Network CAST-256, linear cryptanalysis, block cipher, Generalized-Feistel-Network

分类号 TN918.4 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献25

1Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 1991, 4(1): 3-72.
2Matsui M. Linear cryptanalysis method for DES cipher. In Proc. Workshop on the Theory and Application of Crypto- graphic Techniques, May 1993, pp.386-397.
3Knudsen L. Truncated and higher order differentials. In Proc. the 2nd Int. Workshop on Fast Software Encryption, Decem- bet 1994, pp.196-211.
4Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In Proc. Int. Conf. the Theory and Application of Cryptographic Techniques, May 1999, pp.12-23.
5Borst J, Knudsen L, Rijmen V. Two attacks on reduced IDEA. In Proc. the 16th Advances in Cryptology-Eurocrypt, May 1997, pp.1-13.
6Blondeau C, Gerard B. Multiple differential cryptanalysis: Theory and practice. In Proc. the 18th Int. Workshop on Fast Software Encryption, February 2011, pp.35-54.
7Wang M Q, Sun Y, Tischhauser E, Preneel B. A model for structure attacks, with applications to PRESENT and Ser- pent. In Proc. the 19th Int. Workshop on Fast Software Eneryption, March 2012, pp.49-68.
8Wagner D. The boomerang attack. In Proc. the 6th Int. Workshop on Fast Software Eneryption, March 1999, pp.156- 170.
9Albrecht M, Cid C. Algebraic techniques in differential crypt- analysis. In Proc. the 16th Int. Workshop on Fast Software Encryption, February 2009, pp.193-208.
10Wang M, Sun Y, Mouha N, Preneel B. Algebraic techniques in differential cryptanalysis revisited. In Proe. the 16th Infor- mation Security and Privacy Australasian Conference, July 2011, pp.120-141.

1mason.大众网络安全谈(二)——网络密码、猫、宽带和ADSL[J].大众硬件,2003(3):145-147.
2孔百花.浅谈如何设置和管理自己的网络密码[J].科技信息,2014(1):61-61.
3ZHANG Bin,JIN ChenHui.Practical security against linear cryptanalysis for SMS4-like ciphers with SP round function[J].Science China(Information Sciences),2012,55(9):2161-2170. 被引量：6
4魏志恒,姚国清.AES算法的分析与实现[J].电脑编程技巧与维护,2009(10):21-22. 被引量：1
5董洪波,范明钰,张九华.AES算法介绍和硬件设计[J].广西师范大学学报（自然科学版）,2005,23(1):84-87. 被引量：7
6先进加密标准将出台[J].国防技术基础,2002(4):28-28.
7ZHANG HuanGuo,LI ChunLei,TANG Ming.Evolutionary cryptography against multidimensional linear cryptanalysis[J].Science China(Information Sciences),2011,54(12):2565-2577. 被引量：5
8张彦成.基于Excel宏语言的数据自动汇总研究[J].网友世界,2014(7):8-9. 被引量：2
9Luo Lan Qu Zehui Song Chaoming.Precise Transformation of Feistel to SP Fuse into LFSR[J].China Communications,2009,6(4):168-171.
10邢育森,杨义先.分组密码安全性研究的新进展[J].信息安全与通信保密,1996,18(3):39-42. 被引量：5

Journal of Computer Science & Technology

2014年第6期

浏览历史

内容加载中请稍等...

Improved Linear Cryptanalysis of CAST-256

参考文献25

相关作者

相关机构

相关主题

浏览历史