摘要
Biclique攻击是目前唯一能将对AES全轮攻击降至穷举攻击之下的密钥恢复攻击,但如何得到AES新的Biclique结构或全部Biclique结构尚没有解决。该文设计了寻找AES-128全部Biclique结构的算法以及衡量基于相应结构Biclique攻击的数据和时间复杂度的算法,得出了AES-128共有215类iD-差分能产生555个Biclique结构,给出了数据复杂度最小和次小的iD-差分路径,分别列出了计算复杂度最小和数据复杂度最小的Biclique差分及匹配。
The current Biclique attack is the only key recovery method for the full AES faster than brute-force, but how to get a new Biclique structure or all Biclique structures for AES has not been resolved. This paper designs algorithms to find all Biclique structures for AES-128 and evaluate the computational complexity or data complexity of corresponding Biclique attacks. Using these algorithms, this paper gives that there are 215 kinds iD-differentials to generate 555 Biclique structures of AES-128, presents iD-differential trails with the smallest and the second smallest data complexity, and gets Biclique differentials and matching with the smallest computational complexity and the smallest data complexity respectively.
出处
《电子与信息学报》
EI
CSCD
北大核心
2016年第1期135-140,共6页
Journal of Electronics & Information Technology
基金
国家863计划(2011AA7011016)~~