CLEFIA-256算法的Biclique攻击

Biclique Attack on CLEFIA-256

针对CLEFIA-256分组密码算法在Biclique攻击与中间相遇攻击下的安全性进行研究。分析了CLEFIA-256加密算法与其密钥扩展算法扩散性的特点,基于中间密钥向量与主密钥的双射对应关系对密钥空间进行了划分。同时利用密钥扩展算法奇数轮所产生的子密钥仅与中间密钥向量直接相关的特点,构造了一个2轮8维的Biclique结构,结合算法结构特点所决定的一个5轮中间相遇区分器,对全轮CLEFIA-256算法进行了Biclique攻击。对攻击算法的复杂度进行了分析,其所需的数据复杂度为264个已知明文,存储复杂度为213.010Byte,计算复杂度为2^(255.279)次全轮CLEFIA-256加密,成功率为1。最后给出了全轮CLEFIA-256算法的中间相遇攻击结果,其数据复杂度为2个已知明文,存储复杂度为25.907Byte,计算复杂度为2^(255.323)次全轮CLEFIA-256加密。

The security of CLEFIA-256 block cipher under Biclique attack and MITM attack was studied. Diffusion features of cipher and key schedule were analyzed. The bijection of intermediate key and master key was used to divide the key space. The subkeys generated in the odd rounds of key schedule were only directly related to intermediate key. By using two related-key differential characteristic, 2-round 8-dimension Bielique was constructed and along with a 5-round distinguisher, the full-round CLEFIA-256 was attacked. The data complexity is 2s4 known plaintexts, the storage complexity is 2^13.010 Bytes, and the computational complexity is 2255.279 full-round encryption of CLE- FIA-256. The success rate is 1. The MITM attack based on Bielique attack on the full CLEFIA-256 with a data complexity of 2 known plaintexts, a storage complexity of 2^5.907 Byte and a computational complexity of 2^255.323 full-round CLEFIA-256 was given at the end of the paper.