SKINNY-n-n算法和MANTIS算法的相关密钥分析

Related-key cryptanalysis of SKINNY-n-n and MANTIS

通过分析SKINNY算法的密钥扩展算法特性以及算法结构,给出了两类SKINNY-n-n算法的相关密钥不可能差分区分器,而后据此对19轮的SKINNY算法进行了攻击,得到了对于SKINNY-64-64和SKINNY-128-128攻击所需数据复杂度分别为2^(55)、2^(104)个选择明文,计算复杂度分别为为2^(40. 82)次19轮SKINNY-64-64加密和2^(77. 76)次19轮SKINNY-128-128加密,存储复杂度分别为2^(48)和2^(96)。此外,针对SKINNY算法族中的低延迟变体-MANTIS算法,利用其FX结构以及密钥扩展算法的Tweakey结构,首先基于α映射,给出了一类平凡相关密钥差分特征;而后找到一种1轮循环结构,借此构造了对于MANTIS_(r core)的相关密钥矩阵区分器(1≤r≤6);最后,利用现有的对于MANTIS_5的攻击结果,改进得到了一类新的相关密钥差分路径,将区分器概率提高到2^(28. 35),有效降低攻击所需复杂度。

In this paper,we take the differential cryptanalysis of SKINNY- n - n and the low latency variant of SKINNY-MANTIS with related-key technique.Firstly,we present two kinds of related-key impossible differential distinguisher for SKINNY- n - n by analyzing key scheduling part and the cipher structure of SKINNY.Based on the distinguishers obtained,19 rounds of SKINNY- n - n can be attacked.Moreover,the complexities of the attack of SKINNY-64-64 and SKINNY-128-128 are 2 55 and 2 104 in data,2 40.82 and 2 77.76 in memory,2 48 and 2 96 in computational time respectively.In addition,for MANTIS,we give a class of ordinary related-key differential characteristic based on the α mapping at first.And then we utilize a 1-cycle structure to obtain related-key rectangle trails for MANTIS r core .Finally,using the existing attack results on MANTIS 5,a class of improved differential path in the related-key model is constructed with increasing the probability of the distinguisher to 2 28.35 ,effectively reducing the complexity required for attack.