摘要
In recent years,with the rapid development of the Internet of Things(IoT),RFID tags,industrial controllers,sensor nodes,smart cards and other small computing devices are increasingly widely deployed.In order to help protect low-power,low-cost Internet of things devices,lightweight cryptography came into being.In order to launch the standard of cryptographic algorithm suitable for constrained environment,NIST started the process of lightweight cryptography standardization in 2016,and published the second round of candidate cryptographic algorithms in August2019.SKINNY-Hash in the sponge construction is one of the second round candidates,as well as SKINNY-AEAD.The tweakable block cipher SKINNY is the basic component for both of them.Although cryptanalysts have proposed several cryptanalysis results on SKINNY and SKINNY-AEAD,there is no cryptanalysis results on SKINNY-Hash.Based on the differential cryptanalysis and the method of mixed integer programming(MELP),we perform differential cryptanalysis on SKINNY-Hash.The core is to set up the inequations of the MILP model.Actually,it is hard to obtain the inequations of the substitution(i.e.S-box)obeying the previous method.By a careful study of the permutation,we partition the substitution into a nonlinear part and a linear part,then a series of inequations in the MILP model is obtained to describe the differentials with high possibilities.As a result,we propose a differential hash collision path of 3-round SKINNY-tk3-Hash.By adjusting the bit rate of SKINNY-tk3-Hash,we propose a 7-round collision path for the simplified algorithm.The cryptanalysis in this paper will help to promote the NIST Lightweight Crypto Standardization process.
基金
supported by the Natural Science Foundation of Beijing,China(Grant No.4172006)
Beijing Municipal Education Commission of China(Grant No.km201410005012)。
