摘要
目前资源受限环境的应用场景越来越多,该场景下的数据加密需求也随之增加。以国际标准PRESENT算法为代表的一大批轻量级分组密码应运而生。PFP算法是一种基于Feistel结构的超轻量级分组密码算法,它的轮函数设计借鉴了国际标准PRESENT算法的设计思想。PFP算法的分组长度为64比特,密钥长度为80比特,迭代轮数为34轮。针对PFP算法,研究了其抵抗不可能差分分析的能力。在该算法的设计文档中,设计者利用5轮不可能差分区分器攻击6轮的PFP算法,能够恢复32比特的种子密钥。与该结果相比,文中通过研究轮函数的具体设计细节,利用S盒的差分性质构造出7轮不可能差分区分器,并攻击9轮的PFP算法,能够恢复36比特的种子密钥。该结果无论在攻击轮数还是恢复的密钥量方面,均优于已有结果,是目前PFP算法最好的不可能差分分析结果。
Nowadays,the application scenarios in the resource-constrained terminal system appear more and more,and the data encryption requirement of them also needs to be satisfied.There are many lightweight block ciphers designed such as PRESENT which is an international standard block cipher.PFP cipher is an ultra-lightweight block cipher which takes Feistel structure,and its round function is designed by using the experience of PRESENT cipher for reference.The block size of PFP is 64-bit,the key size of PFP is 80-bit and its round number is 34.For PFP,this paper studies its ability against impossible differential cryptanalysis.In the design document,the designers proposed a 5-round impossible differential and attacked reduced 6-round PFP cipher with this distinguisher.Moreover,the designers can recover 32-bit master key.Comparing with this result,by exploiting the differential property of the S-box in PFP,this paper constructs a 7-round impossible differential distinguisher and attack reduced 9-round PFP.Moreover,it can recover 36-bit master key.Therefore,the result is much better than the known one in terms of either the round number or the recovered key.So far as I know,the result in this paper is the best impossible differential cryptanalysis of PFP cipher.
作者
沈璇
王欣玫
何俊
孙志远
SHEN Xuan;WANG Xin-mei;HE Jun;SUN Zhi-yuan(College of Information and Communication,National University of Defense Technology,Wuhan 430010,China)
出处
《计算机科学》
CSCD
北大核心
2020年第7期263-267,共5页
Computer Science
基金
国家自然科学基金(61902414)。
