摘要
分组密码算法ARIA在输入差分有两个字节非零时,经过连续的2轮加密之后,输出差分的某两个字节相等利用这一性质,构造了一条新的4轮不可能差分路径,通过对该路径构造2轮前置路径和1轮后置路径,得到7轮不可能差分路径,实现了对ARIA-256的7轮不可能差分分析.利用算法的混淆层及扩散层的性质进行密钥猜测,推导出各密钥块之间的关系.最后利用早夭技术计算攻击复杂度,该攻击需要数据复杂度为2119和大约2216次7轮加密运算.这与现有的ARIA不可能差分研究成果对比,该攻击减少了时间复杂度.
Based on the structure property of 2-round ARIA,that is,an input difference with two nonzero bytes propagates to the output difference with two equal bytes,a new 4-round impossible difference path is constructed in this paper.Then,by adding two consecutive rounds before the distinguisher and one round after the distinguisher,an impossible differential attack on 7-rounds of ARIA-256 is proposed.Using the algorithm of confusion layer and diffusion layer of ARIA in the keyguessing phase,the relations between different key blocks can be deduced.The complexity of the attack can be computed by using the early-abort technique.The attack requires 2119 chosen plaintexts and approximately 22167-rounds of encryption.Compared with the known impossible difference attacks of ARIA,the time complexity is reduced.
作者
欧海文
王湘南
李艳俊
雷亚超
OU Hai-Wen;WANG Xiang-Nan;LI Yan-Jun;LEI Ya-Chao(Beijing Electronic Science and Technology Institute,Beijing 100070,China;Xidian University,Xi’an 710071,China)
出处
《密码学报》
CSCD
2020年第4期465-472,共8页
Journal of Cryptologic Research