摘要
CHAM算法是在ICISC 2017上提出的一个ARX型轻量级分组密码算法族,主要研究利用不可能差分分析方法对其进行安全性分析。首先,利用线性不等式组对算法轮函数每个组件的差分传播规律进行等价刻画,建立了基于MILP的不可能差分自动化搜索模型。其次,基于搜索模型,遍历特定的输入输出差分集合,搜索得到CHAM-64的4条19轮以及CHAM-128的1条18轮不可能差分区分器,均为目前公开发表的最长轮同类型区分器。最后,利用搜索得到的区分器,首次提出了27轮CHAM-64/128以及27轮CHAM-128/256的密钥恢复攻击。考虑到这两个算法的迭代轮数分别为80轮和96轮,说明CHAM算法在抵抗不可能差分分析方面留有足够的安全边界。
CHAM ciphers are a family of lightweight block ciphers which are based on ARX structure and are proposed in ICISC 2017.In this paper,we use impossible differential cryptanalysis to analyze their security.Firstly,we use a set of linear inequalities to equivalently characterize each component of the cipher,describe the propagation rule of the differentials,and establish an impossible differential automated search model based on MILP.Secondly,by using the model,we set a specific set of I/O differences.Four 19-round impossible differential distinguishers of CHAM-64 and one 18-round impossible differential distinguisher of CHAM-128 are found,both of which are currently the longest publicly available distinguishers of the same type.Finally,using the appropriate distinguishers obtained by the search,key recovery attacks are carried out on 27 rounds CHAM-64/128 and 27 rounds CHAM-128/256.However,the number of iteration rounds of these two ciphers are 80 and 96 respectively,which indicates that CHAM cipher still has sufficient safety boundary in anti-impossible differential cryptanalysis.
作者
付志新
任炯炯
陈少真
FU Zhixin;REN Jiongjiong;CHEN Shaozhen(Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Cryptology,Beijing 100878,China)
出处
《信息工程大学学报》
2020年第5期586-592,共7页
Journal of Information Engineering University
基金
数学工程与先进计算国家重点实验室开放基金课题(2018A03)
国家密码发展基金(MMJJ20180203)
信息保障技术重点实验室开放基金课题(KJ-17-002)。
