MIBS分组密码的改进积分攻击

Improved Integral Attacks on MIBS Block Cipher

MIBS算法是由Izadi等人在CANS 2009上提出的一个轻量级分组密码算法,整体采用Feistel结构,轮函数使用SP结构,分组长度为64 b,包含MIBS-64和MIBS-80这2个版本,适用于资源受限的环境,例如RFID(radio frequency identification)标签.研究MIBS算法针对积分攻击的安全性.首先,针对该算法的密钥编排算法,利用密钥搭桥技术,分别得到了MIBS-64和MIBS-80的轮密钥的相关性质.其次,利用基于MILP(mixed integer linear programming)的比特可分性的自动化建模搜索方法,构造了MIBS的8轮和9轮积分区分器.然后,基于8轮积分区分器,给出了12轮MIBS-64的密钥恢复攻击,数据复杂度为2^(60),时间复杂度为2^(63.42);最后,基于9轮积分区分器,给出了14轮MIBS-64的密钥恢复攻击,数据复杂度为2^(63),时间复杂度为2^(66).这是目前对MIBS-64和MIBS-80轮数最长的积分攻击.

MIBS is a lightweight block cipher which was proposed by Izadi et al.at CANS 2009.Its overall encryption structure uses the typical Feistel network,and the round function adopts the SP network.MIBS supports both MIBS-64 and MIBS-80 versions,that is,it has 64-bit and 80-bit two key lengths with a 64-bit block size,and is suitable for strictly resource-constrained devices,such as low-cost RFID(radio frequency identification)tags.We study the integral attack on the block cipher MIBS.Firstly,we observe the key schedules of MIBS-64 and MIBS-80,and find some properties between their round keys by using the automatic search algorithm for key-bridging technique,respectively.Secondly,using the bit-based division property and the automatic modeling search method based on MILP(mixed integer linear programming),we find some 8-round and 9-round integral distinguishers of MIBS.Then,based on the 8-round integral distinguisher,we launch a 12-round key recovery attack for MIBS-64 with the data complexity2^(60),and the time complexity2^(63.42).Finally,based on the 9-round integral distinguisher,we launch a 14-round key recovery attack for MIBS-80 with the data complexity2^(63),and the time complexity2^(66).These two key recoveries are the current best integral attacks on the block cipher MIBS-64 and MIBS-80.