摘要
迭代型分组密码的安全性强烈依赖于其结构与轮函数,由Ramzan和Reyzin提出的轮安全概念正描述了结构与轮函数对安全性的影响.本文从轮安全的角度出发,分析了当攻击者具有访问算法部分轮函数的能力时,Lai-Massey结构的安全性.Lai-Massey结构由Vaudenay提出,作为典型的密码结构之一,被广泛应用于算法领域,其中包括分组密码算法IDEA和FOX等.本文进一步研究了Lai-Massey结构的安全性,说明了当攻击者除了可以正向和反向询问4轮的Lai-Massey结构以外,如果还能够获得第一轮或第四轮的轮函数查询能力,则方案是不安全的;如果第一轮和第四轮的轮函数是攻击者无法查询的,那么即便攻击者获得了第二轮和第三轮的轮函数查询能力,仍可以证明方案的安全性.
The security of iterated block ciphers heavily depends on their structure and round functions. Ramzan and Reyzin proposed the notion of round security, which considers what happens when adversaries have additional access to some of the internal rounds of the computation of the block ciphers. This paper analyses the round security of the Lai-Massey structure. The Lai-Massey structure used in the block cipher IDEA and FOX was investigated by Vaudenay. This paper proves that the four round Lai-Massey structure is not super-pseudorandom if the adversary is allowed to have oracle access to the first or the last round function; and is super-pseudorandom even if the adversary has oracle access to two internal round functions.
出处
《密码学报》
2014年第1期28-40,共13页
Journal of Cryptologic Research
基金
国家自然科学基金(61272476
61202422)