摘要
KATAN系列密码算法是基于非线性反馈移位寄存器的分组密码算法,最初在CHES2009上发表.按照分组长度,该算法分为三类:KATAN32,KATAN48和KATAN64.这三个算法使用相同的密钥生成算法,密钥长度均为80比特,非线性函数和加密轮数均相同.本文就是利用了相关密钥条件差分分析的方法,通过KATAN系列算法生成的密钥序列的特性来确定密钥差分,通过控制条件获得相应的明文差分,确定差分路径之后,采用了猜测密钥回推验证的方法,从而使得KATAN32、KATAN48、KATAN64相关密钥差分攻击的轮数分别提高到158轮、140轮和126轮.该攻击与Isobe等人提出的飞去来去器攻击在轮数上不占优势,但本文的攻击需求较少的数据量和存储空间.
The KATAN family of block ciphers based on NLFSR are first published at CHES 2009. It contains three settings, namely KATAN32, KATAN48 and KATAN64. All of the cipher settings in the KATAN family share the same key schedule, which use an 80-bit master key, as well as the same nonlinear functions and encryption rounds. In this paper, we use conditional differential cryptanalysis to analyze the KATAN family in the related-key scenario. We get the differences of plaintext by imposing conditions on the public variables of the ciphers with the characteristic of key sequence. For the KATAN family, we guess the key of following rounds through whether it changes the disadvantage of the differential path. Finally, we obtain key-recovery attacks on 158,140 and 126 of 254 rounds of KATAN32, KATAN48 and KATAN64, respectively. Compared with the Isobe's attack results, our attack requires less data and memory, while having the same number of rounds.
出处
《密码学报》
CSCD
2015年第1期77-91,共15页
Journal of Cryptologic Research
基金
国家重点基础研究发展项目(973计划)(2013CB834205)
国家自然科学基金项目(61133013
61103237)
教育部新世纪优秀人才支持计划(NCET-13-0350)
山东大学交叉学科基金项目(2012JC018)