Square-6攻击的修正方案

The correctional Square-6 attack

Square 6攻击曾被认为是对6圈AES算法Rijndael最为有效的攻击之一,通过猜测4个首圈子密钥构造只含一个活动字节的Λ集,在此基础上实施Square 5攻击,时间复杂度为272.文中指出Square 6攻击并不能构造出Λ集,从而攻击是不成功的;利用部分和技术给出不依赖于首圈子密钥的修正的Square 6攻击方法,其时间复杂度为250.

The Square-6 attack was once thought to be one of the most effective attacks against the AES algorithm Rijndael of six rounds. It was performed with a time complexity of 2^(72) by means of applying a Square-5 attack to a Λ set that contains an active byte. The Λ set was constructed by guessing four bytes of the initial round key. We point out in this paper that no proper Λ set can be built in the Square-6 attack and therefore the overall attack will fail without doubt. Based on the technique of the partial sums, a correctional Square-6 attack independent of the initial round key is described. The time complexity of the correctional attack is 2^(50).