摘要
SIMON算法是2013年由NSA提出的一族轻量级分组密码算法,至今已有很多密码学者进行了安全性分析,如线性分析,差分分析,不可能差分和零相关线性hull分析等.SIMON算法根据不同的分组和密钥长度一共提供了10个不同的版本,可以满足不同的安全性需求.在这篇论文中,我们首先利用自动化搜索技术,获得了SIMON32算法最长的不可能差分路径,在此基础上对SIMON算法进行了不可能差分分析.我们给出了19轮SIMON 32/64的不可能差分分析的详细过程.在数据收集过程中,我们利用明文差分和第一轮输出差分与密钥无关的特点,使用建立并解方程的方法构造出满足明文和第一轮输出差分条件的明密文对,极大地降低了数据收集过程的计算复杂度.在密钥恢复过程中,采用Wang等提出的动态密钥猜测技术,降低了密钥过滤过程中的计算复杂度,改进了之前SIMON算法的不可能差分结果.
SIMON is a lightweight block cipher introduced by NSA and has attracted lots of attention ever since its publication in 2013. There have been numerous attacks on SIMON such as linear, differential, impossible differential, and zero correlation linear hull cryptanalysis. The SIMON family has 10 versions depending on different block sizes and key sizes to satisfy various security requirements. In this paper, we use automatic-search technique to obtain the longest impossible differential paths of SIMON, and then we propose impossible differential attacks. We give detailed process of attacks on SIMON32/64. In the process of structure construction, we exploit the connection of plaintext and round one output difference of the first round, which is independent of key bits. By building and solving equations of the second round we get plaintext pairs that satisfy the bit conditions of the first round thus reduce the complexity of data collecting phase greatly. In the key recovery phase, we use the dynamic key guessing technique proposed by Wang combined with bit property to exactly the exact bit difference condition, and the time complexity can be reduced and previous results of impossible differential attacks on SIOMN are imoroved.
出处
《密码学报》
CSCD
2015年第6期505-514,共10页
Journal of Cryptologic Research
基金
国家自然科学基金重点项目(61133013)
