Impossible differential cryptanalysis of reduced-round <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M2"><msup><mrow><mi mathvariant="bold-italic">μ</mi></mrow><mrow><mn mathvariant="normal">2</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M002.jpg"><?fx-imagestate width="5.50333309" height="5.58799982"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M002c.jpg"><?fx-imagestate width="5.50333309" height="5.58799982"?></graphic></alternatives></inline-formula> algorithm based on matrix method
To evaluate the security of <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M8"><msup><mrow><mi>μ</mi></mrow><mrow><mn mathvariant="normal">2</mn></mrow></m...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2024-11-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024196/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | To evaluate the security of <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M8"><msup><mrow><mi>μ</mi></mrow><mrow><mn mathvariant="normal">2</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M008.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M008c.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic></alternatives></inline-formula> algorithm in impossible differential cryptanalysis, a 9-round impossible differential distinguisher of <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M9"><msup><mrow><mi>μ</mi></mrow><mrow><mn mathvariant="normal">2</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M008.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M008c.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic></alternatives></inline-formula> algorithm was constructed based on matrix method and meet-in-the middle technique firstly. Then, with the utilization of key-bridge technique, a 13-round key recovery attack was presented to <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M10"><msup><mrow><mi>μ</mi></mrow><mrow><mn mathvariant="normal">2</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M010.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M010c.jpg"><?fx-imagestate width="2.87866688" height="3.13266683"?></graphic></alternatives></inline-formula> algorithm by expanding the 9-round distinguisher forward and backward 2 rounds, respectively. The results show that the master key can be recovered 45 bit in the attack, the data complexity of plaintexts is <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M11"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mn mathvariant="normal">42.5</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M011.jpg"><?fx-imagestate width="5.24933338" height="2.45533323"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M011c.jpg"><?fx-imagestate width="5.24933338" height="2.45533323"?></graphic></alternatives></inline-formula>, and the time complexity of 13 rounds of algorithm encryptions is <inline-formula><alternatives><math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M12"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mn mathvariant="normal">65.3</mn></mrow></msup></math><graphic specific-use="big" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M012.jpg"><?fx-imagestate width="5.24933338" height="2.45533323"?></graphic><graphic specific-use="small" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="alternativeImage/22C9D519-EA4F-4e54-A8CF-1ACB826F2179-M012c.jpg"><?fx-imagestate width="5.24933338" height="2.45533323"?></graphic></alternatives></inline-formula>. Compared with the previous research, the study achieves the longest attack rounds, and the data complexity is effectively reduced. |
|---|---|
| ISSN: | 1000-436X |