机构地区:[1]Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,Shandong University [2]Institute for Advanced Study, Tsinghua University
出 处:《Science China(Information Sciences)》2018年第3期67-79,共13页中国科学(信息科学)(英文版)
基 金:supported by National Basic Research Program of China (973 Program) (Grant No. 2013CB834205);National Natural Science Foundation of China (Grant No. 61672019);Fundamental Research Funds of Shandong University (Grant No. 2016JC029);Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-15-002)
摘 要:Sinapira v2 is a family of cryptographic permutations proposed at ASIACRYPT 2016, and can be used to construct high throughput block ciphers by using the Even-Mansour construction, permutation- based hashing, and wide-block authenticated encryption. This paper shows a 9-round impossible differential of Simpira-4. To the best of our knowledge, this is the first 9-round impossible differential. To determine some efficient key recovery attacks on its block cipher mode (Even-Mansour construction with Simpira-4), we use some 6/7-round shrunken impossible differentials. Based on eight 6-round impossible differentials, we propose a series of 7-round key recovery attacks on the block cipher mode; each 6-round impossible differential helps recover 32 bits of the master key (512 bits), and in total, half of the master key bits are recovered. The attacks require 257 chosen plaintexts and 257 7-round encryptions. Furthermore, based on ten 7-round impossible differentials, we add one round on the top or at the bottom to mount ten 8-round key recovery attacks on the block cipher mode. This helps recover the full key space (512 bits) with a data complexity of 2170 chosen plaintexts and time complexity of 2170 8-round encryptions. Those are the first attacks on the round-reduced Simpira v2 and do not threaten the Even-Mansour mode with the full 15-round Simpira-4. Keywords Simpira-4, impossible differential attack, super S-box, the Even-Mansour construction, security claimSinapira v2 is a family of cryptographic permutations proposed at ASIACRYPT 2016, and can be used to construct high throughput block ciphers by using the Even-Mansour construction, permutation- based hashing, and wide-block authenticated encryption. This paper shows a 9-round impossible differential of Simpira-4. To the best of our knowledge, this is the first 9-round impossible differential. To determine some efficient key recovery attacks on its block cipher mode (Even-Mansour construction with Simpira-4), we use some 6/7-round shrunken impossible differentials. Based on eight 6-round impossible differentials, we propose a series of 7-round key recovery attacks on the block cipher mode; each 6-round impossible differential helps recover 32 bits of the master key (512 bits), and in total, half of the master key bits are recovered. The attacks require 257 chosen plaintexts and 257 7-round encryptions. Furthermore, based on ten 7-round impossible differentials, we add one round on the top or at the bottom to mount ten 8-round key recovery attacks on the block cipher mode. This helps recover the full key space (512 bits) with a data complexity of 2170 chosen plaintexts and time complexity of 2170 8-round encryptions. Those are the first attacks on the round-reduced Simpira v2 and do not threaten the Even-Mansour mode with the full 15-round Simpira-4. Keywords Simpira-4, impossible differential attack, super S-box, the Even-Mansour construction, security claim
关 键 词:Simpira-4 impossible differential attack super S-box the Even-Mansour construction security claim
分 类 号:TN918.4[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
