对分组密码SKINNY-64-64的Biclique攻击  

作　　者：唐鹏[1] 袁征[1,2] Tang Peng 1, Yuan Zheng 1,2(1Xidian University,Xi an 710071, Shannxi, China;2Beijing Electronics Science and Technology Institute, Beijing 100071, China)

机构地区：[1]西安电子科技大学,陕西西安710071 [2]北京电子科技学院,北京100071

出　　处：《计算机应用与软件》2018年第7期320-324,328,共6页Computer Applications and Software

摘　　要：介绍对分组密码SKINNY-64-64的Biclique攻击。分组密码SKINNY-64-64是分组密码算法SKINNY的64比特分组长度、64比特密钥长度版本。它是典型的SP网络结构的分组密码,共进行32轮加密。SKINNY-64-64的加密算法包括状态单位替换、轮常量加、轮密钥加、行移位以及列混合。它的加密过程使用了较少的逻辑门,软硬件实现都具有较好的效率。Biclique攻击的基本思路是通过寻找两条不相交的密钥差分路径来构造Biclique结构,在所构造的Biclique结构的基础上,结合中间相遇攻击的思想,通过密钥划分、部分匹配、密钥检测等步骤来确定密钥恢复的时间复杂度。Biclique结构决定了攻击的数据复杂度,部分匹配过程决定了攻击的时间复杂度。对于SKINNY-64-64,从明文方向使用相关密钥差分构造了覆盖第1~6轮的4维独立型Biclique结构。在此Biclique结构的基础上,向后匹配26轮。分前向和后向两个方向对第18轮的匹配变量进行匹配,最终完成全轮攻击。攻击的时间复杂度为2^(62.908),数据复杂度为2^(48)个选择明文。这是目前为止使用平衡型Biclique结构对SKINNY-64-64进行全轮攻击的最优结果。It mainly introduces the Biclique attack on block cipher SKINNY-64-64. The block cipher SKINNY-64-64 is the 64 bits block size and 64 bits key length version of the block cipher SKINNY family. It is a typical substitutionpermutation structure block cipher which processes plaintext in 32 rounds. The encryption algorithm of SKINNY-64-64 includes Sub Cells,Add Constants,AddRound Tweakey,ShiftRows and Mix Columns. It is designed with the smallest logic gates,and performs efficiently in both software and hardware implementations. The main idea of Biclique attack is to find two independent differential paths to construct a Biclique structure. By combining the idea of meet-in-the-middle attack on the basis of the Biclique structure,we can compute the complexity of key recovery by the technologies of key space partitioning,partial matching and key recheck. The Biclique structure determines the data complexity and partial matching determines the time complexity. To SKINNY-64-64,we constructed a 4-dimensionin independent Biclique structure from plaintext direction by related-key differential trails which covered the first 6 rounds of the cipher,and then did the partial matching process in the following 26 rounds. We did the partial matching process from the forward direction and backward direction respectively to match the matching value. We completed the full rounds attack finally.The time complexity and data complexity of our attack were 2～（62. 908） and 2^（48） respectively. This is the optimal result of full round attack on SKINNY-64-64 using balanced Biclique structure so far.

关 键 词：SKINNY-64-64 分组密码 BICLIQUE 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]