分组密码9轮Rijndael-192的不可能差分攻击  

作　　者：董晓丽[1] 商帅 陈杰[2] DONG Xiaoli;SHANG Shuai;CHEN Jie(School of Cyberspace Security,Xfan University of Posts and Telecommunications,Xi'an 710121,China;School of Telecommunication Engineering,Xidian University,Xi'an 710071,China)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]西安电子科技大学通信工程学院,西安710071

出　　处：《信息网络安全》2020年第4期40-46,共7页Netinfo Security

基　　金：国家自然科学基金[61772418];陕西省自然科学基础研究计划青年项目[2017JQ6010];“十三五”密码发展基金[MMJJ20180219]。

摘　　要：由于分组密码具有速度快、标准化、便于软硬件实现的特点,在信息安全领域有着广泛的应用,因此有必要研究分组密码的安全性。不可能差分攻击是针对分组密码有效的攻击方法之一,文章主要研究了分组密码Rijndael-192的9轮不可能差分攻击。文章依据列混淆变换差分分支数为5的性质,构造了一种5轮Rijndael-192不可能差分区分器;然后基于该区分器,利用S盒的性质和密钥扩展方案的弱点,对9轮Rijndael-192进行了密钥恢复攻击。结果表明,针对密钥长度为192的9轮Rijndael-192攻击方法,数据复杂度为2176.6个选择明文,时间复杂度为2188.2次加密,存储复杂度为2120个块,与已有的结果相比,该方法在数据复杂度、时间复杂度和存储复杂度上都有所降低;针对密钥长度为224和256的9轮Rijndael-192攻击,数据复杂度为2178.2个选择明文,时间复杂度为2197.8次加密,存储复杂度为2120个块,与已有的结果相比,该方法的数据和存储复杂度有所降低。With high speed, easy standardization and easy implement in hardware and software, block cipher has a wide range of applications in the field of information security. It is necessary to study the security of block cipher. Impossible differential attack is one of the effective attack methods against block cipher. In this paper, we focus on impossible differential(ID) attacks on Rijndael-192. According to the property that the difference branch number of the MixColumns is 5, a new 5-round impossible differential is proposed;then based on this impossible differential, with property of S-box and the key schedule weakness, the key recovery on the 9-round Rijndael-192 is given. It is shown or the attack on 9-round Rijndael-192 with key size of 192, it requires data complexity of about 2176.6 chosen plaintexts,time complexity of about 2188.2 encryptions and memory complexity of about 2120 blocks, which is better than previous known results in terms of the data, time and memory complexity;for the attack on 9-round Rijndael-192 with key size of 224 and 256, it requires data complexity of about 2178.2 chosen plaintexts, time complexity of about 2197.8 encryptions and memory complexity of about 2120 blocks,which is better than previous known results in terms of the data and memory complexity.

关 键 词：密码分析 分组密码 RIJNDAEL 不可能差分攻击 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]