改进的10轮Kalyna-128/256中间相遇攻击  

作　　者：刘亚[1,2,3] 占婷婷[1,2] 姒宏明[1] 李玮 刘志强 Liu Ya;Zhan Tingting;Si Hongming;Li Wei;Liu Zhiqiang(College of Optical-Electronic&Computer Engineering,University of Shanghai for Science&Technology,Shanghai 200093,China;Shanghai Key Laboratory of Modern Optical System,University of Shanghai for Science&Technology,Shanghai 200093,China;Dept.of Computer Science&Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;School of Computer Science&Technology,Donghua University,Shanghai 201620,China;Shanghai Key Laboratory of Integrate Administration Security,Shanghai 200240,China)

机构地区：[1]上海理工大学光电信息与计算机工程学院,上海200093 [2]上海理工大学上海市现代化光学重点实验室,上海200093 [3]上海交通大学计算机科学与工程系,上海200240 [4]东华大学计算机科学与技术学院,上海201620 [5]上海市信息安全综合管理技术研究重点实验室,上海200240

出　　处：《计算机应用研究》2020年第7期2112-2116,2122,共6页Application Research of Computers

基　　金：国家“十三五”密码发展基金理论课题资助项目(MMJJ20180202);信息保障技术重点实验室开放基金资助项目(KJ-17-008)。

摘　　要：分组密码Kalyna在2015年6月被确立为乌克兰的加密标准,它的分组长度为128 bit、256 bit和512 bit,密钥长度与分组长度相等或者是分组长度的2倍,记为Kalyna-b/2b。为了保证该算法在实际环境中能安全使用,必须对其抵抗当下流行的攻击方法中的中间相遇攻击的能力进行评估。通过研究Kalyna-128/256轮密钥之间的线性关系,再结合多重集、差分枚举和相关密钥筛选等技巧构造了四条6轮中间相遇区分器链,在此区分器前端接1轮后端接3轮,再利用时空折中实现了对10轮Kalyna-128/256的中间相遇攻击,攻击所需的数据、时间和存储复杂度分别为2111个选择明文、2238.63次10轮加密和2222个128 bit块。将之前10轮Kalyna-128/256中间相遇攻击最优结果的数据、时间和存储复杂度分别降低了24倍、214.67倍和226.8倍。The Kalyna block cipher has recently been selected as the Ukranian encryption standard in June,2015.It supports block sizes of 128 bit,256 bit,and 512 bit,and key sizes of 128 bit,256 bit,and 512 bit.Among them,the key size can be equal to or twice as the block length,denoted by Kalyna-b/2 b.In order to apply it safely in the real systems,the researchers should evaluate the security of Kalyna against the meet-in-the-middle attack which is one of the currently popular attacks.This paper researched the key schedule of Kalyna-128/256 to obtain some linear relationships among round keys.Based on them,it constructed four 6-round distinguishers by using multisets,differential enumerations and key-dependent sieve techniques.Through appending one round at its top and three rounds at its bottom,it mounted a meet-in-the-middle attack on 10-round Kalyna-128/256.In order to reduce the time complexity of online phase,it applied the time-memory tradeoff technique.Finally,the data,time and memory complexities of attack are 2111 chosen plaintexts,2238.638-round encryptions and 2222128 bit blocks,respectively.The results show that compared with the previously best known meet-in-the-middle attack on 10-round Kalyna-128/256,the data,time and memory complexities are reduced by 24 times,214.67 times and 226.8 times,respectively.

关 键 词：Kalyna 多重集 中间相遇攻击 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]