Cryptanalysis of AEGIS-128  被引量:2

在线阅读下载全文

作  者:SHI Tairong HU Bin GUAN Jie WANG Senpeng 

机构地区:[1]PLA SSF Information and Engineering University,Zhengzhou 450001,China [2]Institute of Software,Chinese Academy of Sciences,Beijing 100190,China

出  处:《Chinese Journal of Electronics》2022年第2期285-292,共8页电子学报(英文版)

基  金:supported by the National Natural Science Foundation of China(61672509,61602514,61802437,61902428,62102448,62072445)。

摘  要:AEGIS,an authenticated encryption(AE)algorithm designed by H.J.Wu and B.Preneel,is one of the six winners of the Competition for Authenticated Encryption:Security,Applicability,and Robustness,which was launched by the National Institute of Standards and Technology.In this paper,we comprehensively investigate the existence of collision in the initialization of AEGIS-128 and evaluate the number of advanced encryption standard(AES)round functions involved in initialization,which reflects the resistance to differential attack.As a result,we find that there are 40 AES round functions,which is less than 50 ones claimed in the design document.We also prove that AEGIS-128 is strong enough to resist adversary who has access to partial state.In particular,we present a collision-based distinguisher and exploit it to recover the key of 4-step and 5-step(out of the full 10)AEGIS-128.The time and memory complexities are about 2;and 2;respectively.Specifically,we quantize the attack of 4-step AEGIS-128,in which we solve the technical issue of dealing with the function that does not fulfill Simon’s promise.It is noted that the nonce is not reused in our work.Although we present some results of AEGIS-128 that exceed the existed analysis,the security margin of AEGIS-128 remains large.

关 键 词:CAESAR AEGIS Collision analysis Quantum Simon’s algorithm Differential property 

分 类 号:TN918.1[电子电信—通信与信息系统]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象