轻量级密码TWINE-128的量子密码分析  被引量：2

作　　者：李艳俊 易子晗[2] 汪振 刘健 LI Yan-Jun;YI Zi-Han;WANG Zhen;LIU Jian(Information Industry Information Security Evaluation Center,The 15th Research Institute of China,Electronics Technology Group Corporation,Beijing 100083,China;Beijing Electronic Science and Technology Institute,Beijing 100070,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区：[1]中国电子科技集团公司第十五研究所信息产业信息安全测评中心,北京100083 [2]北京电子科技学院,北京100070 [3]桂林电子科技大学广西密码学与信息安全重点实验室,桂林541004

出　　处：《密码学报》2022年第4期633-643,共11页Journal of Cryptologic Research

基　　金：广西密码学与信息安全重点实验室开放课题(GCIS201912)。

摘　　要：在分组密码中,Type-II型GFS(generalized Feistel scheme,广义Feistel结构)是GFS的一种比较流行的版本,它的明文被划分为k(k>2)个子块,每2个子块进行一次Feistel变换,然后对k个子块执行拉线操作.本文对基于该结构的TWINE-128进行量子密码分析,根据算法结构特点构造周期函数,在此基础上找到TWINE-128的7轮量子区分器,进一步地,对TWINE-128实施14轮量子密钥恢复攻击,相关时间复杂度为2^(54),密钥恢复所需量子比特数为243,优于量子穷搜攻击的结果.我们的研究有助于明确TWINE-128在量子模型下的资源占用和安全情况,不仅对类似结构密码算法提供前瞻性安全评估,还希望为后量子时代的密码算法设计提供新思路.In block ciphers,Type-II GFS(generalized Feistel scheme)is a more popular version of GFS.The plaintext is divided into k(k>2)sub-blocks,and a Feistel transformation is performed on every 2 sub-blocks,and then k sub-blocks are performed the wire-pulling operation.In this paper,quantum cryptanalysis of TWINE-128 based on Type-II GFS is carried out,and a periodic function is constructed according to the structural characteristics of the block cipher,based on which a 7-round quantum distinguisher of TWINE-128 is found and proved.Moreover,the 14 rounds of quantum key recovery attack is given with the relevant time complexity of 2^(54) and the occupation of 243 qubits,which are better than the result of quantum exhaustive search attack.Our research is helpful to clarify the resource occupation and security situation of TWINE-128 under the quantum model.It not only provides a forward-looking security assessment for cryptographic algorithms with similar structures,but also hopes to provide new ideas for the design of cryptographic algorithms in the post quantum era.

关 键 词：广义Feistel结构 量子密码分析 量子区分器 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]