AES和PRINCE的6轮混合差分攻击  被引量：2

作　　者：谭林[1] 闫雪萍 戚文峰[1] TAN Lin;YAN Xue-Ping;QI Wen-Feng(Strategic Support Force Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]战略支援部队信息工程大学,郑州450001

出　　处：《密码学报》2022年第4期755-766,共12页Journal of Cryptologic Research

基　　金：国家密码发展基金(MMJJ20180204,MMJJ20170103)。

摘　　要：AES是目前使用最广泛的分组密码,PRINCE是一个具有AES相似结构的低时延轻量级密码算法.混合差分分析是Grassi提出的针对AES的一种新型密码分析技术.目前,AES最好的5轮、6轮区分攻击和5轮密钥恢复攻击都与混合差分技术有很大关系.在2018年美密会和2020年Journal of Cryptology上,Bar-On等给出了具有实际数据和存储复杂度的6轮AES-128的混合差分密钥恢复攻击,时间复杂度为2^(73).本文通过对密文差分增设条件限制来提高混合差分攻击中Good Pair出现的概率,以适当提升数据和存储复杂度为代价,改进了6轮AES-128混合差分攻击的时间复杂度,使得总复杂度为2_(62:62).此外,本文将改进的6轮混合差分攻击应用于PRINCE和PRINCE_(core),给出了总复杂度分别为2_(30:66)和2^(22)的密钥恢复攻击,其中6轮PRINCE_(core)的攻击结果优于积分攻击和差分攻击.AES is the most widely used block cipher currently,and PRINCE is a low-latency and lightweight cipher with AES-like structure.Mixture differential cryptanalysis proposed by Grassi is a new cryptanalysis technology for AES.At present,the best distinguishers on 5 and 6 rounds of AES as well as the best key recovery attacks on 5 rounds of AES are all closely related to mixture differential cryptanalysis.At CRYPTO 2018 and in Journal of Cryptology 2020,Bar-On et al.proposed mixture differential attacks on 6 rounds of AES-128 with time complexity of 2and practical data and memory complexities.This paper adds restrictions to ciphertext differentials to increase the probability of Good Pair in mixture differential attacks.At the expense of increasing data and memory complexities reasonably,the time complexity of mixture differential attack on 6 rounds of AES is improved,leading to the overall complexity of 2.In addition,this paper applies the improved mixture differential attack on 6 rounds of PRINCE and PRINCE,and presents the key recovery attacks with overall complexities of 2and 2respectively.The mixture differential attack on 6 rounds of PRINCEis better than the integral attack and the differential attack.

关 键 词：AES PRINCE 混合结构 混合差分分析 

分 类 号：TN918.1[电子电信—通信与信息系统]