基于差分表的Blow-CAST-Fish算法的密钥恢复攻击  被引量：2

作　　者：孙晓玲 李姗姗 杨光 杨秋格 SUN Xiaoling;LI Shanshan;YANG Guang;YANG Qiuge(School of Information Engineering,Institute of Disaster Prevention,Sanhe Hebei 065201,China)

机构地区：[1]防灾科技学院信息工程学院,河北三河065201

出　　处：《计算机应用》2022年第9期2742-2749,共8页journal of Computer Applications

基　　金：国家自然科学基金资助项目(42007422);中央高校基本科研业务费专项(ZY20215152);廊坊市科技局科学研究与发展计划项目(2020011024)。

摘　　要：针对Blow-CAST-Fish算法攻击轮数有限和复杂度高等问题,提出一种基于差分表的Blow-CAST-Fish算法的密钥恢复攻击。首先,对S盒的碰撞性进行分析,分别基于两个S盒和单个S盒的碰撞,构造6轮和12轮差分特征;然后,计算轮函数f_(3)的差分表,并在特定差分特征的基础上扩充3轮,从而确定密文差分与f_(3)的输入、输出差分的关系;最后,选取符合条件的明文进行加密,根据密文差分计算f_(3)的输入、输出差分值,并查寻差分表找到对应的输入、输出对,从而获取子密钥。在两个S盒碰撞的情况下,所提攻击实现了9轮Blow-CAST-Fish算法的差分攻击,比对比攻击多1轮,时间复杂度由2^(107.9)降低到2^(74);而在单个S盒碰撞的情况下,所提攻击实现了15轮Blow-CAST-Fish算法的差分攻击,与对比攻击相比,虽然攻击轮数减少了1轮,但弱密钥比例由2^(-52.4)提高到2^(-42),数据复杂度由2^(54)降低到2^(47)。测试结果表明,在相同差分特征基础上,基于差分表的攻击的攻击效率更高。Aiming at the problems of limited attack rounds and high attack complexity of Blow-CAST-Fish(Blow-C.Adams S.Tavares-Fish)algorithm,a key recovery attack of Blow-CAST-Fish algorithm based on differential table was proposed.Firstly,after analyzing the collision of S-box,based on the collision of two S-boxes and a single S-box respectively,the 6-round and 12-round differential characteristics were constructed.Secondly,the differential tables of f_(3) were calculated,and three rounds were expanded based on the specific differential characteristic,thereby determining the relationship between ciphertext difference and the input and output differences of f_(3).Finally,the plaintexts meeting the conditions were selected to encrypt,the input and output differences of f_(3) were calculated according to the ciphertext difference,and the corresponding input and output pairs were found by querying the differential table,as a result,the subkeys were obtained.At the situation of two S-boxes collision,the proposed attack completed a differential attack of 9-round Blow-CAST-Fish algorithm,compared with the comparison attack,the number of attack rounds was increased by one,and the time complexity was reduced from 2^(107.9) to 2^(74).At the situation of single S-box collision,the proposed attack completed a differential attack of 15-round Blow-CAST-Fish algorithm,compared with the comparison attack,although the number of attack rounds was reduced by one,the proportion of weak keys was increased from 2^(-52.4) to 2^(-42) and the data complexity was reduced from 2^(54) to 2^(47).The test results show that the attack based on differential table can increase the efficiency of attack based on the same differential characteristics.

关 键 词：Blow-CAST-Fish算法 差分特征 差分表 轮函数 密钥恢复 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]