Improved conditional differential attacks on lightweight hash family QUARK  

作　　者：Xiaojuan Lu Bohan Li Meicheng Liu Dongdai Lin 

机构地区：[1]Institute of Information Engineering,Chinese Academy of Sciences,No.65 Xingshikou Road,Haidian District,Beijing,100093,People’s Republic of China [2]School of Cyber Security,University of Chinese Academy of Sciences,No.65 Xingshikou Road,Haidian District,Beijing,100093,People’s Republic of China

出　　处：《Cybersecurity》2022年第3期90-105,共16页网络空间安全科学与技术（英文）

基　　金：This work was supported by the National Natural Science Foundation of China(Grant No.61872359,62122085 and 61936008);the National Key R&D Program of China(Grant No.2020YFB1805402),and the Youth Innovation Promotion Association of Chinese Academy of Sciences.

摘　　要：Nonlinear feedback shift register(NFSR)is one of the most important cryptographic primitives in lightweight cryptography.At ASIACRYPT 2010,Knellwolf et al.proposed conditional differential attack to perform a cryptanalysis on NFSR-based cryptosystems.The main idea of conditional differential attack is to restrain the propagation of the difference and obtain a detectable bias of the difference of the output bit.QUARK is a lightweight hash function family which is designed by Aumasson et al.at CHES 2010.Then the extended version of QUARK was published in Journal of Cryptology 2013.In this paper,we propose an improved conditional differential attack on QUARK.One improvement is that we propose a method to select the input difference.We could obtain a set of good input differences by this method.Another improvement is that we propose an automatic condition imposing algorithm to deal with the complicated conditions efficiently and easily.It is shown that with the improved conditional differential attack on QUARK,we can detect the bias of output difference at a higher round of QUARK.Compared to the current literature,we find a distinguisher of U-QUARK/D-QUARK/S-QUARK/C-QUARK up to 157/171/292/460 rounds with increasing 2/5/33/8 rounds respectively.We have performed the attacks on each instance of QUARK on a 3.30 GHz Intel Core i5 CPU,and all these attacks take practical complexities which have been fully verified by our experiments.As far as we know,all of these results have been the best thus far.

关 键 词：Conditional differential attack Lightweight hash function Automatic condition imposing algorithm NFSR QUARK 

分 类 号：O57[理学—粒子物理与原子核物理]