GRANULE算法的截断不可能差分分析  被引量：1

作　　者：刘先蓓[1] 刘亚[2] LIU Xianbei;LIU Ya(School of Statistics and Applied Mathematics,Anhui University of Finance and Economics,Bengbu 233000,Anhui,China;School of Optical-Electrical and Computer Engineering,University of Shanghai for Science and Technology,Shanghai 200093,China)

机构地区：[1]安徽财经大学统计与应用数学学院,安徽蚌埠233040 [2]上海理工大学光电信息与计算机工程学院,上海200093

出　　处：《山西师范大学学报（自然科学版）》2023年第1期41-51,共11页Journal of Shanxi Normal University(Natural Science Edition)

基　　金：“十三五”密码发展基金理论课题(mmjj20180202);安徽财经大学科项目(ACKYC20045)。

摘　　要：GRANULE是Feistel结构的轻量级分组密码算法,分组长度为64比特,密钥长度为80比特和128比特,算法根据密钥长度分别记为GRANULE-80和GRANULE-128.首先构造了两条新的7轮不可能差分链;其次,研究了GRANULE密钥编排计划的冗余性得到了轮密钥之间的一些线性关系;第三,在一条7轮不可能差分链的前后各扩展3轮,得到了13轮GRANULE-80的不可能差分分析攻击路径,执行此攻击需要的数据复杂度为2^(62.06)个选择明文,时间复杂度为2^(62.15)次13轮GRANULE-80加密,存储复杂度为2^(46.06)个64-比特数据块;最后,基于另一条7轮不可能差分链构造了14轮GRANULE-128的不可能差分分析攻击路径,恢复128比特主密钥需要的数据、时间和存储复杂度分别为2^(62.57)个选择明文、2^(101.84)次14轮GRANULE-128加密和2^(74.57)个64-比特数据块.与之前的结果相比,GRANULE-80的攻击轮数提高了2轮,同时还对GRANULE-128的安全边界进行了评估.GRANULE is a lightweight block cipher with Feistel structure.Its block size is 64 bits and its key sizes are 80 bits and 128 bits,denoted by GRANULE-80 and GRANULE-128.In this paper,we first construct two new 7-round impossible differential distinguishers.Then we study the redundancy of the key schedule to obtain some linear relations of the round subkeys.By adding 3 rounds at the top and 3 rounds at the bottom of one of the 7-round impossible differential distinguisher,we construct a 13-round attacking path for GRANULE-80.The data,time and memory complexities of this attack are 262.06 chosen-plaintexts,2^(62.1513)-round encryptions and 246.06 blocks,respectively.Finally,we construct 14 rounds of impossible differential GRANULE-128.The data,time and memory complexities are 2^(62.57) chosen-plaintexts,2^(101.8414)-round GRANULE-128 encryptions and 274.57 blocks,respectively.Compared with the previous results,we can attack two more rounds.Meanwhile,we also study the security bound of GRANULE-128.

关 键 词：FEISTEL结构 轻量级分组密码 GRANULE算法 不可能差分分析 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]