基于代数结构视角对轻量分组密码WARP的积分分析  

作　　者：邢朝辉 张文英[1] 曹梅春 Xing Zhaohui;Zhang Wenying;Cao Meichun(School of Information Science and Engineering,Shandong Normal University,Jinan 250358;School of Sciences,Shandong Jiaotong University,Jinan 250357;School of Information Engineering,Shandong Management University,Jinan 250357)

机构地区：[1]山东师范大学信息科学与工程学院,济南250358 [2]山东交通学院理学院,济南250357 [3]山东管理学院信息工程学院,济南250357

出　　处：《计算机研究与发展》2023年第4期860-872,共13页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61672330,62272282);山东省自然科学基金项目(ZR2020KF011)。

摘　　要：在融合了物联网、5G网络等新一代信息技术的工业互联网中,底层终端设备产生海量数据.数据安全传输的需求使得针对资源受限环境所设计的轻量级密码得到广泛应用.对新提出的轻量级密码进行安全性评估对于保障工业互联网的安全运行至关重要.发现了某种特定结构加密算法基于多变量多项式的积分性质,利用该性质得到了更长积分区分器,改进了基于代数结构的分析方法.提出了基于代数结构构造SPN(substitution permutation network)和Feistel-SP结构分组密码积分区分器的框架,并将其应用于SAC 2020会议上提出的轻量分组密码WARP的分析上,构造了2个复杂度为2^(116)的22轮积分区分器,比设计者给出的区分器多了2轮,并且复杂度更低.利用该积分区分器,实现26轮密钥恢复攻击,比设计者给出的密钥恢复攻击增加了5轮,这是目前在单密钥情境下对WARP最好的攻击结果.此外,还对18轮积分区分器进行了实验验证,运算复杂度为2^(32).In the industrial Internet that incorporates the Internet of things and 5G network technologies,end devices generate enormous amounts of data.The secure transmission of the data requires lightweight ciphers dedicated to such resource-constrained environments.Furthermore,the security evaluation of newly proposed lightweight ciphers is crucial to secure the industrial Internet.An improved integral property for ciphers with a particular structure is proposed by using the multivariate polynomial technique in this study.By using the proposed integral property,longer integral distinguishers are constructed,which improve the integral analysis from the algebraic structure perspective.A framework for constructing integral distinguishers of SPN and Feistel-SP block ciphers from the algebraic structure perspective is given.It is applied to the integral analysis of the lightweight block cipher WARP proposed by Banik e al.in SAC 2020.As a result,two 22-round integral distinguishers with data complexity 2~(116)are constructed,which are two rounds longer than the distinguishers given by the designers,with less complexity.Based on the 22-round distinguishers,a 26-round key-recovery attack is proposed,which is five rounds more than the one given by the designers.To the best of our knowledge,this is thus far the best known key-recovery attack on WARP in the singlekey scenario.In addition,experimental verification of an 18-round integral distinguisher is carried out with the data complexity 2~(32).

关 键 词：代数结构 积分区分器 积分攻击 Feistel-SP分组密码 WARP 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]