多AES分组杂凑模型原像攻击研究  

作　　者：李瑞同 刘亚[1,2] 赵逢禹 LI Rui-tong;LIU Ya;ZHAO Feng-yu(Dept.of Computer Science&Engineering,Shanghai Key Lab of Modern Optical System,University of Shanghai for Science&Technology,Shanghai 200093,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]上海理工大学光电信息与计算机工程学院上海市现代化光学重点实验室,上海200093 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100093

出　　处：《小型微型计算机系统》2023年第6期1274-1282,共9页Journal of Chinese Computer Systems

基　　金：“十三五”密码发展基金理论项目(MMJJ20180202)资助.

摘　　要：压缩函数采用高级加密标准AES(Advanced Encryption Standard)的杂凑模型是杂凑函数设计的重要方式之一,研究者已经提出了针对7轮单AES分组杂凑模型的原像攻击和6轮单AES分组杂凑模型的碰撞攻击,而针对多AES分组的杂凑模型安全性仍未知.本文提出了适应于后量子时代的两AES分组和四AES分组的杂凑函数模型的原像攻击,该攻击中采用了初始结构、连接剪切、部分匹配等技巧,恢复了7轮双AES分组和6轮四AES分组的杂凑函数的原像,与已有7轮单AES分组杂凑模型的原像攻击相比,双AES分组杂凑模型可以达到几乎相当的安全强度,而四AES分组杂凑模型安全强度更强.此研究成果是对AES分组杂凑模型原像攻击的一个重要补充,为AES分组杂凑模型的设计提供了有力的理论保障.The hash mode with the AES(Advanced Encryption Standard)compression function is one of the important methods of hash function design.Researchers have proposed preimage attacks on the 7-round single AES grouping hash model and the 6-round single AES grouping hash model.The security of multiple AES grouping hash model is still unknown.This paper proposes preimage attacks on the hash function models of double AES grouping and four AES grouping in the post-quantum era.In these attacks,some techniques such as initial structure,split-and-cut,and partial matching are used to recover the preimages of 7-round double AES grouping hash function model and 6-round four AES grouping hash model.Compared with the previous preimage attack on the 7-round single AES grouping hashing model,the double AES grouping hashing model can almost achieve the same security strength,while the four AES grouping hashing model has stronger security strength.These research results are an important supplement of the preimage attacks on the AES grouping hash model,and can provide a strong theoretical guarantee for the design of the AES grouping hash model.

关 键 词：AES 杂凑函数 原像攻击 中间相遇攻击 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]