AES、3D和TANGRAM分组密码算法的Yoyo Tricks类型安全分析  

作　　者：周文长 吕继强 ZHOU Wen-Chang;LYU Ji-Qiang(School of Cyber Science and Technology,Beihang University,Beijing 100083,China;State Key Laboratory of Cryptology,Beijing 100878,China;Hangzhou Innovation Institute,Beihang University,Hangzhou 310005,China)

机构地区：[1]北京航空航天大学网络空间安全学院,北京100083 [2]密码科学技术全国重点实验室,北京100878 [3]北京航空航天大学杭州创新研究院,杭州310005

出　　处：《密码学报》2023年第3期554-573,共20页Journal of Cryptologic Research

基　　金：密码科学技术全国重点实验室开放课题(MMKFKT202114)。

摘　　要：AES是目前国际上使用最广泛的分组密码,3D是在CANS 2008上提出的三维AES型的分组密码,TANGRAM是全国密码算法设计竞赛优胜分组密码算法.Yoyo tricks是基于零差分性质分析分组密码的一种方法,其主要思想是基于原始明文对与其相关派生对在几轮加密后是否保持相同的零差分模式.本文利用yoyo tricks,通过限制密文对6轮AES进行了密钥恢复攻击,在yoyo tricks类型方法下将时间复杂度降低了2^(5.6).将yoyo tricks拓展到n元组(n≥3),建立起与相关差分的关联,即任何相关差分可以表示成yoyo tricks的形式,并使用3元yoyo tricks对11轮3D进行了密钥恢复攻击.利用交换攻击,借鉴早中止技术,用2126个选择明文对25轮128比特分组长度的TANGRAM进行了区分攻击,是该算法第一个25轮区分器.The AES is one of the most widely used block ciphers in the world,the 3D block cipher is a 3-dimensional AES-like cipher proposed at CANS 2008,and the TANGRAM block cipher is an award-winning algorithm of the recent National Cryptographic Algorithm Design Competition in China.The yoyo tricks is a powerful cryptanalysis technique based on zero difference,and its main idea is based on whether a plaintext pair and a pair generated by this plaintext pair share the same property after several rounds of encryption.This paper uses yoyo tricks to make an attack on 6-round AES with restricted ciphertexts,reducing the best previously published time complexity by 2^(5.6) in the context of yoyo tricks.Second,the yoyo tricks are extended to n-tuple(n≥3)and relations between the yoyo tricks and related differentials are established,more specifically,the related differentials can be represented by yoyo tricks,and 3-tuple yoyo tricks are used to launch a key recovery attack on 11-round 3D.Finally,the early abort technique is used to the exchange attack,where 2126 chosen plaintexts are used to make a distinguishing attack on 25-round TANGRAM with a 128-bit block size(denoted as TANGRAM-128),which is the first 25-round distinguisher for TANGRAM-128.

关 键 词：yoyo tricks 3D AES TANGRAM 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]