MIBS-64算法Rectangle与Boomerang攻击的改进  

作　　者：梁轩宇 陈胤岑 杨倩倩 宋凌 LIANG Xuan-Yu;CHEN Yin-Cen;YANG Qian-Qian;SONG Ling(College of Cyber Security,Jinan University,Guangzhou 510632,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]暨南大学网络空间安全学院,广州510632 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100093

出　　处：《密码学报》2023年第3期634-649,共16页Journal of Cryptologic Research

基　　金：国家自然科学基金(62022036,62132008,62202460)。

摘　　要：MIBS算法是Izadi等人于2009年提出的一种轻量级分组密码,包含MIBS-64和MIBS-80两个版本.2019年,Chen等人对MIBS-64开展了基于13轮Rectangle区分器的15轮密钥恢复攻击,时间、数据和存储复杂度为(T,D,M)=(2^(59),2^(45),2^(45)).本文进一步研究MIBS-64算法抵抗Rectangle与Boomerang攻击的能力.利用差分在轮函数线性层确定性传播的特点,改进了Chen等人的15轮Rectangle密钥恢复攻击,将时间复杂度从2^(59)降低至2^(47).引入Song等人提出的针对Boomerang攻击的新型密钥恢复算法,对MIBS-64开展了15、16轮的Boomerang密钥恢复攻击,所需的复杂度(T,D,M)为(238,2^(37),2^(36))和(2^(60),2^(60),2^(30)).给出了MIBS-64在Boomerang和Rectangle攻击下最新的安全性分析结果,首次成功开展16轮的密钥恢复攻击.MIBS is a lightweight block cipher proposed by Izadi et al.in 2009,which has two variants:MIBS-64 and MIBS-80.In 2019,Chen et al.performed a key recovery attack on 15-round MIBS-64 based on a 13-round Rectangle distinguisher,and the time,data,and memory complexity(T,D,M)of the attack equal(2^(59),2^(45),2^(45)).Based on Chen et al.’s attack,this paper further investigates the ability of MIBS-64 to resist Rectangle and Boomerang attacks.By exploiting the fact that differences propagate through a linear layer deterministically,the time complexity of the 15-round Rectangle attack can be reduced from 2^(59) to 2^(47).In order to make a deeper analysis of MIBS,this paper adopts the new key recovery algorithms recently proposed by Song et al.for Boomerang attacks,and then constructs key recovery attacks on 15 and 16 rounds of MIBS whose complexities are(238,2^(37),2^(36))and(2^(60),2^(60),2^(30))respectively.The results of this paper updates the cryptanalysis results of MIBS-64 under Boomerang and Rectangle attacks,proposes the first 16-round attack on MIBS-64.

关 键 词：MIBS Boomerang攻击 Rectangle攻击 密钥恢复算法 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]