轻量级PFP算法的差分攻击  被引量：1

作　　者：李艳俊 李寅霜 杨明华[3] 张黎仙 刘健 LI Yanjun;LI Yinshuang;YANG Minghua;ZHANG Lixian;LIU Jian(Information Industry Information Security Evaluation Center,The 15th Research Institute of China Electronics Technology Group Corporation,Beijing 100083,China;Beijing Institute of Electronic Science and Technology,Beijing 100070,China;Beijing Technology and Business University,Beijing 100048,China)

机构地区：[1]中国电子科技集团公司第十五研究所信息产业信息安全测评中心,北京100083 [2]北京电子科技学院,北京100070 [3]北京工商大学,北京100048

出　　处：《计算机工程与应用》2023年第21期296-302,共7页Computer Engineering and Applications

基　　金：河南省网络密码技术重点实验室开放课题(LNCT2020-A07);北京市自然科学基金(4234084)。

摘　　要：PFP算法借鉴国际标准PRESENT算法的设计思想,在2017年提出的一种轻量级分组密码算法,基于FeistelSP结构设计,采用比特置换,相比PRESENT算法有着更高的软硬件实现效率。为了对该算法的抗差分分析的能力进行新的评估,基于混合整数线性规划(MILP)方法对S盒和整体结构进行建模,针对PFP算法搜索到了概率为2-11的4轮迭代差分路径,构造了概率为2-59的22轮差分区分器;进一步,在区分器前后各增加2轮,得到26轮,通过研究增加的4轮轮密钥编排特点,对密钥比特的猜测顺序进行了优化,同时采用提前抛弃技术,首次对PFP算法进行了26轮的密钥恢复。整个差分攻击过程需要的数据复杂度为260个明文,时间复杂度为254.3次26轮加密,与整体34轮PFP算法相比,仍然具有足够的安全冗余。The PFP algorithm is a lightweight block cipher algorithm proposed in 2017 based on the design idea of the international standard PRESENT algorithm,designed based on the Feistel-SP structure with bit substitution,which has higher efficiency of hardware and software implementation compared to the PRESENT algorithm.In order to perform a new evaluation of the ability of algorithm to resist differential analysis,the S-box and the overall structure are first mod-eled based on the mixed integer linear programming(MILP)method,and a 4-round iterative differential path with proba-bility 2−11 is searched for the PFP algorithm,and a 22-round differential distinguisher with probability 2−59 is constructed;further,2 rounds are added before and after the distinguisher to obtain 26 rounds,and by studying the characteristics of the added 4-round key arrangement,the guessing sequence of the key bits is optimized,and at the same time,the 26-round key recovery of the PFP algorithm is performed for the first time by using the early abort technique.The data complexity required for the whole differential attack process is 260 plaintexts,and the time complexity is 254.3 times 26 rounds of encryption,which still has sufficient security redundancy compared with the overall 34-round PFP algorithm.

关 键 词：分组密码 差分攻击 密钥恢复攻击 提前抛弃技术 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]