MIBS分组密码的改进积分攻击  

作　　者：毛永霞 吴文玲[1,2] 张丽 Mao Yongxia;Wu Wenling;Zhang Li(Institute of Software,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)

机构地区：[1]中国科学院软件研究所,北京100190 [2]中国科学院大学,北京100049

出　　处：《计算机研究与发展》2023年第12期2697-2708,共12页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(62072445)。

摘　　要：MIBS算法是由Izadi等人在CANS 2009上提出的一个轻量级分组密码算法,整体采用Feistel结构,轮函数使用SP结构,分组长度为64 b,包含MIBS-64和MIBS-80这2个版本,适用于资源受限的环境,例如RFID(radio frequency identification)标签.研究MIBS算法针对积分攻击的安全性.首先,针对该算法的密钥编排算法,利用密钥搭桥技术,分别得到了MIBS-64和MIBS-80的轮密钥的相关性质.其次,利用基于MILP(mixed integer linear programming)的比特可分性的自动化建模搜索方法,构造了MIBS的8轮和9轮积分区分器.然后,基于8轮积分区分器,给出了12轮MIBS-64的密钥恢复攻击,数据复杂度为2^(60),时间复杂度为2^(63.42);最后,基于9轮积分区分器,给出了14轮MIBS-64的密钥恢复攻击,数据复杂度为2^(63),时间复杂度为2^(66).这是目前对MIBS-64和MIBS-80轮数最长的积分攻击.MIBS is a lightweight block cipher which was proposed by Izadi et al.at CANS 2009.Its overall encryption structure uses the typical Feistel network,and the round function adopts the SP network.MIBS supports both MIBS-64 and MIBS-80 versions,that is,it has 64-bit and 80-bit two key lengths with a 64-bit block size,and is suitable for strictly resource-constrained devices,such as low-cost RFID(radio frequency identification)tags.We study the integral attack on the block cipher MIBS.Firstly,we observe the key schedules of MIBS-64 and MIBS-80,and find some properties between their round keys by using the automatic search algorithm for key-bridging technique,respectively.Secondly,using the bit-based division property and the automatic modeling search method based on MILP(mixed integer linear programming),we find some 8-round and 9-round integral distinguishers of MIBS.Then,based on the 8-round integral distinguisher,we launch a 12-round key recovery attack for MIBS-64 with the data complexity2^(60),and the time complexity2^(63.42).Finally,based on the 9-round integral distinguisher,we launch a 14-round key recovery attack for MIBS-80 with the data complexity2^(63),and the time complexity2^(66).These two key recoveries are the current best integral attacks on the block cipher MIBS-64 and MIBS-80.

关 键 词：积分攻击 MIBS 密钥搭桥技术 部分和技术 密钥恢复 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]