分组密码FBC的差分分析  

作　　者：刘端 罗毅博 贾珂婷 张国艳[1,5,6] 邹光南 尤启迪 陈颖 Duan LIU;Yibo LUO;Keting JIA;Guoyan ZHANG;Guangnan ZOU;Qidi YOU;Ying CHEN(School of Cyberspace Security,Shandong University,Qingdao 266237,China;School of Cyberspace Security,University of Science and Technology of China,Hefei 230022,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China;Zhongguancun Laboratory,Beijing 100095,China;Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education,Qingdao 266237,China;Shandong Institute of Blockchain,Jinan 250101,China;State Key Laboratory of Space-Ground Integrated Information Technology,Beijing Institute of Satellite Information Engineering,Beijing 100086,China;Department of Computer Sciences and Technology,Tsinghua University,Beijing 100084,China;Department of Cryptography Science and Technology,Beijing Electronic Science&Technology Institute,Beijing 100070,China)

机构地区：[1]山东大学网络空间安全学院,青岛266237 [2]中国科学技术大学网络空间安全学院,合肥230022 [3]清华大学网络科学与网络空间研究院,北京100084 [4]中关村实验室,北京100095 [5]密码技术与信息安全教育部重点实验室,青岛266237 [6]山东区块链研究院,济南250101 [7]北京卫星信息工程研究所天地一体化信息技术国家重点实验室,北京100086 [8]清华大学计算机系,北京100084 [9]北京电子科技学院密码科学与技术系,北京100070

出　　处：《中国科学：信息科学》2024年第2期335-353,共19页Scientia Sinica(Informationis)

基　　金：国家重点研发计划(批准号:2022YFB2702804);国家自然科学基金(批准号:62072270);山东省重点研发计划(批准号:2020ZLYS09,2019JZZY010133)资助项目。

摘　　要：FBC是一种轻量级分组密码算法,由于结构简单、软硬件实现灵活等优点成为2018年中国密码学会(CACR)举办的全国密码算法设计竞赛中晋级到第2轮的10个算法之一.FBC密码包含3个版本支持128和256两种比特长度的明文分组以及128和256两种比特长度的密钥,本文主要对分组长度128位的两个版本进行分析.我们基于SAT(Boolean satisfiability problem)模型对FBC的差分特征进行自动化搜索,得到了新的14轮差分路线,概率为2^(-102.25).基于此路线我们给出了18轮FBC128-128和20轮FBC128-256差分分析,并且在分析过程中给出了复杂度估计.对于18轮FBC128-128差分分析,时间复杂度和存储复杂度分别为2^(101.5)和2^(52).对于20轮FBC128-256差分分析时间复杂度和存储复杂度分别为2^(184)和2^(96).FBC is a lightweight block cipher algorithm with a simple structure and is flexible for implementation with hardware and software.It was one of the 10 algorithms that was promoted to the second round of the National Cryptographic Algorithm Design Competition held by the Chinese Cryptographic Association(CACR)in 2018.The block cipher FBC family includes three versions and supports 128-and 256-bit blocks and 128-and 256-bit keys.In this paper,we focus on the 128-bit versions.We develop a new 14-round differential path for FBC128-128 based on the SAT-based automatic search model,with a probability of 2^(−102.25).Based on this differential path,we perform differential cryptanalysis of 18-round FBC128-128 and 20-round FBC128-256 keys.The differential cryptanalysis of 18-round FBC128-128 costs the time complexity of 2^(101.5) and memory complexity of 2^(52).For the differential analysis of 20-round FBC128-256,the time and memory complexities are 2^(184) and 2^(96),respectively.

关 键 词：分组密码 差分分析 FBC算法 布尔可满足性问题 

分 类 号：TN918.1[电子电信—通信与信息系统]