25轮T-TWINE-128的中间相遇攻击  

作　　者：刘亚[1,2] 刘采玥 颜勇 曲博 LIU Ya;LIU Caiyue;YAN Yong;QU Bo(School of Optical-Electrical&Computer Science&Engineering,University of Shanghai for Science&Technology,Shanghai 200093,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100192,China;Cyberspace Security Research Center,Peng Cheng Laboratory,Shenzhen 518006,China)

机构地区：[1]上海理工大学光电信息与计算机工程学院,上海200093 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100192 [3]鹏城实验室网络安全中心,广东深圳518006

出　　处：《小型微型计算机系统》2024年第5期1228-1234,共7页Journal of Chinese Computer Systems

基　　金：广东省重点研发项目(2019B010136003)资助。

摘　　要：T-TWINE-128是基于广义Feistel结构的轻量级可调分组密码,密钥长度为128比特,加密的数据块大小为64比特.由于轻量级分组密码在设计时为了追求更高的软硬件实现效率,往往会牺牲部分安全性,因此必须评估其安全强度.本文通过计算机编程得到了T-TWINE-128的轮密钥的一些线性关系,再结合调柄值生成算法的特性,利用区分器自动搜索算法,搜索出11轮T-TWINE-128的中间相遇攻击区分器,在此区分器前面接5轮,后面接9轮,形成25轮T-TWINE-128的中间相遇攻击路径,整个攻击过程共耗时652.39ms,攻击需要数据、时间和存储复杂度分别为256个选择明文、2126.41次加密、265个64比特块;最后搜索密钥编排算法的冗余性发现T-TWINE-128很难进行更高轮中间相遇攻击.T-TWINE-128 is a lightweight tweakable block cipher based on the Generalized Feistel Structure with the key length of 128 bits and the block size of 64 bits.Since lightweight block ciphers are often designed for higher efficiency of hardware and software implementations,their securities may be weakened.Therefore,it is necessary to evaluate their security strength in the real system.This paper obtains some linear relations of round keys by searching the key schedule.Combining with the properties of the tweak schedule,an 11-round meet-in-the-middle distinguisher of T-TWINE-128 is searched by automatic search.Appending 5 rounds at its beginning and 9 rounds at its bottom,meet-in-the-middle attack on 25 rounds of T-TWINE-128 is presented and the whole attack took 652.39ms.The data,time and memory complexities of this attack are 256 chosen plaintexts,2126.41 encryptions and 26564-bit blocks,respectively.Finally,through the searching of redundancy of key schedule,this paper conclude it difficult to perform meet-in-the-middle attack on more rounds of T-TWINE-128.

关 键 词：T-TWINE 中间相遇攻击 轻量可调分组密码 自动搜索算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]