SAILFISH-I、ASD算法基于MILP的积分分析  

作　　者：吴铜 申龙 WU Tong;SHEN Long(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China)

机构地区：[1]北京电子科技学院,北京市100070

出　　处：《北京电子科技学院学报》2024年第1期60-71,共12页Journal of Beijing Electronic Science And Technology Institute

基　　金：受中央高校基本科研业务费资金资助(项目编号:328202268,328202254)。

摘　　要：SAILFISH-I、ASD算法是近些年提出的基于Feistel和SPN结构的轻量级分组密码。根据密码的结构特点,分别构造了基于比特的混合整数线性规划(MILP)可分性质模型,并使用求解器Gurobi对MILP模型求解。本文首次得到SAILFISH-I算法的8、9、10轮积分区分器,ASD算法的7、8、9轮积分区分器。在SAILFISH-I的9轮积分区分器的基础上,向后扩展3轮,进行12轮积分攻击,攻击的数据复杂度约为2^(59.58)个选择明文,时间复杂度约为2^(109.99)次12轮加密,存储复杂度约为2^(57)个储存单元。在ASD的8轮积分区分器的基础上向后扩展2轮,进行10轮积分攻击,攻击的数据复杂度约为2^(57.39)个选择明文,时间复杂度约为2^(70.07)次10轮加密,存储复杂度约为2^(20)个储存单元。SAILFISH⁃I and ASD are lightweight block cipher algorithms proposed in recent years based on the Feistel and SPN structures.According to the structure characteristics of the two algorithms,bit⁃based Mixed Integer Linear Programming(MILP)division property models are constructed and the Gu⁃robi is adopted to solve the MILP models.In this paper,8,9,and 10-round integral distinguishers for the SAILFISH⁃I algorithm and 7,8,and 9-round integral distinguishers for the ASD algorithm are ob⁃tained respectively for the first time.On the basis of the 9-round integral distinguisher,12-round inte⁃gral attack on the SAILFISH⁃I algorithm is performed with 3 rounds backward extension.Attack data complexity is~2^(59.58) times chosen plaintext size,and time complexity is~2^(109.99) times 12-round en⁃cryption,and storage complexity is~2^(57) memory cell.On the basis of the 8-round integral distinguis⁃her,10-round integral attack on the ASD algorithm is performed with 2 rounds backward extension.At⁃tack data complexity is~2^(57.39) times chosen plaintext size,and time complexity is~2^(70.07) times 10-round encryption,and storage complexity is~2^(20) memory cell.

关 键 词：SAILFISH-I ASD 可分性质 MILP 积分攻击 

分 类 号：TN918[电子电信—通信与信息系统]