基于SMT的ACORN v3算法的差分分析  

作　　者：马成栋 蒋梓龙 魏鹏 MA Chengdong;JIANG Zilong;WEI Peng(College of Cryptographic Engineering,Information Engineering University,Zhengzhou 450001,China;National Innovation Institute of Defense Technology,Academy of Military Sciences,Beijing 100071,China;Army Police Chongqing Corps Boat Detachment,Chongqing 400000,China)

机构地区：[1]信息工程大学密码工程学院,郑州450001 [2]军事科学院国防科技创新研究院,北京100071 [3]武警重庆总队船艇支队,重庆400000

出　　处：《智能安全》2024年第3期1-11,共11页Artificial Intelligence Security

基　　金：国家自然科学基金资助项目(62102448)。

摘　　要：ACORN v3算法是凯撒竞赛胜出的认证加密算法之一。本文考虑状态更新过程中非线性函数对状态差分传递的影响,给出ACORN v3算法非线性函数的差分传递模型,通过分析ACORN v3算法解密验证阶段的状态更新,重新评估了算法抗差分伪造攻击的能力,将ACORN v3算法认证阶段的有效差分伪造攻击轮数的上界从86轮提升到了102轮。本文对该算法初始化阶段分析,在选择IV的攻击条件下,通过在IV处注入差分,给出ACORN v3算法初始化阶段的差分分析,对模型求解情况进行分类,以概率1得到初始化阶段461轮输出密钥流的差分区分器,选取了10对满足输入差分的IV,以99.9%的成功率将初始化461轮的ACORN算法和随机置换产生的密钥流区分开来。ACORN v3 is one of the winning algorithms of CAESAR competition.In this paper,we consider the impact of the nonlinear function on the state differential propagation during the state update process,and presents a differential propagation model for the nonlinear function of the ACORN v3 algorithm.By analyzing the state update in the decryption and verification stage of ACORN v3,the differential transmission model of this stage was given and the ability of the algorithm to resist differential forgery attack was reevaluated.The upper bound of differential forgery attack in the authentication stage of the algorithm was raised from 86 rounds to 102 rounds.The initialization stage of the algorithm was analyzed.Under the attack condition of selecting IV,injecting difference at IV,the differential transmission model of the initialization stage based on SMT was given,the solution of the model was classified,and a 461 rounds differential divider of the keystream in the initialization stage was obtained to distinguish attack with probability 1.Ten pairs of IVS satisfying the input difference were selected,and the keystream generated could be distinguished by initialization stage of 461 rounds of ACORN v3 and random permutation with a success rate of 99.9%.

关 键 词：CAESAR竞赛 ACORN v3算法 差分分析 SAT/SMT 

分 类 号：TN918.4[电子电信—通信与信息系统]