LiCi算法的相关密钥不可能差分分析  

作　　者：吴铜 袁征[1] 魏锦鹏 申龙 WU Tong;YUAN Zheng;WEI Jin-Peng;SHEN Long(Beijing Electronic Science and Technology Institute,Beijing 100070,China)

机构地区：[1]北京电子科技学院,北京100070

出　　处：《密码学报（中英文）》2024年第5期1078-1089,共12页Journal of Cryptologic Research

基　　金：中央高校基本科研业务费(328202268)。

摘　　要：不可能差分攻击是一种重要的密钥恢复攻击方法,它利用概率为0的不可能出现的差分特征过滤错误密钥,已被广泛应用于多种分组算法的分析.LiCi算法是2017年Patil等人提出的一种新轻量级分组密码算法,基于平衡Feistel结构,采用轻量级S盒和简单移位操作等新型轻量级分组密码的设计理念,通过较少的轮函数运算产生数量相对较大的活跃S盒,具有结构紧凑、能耗低、占用面积小等特性,非常适用于资源受限的环境.关于LiCi算法目前最好的分析结果为16轮差分分析和17轮不可能差分分析.为进一步研究LiCi算法抵抗不可能差分攻击的能力,构造了11轮不可能差分区分器,并向前扩展3轮,向后扩展3轮,结合S盒输入输出特征,使用不可能差分分析方法分析了17轮LiCi算法.分析的数据复杂度为2^(61.59),时间复杂度为2^(75.5),存储复杂度为2^(72.59).与已知结果相比,在攻击轮数相同的情况下,该攻击降低了数据复杂度和时间复杂度.同时结合密钥扩展算法的特点和轮函数特征,构造出3条16轮的相关密钥不可能差分区分器,从中选取一条向前扩展3轮,向后扩展2轮,结合S盒输入输出特征,并使用相关密钥与不可能差分复合的方法分析了21轮LiCi算法.分析的数据复杂度为2^(61.2),时间复杂度2^(68.05),存储复杂度为2^(75.2).由此说明21轮LiCi算法对相关密钥不可能差分密码分析是不免疫的.Impossible differential attack is an important key recovery attack.It uses the unlikely differential feature with probability of 0 to filter the wrong candidates.It has been widely used in a variety of block cipher analysis.LiCi algorithm is a new lightweight block cipher algorithm proposed by Patil et al.in 2017.This algorithm is based on the balanced Feistel structure,and uses new lightweight block cipher design such as lightweight S-boxes and simple shift operations.A relatively large number of active S-boxes can be generated using less round function operations.This algorithm has the characteristics of compact structure,low energy consumption,small footprint,and is suitable for resource constrained environments.At present,the best analysis results on LiCi algorithm are 16 rounds of differential analysis and 17 rounds of impossible differential analysis.In order to further study the resistance of LiCi algorithm against impossible differential attacks,this paper constructs an 11 round impossible differential distinguisher,and extends it forward for 3 rounds and backward for 3 rounds.Combined with the input and output characteristics of the S-box,17 rounds of LiCi algorithm is analyzed using impossible differential analysis method,where the data complexity is 2^(61.59),the time complexity is 2^(75.5),and the storage complexity is 2^(72.59).Compared with the known results,this attack reduces the data complexity and time complexity when the number of attack rounds is the same.Meanwhile,this paper combines the characteristics of the key expansion algorithm and the round function characteristics to construct three 16 round correlation key impossible differential distinguishers,and selects one of them to expand three rounds forward and two rounds backward.Combined with the input and output characteristics of the S-box,this paper analyzes the 21 round LiCi algorithm by using the correlation key and impossible differential combination method.The data complexity of the analysis is 2^(61.2),the time complexity is 2^(68.0

关 键 词：LiCi算法 轻量级分组密码 不可能差分 相关密钥 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]