对减轮Enhanced-Bivium流密码的立方攻击  

作　　者：杨泽琳 董丽华[1] 曾勇 YANG Zelin;DONG Lihua;ZENG Yong(School of Communication Engineering,Xidian University,Xi’an 710071,China;School of Network and Information Security,Xidian University,Xi’an 710071,China)

机构地区：[1]西安电子科技大学通信工程学院,陕西西安710071 [2]西安电子科技大学网络与信息安全学院,陕西西安710071

出　　处：《西安电子科技大学学报》2024年第5期179-188,共10页Journal of Xidian University

基　　金：国家自然科学基金(U23A20307)。

摘　　要：Trivium流密码是最终胜选欧洲eSTREAM项目的轻量级同步流密码之一,而Enhanced-Bivium流密码是适用于RIFD系统的Trivium流密码的简化版本,该密码设计者认为在相同的初始化轮数下Enhanced-Bivium流密码算法的安全性要高于Trivium流密码算法。通过在离线预处理阶段引入代数次数评估方法和在在线计算阶段引入基于嵌套式单项式预测的立方攻击提出了一种新的立方攻击方法。使用该方法可以将初始化464轮的Enhanced-Bivium流密码的立方攻击所需时间复杂度由2^(55)降到2^(50.3),同时利用该方法可以在时间复杂度2^(77.8)下将对Enhanced-Bivium流密码攻击成功的初始化轮数由464轮提升到601轮。另外,利用该方法在相同的时间复杂度下,将对Trivium流密码成功攻击的轮数由799轮提升至840轮,进而证明了Enhanced-Bivium流密码比Trivium流密码对立方攻击有更好的抵抗性。The Trivium Stream cipher is one of the lightweight synchronous stream ciphers that won the eSTREAM project in Europe,which is a simplified version of the Trivium stream cipher for RIFD systems.The designers believe that the Enhanced-Bivium stream cipher algorithm is more secure than the Trivium stream cipher algorithm with the same number of initialization rounds.This article proposes a new cube attack method by introducing an algebraic degree evaluation method in the offline preprocessing stage and a cube attack based on monomial prediction in the online computing stage.With the new method,we can reduce the time complexity of the cube attack on the Enhanced-Bivium stream cipher with 464 initial rounds from 2^(55) to 2^(50.3).At the same time,the number of initialization rounds of successful key recovery attack can be increased from 464 to 601 with the improved cube attack method,and the time complexity is 2^(77.8).Also with the same time complexity,the initial rounds number of successful cube attacks on Trivium stream ciphers can be increased from 799 to 840,which proves that Enhanced-Bivium stream ciphers have better resistance to cube attack than the Trivium stream cipher.

关 键 词：Enhanced-Bivium 立方攻击 密码学 代数次数评估 单项式预测 整数规划 

分 类 号：TN918.24[电子电信—通信与信息系统]