改进的6轮Square算法中间相遇攻击  

作　　者：何峰[1] 董晓丽[2] 韦永壮[1] HE Feng;DONG Xiao-li;WEI Yong-zhuang(Guangxi Key Laboratory of Cryptography&Information Security,Guilin University of Electronic Technology,Guilin 541004,China;School of Cyberspace Security,Xi’an University of Posts&Telecommunications,Xi’an 710121,China)

机构地区：[1]桂林电子科技大学广西密码学与信息安全重点实验室,广西桂林541004 [2]西安邮电大学网络空间安全学院,陕西西安710121

出　　处：《计算机技术与发展》2025年第2期63-69,共7页Computer Technology and Development

基　　金：国家自然科学基金资助项目(62162016);广西壮族自治区研究生教育创新计划项目(YCSW2023304,YCBZ2023132);陕西省重点研发计划项目(2023-YBGY-015)。

摘　　要：Square分组密码算法是由Daemen等人设计,并在1997年快速软件加密(FSE)国际会议上首次公布。该密码算法基于SPN(Substitution-Permutation Network)结构,其分组长度和密钥长度均为128比特;具有设计新颖、实现高效等优点,也是高级加密标准(AES)算法的前身,在密码学界备受关注。中间相遇攻击作为分组密码算法的重要分析方法之一,如何研究Square算法抵抗中间相遇攻击一直是业内讨论的热点问题。该文基于Square算法的结构特点和截断差分特征,利用差分枚举技术,构造了一个3.5轮中间相遇区分器。通过密钥桥技术及Square算法的密钥编排特点,推演出了主密钥与子密钥之间的部分线性关系。由此,将3.5轮区分器向前扩展1轮,向后扩展1.5轮,实现了对6轮Square算法的中间相遇攻击。该攻击所需数据复杂度为2105个选择明文,时间复杂度为2105次6轮加密,存储复杂度为285个分组。与已有攻击结果相比,新的攻击有效地降低了所需的数据复杂度、时间复杂度和存储复杂度。The Square block cipher was proposed by Daemen et al.at the Fast Software Encryption(FSE)conference in 1997.It uses the Substitution Permutation Network(SPN)structure,and its block length and key length are all 128-bit.Because of its novel design and efficient implementation,also as the predecessor of AES,Square are extensively received attention by cryptographic community.Moreover,the meet-in-the-middle attack is one of the important cryptanalytic methods.How to research the security of Square block cipher against the meet-in-the-middle attack appears to be an interesting topic.In this paper,a new 3.5-round meet-in-the-middle distinguisher is constructed by using the structural characteristics,truncated differentials of the Square and differential enumeration technique.In particular,the partial linear relationship between the subkey and master key in the key schedule is deduced via key bridge technique.Therefore,a new meet-in-the-middle attack on 6-round Square is proposed by adding 1 round(forward encryption operation)and 1.5 round(backward encryption operations)on 3.5-round meet-in-the-middle distinguisher.This attack requires the data complexity of 2105 chosen plaintexts,the time complexity of 21056-rounds encryption operations,and the memory complexity of 285 blocks.Compared with previous attacks,this attack can effectively reduce the data complexity,time complexity,and memory complexity.

关 键 词：分组密码 Square算法 中间相遇攻击 差分枚举技术 密钥桥技术 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]