轻量级分组密码PRINCE算法的Biclique分析  被引量：2

作　　者：袁征[1,2,3] 彭真 

机构地区：[1]北京电子科技学院,北京100070 [2]西安电子科技大学,西安710071 [3]密码科学技术国家重点实验室,北京100878 [4]卫士通摩石实验室,北京100070

出　　处：《密码学报》2017年第6期517-527,共11页Journal of Cryptologic Research

摘　　要：PRINCE算法是Rechberger等人在2012年亚密会上提出的一个对合轻量级分组密码算法,广泛应用于资源受限的设备.PRINCE算法的分组长度为64比特,密钥长度为128比特.算法基于FX结构,一部分密钥用于核心算法PRINCEcore,剩余的密钥用作PRINCEcore前后的白化密钥.PRINCEcore算法也是一个分组密码算法,保持PRINCE算法主要的加密过程.Biclique分析是一种新的分组密码分析方法,受到密码学者的广泛关注.Abed等人利用Biclique攻击方法给出了全轮PRINCEcore算法的攻击结果,计算复杂度为2^(62.72)次加密,数据复杂度为2^(40)个选择密文.受其启发,我们也给出了PRINCE算法抗两类Biclique分析的结果.本文中,我们首先介绍了平衡Biclique和星型Biclique的结构,以及Biclique密码分析的一般流程;其次,我们简单介绍了PRINCE算法的结构.然后,我们对Abed的方法进行改进,构建了一个1轮的平衡Biclique结构,计算复杂度为2^(62.69),数据复杂度为2^(32)个选择明文,二者均优于之前的攻击结果.最后,我们也构建了一个基于星型的Biclique结构,攻击的计算复杂度为2^(63),而数据复杂度仅需一个明密文对,这是目前为止对PRINCEcore算法全轮分析数据复杂度最优的分析结果.PRINCE is an involutive lightweight block cipher proposed by Rechberger et al. at ASIACRYPT 2012 and is widely used in many resource constrained devices. The block length of PRINCE is 64 bits and key length is 128 bits. PRINCE is based on the so-called FX construction,where one part of the key is used for the core cipher PRINCEcore, and the remaining part of the key is used for whitenings before and after the core. PRINCEcore is also a block cipher which contains the major encryption process. Biclique cryptanalysis is a new cryptanalysis of block ciphers, which caused wide attention by cryptanalysts. Abed et al. gave the security evaluations of PRINCEcore against Biclique attack with computational complexity of 2^(62.72) encryptions and data complexity of 2^(40) chosen ciphertexts. Inspired from their work, this paper gives two kinds of Biclique attacks on PRINCEcore.After the introduction of balanced Biclique construction and star-based Biclique construction, a general flow of Biclique attack is given, and the construction of PRINCE is introduced. Then, Abed's method is improved and a balanced Biclique on the initial round of PRINCEcore is constructed with computation complexity of 2^(62-69) encryptions and data complexity of 2^(32) chosen plaintexts, which are better than the previous results. Finally, a star-based Biclique on PRINC.Ecore is constructed. The computational complexity of the star-based Bicliquc attack against PRINCEcore is 2^(63) encryptions and a single plaintext-ciphertext pair. This is the optimal data complexity among the existing results of full round attack on PRINCEcore.

关 键 词：BICLIQUE PRINCE STAR 计算复杂度 数据复杂度 

分 类 号：TN918.4[电子电信—通信与信息系统]