分组密码TWIS的三子集中间相遇攻击
上传者:金士良|上传时间:2015-04-22|密次下载
分组密码TWIS的三子集中间相遇攻击
?35??6? 2014?6?
? ? ? ?
Journal on Communications
Vol.35 No. 6 June 2014
doi:10.3969/j.issn.1000-436x.2014.06.023
????TWIS???▊Ё?????
???ē???
(?????? ?ˊ?┦??? 100083)
? ??????????TWIS??????????????▊Ё?????????Щ???????10?TWIS???TWIS?????ЩЁ????┻????┉??????62 bit???????????????10?TWIS??62 bit?????????245????????????????????????????TWIS???▊Ё???????????? ?????????TWIS?Ё?????????
Ё?????TP309 ??????A ?????1000-436X(2014)06-0180-05
3-subset meet-in-the-middle attack on block cipher TWIS
ZHENG Ya-fei,??WEI Hong-ru??
(School of Mathematics and Physics, University of Science and Technology Beijing, Beijing 100083, China)
Abstract: To do further analysis of the security of lightweight block cipher TWIS, 3-subset meet-in-the-middle attack was applied to 10-round TWIS without the final whitening. Based on the weakness in the key schedule of TWIS?its ac-tual key size was only 62-bit and the confusion speed of the initial key was rather slow, the time complexity to recover the whole 62-bit key of 10-round TWIS was 245, and the data complexity was low enough with only one known plain-text-ciphertext pair. The result shows that block cipher TWIS is not secure under 3-subset meet-in-the-middle attack. Key words: block cipher; TWIS; meet-in-the-middle attack; complexity
1 ??
TWIS??Ojha???2009?????????????[1]???????CLEFIA[2]????НFeistel???????????????????128 bit??????10?????????????????????Su Bozhan???????????????????10??????????10?TWIS??????????[3]?╓??Onur Kocak ?Nese Oztop???TWIS???????????????10??TWIS???12 bit????????????221????9.5???????????????????TWIS??┉??????62 bit??????????
128 bit[4]?
Ё?????(meet-in-the-middle attack)?Diffie?Hellman?1977???DES??????[5]???????????????????????????????????????????Ё???????????????Ё????????????????Щ?????????????????????Ё???????????DES?AES?Keeloq?????????????Ё?????????????[6~10]?
?????Ё?????????????????????????▊Ё????????▊Ё??????Andrey Bogdanov????
?????2013-03-05??????2013-11-20
??-????????????-??61272476??????????????????????-??2012?
Foundation Items: The National Natural Science Foundation of China (61272476); The Oriented Award Foundation for Science and Technological Innovation, Inner Mongolia Autonomous Region (2012)
?6? ?▉???????TWIS???▊Ё????? g181g
??????KTANTAN[11]??????Ё????????????▊????????????????????Ё???????????????▊Ё??????????KTANTAN32?KTANTAN48????????????3/2??????????????275.044
/ 275.584[12]???▊Ё???????????Ё???????????????Ё???????????Gautham Sekar???XTEA????????[13]?
??????????TWIS???????┻???Щ????????10?TWIS????▊Ё?????????┉??62 bit???????????245?
??????????????????????TWIS???????▊Ё???????????????????????TWIS???????????
2 ????TWIS??
2.1 ????
A(l)?A????l bit?
<<<i??????i bit? >>>j??????j bit? A⊕B?A?B???????? A∧B?A?B?????? |A|?▊?AЁ??????
?i,j??i???j???????
2.2 ????TWIS
TWIS?????????????????????128 bit??????2-????НFeistel????????10??????????32 bit??P(128)=(P0,P1,P2,P3)??128 bit?????C(128)=(C0,C1,C2,C3)??128 bit?????RKi(i=0,1,??,10)???????TWIS????
???
(T0,T1,T2,T3)=(P0⊕RK0,P1,P2,P3⊕RK1)
fori=1to10do
(X0,X1)=G(RKi?1,T0,T1)
T2=X0⊕T2T3=X1⊕T3
T1=T1<<<8
T3=T3>>>1
(T0,T1,T2,T3)=(T2,T3,T0,T1)(X0,X1)=G(RKi,T0,T3)
T1=X0⊕T1T2=X1⊕T2
T2=T2>>>1T3=T3<<<8endfor
(C0,C1,C2,C3)=(T0⊕RK2,T1,T2,T3⊕RK3)
?Ё????G????3?32 bit??????2?32 bit?????32 bit???????2?32 bit????
G(RK,X0,X1)=(Y0,Y1)
Y1=X1⊕F(RK,X0)
Y0=X1
F???????????????????
????????????????????[1]?
TWIS?????????Щ?128 bit?????K??11?32 bit????RKi(i=0,1,??,10)??ЁRK0?RK1????????RK2?RK3?????????
?????????????
K=(k1,k2,??,k16)fori=1to11doK=K<<<3 k1=S(k1∧0x3f)k
15=S(k15∧0x3f)k16=k16⊕i
RKti?1=M(k13k14k15k16)tend
?Ё?S?F??Ё???S????M??????
3 ??▊Ё???????
??▊Ё??????Ё????????
??????????????▊??????????????????????Ё?????????????2?????????▊??????▊Ё?????????????3????▊??
??1????l??????K=k0k1??kl?1????????НK1={ki|????1,α?????▊?}?K2= {ki:????R?β+1,R?????▊
?}?A0=K1∩K2???????1?α??R?β+1,R?????▊???A1=K1\K1∩K2?A2=K2\K1∩K2?????1,α??R?β+1,RЁ???
??▊????K=K1∪K2?
g182g ? ? ? ? ?35?
内容需要下载文档才能查看?В???????????????????(P,C)??Ё??????v’?u’????????b?????????b????????????????????????┨2b??????????2l?m?b??????????????????????????
?????????
2l?m+2l?m?b+2l?m?2b+??
?1 ??▊Ё?????
?R?β+1=α????▊Ё????????Ё??????
??▊Ё??????????2??????????▊Ё???????????????????????????????????????????????
??????▊Ё??????
?(P,C)?????????A0???????
1) ??A1Ё???????????v=?1?α(P)?
?????????▊Ё???????????????
2|A0|(2|A1|+2|A2|)+(2l?m+2l?m?b+2l?m?2b+??) ?????▊????Ё???|A1|+|A2|>2?
???????В????????? ???????????????l/b????????????????????????????????????????????l?????b??DC=??l/b???
2) ??A2Ё???????????
?1
u=?R?β+1?R(C)?
3) ????Ё????????v?u??????????????????????????v’?????u’?m(1?m?b)??????m??????????m??????????????????????????????2?m???????????????2l?m?
?????????
4 TWIS???▊Ё?????
TWIS?????????????128 bit???????????Щ??????????????3 bit????????24 bit??????????????????????????┉??????62 bit???Щ?????????????????????????
???????????????????????Щ????????10?TWIS???
2|A0|(2|A1|+2|A2|)
???????????????????
?1
?? ???? i=1 i=2 i=3 i=4 i=5 i=6 i=7 i=8 i=9 i=10 ????
TWIS?????
RKi?1
{k0,k1,k2,k99,k100,??,k127} {k0,k1,k2,k99,k100,??,k127} {k0,k1,??,k5,k102,k103,??,k127} {k0,k1,??,k8,k105,k106,??,k127} {k0,k1,??,k11,k108,k109,??,k127} {k0,k1,??,k14,k111,k112,??,k127} {k0,k1,??,k17,k114,k115,??,k127} {k0,k1,??,k20,k117,k118,??,k127} {k0,k1,??,k23,k120,k121,??,k127} {k0,k1,??,k26,k123,k124,??,k127}
{k0,k1,??,k29,k126,k127} {k0,k1,??,k8,k105,k106,??,k127}
RKi
{k0,k1,??,k5,k102,k103,??,k127} {k0,k1,??,k5,k102,k103,??,k127} {k0,k1,??,k8,k105,k106,??,k127} {k0,k1,??,k11,k108,k109,??,k127} {k0,k1,??,k14,k111,k112,??,k127} {k0,k1,??,k17,k114,k115,??,k127} {k0,k1,??,k20,k117,k118,??,k127} {k0,k1,??,k23,k120,k121,??,k127} {k0,k1,??,k26,k123,k124,??,k127}
{k0,k1,??,k29,k126,k127}
{k1,k2,??,k32}
{k0,k1,??,k11,k108,k109,??,k127}
?6? ?▉???????TWIS???▊Ё????? g183g
?▊Ё?????? 4.1 ?????
??▊Ё???????TWIS????????????????Ё??????????????TWIS???▊Ё???????????????????????TWIS?????Щ???????????????1???
???????????????????TWIS???????????128 bit???┉?????????62 bit??????????Ё??????????{k0,k1,??,k32,k99,k100,??,k127}?62 bit????66 bit???????TWIS??В??????2128┑?262???┉?????K′={k0,k1,??,k32,k99,k100,??,k127}? 4.2 10?TWIS???▊Ё?????
?TWIS?┉????l=62????????▊Ё??????????????┑??
??????????Щ?????????????????????
??0???4????????????▊??{k0,k1,??,k14,k99,k100,??,k127}?????┉???18???▊??{k15,k16,??,k31,k32}?
??7???10????????????
▊??{k0,k1,??,k32,k117,k118,??,k127}?????┉???18??▊??{k99,k100,??,k115,k116}? ??TWIS??????2????????
?3?Ё???▊Ё????????????????α=4?β=7?????┉???????3??▊?A0?A1?A2???????
Kÿ={k0,k1,??,k32,k99,k100,??,k127} Kÿ
1=K\{k15,k16,??,k31,k32}
={k 0,k1,??,k14,k99,k100,??,k127}Kÿ
2=K\{k99,k100,??,k115,k116}
={k
0,k1,??,k32,k117,k118,??,k127}A0=K1∩K2={k0,k1,??,k14,k117,k118,??,k127}
A1=K1\A0={k99,k100,??,k116} A2=K2\A0={k15,k16,??,k32} |A1|=|A2|=18,|A0|=26
??????????10?TWIS???▊Ё????????????????????????
????????(P,C)??A260?2????? 1) ??A181Ё?????2???????
v=?1,4(P)?
2) ??A2Ё?????218???????
u=??1
7,10(C)?
3) ???5??Ё??????
???5???v’?u’?????????2????Ё???????????A1?A2???????????????v’?u’??????????32??????????32????????????????????????2?32?
??????????226(218+218)=245?
内容需要下载文档才能查看 内容需要下载文档才能查看 内容需要下载文档才能查看
?2 Ё?????
?????В????2l?m=230?????????????(P,C)????v’?u’??????128 bit???????128 bit????????????????????????2?128?????????????v’=u’????????
?????????
2l?m+2l?m?b+2l?m?2b+??
=230+2?98+??
≈230
?????????TWIS????????
g184g ? ? ? ? ?35?
?????????????????????? 4.3 ?????
???3?Ё???▊Ё????????????????10?TWIS?┉??62 bit???????????
2|A0|(2|A1|+2|A2|)+2l?m+2l?m?b+??
=226(218+218)+230+2?98
+??
≈245
??????DC=??l??62?
?b??=??128??
=1?
5 ???
??2?????TWIS???????ЩЁ????┻???????Щ??????10?TWIS?????▊Ё?????????┉?????62 bit?????????????????????????245
????????Щ??????10?TWIS???????▊Ё??????????????[4]ЁOnur Kocak??????10?TWIS??????
?2
TWIS???????
?? ?? ????? ?????? ???
?? ???? ?? 10 62 245 1
??▊MITM
??[4]
10
12
2
21
2
21
????
?????
[1] OJHA S K, KUMAR N, JAIN K. TWIS–a lightweight block cipher[A].
Information Systems Security[C]. Berlin: Springer Heidelberg, 2009.280-291.
[2] SHIRAI T, SHIBUTANI K, AKISHITA T, et al. The 128 bit block
cipher CLEFIA[A]. Fast Software Encryption[C]. Berlin: Springer Heidelberg, 2007.181-195.
[3] SU B Z, WU W L, ZHANG L, et al. Full-round differential attack on
TWIS block cipher[A]. Information Security Applications[C]. Berlin: Springer Heidelberg, 2011.234-242.
[4] KOCAK O, OZTOP N. Cryptanalysis of TWIS block cipher[A]. Re-search in Cryptology[C]. Berlin: Springer Heidelberg, 2012.109-121.
[5] DIFFIE W, HELLMAN M E. Special feature exhaustive cryptanalysis
of the NBS data encryption standard[J]. Computer, 1977, 10(6): 74-84. [6] CHAUM D, EVERTSE J H. Cryptanalysis of DES with a reduced
number of rounds[A]. Cryptology-CRYPTO’85 Proceedings[C]. Ber-lin: Springer Heidelberg, 1986.192-211.
[7] DEMIRCI H, SELCUK A A. A meet-in-the-middle attack on 8-round
AES[A]. Fast Software Encryption[C]. Berlin: Springer Heidelberg, 2008.116-126.
[8] DEMIRCI H, TASKM ?, COBAN M, et al. Improved meet-in-the-
middle attacks on AES[A]. Progress in Cryptology- INDOCRYPT 2009[C]. Berlin: Springer Heidelberg, 2009.144-156.
[9] DUNKELMAN O, SEKAR G, PRENEEL B. Improved meet-in-the-
middle attacks on reduced-round DES[A]. Progress in Cryptology– INDOCRYPT 2007[C]. Berlin: Springer Heidelberg, 2007.86-100. [10] INDESTEEGE S, KELLER N, DUNKELMAN O, et al. A practical
attack on keeloq[A]. Cryptology-EUROCRYPT 2008[C]. Berlin: Springer Heidelberg, 2008.1-18.
[11] DE C C, DUNKELMAN O, KNEZEVIC M. KATAN and KTAN-TAN—a family of small and efficient hardware-oriented block ci-phers[A]. Cryptographic Hardware and Embedded Systems-CHES 2009[C]. Berlin: Springer Heidelberg, 2009.272-288.
[12] BOGDANOV A, RECHBERGER C. A 3-subset meet-in-the-middle
attack: cryptanalysis of the lightweight block cipher KTANTAN[A]. Selected Areas in Cryptography[C]. Berlin: Springer Heidelberg, 2011.229-240.
[13] SEKAR G, MOUHA N, VELICHKOV V, et al. Meet-in-the-middle
attacks on reduced-round XTEA[A]. Topics in Cryptology–CT-RSA 2011[C]. Berlin: Springer Heidelberg, 2011.250-267.
?????
内容需要下载文档才能查看
?▉??1988-???????????????????????????????
内容需要下载文档才能查看
????1963-????┙???????????????????????????????????????????
下载文档
热门试卷
- 2016年四川省内江市中考化学试卷
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
- 山东省滨州市三校2017届第一学期阶段测试初三英语试题
- 四川省成都七中2017届高三一诊模拟考试文科综合试卷
- 2017届普通高等学校招生全国统一考试模拟试题(附答案)
- 重庆市永川中学高2017级上期12月月考语文试题
- 江西宜春三中2017届高三第一学期第二次月考文科综合试题
- 内蒙古赤峰二中2017届高三上学期第三次月考英语试题
- 2017年六年级(上)数学期末考试卷
- 2017人教版小学英语三年级上期末笔试题
- 江苏省常州西藏民族中学2016-2017学年九年级思想品德第一学期第二次阶段测试试卷
- 重庆市九龙坡区七校2016-2017学年上期八年级素质测查(二)语文学科试题卷
- 江苏省无锡市钱桥中学2016年12月八年级语文阶段性测试卷
- 江苏省无锡市钱桥中学2016-2017学年七年级英语12月阶段检测试卷
- 山东省邹城市第八中学2016-2017学年八年级12月物理第4章试题(无答案)
- 【人教版】河北省2015-2016学年度九年级上期末语文试题卷(附答案)
- 四川省简阳市阳安中学2016年12月高二月考英语试卷
- 四川省成都龙泉中学高三上学期2016年12月月考试题文科综合能力测试
- 安徽省滁州中学2016—2017学年度第一学期12月月考高三英语试卷
- 山东省武城县第二中学2016.12高一年级上学期第二次月考历史试题(必修一第四、五单元)
- 福建省四地六校联考2016-2017学年上学期第三次月考高三化学试卷
- 甘肃省武威第二十三中学2016—2017学年度八年级第一学期12月月考生物试卷
网友关注
- 化工设备泵
- 浙江联通手机音乐somusic客户端产品使用手册
- 结构设计原理课程设计
- 课程设计模板
- h-wit产品手册
- 宏微观经济学教学大纲
- ljm-(s、w、z)系列剩余电流动作继电器
- 浙江联通“手机电影”手机电视产品使用手册
- [宝典]51cto下载-齐治科技产品手册
- 儿科学教学大纲
- 高等院校环保教育课程的设计与实施
- [优质文档]排版道理第一章
- 汽车设计课程设计-2013
- [宝典]nf5220产品手册
- 汽车设计课程设计-2013
- 职业生涯设计与规划【精品-ppt】
- 化工原理课程设计--污水厂设计
- 食品工程原理课程设计
- 化工原理 过程装备及仪表自动化课程设计 完成
- VB整体课程设计方案
- 《旅游文化概论》教学大纲
- 马克思主义哲学原理教学大纲
- 一种便携式多参数环境监测仪的设计
- 专业外语课程教学大纲
- 课程设计
- 怎样写教学案例
- 主题班会教案25个
- 梅林国小乡土语言闽南语 阿母的手学习单 班级 姓名
- 《化工道理》课程设计教授教化纲目[精品]
- 王梦情 紫金矿业课程设计报告
网友关注视频
- 人教版二年级下册数学
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 4
- 七年级英语下册 上海牛津版 Unit9
- 冀教版小学数学二年级下册1
- 三年级英语单词记忆下册(沪教版)第一二单元复习
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 二年级下册数学第一课
- 30.3 由不共线三点的坐标确定二次函数_第一课时(市一等奖)(冀教版九年级下册)_T144342
- 北师大版数学 四年级下册 第三单元 第二节 小数点搬家
- 冀教版小学数学二年级下册第二单元《有余数除法的整理与复习》
- 沪教版八年级下册数学练习册一次函数复习题B组(P11)
- 七年级英语下册 上海牛津版 Unit5
- 北师大版数学四年级下册第三单元第四节街心广场
- 19 爱护鸟类_第一课时(二等奖)(桂美版二年级下册)_T3763925
- 冀教版小学数学二年级下册第二单元《租船问题》
- 冀教版小学数学二年级下册第二单元《有余数除法的竖式计算》
- 苏教版二年级下册数学《认识东、南、西、北》
- 冀教版英语四年级下册第二课
- 外研版英语七年级下册module3 unit2第二课时
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,广东省
- 19 爱护鸟类_第一课时(二等奖)(桂美版二年级下册)_T502436
- 苏科版八年级数学下册7.2《统计图的选用》
- 8 随形想象_第一课时(二等奖)(沪教版二年级上册)_T3786594
- 每天日常投篮练习第一天森哥打卡上脚 Nike PG 2 如何调整运球跳投手感?
- 北师大版小学数学四年级下册第15课小数乘小数一
- 小学英语单词
- 《小学数学二年级下册》第二单元测试题讲解
- 沪教版牛津小学英语(深圳用) 六年级下册 Unit 7
- 冀教版小学数学二年级下册第二单元《余数和除数的关系》
- 化学九年级下册全册同步 人教版 第18集 常见的酸和碱(二)
精品推荐
- 2016-2017学年高一语文人教版必修一+模块学业水平检测试题(含答案)
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
分类导航
- 互联网
- 电脑基础知识
- 计算机软件及应用
- 计算机硬件及网络
- 计算机应用/办公自动化
- .NET
- 数据结构与算法
- Java
- SEO
- C/C++资料
- linux/Unix相关
- 手机开发
- UML理论/建模
- 并行计算/云计算
- 嵌入式开发
- windows相关
- 软件工程
- 管理信息系统
- 开发文档
- 图形图像
- 网络与通信
- 网络信息安全
- 电子支付
- Labview
- matlab
- 网络资源
- Python
- Delphi/Perl
- 评测
- Flash/Flex
- CSS/Script
- 计算机原理
- PHP资料
- 数据挖掘与模式识别
- Web服务
- 数据库
- Visual Basic
- 电子商务
- 服务器
- 搜索引擎优化
- 存储
- 架构
- 行业软件
- 人工智能
- 计算机辅助设计
- 多媒体
- 软件测试
- 计算机硬件与维护
- 网站策划/UE
- 网页设计/UI
- 网吧管理