• 제목/요약/키워드: differential cryptanalysis)

검색결과 90건 처리시간 0.022초

Research on the Security Level of µ2 against Impossible Differential cryptanalysis

  • Zhang, Kai;Lai, Xuejia;Guan, Jie;Hu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제16권3호
    • /
    • pp.972-985
    • /
    • 2022
  • In the year 2020, a new lightweight block cipher µ2 is proposed. It has both good software and hardware performance, and it is especially suitable for constrained resource environment. However, the security evaluation on µ2 against impossible differential cryptanalysis seems missing from the specification. To fill this gap, an impossible differential cryptanalysis on µ2 is proposed. In this paper, firstly, some cryptographic properties on µ2 are proposed. Then several longest 7-round impossible differential distinguishers are constructed. Finally, an impossible differential cryptanalysis on µ2 reduced to 10 rounds is proposed based on the constructed distinguishers. The time complexity for the attack is about 269.63 10-round µ2 encryptions, the data complexity is O(248), and the memory complexity is 263.57 Bytes. The reported result indicates that µ2 reduced to 10 rounds can't resist against impossible differential cryptanalysis.

Multidimensional Differential-Linear Cryptanalysis of ARIA Block Cipher

  • Yi, Wentan;Ren, Jiongjiong;Chen, Shaozhen
    • ETRI Journal
    • /
    • 제39권1호
    • /
    • pp.108-115
    • /
    • 2017
  • ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.

새로운 블록 암호 구조에 대한 차분/선형 공격의 안전성 증명 (Provable Security for New Block Cipher Structures against Differential Cryptanalysis and Linear Cryptanalysis)

  • 김종성;정기태;이상진;홍석희
    • 정보보호학회논문지
    • /
    • 제17권1호
    • /
    • pp.121-125
    • /
    • 2007
  • 차분 공격 및 선형 공격은 강력한 블록 암호 분석 기법으로 블록 암호 알고리즘의 안전성을 평가하는 중요한 도구로 여겨지고 있다. 따라서 블록 암호 설계자들은 차분 공격과 선형 공격에 안전한 블록 암호를 설계하고자 노력해 왔다. 본 논문에서는 세 가지의 새로운 블록 암호 구조를 소개하며, 한 라운드 함수의 최대 차분 구확률(최대 선형 확률)이 p(q)이고 라운드 함수가 전단사 함수일 때, 세 가지의 블록 암호 구조의 차분 확률(선형 확률)의 상한 값이 $p^2(q^2),\;2p^2(2q^2)$으로 유계할 최소 라운드를 증명한다.

부정차분을 이용한 전력분석공격 향상 (Performance Improvement of Power attack with Truncated Differential Cryptanalysis)

  • 강태선;김희석;김태현;김종성;홍석희
    • 한국정보통신설비학회:학술대회논문집
    • /
    • 한국정보통신설비학회 2008년도 정보통신설비 학술대회
    • /
    • pp.155-158
    • /
    • 2008
  • In 1989, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic computations even if these are executed inside tamper-resistant devices such as smart card. Since 1989, many papers were published to improve resistance of DPA. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods to protect iterated block ciphers such as DES against Differential Power Attack. The idea is to randomize the first few and last few rounds(3 $\sim$ 4 round) of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds. This paper show how to combine truncated differential cryptanalysis applied to the first few rounds of the cipher with power attacks to extract the secret key from intermediate unmasked values.

  • PDF

블록 암호 알고리즘 HEA에 대한 차분분석 (Differential Cryptanalysis of DES-Like Block Cipher HEA)

  • 현진수;송정환;강형석
    • 정보보호학회논문지
    • /
    • 제10권4호
    • /
    • pp.107-112
    • /
    • 2000
  • 본 논문에서는 DES(Data Encryption Standard)를 변형하여 설계된 HEA(Hangul Encryption Algorithm)을 차분분석 관점에서의 안전성에 대하여 고찰하고자 한다. HEA는 한글 64음절(1,024 비트) 입 ·출력이 되도록 설계된 56비트 키를 사 용하고 DES와 동일한 8개의 S-box를 적용한 16라운드 Fiestel 구조의 블록 암호알고리즘이다. 본 논문에서는 기존의 DES에 적용한 차분분석 기법이 동일하게 HEA에도 적용됨을 보이고 10라운드로 축소된 HEA 경우 선택평문공격(chosen plaintext attack)이 가능하며 일정한 확률에 의해 분석됨을 증명하였다.

Deep Learning Assisted Differential Cryptanalysis for the Lightweight Cipher SIMON

  • Tian, Wenqiang;Hu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제15권2호
    • /
    • pp.600-616
    • /
    • 2021
  • SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 28.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 28 and 220.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.

The Linearity of algebraic Inversion and a Modification of Knudsen-Nyberg Cipher

  • Lee, Chang-Hyi;Lim, Jong-In
    • 정보보호학회논문지
    • /
    • 제8권1호
    • /
    • pp.65-70
    • /
    • 1998
  • K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

DES에 기반한 조합형 한글 암호 알고리즘 (An Encryption Algorithm Based on DES or Composition Hangul Syllables)

  • 박근수
    • 정보보호학회논문지
    • /
    • 제9권3호
    • /
    • pp.63-74
    • /
    • 1999
  • 본 논문에서 제안하는 HEA(Hangul Encryption Algorithm)는 초성, 중성, 종성의 다차원구조로 이루어진 한글의 특성을 이용하여 조합형 한글 음절을 암호화하여 조합형 한글 음절을 생 성한다. HEA 에서는 암호화 결과가 모두 한글 터미널에 표시가능한 한글이므로 출력 내용이 표시가능해 야 하는 메일 시스템 등에 유용하게 사용될 수 있다. HEA는 DES에 기반하고 있으며 키전수 탐색 differential cryptanalysis linear cryptanalysis 에대하여 DES와 유사한 안전도를 가지며 암호문의 음 소별 임의성, 평문-암호문 연쇄효과 키-암호문 연쇄효과도 갖는다. In this paper we present a Hangul Encryption Algorithm (HEA) which encrypts composition Hangul syllables into composition Hangul syllables using the non-linear structure of Hangul. Since ciphertexts generated by HEA are displayable characters HEA can be used in applications such as Privacy Enhanced mail (PEM) where ciphertexts should be displayable characters. HEA is based on DES and it can be shown that HEA is as safe as DES against the exhaustive key search differential cryptanalysis and linear cryptanalysis. HEA also has randomness of phonemes of ciphertexts and satisfies plaintext-ciphetext avalanche effect and key-ciphertext avalanche effect.

SPN구조 블록 암호의 차분 공격 및 선형 공격에 대한 안전성을 측정하는 고속 알고리즘 (A Fast Algorithm for evaluating the Security of Substitution and Permutation Networks against Differential attack and Linear attack)

  • 박상우;지성택;박춘식;성수학
    • 정보보호학회논문지
    • /
    • 제11권3호
    • /
    • pp.45-52
    • /
    • 2001
  • 본 논문에서는 SPN 구조 블록 암호의 안전성을 평가하는 알고리즘을 제안한다. 먼저, practical security를 이용하여 차분 공격과 선형 공격에 대한 안전성을 측정하는데 문제점이 있는 SPN 구조 블록 암호의 예를 제시한다. 다음으로, SPN 구조 블록 암호의 최대 차분 확률(maximum differential probability)과 linear hull 최대 선형 확률(maximum linear hull probability)을 측정하는 알고리즘을 제안하고, 이 알고리즘의 수행 효율성을 높이는 가속화 방법을 제안한다. 마지막으로, 제안한 알고리즘을 사용하여 블록 암호 E2의 라운드 함수 F의 최대 차분 확률 및 linear hull의 최대 선형 확률을 계산한다.

변형된 Feistel 구조를 이용한 Circle-g의 설계와 분석 (A Design and Analysis of the Block Cipher Circle-g Using the Modified Feistel Structure)

  • 임웅택;전문석
    • 한국컴퓨터산업학회논문지
    • /
    • 제5권3호
    • /
    • pp.405-414
    • /
    • 2004
  • 본 논문에서는 18-라운드 변형된 Feistel 구조를 갖는 128-bit 블록 암호알고리즘 Circle-g를 설계하고, 차분공격(differential cryptanalysis)과 선형공격(linear cryptanalysis)을 통해 안정성을 분석하였다. Circle-g의 f-함수는 2-라운드만에 완전 확산(diffusion)이 일어나도록 설계되었다. 이러한 우수한 확산효과로 인해 9-라운드 차분특성이 구성될 확률은 2^{-144}로, 12-라운드 선형특성이 구성될 확률은 2^{-144}로 분석되었다. 결과적으로 Circle-g는 128-bit 비밀키를 적용하였을 경우 12-라운드 이상이면 차분공격이나 선형공격은 전수(exhaustive)조사 방법보다 효율성이 떨어지는 것으로 분석되었다.

  • PDF