计算机科学 ›› 2015, Vol. 42 ›› Issue (7): 191-193.doi: 10.11896/j.issn.1002-137X.2015.07.042

• 信息安全 • 上一篇    下一篇

SMS4算法的不可能差分攻击研究

孙翠玲 卫宏儒   

  1. 北京科技大学数理学院 北京100083
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受2013年国家自然科学基金(61272476),内蒙古自治区科技创新引导奖励资金(2012)项目资助

Research on Impossible Differential Attack of Cipher SMS4

SUN Cui-ling WEI Hong-ru   

  • Online:2018-11-14 Published:2018-11-14

摘要: 为研究分组加密算法SMS4抵抗不可能差分攻击的能力,使用了14轮不可能差分路径,给出了相关攻击结果。基于1条14轮不可能差分路径,对16轮和18轮的SMS4算法进行了攻击,改进了关于17轮的SMS4的不可能差分攻击的结果,将数据复杂度降低到O(269.47)。计算结果表明:攻击16轮SMS4算法所需的数据复杂度为O(2103),时间复杂度为O(292);攻击18轮的SMS4算法所需的数据复杂度为O(2104),时间复杂度为O(2123.84)。

关键词: 分组密码,SMS4,不可能差分攻击,Early-abort技术

Abstract: To analyze impossible differential cryptanalysis on the block cipher SMS4,the results were presented based on one 14-round impossible differential route.One impossible differential attack was applied to 16-round and 18-round reduced SMS4,and improved result on 17 round CLEFFIA-256 was given with the number of chosen plaintexts being reduced to O(269.47).Computing result shows that the attack of 16-round SMS4 needs O(2103) choosing plaintext operations,and O(292) encrypting computations,and the attack of 18-round SMS4 needs O(2104) choosing plaintext operations and O(2123.84) encrypting computations.

Key words: Block cipher,SMS4,Impossible differential attack,Early-abort technique

[1] Office of State Commercial Cipher AdministratIon.Block Cipher for WLAN products-SMS4[EB/OL].2006-12-23.http://www.oscca.gov.File/2006021016423197990
[2] 张蕾,吴文玲.SMS4密码算法的差分故障攻击[J].计算机学报,2006,29(9):1594-1600 Zhang Lei,Wu Wen-ling.Differential Fault Analysis on SMS4[J].Chinese Journal of Computers,2006,29(9):1594-1600
[3] Toz D,Dunkelman O.Analysis of Two Attacks on Reduced-Round Versions of the SMS4[C]∥Proceedings of ICICS 2008,Springer-verlag,2008.LNCS:2008,5308:141-156(下转第228页)(上接第193页)
[4] 陈杰,胡予濮,张跃宇.用不可能差分法分析17轮SMS4算法[J].西安电子科技大学学报(自然科学版),2008,35(3):455-458 Chen Jie,Hu Yu-pu,Zhang Yue-yu.Impossible differential attack on the 17-round block cipher SMS4[J].Journal of Xidian University(Natural Science),2008,35(3):455-458
[5] Zhang L,Zhang W,Wu W.Cryptanalysis of Reduced-RoundSMS4 Block cipher[C]∥Proceedings of ACISP 2008.Springer-verlag,2008,5107:216-229
[6] Kim T,Kim J,Hong S,et al.Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher.http://eprint.iacr.org/2008/281
[7] Km T,Kng J,Hong S,et al.Linear and differential cryptanalysis of reduced SMS4 block c-ipher[R].Cryptology ePrint Archive:Report 2008 /281,2008
[8] 张美玲,刘景美,王新梅.22-轮SMS4的差分分析[J].中山大学学报(自然科学版),2010,49(2):43-47 Zhang Mei-ling,Liu Jing-mei,Wang Xin-mei.Differential Attack on 22-Round SMS4 Block Cipher[J].Acta Scientiarum Naturalium Universitatis Sunyatseni,2010,49(2):43-47
[9] Biham E,Biryukov A,Shamir A.Cryptana lysis of Skipjack reduced to 31 rounds using impossible differentials[C]∥Advances in Cryptology-Eurocrypt,1999.Springer Berlin Heidelberg,1999:12-23

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!