SHA-3置换函数的差分转移概率分析

计算机科学 ›› 2014, Vol. 41 ›› Issue (3): 159-162.

SHA-3置换函数的差分转移概率分析

高晓东,杨亚涛,李子臣

北京电子科技学院北京100070;北京电子科技学院北京100070;北京电子科技学院北京100070

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家自然科学基金项目(61070219),中央高校基本科研业务费专项资金资助

Differential Transition Probability Analysis of SHA-3Permutation Function

GAO Xiao-dong,YANG Ya-tao and LI Zi-chen

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 通过对SHA-3算法置换函数Keccak-f的分析,提出三维数组的循环移位方法。根据置换函数Keccak-f每一步变换的结构,构造出输出差分的布尔函数表达式。通过研究输出差的差分布尔函数表达式,证明了Keccak-f每一步变换的输入输出差分通过循环移位后,其差分转移概率不变。在此基础上,通过分析得出,当Keccak-f每一步变换的两个输入差分之间和对应输出差分之间均满足相同循环移位特性时,整个置换函数Keccak-f的输入输出差分在循环移位后,其差分转移概率不变。

关键词: SHA-3,循环移位,差分分析,差分转移概率中图法分类号TP393.08文献标识码A

Abstract: By analyzing the permutation function Keccak-f of SHA-3,cycle shift method of three-dimensional array was proposed．According to structure of every step transform in Keccak-f,the boolean expression of the output difference was structured．By analyzing the boolean expressions of the output difference,to the every step transform of Keccak-f,it was proved that the differential transition probability about cycle shift is unchanged．On this basis, by analyzing,it was obtained that when cycle shift properties of two input difference and two corresponding output difference are same, the differential transition probability of the whole permutation function Keccak-f about cycle shift is unchanged.

Key words: SHA-3,Cycle shift,Differential analysis,Differential transition probability

高晓东,杨亚涛,李子臣. SHA-3置换函数的差分转移概率分析[J]. 计算机科学, 2014, 41(3): 159-162. https://doi.org/

GAO Xiao-dong,YANG Ya-tao and LI Zi-chen. Differential Transition Probability Analysis of SHA-3Permutation Function[J]. Computer Science, 2014, 41(3): 159-162. https://doi.org/

参考文献

[1] NIST Tech Beat.NIST Selects Winner of Secure Hash Algo-rithm(SHA-3)Competition[EB/OL].http://www．nist.gov/itl/csd/sha-100212.cfm,2012-10-02
[2] Bertoni G,Daemen J,Peeters M,et al．The Keccak SHA-3submission[EB/OL]．http:// keccak．noekeon.org/,2011-01-14
[3] NIST．Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family[J].Federal RegisterNotices,2007,72(212):62212-62220
[4] Andrew R,Ray P,Chang S J.Status Report on the First Round of the SHA-3Cryptographic Hash Algorithm Competition[R]．Information Technology Laboratory National Institute of Stan-dards and Technology,Gaithersburg,2009
[5] Meltem S T,Ray P,Lawrence E B,et al.Status Report on the Second Round of the SHA-3Cryptographic Hash Algorithm Competition．Computer Security Division[R]．Information Technology Laboratory National Institute of Standards and Technolo-gy,Gaither-sburg,2011
[6] NIST.The SHA-3Finalists candidates U S department of commerce national information service[EB/OL].http://csrc.nist.gov．/groups/ST/hash/sha-3/Round3/submissions_round3.html,2011
[7] Wang X Y,Yin Yi-qun,Yu H B．Finding collisions in the fullSHA-1[C]∥Shoup(ed)．CRYPTO 2005,LNCS 3621．Berlin:Springer-Verlag,2005:17-36
[8] Bertoni G,Daemen J,Peeters M,et al.The Keccak sponge function family[EB/OL].http:// keccak．noekeon．org/news．Html,2012-04
[9] Dinur I,Dunkelman O,Shamir A．New Attacks on Keccak-224and Keccak-256[C]∥International Association for Cryptologic Research 2012．FSE 2012,LNCS 7549．2012:42-461
[10] Maurer U,Renner R,Holenstein C．Indifferentiability,impossibility results on reductions,and applications to the random oracle methodology[C]∥Naor,ed．TCC’04,LNCS 2951．Berlin:Springer-Verlag,2004:21-39
[11] Bertoni G,Daemen J,Peeters M,et al．Cryptographic spongefunctions [EB/OL]．http://sponge．noekeon．org/,2011-01
[12] 李倩男,李云强,蒋淑静,等.Keccak类非线性变换的差分性质研究[J]．通信学报,2012,3(9):140-146

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed