计算机科学 ›› 2019, Vol. 46 ›› Issue (11): 119-122.doi: 10.11896/jsjkx.180901786
张丽, 卫宏儒
ZHANG Li, WEI Hong-ru
摘要: Camellia是一种具有Feistel结构的迭代型分组密码。Camellia算法的分组长度为128比特,密钥长度为128比特、192比特或256比特,其中密钥长度为128比特时迭代轮数为18轮,当密钥长度为192比特或256比特时,迭代轮数为24轮。目前,对Camellia算法的安全性分析一直是研究的热点。文中根据Camellia的密钥扩展算法和密钥相关性,分析了轮密钥之间的关系,并借助密钥桥找到了猜测密钥的8条关系。因此在对16轮Camellia-256进行高阶中间相遇攻击时,减少了在计算相关值时所需的子密钥数量,使得时间复杂度减少了28。这个结果比之前任何不带函数和白化层的Camellia密码分析的结果都要好。
中图分类号:
[1]AOKI K,ICHIKAWA T,KAND M,et al.Camellia:A 128-Bit Block Cipher Suitable for Multiple Platforms-Design and Analysis[C]∥Selected Areas in Cryptography.Berlin:Springer,2001:39-56. [2]KUWAKADO H,MORII M.Quantum distinguisher betweenthe 3-round Feistel cipher and the random permutation[C]∥Proceedings of IEEE International Symposium on Information Theory.New York:IEEE Press,2010:2682-2685. [3]LEE S,HONG S H,LEE S,et al.Truncated differential cryptanalysis of Camellia[C]∥Information Security and Cryptology.Berlin:Springer,2002:32-38. [4]HATANO Y,SEKINE H,KANEKO T.Higher Order Diffrential Attack of Camellia(II)[C]∥Selected Areas in Cryptography.Berlin:Springer,2003:129-146. [5]CHEN J Z,JIA K T,YU H B,et al.New Impossible DifierentialAttacks of Reduced-Round Camellia-192 and Camellia-256[C]∥Information Security and Privacy.Berlin:Springer,2011:16-33. [6]MALA H,SHAKIBA M,DAKHILALIAN M,et al.New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128[C]∥Selected Areas in Cryptography.Berlin:Springer,2009:281-294. [7]LU J Q,WEI Y Z,KIM J,et al.The Higher-Order Meet-in-the-Middle Attack and Its Application to the Camellia Block Cipher [J].Theoretical Computer Science,2014,527(27):102-122. [8]LIU Y,LI L,GU D,et al.New Observations on Impossible Difierential Cryptanalysis of Reduced-Round Camellia[C]∥Fast Software Encryption.Berlin:Springer,2012:90-109. [9]BAI D X,LI L B.New Impossible Difierential Attacks on Camellia[C]∥Information Securit-y Practice and Experience.Berlin:Springer,2012:80-96. [10]MALA H,DAKHILALIAN M,SHAKIBA M.Impossible differential cryptanalysis of reduced-round Camellia-256 [J].IETInformation Security,2011,5(3):129-134. [11]LEI D,LI C,FENG K.Square Like Attack on Camellia[C]∥Information and Communications Security.Berlin:Springer,2007:269-283. [12]LEI D,LI C,FENG K.New Observation on Camellia [C]∥Selected Areas in Cryptography.Berlin:Springer,2006:51-64. [13]LU J Q,WEI Y Z,PASALIC E,et al.Meet-in-the-Middle Attack on Reduced Versions of the the Camellia Block Cipher[C]∥Advances in Information and Computer Security.Berlin:Sprin-ger,2012:197-215. [14]CHEN J Z,LI L B.Low Data Complexity Attack on Reduced Camellia-256[C]∥Information Security and Privacy.Berlin:Springer,2012:101-114. [15]LU J Q,WEI Y Z,KIM J,et al.The Higher-Order Meet-in-the-Middle Attack and Its Application to the Camellia Block Cipher [J].Theoretical Computer Science,2014,527(27):102-122. [16]BOGDANOV A,GENG H,WANG M,et al.Zero-CorrelationLinear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA[C]∥Selected Areas in Cryptography.Berlin:Springer,2011:306-323. [17]LI L,WU W L,ZHENG Y F.Automatic Search for Key-Bridging Technique:Applications to LBlock and TWINE[C]∥Fast Software Encryption.Berlin:Springer,2016:247-267. [18]吴文玲,冯登国,张文涛.分组密码的设计与分析(第二版) [M].北京:清华大学出版社,2009:34-46. |
[1] | 李永光,曾光,韩文报. 缩减轮数Crypton算法中间相遇攻击的改进 Improved Meet-in-the-middle Attack on Reduced-round Crypton Cipher 计算机科学, 2015, 42(11): 217-221. https://doi.org/10.11896/j.issn.1002-137X.2015.11.045 |
|