密码学报2018,Vol.5Issue(1):94-100,7.DOI:10.13868/j.cnki.jcr.000222
Grain-128a认证机制的安全性分析
Security Analysis of Authentication Mechanism in Grain-128a
摘要
Abstract
Grain-128a is a stream-cipher-based authenticated encryption scheme, using a universal hash function as the core component in its authentication part. Previous studies focus on the weakness of stream cipher,while this work analyzes the security of Grain-128a through the weak key analysis of the universal hash function, assuming that the stream cipher is perfect. The universal hash function is a simple affine function,resulting in weak key sets in Grain-128a. An attacker can effectively detect whether or not the key belongs to this set, and if so, the attacker can perform forgery attack with a successful probability of 1. By using key recovery attacks based on the weak key analysis, it is shown that it is possible to recover the l+31 bits of the key with a successful probability of 1 with 1 encryption query and no more than 232+l?1 decryption queries,if the bit-length of the message is 1. Furthermore, one can get almost all of the keystreams generated by the stream cipher, and then can do arbitrary forgery attacks,that is,for arbitrary message less than 1 bits,it is possible to generate its ciphertext and the corresponding massage authentication code. At the end of this paper, an analysis of the reason behind the attacks and the corresponding precautions are presented.关键词
Grain-128a/认证加密/泛杂凑函数/弱密钥分析Key words
Grain-128a/authenticated encryption/universal hash function/weak key analysis分类
信息技术与安全科学引用本文复制引用
王鹏,郑凯燕..Grain-128a认证机制的安全性分析[J].密码学报,2018,5(1):94-100,7.基金项目
国家重点基础研究发展项目 (973计划)(2014CB340603) (973计划)
国家自然科学基金项目 (61472415, 61272477) National Basic Research Program of China (973 Program)(2014CB340603) (61472415, 61272477)
National Natural Science Foundation of China (61472415, 61272477) (61472415, 61272477)
