密码学报2023,Vol.10Issue(6):1197-1208,12.DOI:10.13868/j.cnki.jcr.000639
基于可分性改进分组密码SM4和FOX的积分区分器
Improved Integral Distinguishers Based on Division Property for SM4 and FOX Block Ciphers
摘要
Abstract
Division property,as a generalization of integral cryptanalysis,was first proposed by Todo at EUROCRYPT 2015,and has been applied to many symmetric ciphers.Currently,the combi-nation of division property and mathematical tools,such as mixed integer linear programming(MILP)and Boolean satisfiability problem(SAT),has become a popular approach for finding integral distin-guishers by automated methods.This approach involves establishing a constraint model based on the propagation rules of division property on the fundamental components of block ciphers and selecting an appropriate initial value for division property to search for integral distinguishers.For a block cipher,the integral distinguisher obtained by automated searching is influenced by different modeling methods employed for block ciphers and the precision of the models themselves.This paper proposes two modeling strategies that leverage bit-based division property for two fundamental components of a block cipher,i.e.,the branch-based XOR compression construction and the non-bit-permutation linear transformation.Strategy 1 adds constraints between the input division property of related branches into the propagation model of branch-based XOR compression,so that the output division property after the first round of the branch-based XOR compression construct is 0,thereby improving the prop-agation advantage of the division property of other branches.Strategy 2 introduces constraints by handling the matrix associated with a non-bit-permutation linear transformation.When the matrix contains non-independent division property propagation,the corresponding constraints are added to limit the division property of the non-independent propagation bits.This improves the model accuracy and reduces redundant division trails.In order to verify the effectiveness of the proposed method,the proposed modeling strategies are applied to two block ciphers,namely SM4 and FOX,and the follow-ing results are obtained:(1)A 13-round integral distinguisher for SM4 is constructed,which surpasses the previously best-known result by one round;(2)Two 3-round integral distinguishers for FOX64 and FOX128 are constructed respectively,which outperform the existing integral distinguishers known for these ciphers.关键词
积分分析/可分性/混合整数线性规划/SM4/FOXKey words
integral cryptanalysis/division property/MILP/SM4/FOX分类
信息技术与安全科学引用本文复制引用
毛永霞,吴文玲..基于可分性改进分组密码SM4和FOX的积分区分器[J].密码学报,2023,10(6):1197-1208,12.基金项目
国家自然科学基金(62072445)National Natural Science Foundation of China(62072445) (62072445)
