密码学报(中英文)2024,Vol.11Issue(4):861-877,17.DOI:10.13868/j.cnki.jcr.000713
基于分支定界技术的分组密码新型积分区分器搜索
Exploring New Integral Distinguishers on Block Ciphers with Branch-and-Bound
摘要
Abstract
The integral attack is an important cryptanalysis technique on block ciphers.Tradi-tionally,an integral distinguisher is a balanced output bit corresponding to a set of chosen plaintexts which is called a zero-sum distinguisher.However,some other useful distinguishers with round keys for integral attacks are ignored.This paper proposes a new type of integral distinguishers on block ciphers called key-based integral distinguishers.The main idea is to recover the superpoly of a certain output bit on independent round keys,which is used as a key-based integral distinguisher,and then guess some bits of round keys of last several rounds to simplify the superpoly with the help of the key-schedule.If the superpoly on round key variables is balanced,one bit of information can be recov-ered for the involved round keys,which in general can be transformed into one bit information of the encryption key.As illustrations,combining bit-based division property and branch-and-bound,a new method is presented to search key-based integral distinguishers,which is shown to be very effective for some block ciphers.The method is applied to SIMON and Simeck.As a result,12,8 and 9 superpolies on round keys can be recovered on 15-round SIMON32,18-round SIMON64 and 15-round Simeck32,respectively.Based on one of these superpolies,a key recovery attack is given on 25-round SIMON64.Furthermore,two new balanced bits on 18-round SIMON64 are found.关键词
积分攻击/可分性质/分支定界/MILPKey words
integral attack/division property/branch-and-bound/MILP分类
信息技术与安全科学引用本文复制引用
曾凡洋,田甜..基于分支定界技术的分组密码新型积分区分器搜索[J].密码学报(中英文),2024,11(4):861-877,17.基金项目
国家自然科学基金(62372464)National Natural Science Foundation of China(62372464) (62372464)
