密码学报(中英文)2024,Vol.11Issue(5):1160-1178,19.DOI:10.13868/j.cnki.jcr.000736
Camellia和CLEFIA的自动化中间相遇攻击
Automated Meet-in-the-Middle Attack on Camellia and CLEFIA
摘要
Abstract
The Meet-in-the-Middle(MitM)is an effective paradigm to build preimage and collision attack on hash functions.In recent years,based on the mixed-integer-linear-programming(MILP),the automated MitM preimage,collision and key recovery attack are widely applied on AES-like ciphers.At ASIACRYPT 2023,Hou et al.extended the automated MitM attack into hash functions with the Feistel or generalized Feistel network as building blocks,where the linear layers of the round functions are based on MDS matrices.However,in practice,the linear layer of the round function can be built in various ways,and is not necessarily based on MDS matrix design.This study generalized the propagation model of MitM attributes for linear layer based on generic Boolean matrix by proposing the n-XOR model where the output byte can be described as the XOR of any number of input bytes.Combined with the model proposed by Hou et al,preimage attacks are mount on ISO standard block ciphers Camellia and CLEFIA with hashing modes.Then,up to 14-round MitM preimage characteristics are found for the weakened Camellia-MMO without the whitening layers and FL/FL-1 transformation.For CLEFIA-MMO,up to 13-round MitM preimage characteristics are found with appropriate increase in memory.The time complexities of both attacks are 2120.Compared with the best results(Sasaki at ACNS 2013),both attacks are improved by 1 round.关键词
Camellia算法/CLEFIA算法/中间相遇/原像攻击/n-XOR模型/自动化工具Key words
Camellia/CLEFIA/meet-in-the-middle/preimage attack/n-XOR/automated tool分类
信息技术与安全科学引用本文复制引用
侯庆良,李坤桐,董晓阳,张国艳,申延召..Camellia和CLEFIA的自动化中间相遇攻击[J].密码学报(中英文),2024,11(5):1160-1178,19.基金项目
国家自然科学基金(72334003) (72334003)
山东省重点研发计划(2023CXPT033)National Natural Science Foundation of China(72334003) (2023CXPT033)
Key Research and Development Program of Shandong Province(2023CXPT033) (2023CXPT033)