电子学报 ›› 2017, Vol. 45 ›› Issue (2): 468-476.DOI: 10.3969/j.issn.0372-2112.2017.02.028

• 学术论文 • 上一篇    下一篇

减缩轮PRIDE算法的线性分析

伊文坛, 田亚, 陈少真   

  1. 数学工程与先进计算国家重点实验室, 河南郑州 450001
  • 收稿日期:2015-07-15 修回日期:2016-01-04 出版日期:2017-02-25 发布日期:2017-02-25
  • 作者简介:伊文坛,男,1989年生于山东菏泽.研究方向为分组密钥安全性分析.E-mail:nlwt89@sina.com;田亚,男,1991年生于江苏徐州.硕士研究生,研究方向为分组密码安全性分析;陈少真,女,1967年生于江苏无锡.博士生导师,研究方向为分组密码的设计与分析.
  • 基金资助:

    信息保障技术重点实验室开放基金(No.KJ-13-010)

Linear Cryptanalysis of Reduced-Round PRIDE Block Cipher

YI Wen-tan, TIAN Ya, CHEN Shao-zhen   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, Henan 450001, China
  • Received:2015-07-15 Revised:2016-01-04 Online:2017-02-25 Published:2017-02-25

摘要:

PRIDE是Albrecht等人在2014美密会上提出的轻量级分组密码算法.PRIDE采用典型SPN密码结构,共迭代20轮.其设计主要关注于线性层,兼顾了算法的效率和安全.该文探讨了S盒和线性层矩阵的线性性质,构造了16条优势为2-5的2轮线性逼近和8条优势为2-3的1轮线性逼近.利用合适的线性逼近,结合密钥扩展算法、S盒的线性性质和部分和技术,我们对18轮和19轮PRIDE算法进行了线性分析.该分析分别需要260个已知明文,274.9次18轮加密和262个已知明文,274.9次19轮加密.另外,我们给出了一些关于S盒差分性质和线性性质之间联系的结论,有助于减少攻击过程中的计算量.本文是已知明文攻击.本文是关于PRIDE算法的第一个线性分析.

关键词: 分组密码, PRIDE算法, 线性分析, 线性逼近

Abstract:

PRIDE is a light weight block cipher designed by Albrecht et al.in CRYPTO 2014,which adopts the classical SPN (Substitution Permutation Network) structure and iterates for 20 rounds.The construction of linear layers is very interesting and performances good both in security and efficiency.This paper investigates the properties of the S-boxes and the linear matrices,and then constructs 16 different 2-round iterative linear approximations with the bis 2-5 and 8 different 1-round iterative linear approximations with the bis 2-3.Base on some suitable approximations,attacks on 18-round and 19-round PRIDE are presented by means of linear cryptanalysis with the properties of key schedule,the linear characteristics and the partial-sum technique,which need about 274.9 encryptions with 260 known plaintexts and 274.9 encryptions with 262 known plaintexts,respectively.Furthermore,some interesting links between differential and linear characteristics are shown,which are helpful to reduce the compute complexity.Our analysis is the first linear attack on PRIDE block cipher with known plaintexts.

Key words: block cipher, PRIDE, linear cryptanalysis, linear approximation

中图分类号: