电子学报 ›› 2014, Vol. 42 ›› Issue (8): 1647-1652.DOI: 10.3969/j.issn.0372-2112.2014.08.030

• 科研通信 • 上一篇    下一篇

Trivium流密码的基于自动推导的差分分析

丁林, 关杰   

  1. 解放军信息工程大学, 河南郑州 450000
  • 收稿日期:2012-11-28 修回日期:2013-06-14 出版日期:2014-08-25
    • 作者简介:
    • 丁林男,1987年生于河南信阳.解放军信息工程大学博士生.研究方向为流密码分析.E-mail:dinglin_cipher@163.com;关杰女,1974年生于河南郑州.解放军信息工程大学教授、硕士生导师,研究方向为密码学与信息安全.E-mail:guanjie007@163.com
    • 基金资助:
    • 国家自然科学基金 (No.61202491,No.61272041,No.61272488); 全军军事学研究生课题 (No.2010JY0263-149); 信息保障技术重点实验室开放基金 (No.KJ-13-007); 保密通信重点实验室基金 (No.9140C110303140C11003)

Differential Cryptanalysis of Trivium Stream Cipher Based on Automatic Deduction

DING Lin, GUAN Jie   

  1. The PLA Information Engineering University, Zhengzhou, Henan 450000, China
  • Received:2012-11-28 Revised:2013-06-14 Online:2014-08-25 Published:2014-08-25
    • Supported by:
    • National Natural Science Foundation of China (No.61202491, No.61272041, No.61272488); PLA Military Science Postgraduate Project (No.2010JY0263-149); Open Fund of Key Laboratory of Information Assurance Technology (No.KJ-13-007); Fund of Key Laboratory of Secure Communication (No.9140C110303140C11003)

摘要:

Trivium是欧洲eSTREAM工程评选出的7个最终胜出的流密码算法之一.本文提出了针对Trivium的基于自动推导的差分分析技术,利用该技术可以得到任意轮Trivium算法的差分传递链.将该技术应用于轮数为288的简化版Trivium算法,提出了一个有效的区分攻击,仅需226个选择IV,区分优势为0.999665,攻击结果远优于已有的线性密码分析和多线性密码分析.将该技术应用于更多轮的Trivium算法和由Turan和Kara提出的修改Trivium算法,结果表明,初始化轮数低于359的Trivium算法不能抵抗差分分析,修改Trivium算法在抵抗差分分析方面优于原Trivium算法.

关键词: 密码分析, 差分分析, Trivium, 流密码

Abstract:

Trivium is a stream cipher and has successfully been chosen as one of seven finalists by European eSTREAM project.In this paper,a differential cryptanalysis of Trivium based on automatic deduction is presented.This new technique enables the attacker to obtain differential characteristics on arbitrary-round Trivium.The technique is applied to 288-round Trivium,which results in an efficient distinguishing attack.Our attack only requires 226 chosen IVs with a distinguishing advantage of 0.999665.The result is much better than the existing single linear cryptanalysis and Linear Cryptanalysis with Multiple Approximations on 288-round Trivium.We also apply the technique to more-round Trivium and the modified Trivium proposed by Turan and Kara.The results show that Trivium reduced to no more than 359(out of 1152)initialization rounds is weak against differential cryptanalysis,and the modified Trivium is better against differential cryptanalysis than the original Trivium.

Key words: cryptanalysis, differential cryptanalysis, Trivium, stream cipher

中图分类号: