语种选择
- 个人中心
- 退出登录
浏览全部资源
扫码关注微信
- HOME
- ABOUT
- Acta Electronica Sinic About JournalPeer Review ProcessPublication EthicsContactSubscription
- Editorial Board Editorial Board
- Acta Electronica Sinic
- CONTENTS
- Issues Online FirstCurrent IssuePast Issues
- Articles Articles with DataMost Cited ArticlesMost Downloaded Articles
- Special Issues Special IssuesVirtual IssuesCall for Papers
- Issues
- RESOURCES
- Author Guide Manuscript SubmissionPeer Review ProcessProduction ProcessCopyright and LicensingAppeal & Withdraw
- For Guest Editors Proposing Special IssueManaging Special Issue
- Download Center
- Author Guide
您当前的位置:
首页 >
文章列表页 >
Improved Differential Meet-in-the-Middle Attack against Cipher SIMECK
PAPERS | 更新时间:2026-06-17
|
Improved Differential Meet-in-the-Middle Attack against Cipher SIMECK
- ACTA ELECTRONICA SINICA Vol. 54, Issue 4, Pages: 1820-1832(2026)
- 作者机构:
网络空间部队信息工程大学,河南郑州 450001
- 作者简介:
- 基金信息:National Natural Science Foundation of China(62372463;62302518);Young Elite Scientists Sponsorship Program of Henan(2025HYTP036)
DOI:10.12263/DZXB.20251191
CLC: TN918.1;TP309.7Received:03 February 2026,
Accepted:25 March 2026,
Published:25 April 2026
- 稿件说明:
移动端阅览
张奕, 吕广秋, 金晨辉, 等. SIMECK密码的差分中间相遇攻击改进[J]. 电子学报, 2026, 54(04): 1820-1832.
ZHANG Yi, LÜ Guangqiu, JIN Chenhui, et al. Improved Differential Meet-in-the-Middle Attack against Cipher SIMECK[J]. Acta Electronica Sinica, 2026, 54(04): 1820-1832.
张奕, 吕广秋, 金晨辉, 等. SIMECK密码的差分中间相遇攻击改进[J]. 电子学报, 2026, 54(04): 1820-1832. DOI:10.12263/DZXB.20251191
ZHANG Yi, LÜ Guangqiu, JIN Chenhui, et al. Improved Differential Meet-in-the-Middle Attack against Cipher SIMECK[J]. Acta Electronica Sinica, 2026, 54(04): 1820-1832. DOI:10.12263/DZXB.20251191
Improved Differential Meet-in-the-Middle Attack against Cipher SIMECK
摘要
Boura等人在CRYPTO 2023上提出的差分中间相遇分析(Differential Meet-in-the-middle Cryptanalysis,DMC)是一种基于中间相遇思想实施差分攻击的新型密码分析方法。凭借概率扩展(Probabilistic Extension,PE)、限制条件(Imposed Condition,IC)与并行分割(Parallel Partition,PP)技术在降低时间、数据复杂性与扩展攻击轮数上的优势,差分中间相遇攻击已在多个采用线性密钥生成算法的分组密码上取得了显著效果。然而,目前的DMC还存在两点不足:一是概率扩展后的差分区分器概率
<math id="M1"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mo>-</mo><msup><mrow><mi>p</mi></mrow><mrow><mi>'</mi></mrow></msup></mrow></msup></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579061&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579046&type=
3.72533321
2.53999996
经常小于
<math id="M2"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mn mathvariant="normal">2</mn><mo>-</mo><mi>n</mi></mrow></msup></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579062&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579047&type=
4.91066647
2.45533323
(
<math id="M3"><mi>n</mi></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579076&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579048&type=
1.60866666
2.28600001
是密码的分组规模),会导致限制条件技术失效而无法将攻击的数据复杂性维持在非全码本(全码本攻击通常被认为是无效攻击)。虽然已有工作使用明文结构缓解这个问题,但其并没有与并行分割技术很好结合。二是受SIMECK密码中非线性密钥生成算法的影响,近期关于此密码的DMC无法有效恢复主密钥。具体来说,这些工作只恢复了轮次分散的子密钥,导致进一步推导主密钥的代价超出上界。围绕上述两
个问题,本文提出了基于尾接技术的DMC模型。此模型不再按照密码算法头尾来分割待恢复的密钥,而是将尾部的部分密钥视作头部密钥,使攻击中头部轮数减少而尾部轮数增加,从而获得三重优势:一是头部轮数减少会导致差分扩散不充分,便于使用明文结构降低攻击的数据复杂性;二是将更多的被分割密钥集中在密码算法尾部的连续轮,显著降低了推导主密钥的代价;三是利用尾部相邻子密钥间更清晰的制约关系提前排除掉不可能的密钥穷举值。基于上述模型,本文能够有效结合明文结构与并行分割技术,不仅解决了原有攻击在
<math id="M4"><mi>n</mi><mo>-</mo><mn mathvariant="normal">1</mn><mo>></mo><msup><mrow><mi>p</mi></mrow><mrow><mi>'</mi></mrow></msup><mo>></mo><mi>n</mi><mo>-</mo><mn mathvariant="normal">2</mn></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579084&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579063&type=
19.64266586
3.13266683
时无法实现非全码本复杂性的问题,还提升了DMC对于采用非线性密钥生成算法的密码的分析能力。作为应用,本文分别提出了对23轮SIMECK32、31轮SIMECK48和41轮SIMECK64的主密钥恢复攻击。据我们所知,在所有能够恢复主密钥的差分攻击中,本文对SIMECK三个版本的攻击均是轮数最长的攻击。
Abstract
Differential meet-in-the-middle cryptanalysis (DMC)
proposed by Boura et al. at CRYPTO 2023
is a novel method to mount differential attacks based on the meet-in-the-middle idea. Benefiting from the advantages of the probabilistic extension (PE)
imposed condition (IC) and parallel partition (PP) techniques in reducing time and data complexities and extending attack rounds
differential meet-in-the-middle attacks have achieved significantly improved results on many block ciphers employing linear key schedules. However
two limitations of the existing DMC remain. Firstly
the probability of the differential distinguisher under PE
denoted by
<math id="M5"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mo>-</mo><msup><mrow><mi>p</mi></mrow><mrow><mi>'</mi></mrow></msup></mrow></msup></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579061&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579046&type=
3.72533321
2.53999996
is often below
<math id="M6"><msup><mrow><mn mathvariant="normal">2</mn></mrow><mrow><mn mathvariant="normal">2</mn><mo>-</mo><mi>n</mi></mrow></msup></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579062&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579047&type=
4.91066647
2.45533323
(where
n
is the block size)
causing the IC technique to fail to maintain the non-full-codebook data complexity—a scenario usually deemed invalid for attacks. Although the plaintext structure technique has been adopted in some studies as a mitigation
its integration with the PP technique remains inadequate. Secondly
owing to the nonlinear key schedule of the SIMECK cipher
recent DMC attacks have been unable to recover the master key effectively. Specifically
these attacks only recover round keys with scattered round numbers
making the cost of deriving the master key unacceptable. Motivated by the two issues above
this paper introduces a new DMC model based on the tail-jointing technique. Rather than partitioning the key bits to be enumerated according to position
this mode
l treats some tail key bits as head key bits
yielding fewer head rounds and more tail rounds
thereby offering three advantages. First
fewer head rounds cause insufficient differential diffusion
enabling the use of plaintext structures to reduce data complexity. Second
more key bits concentrated in consecutive tail rounds significantly lowers the cost of master key derivation. Third
more explicit constraints between adjacent tail key bits enable early elimination of impossible enumerations. Based on the above model
this paper effectively integrates the plaintext structure technique with the PP technique to achieve non-full-codebook data complexity when
<math id="M7"><mi>n</mi><mo>-</mo><mn mathvariant="normal">1</mn><mo>></mo><msup><mrow><mi>p</mi></mrow><mrow><mi>'</mi></mrow></msup><mo>></mo><mi>n</mi><mo>-</mo><mn mathvariant="normal">2</mn></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579084&type=
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=110579063&type=
19.64266586
3.13266683
and strengthens DMC’s effectiveness in analyzing ciphers that adopt a nonlinear key schedule. As an application
this paper proposes master key recovery attacks on 23-round SIMECK32
31-round SIMECK48
and 41-round SIMECK64
respectively. As far as we know
among all differential attacks capable of recovering master keys
our attacks on the three versions of SIMECK achieve the longest rounds.
关键词
Keywords
references
Diffie W , Hellman M E . Special feature exhaustive cryptanalysis of the NBS data encryption standard [J ] . Computer , 1977 , 10 ( 6 ): 74 - 84 . DOI: 10.1109/c-m.1977.217750 http://dx.doi.org/10.1109/c-m.1977.217750
Biham E , Shamir A . Differential cryptanalysis of DES-like cryptosystems [J ] . Journal of Cryptology , 1991 , 4 ( 1 ): 3 - 72 . DOI: 10.1007/bf00630563 http://dx.doi.org/10.1007/bf00630563
Boura C , David N , Derbez P , et al . Differential meet-in-the-middle cryptanalysis [C ] // Proceedings of 43rd Annual International Cryptology Conference on Advances in Cryptology - CRYPTO 2023 . Cham : Springer , 2023 : 240 - 272 . DOI: 10.1007/978-3-031-38548-3_9 http://dx.doi.org/10.1007/978-3-031-38548-3_9
Ahmadian Z , Khalesi A , M'Foukh D , et al . Improved differential meet-in-the-middle cryptanalysis [C ] // Proceedings of 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology - EUROCRYPT 2024 . Cham : Springer , 2024 : 280 - 309 . DOI: 10.1007/978-3-031-58716-0_10 http://dx.doi.org/10.1007/978-3-031-58716-0_10
Song Ling , Liu Huimin , Yang Qianqian , et al . Generic differential key recovery attacks and beyond [C ] // Proceedings of 30th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology - ASIACRYPT 2024 . Singapore : Springer , 2024 : 361 - 391 . DOI: 10.1007/978-981-96-0941-3_12 http://dx.doi.org/10.1007/978-981-96-0941-3_12
M’Foukh D , Naya-Plasencia M , Neumann P . The state-test technique on differential attacks: A 26-round attack on CRAFT and other applications [C ] // Proceedings of 31st International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology - ASIACRYPT 2025 . Singapore : Springer , 2025 : 253 - 284 . DOI: 10.1007/978-981-95-5018-0_9 http://dx.doi.org/10.1007/978-981-95-5018-0_9
Demirci H , Selçuk A A . A meet-in-the-middle attack on 8-round AES [C ] // Proceedings of 15th International Workshop , FSE 2008 on Fast Software Encryption . Berlin : Springer , 2008 : 116 - 126 . DOI: 10.1007/978-3-540-71039-4_7 http://dx.doi.org/10.1007/978-3-540-71039-4_7
Li Rongjia , Jin Chenhui . Meet-in-the-middle attacks on 10-round AES-256 [J ] . Designs, Codes and Cryptography , 2016 , 80 ( 3 ): 459 - 471 . DOI: 10.1007/s10623-015-0113-3 http://dx.doi.org/10.1007/s10623-015-0113-3
Beaulieu R , Shors D , Smith J , et al . The SIMON and SPECK lightweight block ciphers [C ] // Proceedings of the 52nd Annual Design Automation Conference . New York : ACM , 2015 : 2747946 . DOI: 10.1145/2744769.2747946 http://dx.doi.org/10.1145/2744769.2747946
Yang Gangqiang , Zhu Bo , Suder V , et al . The Simeck family of lightweight block ciphers [C ] // Proceedings of 17th International Workshop on Cryptographic Hardware and Embedded Systems -- CHES 2015 . Berlin : Springer , 2015 : 307 - 329 . DOI: 10.1007/978-3-662-48324-4_16 http://dx.doi.org/10.1007/978-3-662-48324-4_16
Kölbl S , Leander G , Tiessen T . Observations on the SIMON block cipher family [C ] // Proceedings of 35th Annual Cryptology Conference on Advances in Cryptology -- CRYPTO 2015 . Berlin : Springer , 2015 : 161 - 185 . DOI: 10.1007/978-3-662-47989-6_8 http://dx.doi.org/10.1007/978-3-662-47989-6_8
Matsui M . Linear cryptanalysis method for DES cipher [C ] // Proceedings of Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology - EUROCRYPT '93 . Berlin : Springer , 1993 : 386 - 397 . DOI: 10.1007/3-540-48285-7_33 http://dx.doi.org/10.1007/3-540-48285-7_33
Liu Zhengbin , Li Yongqiang , Wang Mingsheng . Optimal differential trails in SIMON-like ciphers [J ] . IACR Transactions on Symmetric Cryptology , 2017 , 2017( 1 ): 358 - 379 . DOI: 10.46586/tosc.v2017.i1.358-379 http://dx.doi.org/10.46586/tosc.v2017.i1.358-379
Leurent G , Pernot C , Schrottenloher A . Clustering effect in Simon and Simeck [C ] // Proceedings of 27th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology - ASIACRYPT 2021 . Cham : Springer , 2021 : 272 - 302 . DOI: 10.1007/978-3-030-92062-3_10 http://dx.doi.org/10.1007/978-3-030-92062-3_10
Niu Chao , Li Muzhou , Zhang Jifu , et al . Improved differential and linear cryptanalysis on round-reduced SIMON [EB/OL ] . ( 2025-02-06 )[ 2026-02-03 ] . https://eprint.iacr.org/2025/178 https://eprint.iacr.org/2025/178 . DOI: 10.1007/s10623-026-01827-9 http://dx.doi.org/10.1007/s10623-026-01827-9
成磊 , 沈璇 , 任传伦 . 广义类CLEFIA动态密码结构抵抗差分和线性密码分析的安全性评估 [J ] . 电子学报 , 2024 , 52 ( 8 ): 2571 - 2580 .
Cheng Lei , Shen Xuan , Ren Chuanlun . Security evaluation of generalized CLEFIA-like dynamic cipher structures against differential and linear cryptanalysis [J ] . Acta Electronica Sinica , 2024 , 52 ( 8 ): 2571 - 2580 . (in Chinese)
刘帅 , 任小广 , 王世雄 , 等 . 基于MILP的轻量级密码算法ACE与SPIX的线性分析 [J ] . 电子学报 , 2024 , 52 ( 9 ): 3065 - 3074 .
Liu Shuai , Ren Xiaoguang , Wang Shixiong , et al . Linear analysis of lightweight cipher ACE and SPIX based on mixed-integer linear programming [J ] . Acta Electronica Sinica , 2024 , 52 ( 9 ): 3065 - 3074 . (in Chinese)
Deng Weiqing , Zhang Jianing , Wang Haoyang . Improved differential meet-in-the-middle cryptanalysis on SIMON and Piccolo [C ] // Proceedings of 30th Australasian Conference, ACISP 2025 on Information Security and Privacy . Singapore : Springer , 2025 : 78 - 97 . DOI: 10.1007/978-981-96-9095-4_5 http://dx.doi.org/10.1007/978-981-96-9095-4_5
Chakraborty D , Sahoo S , Nguyen P H , et al . An automated model to search for differential meet-in-the-middle attack: Applications to AndRX ciphers [EB/OL ] . ( 2025-07-07 )[ 2026-02-03 ] . https://eprint.iacr.org/2025/1249 https://eprint.iacr.org/2025/1249 . DOI: 10.1038/s41598-026-41390-w http://dx.doi.org/10.1038/s41598-026-41390-w
Wang Ning , Wang Xiaoyun , Jia Keting , et al . Differential attacks on reduced SIMON versions with dynamic key-guessing techniques [J ] . Science China Information Sciences , 2018 , 61 ( 9 ): 098103 . DOI: 10.1007/s11432-017-9231-5 http://dx.doi.org/10.1007/s11432-017-9231-5
Michel B , M'Foukh D , Naya-Plasencia M . Differential meet-in-the-middle attacks on Feistel ciphers [EB/OL ] . ( 2025-10-13 )[ 2026-02-03 ] . https://eprint.iacr.org/2025/1911 https://eprint.iacr.org/2025/1911 .
Hao Yonglin , Meier W . Truncated differential based known-key attacks on round-reduced SIMON [J ] . Designs, Codes and Cryptography , 2017 , 83 ( 2 ): 467 - 492 . DOI: 10.1007/s10623-016-0242-3 http://dx.doi.org/10.1007/s10623-016-0242-3
Lee J K , Koo B , Kim W H . A general framework for the related-key linear attack against block ciphers with linear key schedules [C ] // Proceedings of 26th International Conference on Selected Areas in Cryptography - SAC 2019 . Cham : Springer , 2019 : 194 - 224 . DOI: 10.1007/978-3-030-38471-5_9 http://dx.doi.org/10.1007/978-3-030-38471-5_9
Zhang Yi , Zhang Kai , Cui Ting . Related-key zero-correlation linear attacks on block ciphers with linear key schedules [J ] . Chinese Journal of Electronics , 2024 , 33 ( 3 ): 672 - 682 . DOI: 10.23919/cje.2022.00.419 http://dx.doi.org/10.23919/cje.2022.00.419
Kondo K , Sasaki Y , Todo Y , et al . Analyzing key schedule of SIMON: Iterative key differences and application to related-key impossible differentials [C ] // Proceedings of 12th International Workshop on Security on Advances in Information and Computer Security . Cham : Springer , 2017 : 141 - 158 . DOI: 10.1007/978-3-319-64200-0_9 http://dx.doi.org/10.1007/978-3-319-64200-0_9
Su Ruitao , Ren Jiongjiong , Chen Shaozhen . Improved framework of related-key differential neural distinguisher and applications to the standard ciphers [EB/OL ] . ( 2025-03-23 )[ 2026-02-03 ] . https://eprint.iacr.org/2025/537 https://eprint.iacr.org/2025/537 . DOI: 10.1109/jiot.2026.3671705 http://dx.doi.org/10.1109/jiot.2026.3671705
Song Ling , Yang Qianqian , Liu Huimin . Revisiting the differential meet-in-the-middle cryptanalysis [EB/OL ] . ( 2023-09-01 )[ 2026-02-03 ] . https://eprint.iacr.org/2023/1302 https://eprint.iacr.org/2023/1302 . DOI: 10.1002/9781394256327.ch7 http://dx.doi.org/10.1002/9781394256327.ch7
Qiao Kexin , Hu Lei , Sun Siwei . Differential analysis on Simeck and Simon with dynamic key-guessing techniques [C ] // Proceedings of Second International Conference on Information Systems Security and Privacy . Cham : Springer , 2016 : 64 - 85 . DOI: 10.5220/0005684400740084 http://dx.doi.org/10.5220/0005684400740084
Qin Lingyue , Chen Huaifeng , Wang Xiaoyun . Linear hull attack on round-reduced Simeck with dynamic key-guessing techniques [C ] // Proceedings of 21st Australasian Conference on Information Security and Privacy . Cham : Springer , 2016 : 409 - 424 . DOI: 10.1007/978-3-319-40367-0_26 http://dx.doi.org/10.1007/978-3-319-40367-0_26
Song Ling , Yang Qianqian , Chen Yincen , et al . Probabilistic extensions: A one-step framework for finding rectangle attacks and beyond [C ] // Proceedings of 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology - EUROCRYPT 2024 . Cham : Springer , 2024 : 339 - 367 . DOI: 10.1007/978-3-031-58716-0_12 http://dx.doi.org/10.1007/978-3-031-58716-0_12
查看原文
0
Views
5
下载量
0
CSCD
Alert me when the article has been cited
文章被引用时,请邮件提醒。
提交
Tools
Download
- L-PDFDownload
- Meta-XMLDownload
Export Citation
- BibTeXDownload
- EndnoteDownload
- RefMan Download
- NoteExpressDownload
- NoteFirstDownload
Share
Share with wechat friends or circle of friends
Add to favorites
Add to my album
Publicity Resources
Related Articles
Lightweight Intrusion Detection in the Edge Internet of Things with Dual-Teacher Distillation
An RGB-Event Object Tracking Method Based on Geometry Prior Guidance
A Lightweight Trajectory Prediction Model with a Spatio-Temporal Factorized Encoder and a Heterogeneous Decoder
A Review of Encryption Traffic Analysis Methods Based on Large Language Models
A Highly Integrated and Multi-Mode Single-Stage AC-DC BUCK Converter
Related Author
ZHANG Yi
LV Guangqiu
Related Institution
No data
选择翻译语言
- Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09064830号-19
京公网安备11010802024621 - It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
- Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.
0
Bulk Citation
Export to
BibTeXEndnoteRefManNoteExpressNoteFirst
TOP