摘要: |
在CHES2011国际会议上,轻量级分组密码算法LED被郭等人提出,该密码算法具有硬件实现规模小,加解密速度快等优点,因而备受业界关注。目前设计者给出了单密钥攻击模型下LED算法活跃S盒个数的下界,以评估其抵御经典差分密码分析的能力。然而,相关密钥攻击模型下LED算法抵御差分密码分析的能力仍有待进一步解决。本文基于LED密码算法的结构及密钥编排特点,结合面向字节的自动化搜索方法,构建了适用于相关密钥差分分析的混合整形规划(MILP)搜索模型。研究结果表明:全轮LED-64至少存在100个活跃S盒,全轮LED-128至少存在150个活跃S盒;15轮简化LED算法足以抵抗相关密钥差分分析。此外,针对多种变体的LED密钥编排方法进行了测试,找到了一些新的密钥编排方案,并使LED算法具有最佳能力抵御相关密钥差分分析。 |
关键词: 混合整数规划(MILP) 活跃S盒 相关密钥差分分析 LED算法 |
DOI:10.19363/J.cnki.cn10-1380/tn.2020.01.04 |
Received:August 07, 2019Revised:November 11, 2019 |
基金项目:本课题得到国家自然科学基金(No.61572148,No.61872103);广西重点研发计划(桂科No.AB18281019);广西自然科学基金(No.2018GXNSFAA294036);广西研究生教育创新计划资助项目(No.YCBZ2018051);桂林电子科技大学研究生科研创新项目(No.2018YJCX45)资助。 |
|
Related-key Differential Attack on lightweight block cipher LED |
FAN Ting,WEI Yongzhuang,WU Xiaonian,ZHANG Runlian |
Guangxi Key Laboratory of Wireless Wideband Communication and Signal Processing, Guilin University of Electronic Technology, Guilin 541004, China;Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems, Guilin University of Electronic Technology, Guilin 541004, China;Guangxi Key Laboratory of Wireless Wideband Communication and Signal Processing, Guilin University of Electronic Technology, Guilin 541004, China;Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China;Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China;Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems, Guilin University of Electronic Technology, Guilin 541004, China |
Abstract: |
Lightweight block cipher LED was designed by Guo Jian et al. at CHES 2011. LED has attracted extensive attention because of its small hardware implementation, fast encryption and decryption. Currently, the lower bound of the active S-box of LED under the single key model was given by the designers. This result is helpful for evaluating the ability of resisting differential attack. However, the resistance of LED against differential attack under the related-key model appears to be an unsolved problem. In this paper, the MILP search model of related-key differential attack by basing on the structure and key schedule of LED and combining with the byte-oriented automatic search method is constructed. It is shown that there are at least 100 active S-boxes in full round LED-64, and at least 150 active S-boxes in full round LED-128. It also illustrates that the reduced 15-round of LED can resist to the related-key differential attack. In addition, a variety of variant LED key schedule are checked. Some new key schedule for LED against the related-key differential attack are investigated. |
Key words: mixed-integer linear programming active S-box related-key differential attack LED algorithm |