New Construction Of Distinguishers And Its Application In Analysis Of Block Ciphers

Block cipher which belongs to symmetric ciphers is an important branch of modern cryptology. Since its many attractive features such as high rates for encryption and decryption, easiness for standardization, and efficiency for implementation, easy evaluation for main security parameters and so on, block cipher has become one of the most widely used encryption algorithms in modern communication and information system.The research of block ciphers generally includes two parts: the design techniques of block ciphers and the security analysis of block ciphers. The techniques for cryptanalysising block ciphers (or the attacking techniques on block ciphers) are always an active research subject. General attack strategy for block ciphers has two steps. Step1: build a distinguisher, i.e., try to find out a non-random property of the block ciphers. Step2: recover round keys, i.e., use the distinguishers to recover full or partial round secret keys. How to obtain some effective distinguishers is very important to the cryptanalysis of block ciphers. The dissertation investigates some new attacks on the family of FOX block ciphers, Advanced Encryption Standard (AES), and SHACAL-2 algorithm by constructing some new distinguishers. The contributions of the dissertation are outlined as follows:1. Impossible differential cryptanalysis of the family of FOX encryption algorithm.(1) A new 4-round impossible differential distinguisher is constructed by using the properties of round function of FOX128. From this distinguisher, an attack on the 5-round FOX128 is presented.(2) Similarly, a new 4-round distinguisher is constructed by using the properties of round transformation of FOX64. From this distinguisher, some new attacks on the 5, 6, 7-round FOX64 are presented, respectively.2. New related-key rectangle attacks on AES.(1) A new 7-round related-key rectangle distinguisher is constructed by exploiting the weakness in the key schedule of AES-192. Based on this distinguisher and a technique of guessing a single byte, we propose a new attack on the 9-round AES-192.(2) Similarly, a new 8-round related-key rectangle distinguisher is constructed by exploiting the weakness in the key schedule of AES-256. Based on this distinguisher, we also propose a new attack on the 10-round AES-256.(3) An improvement on the 10-round reduced AES-192 attack from FSE2007 is made to reduce both the data complexity and the time complexity. 3. New related-key rectangle attacks on SHACAL-2.(1) A new 34-round related-key rectangle distinguisher is constructed by exploiting the properties of the round transformation of SHACAL-2. Moreover, two new relate-key rectangle attacks on the 40-round and 42-round SHACAL-2 are respectively presented by using the distinguisher and a technique of key-byte guessing.(2) Similarly, a new 35-round related-key rectangle distinguisher is constructed by exploiting the properties of the round transformation of SHACAL-2. Finally, a new relate-key rectangle attack on the 44-round reduced SHACAL-2 is presented by using the distinguisher.4. Differential-linear attack on AES.A 4-round differential-linear distinguisher is proposed by using the special properties of the S-box and MC operations of AES. This distinguisher is then used to attack on the 7-round AES-192 and 7-round AES-256, which, as far as the author knows, is the the first known differential-linear attacks on the 7-round AES-192 and 7-round AES-256 in a single key attack scenario.5. Differential collision attack on 8-round AES.A new 5-round distinguisher for AES is presented by using the properties of its round transformation. Some new differential collision attacks on the 7-round AES-192, 8-round AES-192, and 8-round AES-256 in a single key attack scenario are respectively presented by exploiting the distinguisher and a time-memory tradeoff.