| With the rapid development of society's informatization,information security has become a more and more important issue.Cryptography,of which there is a massive increase in the public use,is a means of solving the issue.And the massive use has led to a large amount of work attempting to put cryptography on a firm scientific footing.As a crucial branch of cryptography research,block ciphers,featured by high calculation efficiency and software and hardware friendliness,have become a wide-ly used component in the field of security of information system.Thus,the dis-cussions surrounding the security of block ciphers have always been a hot topic in academia.The integral attack is an important cryptanalytic technique for symmetric-key primitives.The integral attack against a block cipher can be divided into two main phases:(1)deducing an integral characteristic;(2)utilizing the integral characteristic to recover key bits.We focus on the second phase,and we give new integral cryptanalysis methods,as follows:(1)dynamic key-guessing techniques in integral cryptanalysis;(2)improved integral attacks without full codebook.· Dynamic Key-Guessing Techniques in Integral CryptanalysisDynamic key-guessing techniques,which exploit the property of AND opera-tion,could improve the differential and linear cryptanalytic results by reducing the number of guessed subkey bits and lead to good cryptanalytic results for SI-MON.They have only been applied in differential and linear attacks as far as we know.In this thesis,dynamic key-guessing techniques are first introduced in inte-gral cryptanalysis.According to the features of integral cryptanalysis,we extend dynamic key-guessing techniques.Furthermore,we apply dynamic key-guessing techniques to the calculation of ?xf(x,k)·V[x],where f(x,k)is a boolean func-tion of text variable x and key variable k,and V[x]are counters for text variable x.The basic idea is as follows.Guess key bits on one side of AND operation,then split the texts into several sets according to guessed values.In the set which satisfies that the other side is nullified,there is no need to guess key bits on the other side,which reduces the average number of guessed key bits.Accordingly,we get better integral cryptanalysis results than before.In this thesis,we present integral attacks on 24-round SIMON32,24-round SIMON48/72 and 25-round SIMON48/96.In terms of the number of attacked rounds,all of these results can cover two more rounds than previously known integral attacks.Our attack on SIMON32 is better than any previously known attacks,and our attacks on SIMON48 are the same as the best attacks.·Improved Integral Attacks without Full CodebookIn integral attacks,adversaries usually append some rounds after the distin-guisher,guess the corresponding key bits and check whether the target bits are balanced.Few works add rounds before the distinguisher to make a key recovery attack.In the first full-round attack on MISTY1,Todo adds one FL layer(key-dependent linear function)before the distinguisher.In this thesis,we extend his method and give a general method,which we can use to extend some rounds(nonlinear)before the distinguisher to attack more rounds with data complexity smaller than the whole space and little extra time consumption.The basic idea is that for different subkeys guessed in the forward rounds,we set different constant values for the input of the distinguisher.Finally,the selected data space is not full.For SPNs(Feistel with SPN round function)structures with 4-bit S-box and bit permutation,we estimate the data complexity when adding one round be-fore the distinguishers for all 4-bit S-boxes,which can be regarded as a dis-cussion of 4-bit S-box on the perspective of integral cryptanalysis.Using the method,we present attacks on 13-round PRESEN-80,14-round PRESEN-128,11-round RECTANGLE-80,13-round RECTANGLE-128,24-round LBlock,24-round TWINE-80 and 25-round TWINE-128.Our results can cover one more round than previously known integral attacks. |
PDF Full Text Request