Research On The Meet-in-the-middle Attacks Against Several AES-like Block Ciphers

Block cipher is one of the important research directions of modern cryptography.In many cryptosystems,block cipher is a key part of system security.Block ciphers have advantages such as simple structure,high security,and easy standardization,so they are widely used in data encryption and message authentication codes.Designed by Belgian scholars,AES is regarded as the advanced data encryption standard in 2001.AES is designed based on the Wide Trail Strategy and can resist traditional differential and linear attacks well.Since AES was proposed,cryptographers have designed a large number of AES-like block ciphers,which have the advantages of flexible design,simple structure and easy to implement software and hardware as AES.In recent years,AES-like tweakable block cipher developed rapidly,and its design method and security analysis received much attention and research.The meet-in-the-middle attack is an effective attack against AES-like block ciphers.In this dissertation,we mainly study the meet-in-the-middle attack of AES-like block ciphers.By analyzing AES and three tweakable block ciphers with authentication and encryption function,we give several new results of the meet-in-the-middle attack.The results show that the complexity of these attacks is improved or the number of rounds against the meet-in-the-middle attack is increased.This dissertation mainly introduces the following results:1 We study the round key constraint relation of AES-192 to improve 9-round AES-192 meetin-the-middle attack.Previously,the best result of AES-192 meet-in-the-middle attack was proposed by Li et al in FSE 2014.By using the restriction relation between internal keys of AES-192,a 5-round meet-in-the-middle distinguisher was constructed to reduce the complexity of prediction.The result of 9-round AES-192 meet-in-the-middle attack was presented for the first time in the single-key setting.We further reseach the key expansion algorithm of AES-192,and take advantage of its defects and the characteristics of the round function transformation to find a new truncated differential characteristic and improve the result by using several distinguishers in parallel.In order to further reduce the complexity of the attack,we use a technique called data/time/memory tradeoff approach to optimize the results of the attack.The result shows that the time complexity and data complexity of the new attack are improved.This is the best meet-in-themiddle attack result of AES-192 known so far.2 We analyze the tweak properties of Kiasu-BC and the relationship between round keys generated by the key expansion algorithm,and optimize the results of 8-round Kiasu-BC meet-inthe-middle attack.Kiasu-BC is an internal tweakable block cipher of authenticated encryption algorithm Kiasu as one of first-round candidates in the CAESAR competition.Kiasu-BC is designed as the most concise tweakable block cipher based on the AES-128 round function.Compared with AES-128,Kiasu-BC adds a public tweak parameter.By studying the structural characteristics of Kiasu-BC,we construct a more effective 5-round meet-in-the-middle distinguisher by making use of the characteristics of the freedom of the tweak and the key expansion algorithm.We finally improve the 8-round Kiasu-BC meet-in-the-middle attack combined with the difference enumeration technique to reduce the complexity of the precomputation complexity.3 We utilise the freedom of the tweak of Joltik?BC and tweakey expansion algorithm to implement 9-round Joltik?BC?64?64 and 11-round Joltik?BC?128?64 meet-in-the-middle attack.Joltik?BC is an internal tweakable block cipher of the authenticated encryption algorithm Joltik,which was a second?round finalist in the CAESAR competition.In this dissertation,we mainly study the security of Joltik?BC under meet-in-the-middle attack.By analyzing the tweakey expansion algorithm of Joltik?BC,the subtweakey difference cancelation was obtained and applied to the meet-in-the-middle attack path.The round number is increased and the complexity is reduced by taking advantage of the freedom of the tweak and the subtweakey difference cancelation to construct a 6-round meet-in-the-middle distinguisher to realise 9-round Joltik?BC?64?64meet-in-the-middle attack.For Joltik?BC?128?64,we construct a 7-round meet-in-themiddle distinguisher for the first time in the same way,and obtain 11-round Joltik?BC?128?64meetin-the-middle attack.4 We consider the linear relation of the round transformation of Deoxys-BC,use the correlation of the subtweakey generated by the tweakey expansion algorithm and give the meetin-the-middle attack against Deoxys-BC by controlling the tweak difference.Deoxys-BC is an internal tweakable block cipher of the authenticated encryption algorithm Deoxys,which is a thirdround finalist in the CAESAR competition.We mainly study the meet-in-the-middle attack against Deoxys-BC.Using the freedom of the tweak and the subtweakey difference cancelation property,we construct a 6-round meet-in-the-middle distinguisher,and apply them to realize 9-round Deoxys-BC-128-128 meet-in-the-middle attack.Deoxys-BC-256-128 is another version of Deoxys-BC,and its structure and properties are the same as Deoxys-BC-128-128.Accordingly,we construct a 7-round distinguisher for the first time to implement 11-round Deoxys-BC-256-128meet-in-the-middle attack.