Study On Related-Key Impossible Differential Cryptanalysis Of Block Ciphers

With the development of the Internet of things and computer technology, information security is becoming increasingly prominent. As an important foundation of information security cryptography technology also has gotten people's widespread concern. The traditional block cipher algorithm is not suitable for extremely constrained environments, therefore, lightweight block ciphers which not only pursue efficiency but also ensure security are proposed. And they have become research focuses in current cryptography.Impossible differential attack is a variant of differential attack. The main idea of the attack is to use the differentials with probability of 0 to filter out these wrong keys to get the correct key. The related-key impossible differential attack is a method combining related-key attack with impossible differential attack.In this thesis, we study on the security analysis of block ciphers, focusing on related-key impossible differential attack of block ciphers, which involves a new algorithm to search the related-key impossible differential paths for some block ciphers and the related-key impossible differential analysis of LBlock. The specific research results include the following aspects.We propose a new algorithm to search the related-key impossible differential paths for some block ciphers, and we also achieve it by C language. The algorithm we proposed is suitable for these block ciphers which round function is bijective, the encryption matrix and decryption matrix are 1-property matrix, and the block cipher structure is generalized Feistel structure or can be converted to generalized Feistel structure. Through this method we can compute the maximum length of the related-key impossible differential paths for some block cipher, which provides a better and stronger protection for further analysis of block ciphers. Taking LBlock for example in this thesis, we present how to use the new algorithm to search the related-key impossible differential paths.On the basis of analyzing the weakness of key schedule of LBlock, we construct the first related-key impossible differential paths, which are?0000 0000,0000 0000? ????0000 0000,0000 0000?. And we mount a related-key impossible differential attack on 24-roundLBlock using new 16-round related-key impossible differentials by adding 4 rounds at the top and 4 rounds at the bottom of the 16-round related-key impossible differential path. The data and time complexities are about 2⁶³ chosen plaintexts and 2^75-42 24round encryptions respectively. We can recover 60-bit keys and the left bits of the master key can be recovered by exhaustive searches.Through the algorithm proposed in this thesis we get the second18-round related-key impossible differential paths, which are?0000 0000,0000 0004? ????0000 0000,0000 0000?. And we mount a related-key impossible differential attack on 26-round LBlock using these new 18-round related-key impossible differentials by adding 4 rounds at the top and 4 rounds at the bottom of the 18-round related-key impossible differential path. The data and time complexities are about 2⁶³ chosen plaintexts and 2^61.7 26-round encryptions respectively. We can recover 60-bit keys and the left bits of the master key can be recovered by exhaustive searches.