Study On Related-key Impossible Boomerang Cryptanalysis Of Lightweight Block Cipher

With the rapid development of information technology,the security of data processing,data transmission and data storage is facing a huge threat.Cryptography plays a more important role as a fundamental basis of information security.As one of the core contents of cryptography,block ciphers are used widely.With the growing resource-constrained devices used in computing research area,the traditional block ciphers will not meet its requirements because of high power consumption.Therefore,lightweight block ciphers which are not only suitable for resource-constrained environments but also ensure security have received a lot of attention.Block ciphers have been considered to resist existing cryptanalysis methods at the beginning of the design,such as differential cryptanalysis,linear cryptanalysis,and so on.In order to guarantee the security of block ciphers,it is necessary to analyze them further.Therefore,the method combined multiple attacks becomes the mainstream of cryptanalysis.Related-key impossible boomerang cryptanalysis is a new attack,which is a combination of differential cryptanalysis,related-key attack and boomerang attack.It uses the main idea of impossible differential attack with a structure similar to boomerang attack.We treat a block cipher E as the product of two sub-ciphers that is₀E?E₁.The distinguisher is composed of four related-key differentials with probability 1,and the XOR of the middle differences of these differentials is not equal to 0.When formulating a distinguisher,we have more flexibility in choosing the differentials for₀Eand₁E,so we may break more rounds of block ciphers.The thesis focuses on related-key impossible boomerang attack on lightweight block ciphers,which contains a new algorithm to research the related-key impossible boomerang distinguishers for some block ciphers and the related-key impossible boomerang cryptanalysis of LBlock.The details of research are described as follows.Based on an improved algorithm searching the impossible boomerang paths,a new algorithm is proposed for searching the related-key impossible boomerang paths which works in a related-key attack scenario,and it is applied to LBlock.The search algorithm that we proposed is applicable to these block ciphers with generalized Feistel structure or the one which can be converted into generalized Feistel structure,decryption matrix and encryption matrix satisfying 1-property,and bijective round function.Using this algorithm the maximum length of related-key impossible boomerang paths can be found for some block ciphers,which provides a better evaluation of the security of block ciphers and improves the efficiency of cryptanalysis greatly.According to the weakness of the key schedule algorithm in LBlock,a new 15-round related-key impossible boomerang distinguisher is constructed.Based on the new distinguisher,an attack on 22-round LBlock is mounted successfully by concatenating3-round to the beginning and 4-round to the end.The attack on 22-round LBlock requires data complexity of only2^51.3plaintexts and computational complexity of about2^71.5422-round encryptions,and a total of 65 bits key can be restored.Then,using the search algorithm proposed in this thesis we get a 16-round related-key impossible boomerang paths.Based on this distinguisher,an attack on 23-round LBlock is mounted by concatenating 3-round to the beginning and 4-round to the end,which requires data complexity of only2⁴⁸plaintexts and computational complexity of about2^72.5723-round encryption,and a total of 57 bits key can be restored.Compared with published cryptanalysis results on LBlock,our attack has great advantages on data and computational complexities.