Research On Impossible Cryptanalysis Of Two Tweakable Block Ciphers

The block cipher is an important branch of cryptography.It is widely used in the field of information security.In today's era of rapid development of computer and network communications,block ciphers serve as the core technology and foundation for ensuring network and information security,and they play a key role that other technical measures cannot substitute in the areas such as message identification,identity authentication,security isolation,key management,data integrity protection,non-repudiation and so on.The block cipher is usually encrypted as a?mode of operation?in system applications.When the key is a fixed secret value,once the algorithm has a security threat,the security of the entire cryptographic system is difficult to guarantee.In order to increase the variability of the cryptographic algorithm,making the cipher algorithm adapt to the hardware and software performances of the terminal equipment,for example,energy,storage and computing power,a new block cipher concept—tweakable block cipher generated and then becoming one of the hot topics for cryptographers.This dissertation mainly focuses on the research of the tweakable block cipher algorithms.We study the two tweakable ciphers--SKINNY and Deoxys-BC.By utilizing the properties of the basic components of cryptographic algorithms such as S-boxes and the properties of tweakey schedule,combining with parallel technique and early-abort technique,we analyze their abilities to resist impossible differential attacks.The main contributions of this dissertation are as follows:1.Impossible differential cryptanalysis of SKINNY.Frist,we find 16 truncated impossible differentials with the longest length of SKINNY that reaching 11 rounds by using miss-in-the-middle technique,when there is one active cell in the input and output of the distinguisher.Second,we choose one of the truncated impossible differentials and present an impossible-differential analysis on 20-rounds SKINNY-64-128 under the single-key conditions.We utilize the properties of the S-box difference and the properties of the Mixcolumn operation of SKINNY to perform key guessing,derive some linear relationships between subtweakeys combining the"periodical property"in the tweakey schedule,and reduce the number of subtweakeys needed to be guessed during the analysis from 45 to 33.Finally,the parallel attack technique and early abort technique are used to effectively reduce the time complexity of the attack.Our attack requires 2²⁹ chosen plaintexts and 2⁹⁴ nibbles of memory and performs 2^119.3SKINNY encryptions.Compared with the existing results of SKINNY impossible differential analysis,the number of chosen plaintexts and time complexity have improved.2.Impossible differential cryptanalysis of Deoxys-BC.In this dissertation,we use the miss-in-the-middle technique to find a 4-round impossible-differential distinguisher and then construct and optimize the impossible differential attack path.By exploiting the parallel attack and early abort technique,combined with the properties of S-box and MixColumns operation,we present a impossible-differential attack against 8-round Deoxys-BC-256.At the same time,by analyzing the tweakable key schedule,4 key sets with linear relationships are extracted from the subtweakey involved in the attack,thereby reducing the number of tweakable key bytes to be guessed from 20 to 16,and this effectively reduces the number of guessed keys.Our attack requires 2^106.6 chosen plaintexts,2⁷7.67.6 bytes of memory and 2^108.1 encrytions.It is the first attempt to perform impossible differencial cryptanalysis of Deoxys-BC-256.