Research On Cryptanalysis Of Block Ciphers Based On Key Expansion Information Leakage

As an important part of cryptography,the symmetric cryptosystem represented by block cipher is the core technology for solving information security problems in cyberspace.The design and analysis of block ciphers complement each other and promote the continuous development of block ciphers.For each newly designed cryptographic algorithm,evaluating its actual security under various analytical methods has been a hot topic in cryptology.This paper starts with the block cipher algorithms and structure with simple linear key expansion,and deeply studies various analysis methods based on key expansion information leakage,including related key-differential classification compound attack,biclique analysis and slide attack under classical computing conditions,and the quantum attack method based on Simon's algorithm,etc.In this way,the security of Piccolo,Deoxys-BC-256,BMD-128 and LED-like algorithms is evaluated,and the ability of two generalized Feistel structures to resist quantum slide attack is analyzed.The main research results have been obtained as follows:1.The security of the lightweight block cipher—Piccolo under the related-key impossible differential attack is studied.Combining the information leakage law presented by the partial periodicity of its key expansion,using the equivalent structure of its round function,combining the plaintext filtering technology,we constructed the distinguishers based on the miss-in-the-middle idea and given the longest related-key impossible differential analysis results of reduced round Piccolo.For the Piccolo with two different key sizes,we respectively present two different attack algorithms,and the complexity required for the attack is lower than the exhaustive analysis,which is better than the existing attack results.The analysis shows that the 15-round Piccolo-80 and the 21-round Piccolo-128 cannot resist the related-key impossible differential attack without the backward whitening key.2.The security of the built-in block cipher algorithm Deoxys-BC-256 of the authentication encryption algorithm Deoxys is analyzed.Making full use of the differential cancellation property of the tweakable key expansion,which is applied to the distinguisher construction phase and the key recovery phase respectively,we construct multiple 5-and 2-round related-tweakey impossible differential distinguishers.Based on this,combining with the idea of divide-and-conquer attack and the properties of the key expansion algorithm and S-box,the related-tweakey impossible differential analysis results of 9-and 10-round Deoxys-BC-256 are given.Among them,the 9-round Deoxys-BC-256 adopts the original parameter key size and tweak size.The key size of the 10-round Deoxys-BC-256 is adjusted to 144 bits,and the tweak size is 112 bits.The various complexity indicators required by the two attack algorithms are superior to the similar analysis results.3.The effect of the related-key rectangle attack on the security of the SDDO structure lightweight block cipher—BMD-128 is studied.By using the weakness of directly using part of the master key as the round key and analyzing the difference characteristics of SDDO structure and SPN structure in the round function of BMD-128 in detail,we constructed multiple low-round high-probability related-key differential paths,and combined them to obtain two related-key rectangle distinguishers.Further,two related-key rectangle attack algorithms are given to analyze the security of full round BMD-128.The attack shows that BMD-128 cannot meet the design security requirements under the related-key rectangle attack.4.The effect of Biclique attack on Piccolo is analyzed.By analyzingthe weaknesses of partially using cyclic shift method in the key expansion of Piccolo,combining with the information leakage law on the structure of Piccolo.We constructed the unbalanced biclique structure and the stars structure,and used the biclique attack method to analyze the security of full round Piccolo.Compared with the existing attack results,the memory complexity is considered,and there are certain optimizations in terms of data complexity and computational complexity.The analysis shows that for the same block cipher,the computational complexity required by using the unbalanced biclique attack is lower than that of the balanced biclique attack,and the stars attack method can be used to recover the master key of the cipher with the lowest data complexity.5.The effect of slide attack on typical structure block cipher is studied.Firstly,based on the idea of classic slide attack and Simon's quantum algorithm,we improved the existing classical and quantum slide attack methods.Then,the LED-like block ciphers of Even-Mansour(E-M)structure are taken as the target algorithms,and the influence of the addition method of round-constants on the security of the algorithm is fully considered.We evaluated and compared the security of such algorithms under classical slide attack and quantum attack.The analysis shows that adding round constants does not completely improve the security of the algorithms.Under the premise of not considering the implementation costs,for LED-like block ciphers,the quantum slide attack can achieve exponential acceleration compared with the classical attack,further indicating that the block cipher algorithms proved to be safe under the classical computing condition is not necessarily safe under the quantum attack condition.In addition,we presented a quantum slide attack method for two generalized Feistel structures CAST-256 and SMS4 with simple key expansion,which further extends the application of quantum slide attack to block cipher algorithms.