Research On New Evaluation Methods Of The Algebraic Properties Of Block Ciphers

Block cipher has fast encryption and decryption speed and is easy to implement and standardize in software and hardware.It is usually the core encryption cipher in environments such as information encryption and message recognition,so it is widely used in various information communication devices.Block ciphers usually designed by multi?output boolean functions,and the security of the block ciphers is closely related to the algebraic properties of multi-output boolean functions.Therefore,the algebraic properties of multi-output boolean functions plays an important role for the security evaluation of block ciphers.In this thesis,the security of block cipher is evaluated by using two security indicators:differential uniformity and algebraic degree.The main results are given below.1.Impossible differential analysis of 16-round LiCi block cipher.LiCi lightweight block cipher is proposed by Patil et al in 2017.In particular,they claimed that "16-round LiCi is able to resist the differential and linear attacks".Using the non-uniformity of the S-box differential distribution,by combining with the idea of meet-in-the-middle,we constructe a 10-round impossible differential distinguisher.On this basis,the encryption and decryption directions are extended to 3 rounds.Using the S-box differential probability and key scheduling algorithm,the key recovery scheme of 16-round LiCi cipher is given.The time complexity requirement of the attack is about 283 V8 times of 16-round encryption,the data complexity is about 259.'6 plaintexts,and the memory complexity is about 276.76 data blocks.It is illustrated that the 16-round reduced LiCi cipher cannot resist the impossible differential attack.2.Two 6-round impossible differential distinguishers are constructed for the GIFT block bipher.GIFT is a lightweight block cipher proposed by Banik et al.at the CHES 2017.Based on the structural characteristics of the GIFT cipher and the distribution characteristics of the input and output differences of the S-box,by combining with the idea of meet-in-the-middle,two 6-round impossible differential distinguishers are constructed.This is the longest impossible differential distinguisher currently found compared to the existing results.3.For the block cipher,the maxterm tracking technique is proposed,which is applied to the approximate evaluation of the algebraic degree of PRESENT,GIFT and Keccak ciphers.In the process of approximate evaluation,we track the largest and second largest items in each variable function,and obtain an approximation of the algebraic degree by iterative operations.The approximate evaluation results show that the PRESENT-64-80/128 and GIFT-64/128-128 ciphers reach the maximum algebraic degree 144*/192*,192*/256*in the 15th/20th and 22/20th round(the plaintext and the key are regarded as variables);Keccak-512/384/256/224 reaches the maximum algebraic degree 576*/832*/1088*/1152*in the 13/13/14/15th round.The results show that all rounds of PRESENT,GIFT and Keccak ciphers all have some security redundancy.(Note:",a*" means the value is a or a-1)...