| Nowadays,with the rapid development of computer network and communication technology,the society becomes more and more dependent on the network.A large number of information is transmitted and stored through the network every day.Human beings are entering a new information age.Therefore,the requirement for information security is higher and higher.In recent years,with the popularization of the Internet of Things,the application scenarios of WSN and FRID technologies are more and more diverse,and these devices are micro-devices with extremely limited computing ability and resources.Traditional block ciphers such as AES,which need to consume a lot of resources,are no longer suitable for this resource-constrained environments.Therefore,the lightweight block cipher,which occupies as little resources as possible,consumes less power,has higher implementation efficiency and can provide enough security,has quickly become a research hotspot in cryptology.The growing maturity of cryptanalysis promotes the rapid development of cryptography,which makes a large number of lightweight block ciphers immune to existing traditional cryptanalysis methods.Therefore,cryptanalysts need to constantly seek new cryptanalysis methods.By combining various cryptanalysis methods,cryptanalysts can select several suitable cryptanalysis methods to combine and attack a cipher algorithm according to the weaknesses of the cipher algorithm,which often leads to better attack results,and also evaluates the security of the cipher algorithm from various angles.The security analysis of lightweight block ciphers can not only find its shortcomings,but also provide a new idea for the design of lightweight block ciphers.After analyzing the characteristics of ESF,especially the properties of S-box and key schedule algorithm,impossible differential cryptanalysis is chosen to analyze the security of ESF.In order to reduce the number of active S-boxes and obtain longer differential characteristic,special master key difference and input difference are selected to construct an 11-round related-key impossible differential distinguisher.Then,an attack on 15-round ESF are mounted for the first time by concatenating 2-round to the beginning and 2-round to the end,which achieves the maximum number of attack rounds on ESF at present.And this attack has a time complexity of 240.5 15-round encryptions and a data complexity of 261.5 chosen plaintexts with 40 recovered key-bit.Compared with the published results,the time complexity of this cryptanalysis is significantly reduced and the data complexity is ideal with the number of attack rounds increased.This cryptanalysis improves the published results from all angles,and verifies the effectiveness of combined attack.By comparing the key schedule algorithms of LBlock and LBlock-s,we found that the key schedule algorithm of LBlock-s has better diffusion property.Therefore,the security analysis of LBlock-s is carried out by combining related-key cryptanalysis,impossible differential cryptanalysis and boomerang cryptanalysis for the first time.This cryptanalysis uses the basic structure of boomerang and combines the idea of related-key impossible cryptanalysis,which fully solve the problem that the key schedule algorithm of the cipher diffuses faster and the available length of the key differential characteristic is shorter.Based on a 15-round related-key impossible boomerang distinguisher,an attack on 22-round LBlock-s is proposed by adding 4-round on the top and 3-round at the bottom,and the time complexity is about only 268.76 22-round encryptions and the data complexity is about 258 chosen plaintexts with 68 recovered key-bit.Compared with the published results,this result solves the problem that the key schedule algorithm of LBlock-s diffuses rapidly,which leads to the poor results by related-key cryptanalysis,and greatly reduces the time complexity,which shows the advantages of combined attack,and provides a new idea for the improvement direction and security analysis of LBlock-s. |
PDF Full Text Request