| With the gradual popularization of intelligent devices,the demand for security performance of new infrastructure such as Internet of things(IoT),wireless sensor network(WSN),5G,cloud computing,big data and artificial intelligence increases rapidly.These infrastructures have very limited requirements on the resource environment,which makes the original block ciphers unable to meet the needs of the new facilities.Therefore,we must consider the new standard algorithm design.In order to protect the above-mentioned emergency area of highly restricted equipment interconnection,National Institute of Standards and Technology(NIST)launched the light-weight symmetric cryptographic algorithm standard solicitation project.By August 2019,a total of 32 algorithms were selected for the second round,and the project is still in progress.Pyjamask algorithm is a lightweight encryption algorithm designed and proposed by Dahmun and Jean et al.It is one of the encryption algorithms selected in the second round of NIST's light-weight symmetric cryptographic algorithm standard solicitation project.The block cipher has two versions of 96 and 128 bit length,which are named as Pyjamask-96 and Pyjainask-128 respectively.Both versions have 128 bits of key length and 14 rounds of encryption.In the design document,the differential analysis of 6-round of Pyjamask-128 algorithm is given,and a 6-round of differential trail is found,but the probability is far lower than 2-128,so the attack complexity is not presented.In addition,the lower bound of the number of active S-boxes in the 1-4 round differential trails is also analyzed.In this paper,we use Simple Theorem Prover constraint solver(STP)to build the automatic search model of differential trails and linear trails.By limiting the number of active S-boxes in the first round to 1,a 4-round differential trail with probability of 2-109 is found by extending the search up and down,which is better than the result in the design document.In the same way,a 4 round linear trail with a deviation of 2-52 is detected.In this paper,we set the 4-round differential trail as the differential distinguisher,and add one round at the end of the tail to attack the 5-round of Pyjamask-128 algorithm with whitening key.The data complexity of the attack is 2111 chosen plaintexts,the time complexity is 279.7 5-round encryptions,and the memory is 260 bytes.In this paper,Boomerang attacked on 6-round Pyjamask-128 is also presented.Based on a 3-round differential trail with a probability of 2-38 and three 2-round differential trails with a probability of 2-24,the data complexity of the final attack is 2126.6 adaptive chosen plaintexts and ciphexts,the time complexity is 296.34 6-round encrytions,and the memory is 258.66 bytes.In the linear attack,we use the last,3-round of the 4-round trail as the linear approximation.The data complexity of the 4-round Pyjamask-128 attack is 285 konwn plaintexts,the time complexity is 2127 4-round encryptions,and the memory is 247.59 bytes. |
PDF Full Text Request