Security Analysis Of Lightweight Ciphers Based On Trail Search Model

With the rapid development of information industry,the Internet of Things(Io T)technology has also entered a period of innovation and development.Io T terminals gradually cover every profession and trade,which the number of these terminals is growing rapidly,but they also bring new security challenges.As a way of protecting information,cryptography always plays an important role in the security of Io T.The lightweight cipher scheme has a wide range of applications in terminal equipment encryption and authentication due to its simple structure,high implementation efficiency,and suitability for restricted environments.Therefore,further security analysis of the lightweight cipher is becoming more and more important.Recently,the symmetric cryptanalysis search framework constructed by the trail search tool has been widely used in the security evaluation of encryption schemes and new cryptanalysis results have been given.Based on this background,this thesis comprehensively analyzes the shortcomings between some cryptanalysis methods of lightweight cipher and the construction of trail search models.This thesis devotes to study the improved methods of related cryptanalysis methods based on trail search model to obtain better cryptanalysis results.The main work is as follows:(1)An improved scheme of cube attack based on the division trail propagation model is proposed.The main shortcoming of the recent research is that the high complexity for the recovery of the superpoly.For this problem,this thesis proposes the filter property of the division trail,which can reduce the complexity of evaluating all possible monomials by the propagation of division trail.In order to remove more invalid monomials,we modify the parameters of flag technique in the initialization phase and most invalid division trails can be identified.Finally,the improved scheme is applied to analyze Grain128 a,the validity of the improved scheme is verified.In the recovery of the superpoly of 184-round Grain128 a,the number of monomials that corresponding coefficients are not determined is reduced to 57% of the original scheme.(2)An improved scheme of key difference invariant bias cryptanalysis based on MILP is proposed.Under the assumption that biases of linear approximations are constant,the original scheme derived the distribution of the statistic for the right key.Therefore,the data derived by this scheme can not be applied to distinguish the wrong guess information of the key with reasonable probability.For this problem,the distribution is adjusted to consider the effect of the key on biases of the linear approximation.The parameters of the adjusted distribution can be evaluated by the MILP tool.In addition,the bit-based MILP search model of the distinguisher can be built.With the proposition that the propagation bound of the linear approximation,the search of the key difference is equivalent to the search of the distinguisher.Finally,the improved scheme is applied to analyze LBlock,the search results of the 16-round distinguisher verify the feasible of the search model,and the lower bounds of the data can be obtained to distinguish adjusted distributions of the statistic.(3)A search algorithm of zero correlation linear approximation is proposed.This thesis proposes a search algorithm for many zero correlation linear approximations with the propagation model of the linear characteristic that correlation is not zero.Multiple low-round zero correlation linear approximations can be obtained by a single propagation model evaluation result.Finally,the search algorithm is applied to analyze GIFT,the security of GIFT is verified.