Research On Automatic Search Methods Of New Distinguishers For Lightweight Block Ciphers

The design and analysis of block cipher algorithms is one of the hot research issues in modern cryptography,and its origin and development have a profound impact on cryptography.Although block ciphers have become the encryption system of mainstream information and play an important role in a variety of information systems,typical block cipher algorithms are usually not suitable for resource-constrained computing environments.In order to solve the problem of data security in a resource-constrained environment,lightweight block cipher algorithms come into being.The security analysis of lightweight cryptographic algorithms has always been a difficult problem in this field.The analysis of block cipher algorithms includes many methods such as differential attack,cube attack,and integral attack.a new construction method of integral attack is concentrated on exploring in this thesis.By using the STP solver and the Gurobi solver,new models of Solvatore and MILP(Mixed Integer Linear Programming)bit-based the division property are built for different algorithm structures,so these better integral distinguishers are obtained,menwhile,at the key under a higher number of rounds can be recovered.The main research results are as follows:1.A new automatic search method for bit-level division property of SAT?Jo and PICO algorithms is proposed.By using the MILP method,combined with the bit-based division property and the Gurobi solver,the 30-round and 31-round distinguisher of the SAT?Jo algorithm are captured;based on this,a subkey recovery attack is carried out on the SAT?Jo algorithm.The time complexity of this algorithm is about2⁶⁶ times encryption.In addition,the structural deficiencies of the algorithm are analyzed:the bit-based permutation layer(P-box)selected by the SAT?Jo algorithm will cause weaker division property.A similar method is used to construct a 10-round integral distinguisher of the PICO algorithm.Compared with the existing results,a new distinguishers is obtained with a higher number of rounds by this method,which further confirms the effectiveness of the automated search method.2.Propose a new search method for the integral distinguisher forI-Present^TMand TANGRAM-128 algorithm respectively.By using the STP solver to construct the Solvatore model,the model is brought into theI-Present^TM and TANGRAM algorithm,which 10 and 13 rounds of integral distinguisher are captured respectively,and the corresponding data complexity is2⁴⁰ and2¹²⁷.Compared with the current results,this result has a higher number of distinguisher rounds,which shows that the automated search method is new and effective.3.Propose new search methods for MILP integral distinguisher for CHAM-64,CHAM-128 and LEA algorithms respectively.The Gurobi solver is used to construct the integral analysis of the ARX structural algorithm:for CHAM-64 and CHAM-128,19 and21 rounds of integral distinguisher are obtained,respectively,which 5 and 3 rounds more than the designer.For the LEA algorithm,13 rounds of new integral distinguisher are captured.Compared with the existing results,a higher round number of distinguisher is obtained by the new method.