Security Analysis Of Block Cipher Based On Automated Search

With the rapid development of mobile terminals and information network technologies,the world has entered the information age.But at the same time,along with the hidden danger of information leakage.The block cipher is a widely used cryptosystem in cryptography,and it plays an important role in maintaining information security.At present,On devices with limited resources,traditional block ciphers can no longer meet the requirements of low power consumption.The lightweight block ciphers with small storage volume,high implementation efficiency,and low resource consumption have received great attention.However,the pursuit of low power consumption and high efficiency of the algorithms will inevitably be accompanied by the challenge of reducing the security of the cryptographic algorithms,so it is very important to evaluate the security analysis of the lightweight block ciphers.Finding the non-random statistical characteristics of cipher is the key to security analysis.In recent years,the introduction of some automated analysis methods and the development of corresponding tools have accelerated the process of block cipher design and evaluation.After investigating the new lightweight block ciphers proposed in recent years,the Mixed-integer Linear Programming(MILP),automatic search technology are used to study the security of four cryptographic algorithms from different perspectives in this paper.The main research results are as follows:1.The security of PICO cipher and ACT cipher against integral cryptanalysis was evaluated.First,according to analyze the structure of cryptographic algorithms,a MILP model was established based on division property.Then,according to the set constraints,the linear inequalities were generated to describe the propagation rules of division property,and the MILP problem was solved with the help of the mathematical software Gurobi.Under the given initial division property,the existence of the integral distinguisher was judged based on the objective function value.Finally,the automatic search of integral distinguisher was realized.For the PICO cipher,the 10-round integral distinguisher of PICO was searched,which is the longest one so far.However,the small number of plaintexts available is not conducive to key recovery.In order to obtain better attack performance,the searched 9-round integral distinguisher was used to perform 11-round key recovery attack without the whitening key on PICO.The data complexity of the attack is about 2^63.17,the time complexity is about 2^72.7111-round encryption,and the storage complexity is about 2^17.58.For the ACT cipher,in order to ensure that the data complexity is as small as possible,integral distinguishers of 8-round,9-round and 10 round respectively are searched.By selecting a special 9-round integral distinguisher and adding 2 round backward,11-round integral attack with whitening key was achieved.The data complexity of the attack is about2^36.39,the time complexity is about 2^36.39 11-round encryption,and the storage complexity is about 2²⁰.The results given in this study are the best integral attacks of the two ciphers presently.2.For the ANU-II cipher and TED cipher,some research results are provided for the impossible differential evaluation.First,by analyzing and summarizing the differential distribution table of the s-box,the corresponding differential characteristics are obtained.Then,using the propagation of undisturbed bits,the effective differential paths were searched from the encryption/decryption direction and stored them in different path sets.Finally,combining the idea of intermediate encounter,by traversing the path sets from the encryption/decryption direction at the same time and looking for contradictions at the splicing of paths,the impossible differential paths are selected.The search results show that there are 64 different 7-round impossible differential distinguishers and 8 different 8-round impossible differential distinguishers in ANU-II cipher,and there are 15 different 7-round impossible differential distinguishers in TED cipher.The rounds of the discovered impossible differential distinguishers are currently the longest.