【摘要】：本文主要研究對(duì)象為Feistel-SP結(jié)構(gòu)典型分組密碼,該系列分組密碼有Camellia,MIBS,E2等。論文針對(duì)不同的Feistel-SP結(jié)構(gòu)分組密碼建立合理的差分傳播系統(tǒng),并搜索出Feistel-SP結(jié)構(gòu)典型分組密碼的多輪差分模式和多輪差分路徑。論文主要進(jìn)行了以下研究工作:首先,把Matsui算法思想應(yīng)用到Feistel-SP結(jié)構(gòu)中,并對(duì)其進(jìn)行優(yōu)化和改進(jìn)。通過(guò)把S盒差分分布表轉(zhuǎn)變成密集型分布表,建立合理的差分傳播模型,進(jìn)而提出一種基于向量的嚴(yán)格剪枝技術(shù),以便盡早地篩選掉不滿足剪枝條件的差分路徑。以輕量級(jí)分組密碼MIBS為例,應(yīng)用此自動(dòng)化搜索技術(shù),搜索出4輪最優(yōu)差分概率是2-12,并給出其R(4≤R≤11)輪的差分特征,同時(shí)也搜索出兩條12輪最優(yōu)差分路徑,其概率為2-56,這是目前為止最好的結(jié)果。其次,提出了一種新的符號(hào)差分表示方法,并提出一種新的自動(dòng)化搜索技術(shù),搜索出Feistel-SP結(jié)構(gòu)典型分組密碼的最優(yōu)迭代差分模式,應(yīng)用此思想不僅可以大大地降低了計(jì)算復(fù)雜性,還能通過(guò)迭代差分模式構(gòu)造出多輪的差分特征。論文以輕量級(jí)分組密碼MIBS為例,給出了MIBS的3輪、4輪最優(yōu)迭代差分概率,概率分別為2-20、2-26,并搜索出所有滿足條件的最優(yōu)迭代差分路徑,由于論文提出的是一種針對(duì)Feistel-SP結(jié)構(gòu)的通用性搜索算法,因此論文還以Camellia為例進(jìn)行了適用性分析。通過(guò)建立其差分傳播系統(tǒng),替換F函數(shù)中的S盒和P置換組件,搜索出迭代差分模式,進(jìn)而搜索出高概率迭代差分路徑。最終給出Camellia的3,4輪最優(yōu)迭代差分模式和最優(yōu)迭代差分特征,其迭代概率分別為2-52,2-71,這個(gè)結(jié)果是目前為止最優(yōu)的。最后,通過(guò)改進(jìn)的Matsui自動(dòng)化搜索算法,我們得到了兩條12輪高概率差分路徑,使用選擇明文攻擊方法,分別計(jì)算了恢復(fù)13和14輪密鑰比特成功的概率�？偨Y(jié)了密鑰恢復(fù)的一般思路和步驟,引入信噪比概念,并用計(jì)數(shù)器統(tǒng)計(jì)正確密鑰對(duì)與錯(cuò)誤密鑰對(duì),信噪比操作主要進(jìn)行了采樣、去噪和提純?nèi)齻�(gè)方面的工作。表5.1給出的13輪和14輪分析數(shù)據(jù),13輪密鑰恢復(fù)成功概率為99.9%,14輪密鑰恢復(fù)成功概率為50.15%。
[Abstract]:In this paper, the main research object is Feistel-SP structure typical block cipher, this series of block ciphers have Camellia,MIBS,E2 and so on. In this paper, a reasonable differential propagation system is established for different Feistel-SP block ciphers, and the multi-round differential mode and multi-round differential path of typical Feistel-SP block ciphers are searched. The main work of this paper is as follows: firstly, the idea of Matsui algorithm is applied to the Feistel-SP structure, and its optimization and improvement are carried out. By transforming the S-box difference distribution table into a dense distribution table, a reasonable differential propagation model is established, and then a vector-based strict pruning technique is proposed in order to screen out the difference paths that do not satisfy the pruning condition as soon as possible. Taking lightweight block cipher MIBS as an example, using this automatic search technique, the optimal differential probability of 4 rounds is 2? 12, and the differential characteristics of its R (4 鈮，

本文編號(hào)：2447585