本文選題：輕量級分組密碼　切入點：線性密碼分析　出處：《山東師范大學》2017年碩士論文

【摘要】：輕量級分組密碼是分組密碼領域的一個重要分支,以消耗資源少、執(zhí)行效率高等優(yōu)點被廣泛應用于RFID等資源受限的硬件設備上,因此輕量級分組密碼的安全性分析也成為當前密碼學研究的熱點之一�；诓罘址治鲆约熬�性密碼分析這兩種傳統(tǒng)的分析方法,密碼學者相繼提出了多種擴展方法,如截斷差分分析方法、高階差分分析方法、不可能差分分析方法、多線性分析方法、非線性分析方法、多維線性分析方法、差分-線性分析方法等,這些工作極大地推動了輕量級分組密碼的發(fā)展,不僅提高了密碼的設計要求,同時促進了信息安全的發(fā)展。本文主要做了以下三個方面工作:首先以Simon32算法為例,對輕量級分組密碼算法抗線性密碼分析的能力進行了研究。盡管針對該算法的線性分析已有較多的相關文獻,但還沒有相關文獻分析線性路徑成功的概率。因此,本文分別針對Simon32算法的3輪、7輪和10輪的線性路徑成功的概率進行了詳細的分析和計算,為進一步地研究分析該算法提供了方法和數(shù)據(jù)的參考。其次研究了Simon32算法抵抗差分-線性密碼分析的能力,提出了15輪的差分-線性特征,分別進行17輪、18輪和19輪的攻擊。17輪的攻擊結果只需要猜測6比特子密鑰,18輪的攻擊結果需要猜測19比特密鑰,19輪的攻擊結果需要猜測35比特子密鑰。與之相比,利用線性密碼分析對Simon32算法進行18輪的攻擊,結果需要猜測32比特子密鑰。分析結果充分證明了差分-線性密碼分析方法的優(yōu)越性。最后研究了輕量級分組密碼算法Simeck32抗不可能差分分析的能力。利用中間相遇技術找到Simeck32算法11輪不可能差分路徑,然后基于11輪不可能差分路徑向前解密4輪,以及向后加密4輪,對Simeck32算法進行19輪攻擊,分析結果只需要猜測29比特子密鑰。然而利用零相關線性分析進行20輪的攻擊需要猜測52比特子密鑰。因此,不可能差分攻擊比零相關線性分析更有優(yōu)越性。此外,我們利用中間相遇技術搜索到了Simon32算法的所有的11輪不可能差分路徑。密碼破譯分為理論上破譯和實踐上破譯兩種,前者指把運算復雜度降到密碼設計者所聲稱的復雜度以下,后者則指把運算復雜度降至目前計算機計算能力之內。理論破譯對高性能計算機的依賴性還很強。因此,我們在掌握了基本的密碼分析方法之后,下一步工作是針對新型密碼算法進行實踐破譯。
[Abstract]:Lightweight block cipher is an important branch of block cipher field. It is widely used in hardware devices with limited resource such as RFID because of the advantages of low resource consumption and high execution efficiency. Therefore, the security analysis of lightweight block ciphers has become one of the hot topics in cryptography. Based on the two traditional analysis methods, differential analysis and linear cryptography analysis, cryptographers have proposed a variety of extended methods. Such as truncated difference analysis method, high order difference analysis method, impossible difference analysis method, multilinear analysis method, nonlinear analysis method, multidimensional linear analysis method, difference linear analysis method, etc. These works greatly promote the development of lightweight block cipher, not only improve the design requirements of cryptography, but also promote the development of information security. This paper mainly does the following three aspects: first, take Simon32 algorithm as an example, This paper studies the ability of lightweight block cipher algorithm to resist linear cipher analysis. Although there are many related literatures on linear analysis of this algorithm, there is no related literature to analyze the probability of success of linear path analysis. In this paper, we analyze and calculate the probability of linear path success of Simon32 algorithm in 3 rounds, 7 rounds and 10 rounds, respectively. The method and data reference are provided for further study and analysis of the algorithm. Secondly, the ability of Simon32 algorithm to resist differential linear cipher analysis is studied, and a 15 round differential linear characteristic is proposed. 17 rounds of attack 18 rounds and 19 rounds of attacks .17 rounds of attack results only need to guess 6 bits of subkey and 18 rounds of attack results need to guess 19 bits of key and 19 rounds of attack results need to guess 35 bits of sub-keys. Using linear cryptographic analysis to attack the Simon32 algorithm for 18 rounds, The results show that the advantages of differential linear cipher analysis method are fully proved. Finally, the ability of lightweight block cipher algorithm Simeck32 to resist impossible differential analysis is studied, and the mesophase is used. When the technology finds the Simeck32 algorithm 11 rounds impossible differential path, Then, based on 11 rounds of impossible differential path, 4 rounds of forward decryption and 4 rounds of backward encryption, 19 rounds of attacks on Simeck32 algorithm are carried out. The analysis results only need to guess 29 bits subkeys. However, it is necessary to guess 52 bit subkeys for 20 rounds of attacks using zero correlation linear analysis. Therefore, it is impossible to use differential attack to be more superior than zero correlation linear analysis. We have found all 11 impossibility differential paths of the Simon32 algorithm by using the intermediate encounter technique. Cryptographic decoding can be divided into two types: theoretical decoding and practical decoding, in which the computational complexity is reduced to less than the complexity claimed by the cryptographic designer. The latter refers to reducing the computational complexity to the current computer computing power. Theoretical decoding is still very dependent on high performance computers. Therefore, after we have mastered the basic cryptographic analysis methods, The next step is to decode the new cipher algorithm.
【學位授予單位】：山東師范大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TN918.1

【參考文獻】

相關期刊論文 前4條

1 Yibin DAI;Shaozhen CHEN;;Cryptanalysis of full PRIDE block cipher[J];Science China(Information Sciences);2017年05期

2 海昕;唐學海;李超;;對Zodiac算法的中間相遇攻擊[J];電子與信息學報;2012年09期

3 孫兵;張鵬;李超;;Zodiac算法的不可能差分和積分攻擊[J];軟件學報;2011年08期

4 吳文玲;馮登國;;分組密碼工作模式的研究現(xiàn)狀[J];計算機學報;2006年01期

，

本文編號：1668611