Zodiac密码算法的多维零相关线性分析

doi:10.11772/j.issn.1001-9081.2017.06.1605

计算机应用 ›› 2017, Vol. 37 ›› Issue (6): 1605-1608.DOI: 10.11772/j.issn.1001-9081.2017.06.1605

Zodiac密码算法的多维零相关线性分析

程璐^1,2, 魏悦川^1,2, 潘晓中^1,2, 李安辉^1,2

1. 武警工程大学电子技术系, 西安 710086;
2. 网络与信息安全武警部队重点实验室, 西安 710086

收稿日期:2016-12-12 修回日期:2017-02-26 出版日期:2017-06-10 发布日期:2017-06-14
通讯作者: 程璐
作者简介:程璐(1992-),男,河北衡水人,硕士研究生,主要研究方向:信息安全、密码学;魏悦川(1982-),女,天津人,副教授,博士,主要研究方向:密码学;潘晓中(1964-),男,陕西西安人,教授,硕士,主要研究方向:信息安全;李安辉(1993-),男,湖南常德人,硕士研究生,主要研究方向:信息安全、复杂网络。
基金资助:
国家自然科学基金资助项目（61202492，61572521）；信息保障技术国家重点实验室开放基金（KJ-15-010）；陕西省自然科学基金资助项目（2016JQ6030）。

Multidimensional zero-correlation linear cryptanalysis on Zodiac cipher algorithm

CHENG Lu^1,2, WEI Yuechuan^1,2, PAN Xiaozhong^1,2, LI Anhui^1,2

1. Department of Electronic Technology, Engineering College of the Armed Police Force, Xi'an Shaanxi 710086, China;
2. Key Laboratory of Network & Information Security under the Chinese Armed Police Force, Xi'an Shaanxi 710086, China

Received:2016-12-12 Revised:2017-02-26 Online:2017-06-10 Published:2017-06-14
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61202492,61572521), the Foundation of Science and Technology on Information Assurance Laboratory (KJ-15-010), the Natural Science Foundation of Shaanxi Province (2016JQ6030).

摘要/Abstract

摘要： 分组密码算法Zodiac支持3种密钥长度，分别为Zodiac-128、Zodiac-192、Zodiac-256。利用零相关线性分析方法评估了Zodiac算法的安全性，首先根据算法的结构特性，构造了一些关于Zodiac算法的10轮零相关线性逼近，然后对16轮Zodiac-192进行了多维零相关分析。分析结果显示：攻击过程中一共恢复了19个字节的密钥，其数据复杂度约为2^124.40个明密文对，计算复杂度为2^181.58次16轮加密。由此可得：16轮（即全轮）192 bit密钥的Zodiac算法（Zodiac-192）对于零相关线性分析方法是不安全的。

关键词: 分组密码, Zodiac密码算法, 线性掩码, 线性逼近, 零相关线性分析

Abstract: Zodiac is a block cipher algorithm and it supports 3 master key lengths which are called Zodiac-128, Zodiac-192 and Zodiac-256. The security of Zodiac algorithm was evaluated by using zero-correlation linear cryptanalysis. Firstly, 10-round zero-correlation linear approximations of Zodiac algorithm were constructed according to the structural characteristics of the algorithm. Then, the multidimensional zero-correlation linear cryptanalysis on 16-round Zodiac-192 was conducted. The analysis results show that 19-byte keys were restored totally in the process of attack, the data complexity was about 2^124.40 known ciphertexts and the computational complexity was 2^181.58 encryptions of 16-round. Thus the Zodiac-192 algorithm with the 192-bit key of 16 rounds (full rounds) is not immune to the zero-correlation linear cryptanalysis.

Key words: block cipher, Zodiac cipher algorithm, linear mask, linear approximation, zero-correlation linear cryptanalysis

中图分类号:

TP309.2

程璐, 魏悦川, 潘晓中, 李安辉. Zodiac密码算法的多维零相关线性分析[J]. 计算机应用, 2017, 37(6): 1605-1608.

CHENG Lu, WEI Yuechuan, PAN Xiaozhong, LI Anhui. Multidimensional zero-correlation linear cryptanalysis on Zodiac cipher algorithm[J]. Journal of Computer Applications, 2017, 37(6): 1605-1608.

参考文献

[1] LEE C, JUN K, JUNG M, et al. Zodiac version1.0 (revised) architecture and specification Standardization Workshop on Information Security Technology, Korean Contribution on MP18033, ISO/IEC JTC1/SC27 N2563, 2000[EB/OL].[2016-11-20]. http://www.kisa.or.kr/seed/index.html.
[2] SHAKIBA M, DAKHILALIAN M, MALA H. An improved impossible differential cryptanalysis of Zodiac[J]. Journal of Systems and Software, 2010, 83(4):702-709.
[3] 张鹏,李瑞林,李超.Zodiac算法新的Square攻击[J].电子与信息学报,2010,32(11):2790-2794.(ZHANG P, LI R L, LI C. New square attack on Zodiac[J]. Journal of Electronics & Information Technology, 2010, 32(11):2790-2794.)
[4] 孙兵,张鹏,李超.Zodiac算法的不可能差分和积分攻击[J].软件学报,2011,22(8):1911-1917.(SUN B, ZHANG P, LI C. Impossible differential and integral cryptanalysis of Zodiac[J]. Journal of Software, 2011, 22(8):1911-1917.)
[5] 海昕,唐学海,李超.对Zodiac算法的中间相遇攻击[J].电子与信息学报,2012,34(9):2259-2262.(HAI X, TANG X H, LI C. The meet-in-the-middle attacks on Zodiac[J]. Journal of Electronics & Information Technology, 2012, 34(9):2259-2262.)
[6] BOGDANOV A, RIJMEN V. Linear hulls with correlation zero and linear cryptanalysis of block ciphers[J]. Designs, Codes and Cryptography, 2014, 70(3):369-383.
[7] BOGDANOV A, WANG M Q. Zero correlation linear cryptanalysis with reduced data complexity[C]//FSE'12:Proceedings of the 19th international conference on Fast Software Encryption. Berlin:Springer, 2012:29-48.
[8] BOGDANOV A, LEANDER G, NYBERG K, et al. Integral and multidimensional linear distinguishers with correlation zero[C]//ASIACRYPT'12:Proceedings of the 18th International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2012:244-261.
[9] WANG Y F, WU W L. Improved multidimensional zero-correlation linear cryptanalysis and applications to LBlock and TWINE[C]//ACISP 2014:Proceedings of the 19th Australasian Conference on Information Security and Privacy, LNCS 8544. Berlin:Springer:2014:1-16.
[10] WEN L, WANG M Q, BOGDANOV A. Multidimensional zero-correlation linear cryptanalysis of E2[C]//AFRICACRYPT 2014:Proceedings of the 7th International Conference on Cryptology in Africa, LNCS 8469. Berlin:Springer, 2014:147-164.
[11] 马猛,赵亚群,刘庆聪,等.SMS4算法的多维零相关线性分析[J].密码学报,2015,2(5):458-466.(MA M, ZHAO Y Q, LIU Q C, et al. Multidimensional zero-correlation linear cryptanalysis on SMS4 algorithm[J]. Journal of Cryptologic Research, 2015, 2(5):458-466.)
[12] 伊文坛,陈少真.FOX密码的多维零相关线性分析[J].密码学报,2015,2(1):27-39.(YI W T, CHEN S Z. Multidimensional zero-correlation linear attacks on FOX block cipher[J]. Journal of Cryptologic Research, 2015, 2(1):27-39.)
[13] 伊文坛,鲁林真,陈少真.轻量级密码算法 MIBS 的零相关和积分分析[J].电子与信息学报,2016,38(4):819-826.(YI W T, LU L Z, CHEN S Z. Integral and zero-correlation linear cryptanalysis of lightweight block cipher MIBS[J]. Journal of Electronics & Information Technology, 2016, 38(4):819-826.)
[14] 王美琴,温隆.零相关线性分析研究[J].密码学报,2014,1(3):296-310.(WANG M Q, WEN L. Research on zero-correlation linear cryptanalysis[J]. Journal of Cryptologic Research, 2014, 1(3):296-310.)

[1]	丛旌, 韦永壮, 刘争红. SM4密码算法的阶梯式相关能量分析[J]. 计算机应用, 2020, 40(7): 1977-1982.
[2]	刘宗甫, 袁征, 赵晨曦, 朱亮. 对PICO算法基于可分性的积分攻击[J]. 计算机应用, 2020, 40(10): 2967-2972.
[3]	马云飞, 王韬, 陈浩, 黄长阳. 轻量级分组密码SIMON代数故障攻击[J]. 计算机应用, 2017, 37(7): 1953-1959.
[4]	王寿成, 徐进辉, 严迎建, 李功丽, 贾永旺. 面向密码流处理器的AES算法软件流水实现方法[J]. 计算机应用, 2017, 37(6): 1620-1624.
[5]	田征, 杜慧敏, 黄小康. 改进的超越函数分段线性逼近方法[J]. 计算机应用, 2016, 36(7): 1807-1810.
[6]	覃冠杰, 马建设, 程雪岷. 基于组合式爬山算法提高S盒非线性度的方法[J]. 计算机应用, 2015, 35(8): 2195-2198.
[7]	李灵琛, 韦永壮, 朱嘉良. 11轮3D分组密码算法的中间相遇攻击[J]. 计算机应用, 2015, 35(3): 700-703.
[8]	卫宏儒郑雅菲王新宁. ARIRANG-256的Biclique攻击[J]. 计算机应用, 2014, 34(1): 69-72.
[9]	苏崇茂. 7轮ARIA-256的不可能差分新攻击[J]. 计算机应用, 2012, 32(01): 45-48.
[10]	卢丹华钟诚杨锋. 基于多核多线程的AES保密模式[J]. 计算机应用, 2011, 31(04): 1003-1005.
[11]	杨宏志韩文报赵龙. 适于硬件实现的S盒构造方法[J]. 计算机应用, 2010, 30(3): 674-676.
[12]	杨宏志韩文报. 一类分组密码的S盒重组算法[J]. 计算机应用, 2009, 29(08): 2198-2199.
[13]	吕宁孙广明张宇. 基于多混沌系统的图像分组密码设计[J]. 计算机应用, 2008, 28(9): 2263-2266.
[14]	高洁袁家斌徐涛齐艳珂. 一种基于混合反馈的混沌图像加密算法[J]. 计算机应用, 2008, 28(2): 434-436.
[15]	钟黔川朱清新. Blowfish密码系统分析[J]. 计算机应用, 2007, (12): 2940-2941.

Zodiac密码算法的多维零相关线性分析

Multidimensional zero-correlation linear cryptanalysis on Zodiac cipher algorithm

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics