基于神经区分器的KATAN48算法条件差分分析方法

doi:10.11772/j.issn.1001-9081.2022060886

《计算机应用》唯一官方网站 ›› 2023, Vol. 43 ›› Issue (8): 2462-2470.DOI: 10.11772/j.issn.1001-9081.2022060886

• 网络空间安全 • 上一篇

基于神经区分器的KATAN48算法条件差分分析方法

林东东¹^,², 李曼曼¹^,²(), 陈少真¹^,²

^1.信息工程大学网络空间安全学院，郑州 450001
^2.密码科学技术全国重点实验室（国家密码管理局），北京 100878

收稿日期:2022-06-20 修回日期:2022-08-30 接受日期:2022-09-01 发布日期:2022-09-22 出版日期:2023-08-10
通讯作者: 李曼曼
作者简介:林东东（1998—），男，河南邓州人，硕士研究生，主要研究方向：深度学习、智能化分组密码分析
陈少真（1967—），女，江苏无锡人，教授，博士，主要研究方向：分组密码分析、密码体制识别。
基金资助:
河南省自然科学基金资助项目(232300421394)

Conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers

Dongdong LIN¹^,², Manman LI¹^,²(), Shaozhen CHEN¹^,²

^1.School of Cyber Security，Information Engineering University，Zhengzhou Henan 450001，China
^2.State Key Laboratory of Cryptography （State Cryptography Administration），Beijing 100878，China

Received:2022-06-20 Revised:2022-08-30 Accepted:2022-09-01 Online:2022-09-22 Published:2023-08-10
Contact: Manman LI
About author:LIN Dongdong,born in 1998， M. S. candidate. His research interests include deep learning， intelligent cryptanalysis of block cipher.
CHEN Shaozhen,born in 1967， Ph. D.， professor. Her researchinterests include cryptanalysis of block cipher， cryptosystem identification.
Supported by:
Natural Science Foundation of Henan Province(232300421394)

摘要/Abstract

摘要：

针对KATAN48算法的安全性分析问题，提出了一种基于神经区分器的KATAN48算法条件差分分析方法。首先，研究了多输出差分神经区分器的基本原理，并将它应用于KATAN48算法，根据KATAN48算法的数据格式调整了深度残差神经网络的输入格式和超参数；其次，建立了KATAN48算法的混合整数线性规划（MILP）模型，并用该模型搜索了前加差分路径及相应的约束条件；最后，利用多输出差分神经区分器，至多给出了80轮KATAN48算法的实际密钥恢复攻击结果。实验结果表明，在单密钥下，KATAN48算法的实际攻击的轮数提高了10轮，可恢复的密钥比特数增加了22比特，数据复杂度和时间复杂度分别由2³⁴和2³⁴降至2^16.39和2^19.68。可见，相较于前人单密钥下的实际攻击，所提方法能够有效增加攻击轮数和可恢复的密钥比特数，同时降低攻击的计算复杂度。

关键词: 分组密码, 混合整数线性规划, KATAN算法, 条件差分分析, 神经区分器

Abstract:

Aiming at the security analysis problem of KATAN48 algorithm， a conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers was proposed. First， the basic principle of multiple output differences neural distinguishers was studied and applied to KATAN48 algorithm. According to the data format of KATAN48 algorithm， the input format and hyperparameters of the deep residual neural network were adjusted. Then， the Mixed-Integer Linear Programming （MILP） model of KATAN48 algorithm was established to search the prepended differential paths and the corresponding constraint conditions. At last， using the multiple output differences neural distinguishers， at most 80-round of the practical key recovery attack results of KATAN48 algorithm were given. Experimental results show that in the single key setting， the number of practical attack rounds of KATAN48 algorithm is increased by 10 rounds， the number of recoverable key bits of KATAN48 algorithm is increased by 22 bit and the data complexity and time complexity of KATAN48 algorithm are reduced from 2³⁴ and 2³⁴ to 2^16.39 and 2^19.68 respectively. Compared to the previous practical attack at the single-key setting， the proposed method can effectively increase the number of attack rounds and recoverable key bits， and reduces the computational complexity of attack.

Key words: block cipher, Mixed-Integer Linear Programming (MILP), KATAN algorithm, conditional differential cryptanalysis, neural distinguisher

中图分类号:

TN918.1

林东东, 李曼曼, 陈少真. 基于神经区分器的KATAN48算法条件差分分析方法[J]. 计算机应用, 2023, 43(8): 2462-2470.

Dongdong LIN, Manman LI, Shaozhen CHEN. Conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers[J]. Journal of Computer Applications, 2023, 43(8): 2462-2470.

图/表 15

表1 KATAN48算法的攻击结果

Tab. 1 Attack results of KATAN48 algorithm

攻击类型	攻击条件	攻击轮数	时间复杂度	数据复杂度	参考文献
条件差分分析	单密钥	70	2³⁴	2³⁴CP	文献［14］
	相关密钥	103	2²⁵	2²⁵CP	文献［15］
	相关密钥	140	2^77.4	2²⁷CP	文献［16］
MIMT ASR	单密钥	105	2^79.1	144CP	文献［17］
Match Box MIMT	单密钥	129	2^78.5	32CP	文献［18］
多维MIMT	单密钥	148	2⁷⁹	2KP	文献［19］
基于神经区分器的条件差分分析	单密钥	80	2^19.68	2^16.39CP	本文

图1 80轮KATAN48算法密钥恢复攻击

Fig. 1 Key recovery attack of 80-round KATAN48 algorithm

表2 符号说明

Tab. 2 Symbol description

符号	含义	符号	含义
$P$	48比特明文数据	$l t + i$	第 $t$ 轮的19比特寄存器状态的第 $i$ 个明文比特
$C$	48比特密文数据	$r t + i$	第 $t$ 轮的29比特寄存器状态的第 $i$ 个明文比特
$p i$	第 $i$ 个明文比特	$Δ l t + i$	$l t + i$ 的差分
$c i$	第 $i$ 个密文比特	$Δ r t + i$	$r t + i$ 的差分
$K$	80比特主密钥	$P b l o c k$	明文组
$k i$	第 $i$ 个密钥比特	$P s t r u c t u r e$	明文结构
$L t$	第 $t$ 轮的19比特寄存器状态	$C s t r u c t u r e$	密文结构
$R t$	第 $t$ 轮的29比特寄存器状态

表2 符号说明

Tab. 2 Symbol description

符号	含义	符号	含义
$P$	48比特明文数据	$l t + i$	第 $t$ 轮的19比特寄存器状态的第 $i$ 个明文比特
$C$	48比特密文数据	$r t + i$	第 $t$ 轮的29比特寄存器状态的第 $i$ 个明文比特
$p i$	第 $i$ 个明文比特	$Δ l t + i$	$l t + i$ 的差分
$c i$	第 $i$ 个密文比特	$Δ r t + i$	$r t + i$ 的差分
$K$	80比特主密钥	$P b l o c k$	明文组
$k i$	第 $i$ 个密钥比特	$P s t r u c t u r e$	明文结构
$L t$	第 $t$ 轮的19比特寄存器状态	$C s t r u c t u r e$	密文结构
$R t$	第 $t$ 轮的29比特寄存器状态

图2 KATAN48算法的轮函数

Fig. 2 Round function of KATAN48 algorithm

图3 神经网络结构

Fig. 3 Structure of neural network

表3 神经网络超参数设置

Tab. 3 Hyperparameter setting of neural network

超参数	参数取值	超参数	参数取值
训练集规模	10⁷	优化器	Adam
测试集规模	10⁶	学习率	10^-4
批处理规模	1 000	损失函数	MSE
迭代周期	200

图4 多输出差分数据的构造

Fig. 4 Construction of multiple output differences data

表4 不同差分堆叠个数下KATAN48算法的MODND准确率

Tab. 4 MODND accuracy of KATAN48 algorithm with different numbers of stacked differences

区分器轮数	多差分堆叠数 $n$	准确率/%
40	1	61.7
40	4	74.2
40	16	90.9
40	48	98.7
50	1	50.1
50	48	54.0

表4 不同差分堆叠个数下KATAN48算法的MODND准确率

Tab. 4 MODND accuracy of KATAN48 algorithm with different numbers of stacked differences

区分器轮数	多差分堆叠数 $n$	准确率/%
40	1	61.7
40	4	74.2
40	16	90.9
40	48	98.7
50	1	50.1
50	48	54.0

表5 不同输入差分下40轮KATAN48算法MODND准确率

Tab. 5 MODND accuracy of 40-round KATAN48 algorithm with different input differences

$i$	准确率/%	$i$	准确率/%	$i$	准确率/%	$i$	准确率/%
47	84.9	35	61.6	23	75.6	11	59.8
46	91.8	34	64.1	22	86.5	10	62.3
45	93.1	33	66.7	21	85.4	9	66.3
44	97.2	32	66.9	20	86.4	8	65.4
43	97.4	31	65.5	19	60.5	7	72.6
42	98.7	30	73.7	18	58.9	6	69.7
41	77.5	29	78.3	17	62.9	5	76.4
40	83.7	28	77.5	16	66.7	4	74.7
39	72.9	27	76.7	15	58.6	3	76.9
38	72.5	26	76.9	14	54.0	2	75.0
37	73.3	25	88.5	13	57.9	1	77.9
36	78.5	24	87.1	12	58.1	0	79.5

表5 不同输入差分下40轮KATAN48算法MODND准确率

Tab. 5 MODND accuracy of 40-round KATAN48 algorithm with different input differences

$i$	准确率/%	$i$	准确率/%	$i$	准确率/%	$i$	准确率/%
47	84.9	35	61.6	23	75.6	11	59.8
46	91.8	34	64.1	22	86.5	10	62.3
45	93.1	33	66.7	21	85.4	9	66.3
44	97.2	32	66.9	20	86.4	8	65.4
43	97.4	31	65.5	19	60.5	7	72.6
42	98.7	30	73.7	18	58.9	6	69.7
41	77.5	29	78.3	17	62.9	5	76.4
40	83.7	28	77.5	16	66.7	4	74.7
39	72.9	27	76.7	15	58.6	3	76.9
38	72.5	26	76.9	14	54.0	2	75.0
37	73.3	25	88.5	13	57.9	1	77.9
36	78.5	24	87.1	12	58.1	0	79.5

表6 不同输出差分下MILP模型的约束条件个数和差分路径轮数

Tab. 6 Number of constraint conditions and rounds of differential paths of MILP model with different output differences

输出

差分

约束条件数

差分路径轮数

输出

差分

约束条件数

差分路径轮数

表7 KATAN48算法的差分路径及对应的约束条件

Tab. 7 Differential paths and corresponding constraint conditions of KATAN48 algorithm

轮数	差分状态	约束条件
0	000100000000000000000000100000000100000000100100 001000000000000000000001000000001000000001001000	$p 36 = 0$
1	010000000000000000000010000000010000000010010000 100000000000000000000100000000100000000100100000	$p 14 ⊕ p 5 = 1$
2	000000000000000000001000000001000000001001000001 000000000000000000000000000010000000010010000010	$p 11 = 0$
3	000000000000000000000000000100000000100100000100 000000000000000000000000001000000001001000001000
4	000000000000000000000000010000000010010000010000 000000000000000000000000100000000100100000100000	$p 6 = 0$ ， $p 13 = 0$
5	000000000000000000000001000000001001000001000000 000000000000000000000010000000010010000010000000	$r 23 ⊕ r 32 = 1$
6	000000000000000000000100000000100100000100000000 000000000000000000001000000001001000001000000000	$p 10 = 0$
7	000000000000000000010000000010010000010000000000 000000000000000000000000000100100000100000000000	$r 35 = 0$
8	000000000000000000000000001001000001000000000000 000000000000000000000000010010000010000000000000	$r 31 = 0$
9	000000000000000000000000100100000100000000000000 000000000000000000000001001000001000000000000000	$p 4 = 1$
10	000000000000000000000010010000010000000000000000 000000000000000000000100100000100000000000000000	$l 34 ⊕ l 41 = 0$
11	000000000000000000001001000001000000000000000000 000000000000000000010010000010000000000000000000
12	000000000000000000000100000100000000000000000000 000000000000000000001000001000000000000000000000
13	000000000000000000010000010000000000000000000000 000000000000000000100000100000000000000000000000	$r 40 = 0$
14	000000000000000001000001000000000000000000000000 000000000000000010000010000000000000000000000000
15	000000000000000100000100000000000000000000000000 000000000000001000001000000000000000000000000000
16	000000000000010000010000000000000000000000000000 000000000000100000100000000000000000000000000000
17	000000000001000001000000000000000000000000000000 000000000010000010000000000000000000000000000000	$l 37 = 0$
18	000000000100000100000000000000000000000000000000 000000001000001000000000000000000000000000000000
19	000000010000010000000000000000000000000000000000 000000100000100000000000000000000000000000000000
20	000001000001000000000000000000000000000000000000 000010000010000000000000000000000000000000000000	$l 43 = 0$
21	000100000100000000000000000000000000000000000000 001000001000000000000000000000000000000000000000	$l 53 = 0$
22	010000010000000000000000000000000000000000000000 100000100000000000000000000000000000000000000000
23	000001000000000000000000000000000000000000000000

表7 KATAN48算法的差分路径及对应的约束条件

Tab. 7 Differential paths and corresponding constraint conditions of KATAN48 algorithm

轮数	差分状态	约束条件
0	000100000000000000000000100000000100000000100100 001000000000000000000001000000001000000001001000	$p 36 = 0$
1	010000000000000000000010000000010000000010010000 100000000000000000000100000000100000000100100000	$p 14 ⊕ p 5 = 1$
2	000000000000000000001000000001000000001001000001 000000000000000000000000000010000000010010000010	$p 11 = 0$
3	000000000000000000000000000100000000100100000100 000000000000000000000000001000000001001000001000
4	000000000000000000000000010000000010010000010000 000000000000000000000000100000000100100000100000	$p 6 = 0$ ， $p 13 = 0$
5	000000000000000000000001000000001001000001000000 000000000000000000000010000000010010000010000000	$r 23 ⊕ r 32 = 1$
6	000000000000000000000100000000100100000100000000 000000000000000000001000000001001000001000000000	$p 10 = 0$
7	000000000000000000010000000010010000010000000000 000000000000000000000000000100100000100000000000	$r 35 = 0$
8	000000000000000000000000001001000001000000000000 000000000000000000000000010010000010000000000000	$r 31 = 0$
9	000000000000000000000000100100000100000000000000 000000000000000000000001001000001000000000000000	$p 4 = 1$
10	000000000000000000000010010000010000000000000000 000000000000000000000100100000100000000000000000	$l 34 ⊕ l 41 = 0$
11	000000000000000000001001000001000000000000000000 000000000000000000010010000010000000000000000000
12	000000000000000000000100000100000000000000000000 000000000000000000001000001000000000000000000000
13	000000000000000000010000010000000000000000000000 000000000000000000100000100000000000000000000000	$r 40 = 0$
14	000000000000000001000001000000000000000000000000 000000000000000010000010000000000000000000000000
15	000000000000000100000100000000000000000000000000 000000000000001000001000000000000000000000000000
16	000000000000010000010000000000000000000000000000 000000000000100000100000000000000000000000000000
17	000000000001000001000000000000000000000000000000 000000000010000010000000000000000000000000000000	$l 37 = 0$
18	000000000100000100000000000000000000000000000000 000000001000001000000000000000000000000000000000
19	000000010000010000000000000000000000000000000000 000000100000100000000000000000000000000000000000
20	000001000001000000000000000000000000000000000000 000010000010000000000000000000000000000000000000	$l 43 = 0$
21	000100000100000000000000000000000000000000000000 001000001000000000000000000000000000000000000000	$l 53 = 0$
22	010000010000000000000000000000000000000000000000 100000100000000000000000000000000000000000000000
23	000001000000000000000000000000000000000000000000

表8 KATAN48算法的区分器准确率

Tab. 8 Distinguisher accuracy of KATAN48 algorithm

区分器轮数	准确率/%	区分器轮数	准确率/%
43	85.8	47	60.0
44	76.8	48	56.4
45	73.1	49	55.5
46	67.3	50	54.0

图5 KATAN48算法的MODND错误密钥响应均值分布

Fig. 5 MODND wrong key response mean value distribution of KATAN48 algorithm

表9 KATAN48算法的密钥恢复攻击结果

Tab. 9 Key recovery attack results of KATAN48 algorithm

攻击轮数	成功次数	攻击轮数	成功次数
78	97	80	98
79	94

表10 KATAN48算法的单密钥攻击结果

Tab. 10 Key recovery attack results of KATAN48 algorithm in single key setting

攻击类型	攻击轮数	恢复的密钥比特数	时间复杂度	数据复杂度
条件差分分析^［14］	70	2	2³⁴	2³⁴
基于神经区分器的条件差分分析	78	20	2^18.10	2^14.26
	79	22	2^18.28	2^14.54
	80	24	2^19.68	2^16.39

参考文献 23

1	张政馗，庞为光，谢文静，等. 面向实时应用的深度学习研究综述［J］. 软件学报， 2020， 31（9）： 2654-2677.
	ZHANG Z K， PANG W G， XIE W J， et al. Deep learning for real-time applications： a survey［J］. Journal of Software， 2020， 31（9）： 2654-2677.
2	HINTON G E， OSINDERO S， TEH Y W. A fast learning algorithm for deep belief nets［J］. Neural Computation， 2006， 18（7）： 1527-1554. 10.1162/neco.2006.18.7.1527
3	LAWRENCE S， GILES C L， TSOI A C， et al. Face recognition： a convolutional neural network approach［J］. IEEE Transactions on Neural Networks， 1997， 8（1）：98-113. 10.1109/72.554195
4	WILLIAMS R， ZIPSER D. A learning algorithm for continually running fully recurrent neural networks［J］. Neural Computation， 1989， 1（2）：270-280. 10.1162/neco.1989.1.2.270
5	RIVEST R L. Cryptography and machine learning［C］// Proceedings of the 1991 International Conference on the Theory and Application of Cryptology， LNCS 739. Berlin： Springer， 1993： 427-439. 10.1007/3-540-57332-1_36
6	GREYDANUS S. Learning the enigma with recurrent neural networks［EB/OL］. （2017-09-07）［2022-06-24］..
7	GOMEZ A N， HUANG S C， ZHANG I， et al. Unsupervised cipher cracking using discrete GANs［EB/OL］. （2018-01-15）［2022-06-15］..
8	GOHR A. Improving attacks on round-reduced speck32/64 using deep learning［C］// Proceedings of the 2019 Annual International Cryptology Conference. Cham： Springer， 2019： 150-179. 10.1007/978-3-030-26951-7_6
9	BAO Z Z， GUO J， LIU M C， et al. Conditional differential-neural cryptanalysis［EB/OL］. （2021-05-31）［2021-07-19］..
10	BENAMIRA A， GERAULT D， PEYRIN T， et al. A deeper look at machine learning-based cryptanalysis［C］// Proceedings of the 2021 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 12696. Cham： Springer， 2021： 805-835.
11	HOU Z Z， REN J J， CHEN S Z. Improve neural distinguishers of SIMON and SPECK［J］. Security and Communication Networks， 2021， 2021： No.9288229. 10.1155/2021/9288229
12	CHEN Y， SHEN Y T， YU H B， et al. A new neural distinguisher considering features derived from multiple ciphertext pairs［EB/OL］.［2022-01-20］. . 10.1093/comjnl/bxac019
13	DE CANNIÈRE C， DUNKELMAN O， KNEŽEVIĆ M. KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers［C］// Proceedings of the 2009 International Workshop on Cryptographic Hardware and Embedded Systems， LNCS 5747. Berlin： Springer， 2009： 272-288.
14	KNELLWOLF S， MEIER W， NAYA-PLASENCIA M. Conditional differential cryptanalysis of NLFSR-based cryptosystems［C］// Proceedings of the 2010 International Conference on the Theory and Application of Cryptology and Information Security， LNCS 6477. Berlin： Springer， 2010： 130-145.
15	KNELLWOLF S， MEIER W， NAYA-PLASENCIA M. Conditional differential cryptanalysis of Trivium and KATAN［C］// Proceedings of the 2011 International Workshop on Selected Areas in Cryptography， LNCS 7118. Berlin： Springer， 2012： 200-212.
16	刘爱森，王美琴，李艳斌. KATAN密码算法的相关密钥差分攻击［J］. 密码学报， 2015， 2（1）： 77-91.
	LIU A S， WANG M Q， LI Y B. Related-key conditional differential cryptanalysis of KATAN family［J］. Journal of Cryptologic Research， 2015， 2（1）： 77-91.
17	ISOBE T， SHIBUTANI K. Improved all-subkeys recovery attacks on FOX， KATAN and SHACAL-2 block ciphers［C］// Proceedings of the 2014 International Workshop on Fast Software Encryption， LNCS 8540. Berlin： Springer， 2015： 104-126.
18	FUHR T， MINAUD B. Match box meet-in-the-middle attack against KATAN［C］// Proceedings of the 2014 International Workshop on Fast Software Encryption， LNCS 8540. Berlin： Springer， 2015： 61-81.
19	SHAHRAM R， HAVARD R. Improved multi-dimensional meet-in-the-middle cryptanalysis of KATAN［J］. Tatra Mountains Mathematical Publications， 2016， 67（1）： 149-166. 10.1515/tmmp-2016-0037
20	PELIKAN M， GOLDBERG D E， CANTÚ-PAZ E. BOA： the Bayesian optimization algorithm［C］// Proceedings of the 1st Annual Conference on Genetic and Evolutionary Computation. San Francisco： Morgan Kaufmann Publishers Inc.， 1999： 525-532. 10.1162/106365600750078808
21	HE K M， ZHANG X Y， REN S Q， et al. Deep residual learning for image recognition［C］// Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway： IEEE， 2016： 770-778. 10.1109/cvpr.2016.90
22	BIHAM E， CHEN R. Near-collisions of SHA-0［C］// Proceedings of the 2004 Annual International Cryptology Conference， LNCS 3152. Berlin： Springer， 2004： 290-305.
23	XING Z H， ZHANG W Y， HAN G Y. Improved conditional differential analysis on NLFSR-based block cipher KATAN32 with MILP［C］// Proceedings of the 2020 International Conference on Security and Privacy in New Computing Environments， LNICST 344. Cham： Springer， 2020： 370-393. 10.1007/978-3-030-66922-5_26

[1]	石一鹏, 刘杰, 祖锦源, 张涛, 张国群. 基于混合整数线性规划模型的SPONGENT S盒紧凑约束分析[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1504-1510.
[2]	丛旌, 韦永壮, 刘争红. SM4密码算法的阶梯式相关能量分析[J]. 计算机应用, 2020, 40(7): 1977-1982.
[3]	刘宗甫, 袁征, 赵晨曦, 朱亮. 对PICO算法基于可分性的积分攻击[J]. 计算机应用, 2020, 40(10): 2967-2972.
[4]	杨晓华, 郭健全. 模糊环境下多周期多决策生鲜闭环物流网络[J]. 计算机应用, 2019, 39(7): 2168-2174.
[5]	马云飞, 王韬, 陈浩, 黄长阳. 轻量级分组密码SIMON代数故障攻击[J]. 计算机应用, 2017, 37(7): 1953-1959.
[6]	程璐, 魏悦川, 潘晓中, 李安辉. Zodiac密码算法的多维零相关线性分析[J]. 计算机应用, 2017, 37(6): 1605-1608.
[7]	王寿成, 徐进辉, 严迎建, 李功丽, 贾永旺. 面向密码流处理器的AES算法软件流水实现方法[J]. 计算机应用, 2017, 37(6): 1620-1624.
[8]	覃冠杰, 马建设, 程雪岷. 基于组合式爬山算法提高S盒非线性度的方法[J]. 计算机应用, 2015, 35(8): 2195-2198.
[9]	李灵琛, 韦永壮, 朱嘉良. 11轮3D分组密码算法的中间相遇攻击[J]. 计算机应用, 2015, 35(3): 700-703.
[10]	卫宏儒郑雅菲王新宁. ARIRANG-256的Biclique攻击[J]. 计算机应用, 2014, 34(1): 69-72.
[11]	苏崇茂. 7轮ARIA-256的不可能差分新攻击[J]. 计算机应用, 2012, 32(01): 45-48.
[12]	卢丹华钟诚杨锋. 基于多核多线程的AES保密模式[J]. 计算机应用, 2011, 31(04): 1003-1005.
[13]	杨宏志韩文报赵龙. 适于硬件实现的S盒构造方法[J]. 计算机应用, 2010, 30(3): 674-676.
[14]	彭利民刘浩王伟兵. WDM光网络动态虚拟拓扑重构算法[J]. 计算机应用, 2009, 29(1): 21-24.
[15]	杨宏志韩文报. 一类分组密码的S盒重组算法[J]. 计算机应用, 2009, 29(08): 2198-2199.

基于神经区分器的KATAN48算法条件差分分析方法

Conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 23

相关文章 15

编辑推荐

Metrics