【作者】 张美玲；

【导师】 王新梅；

【作者基本信息】 西安电子科技大学 ， 通信与信息系统， 2010， 博士

【摘要】 本论文主要对现代分组密码的分析技术进行较为深入的研究,着重于利用传统的密码分析技术对美国高级加密标准AES和中国的无线局域网加密标准SMS4进行分析。主要成果有:1.研究了不可能差分攻击的原理和目前为止所有对AES的不可能差分攻击。提出了对七轮AES的不可能差分攻击的一般方法,并利用第七轮和第六轮输入的全0列数(α,β)作为参数,得到不可能差分攻击过程中所需的明文对数与加密轮数的权衡关系,给出了(α,β)在不同密钥长度下对应的明文对数与加密轮数,其对应关系直接说明了对AES-128、AES-192和AES-256攻击的可行性以及攻击复杂度。2.研究SMS4的差分特性,设计了一种方法求任意轮的差分特征的活动S盒的下限。首先通过将任意轮的任意差分模式进行分解,得到十种段,即任意的差分模式都可由这些十种段的其中一些段来组成,然后分析了这十种段的差分模式的活动S盒的下限,再研究了这十种段的任意组合的活动S盒的下限,从而求出任意的差分模式所对应的所有可能的差分特征概率的上限。3.研究了有关飞来器攻击的理论,分析了SMS4的增强的飞来器攻击成功攻击的必要条件和明文四重组选择需要考虑的问题,然后对一个14轮矩形区分器进行分析,证明了这个矩形区分器并不存在。最后也分析了AES的增强的飞来器攻击成功攻击的必要条件。更多还原

【Abstract】 An investigation of the cryptanalysis techniques of the modern block cipher is taken in this thesis. We have focused on applying the traditional cryptanalysis techniques on the AES (Advanced Encryption Standard of USA) and SMS4 (block cipher for WAPI). Our contributions are summarized as follows.1. All published papers on the Impossible Differential Attack on AES are discussed. Some similarities among them are summarized and a general impossible differential attack on 7-round AES with varied key length is presentd. Such attack takes the number of all-zero columns of the 7th and the 6th round as parameters(α,β). And a trade-off relation between the number of plaintexts and times of encryptions in the process of the attack is derived, which makes only some values of(α,β)allowed in the attack for different key length.2. In order to evaluate the security against the differential cryptanalysis of SMS4, we design a method to calculate the lower bounds on the number of active S-Boxes for all kinds of differential characteristics (or differential patterns). Firstly, we divide the pattern into ten kinds of sections, the lower bounds on the active S-box of which are calculated in detail. Then the lower bounds on the active S-box in all combinations of the ten kinds of sections are derived. Finally, we show that there is no differential attack against more than 31 rounds SMS4 based on certain differential characteristic.3. Discuss the development from the Boomerang attack to the Rectangle attack. The necessary condition of the existence of Amplified Boomerang distinguisher on the block cipher SMS4 is presented. And it is analyzed how to choose the the plaintext quartets. Then, an example of a 14-round rectangle distinguisher is discussed and proved to be inexistence. Finally, the necessary condition of the existence of Amplified Boomerang distinguisher on the block cipher AES is also discussed.更多还原