【作者】 张磊；

【导师】 郭建胜；

【作者基本信息】 解放军信息工程大学 ， 密码学， 2011， 硕士

【摘要】 作为对称密码体制重要组成内容的分组密码是许多密码系统的核心要素,是保障信息机密性和完整性的重要技术。分组密码算法的安全性分析也一直是密码学重要研究内容之一。因此,研究和探索新的分组密码分析方法对分组密码算法的设计与分析都具有重要的意义。本文对不可能差分分析、复合路径的差分分析、基于比特的积分攻击和改进的中间相遇攻击等密码分析方法进行了分析研究,并基于所得到的研究结果分别对ARIA、AC、CLEFIA分组密码算法的安全性进行了分析。主要做出了以下几方面的工作:1.分析了一类SP结构分组密码算法的不可能差分分析性质。提出从差分重量的角度对线性扩散矩阵输入进行分类,并以此为基础分析了SP结构分组密码算法的不可能差分性质。构造了一类新的6轮ARIA分组密码算法的不可能差分,给出了输入输出差分重量为10的两类具有一般形式的6轮ARIA的不可能差分的结构和计数,证明了在差分重量的分析方法下,不存在输入输出差分重量小于10的6轮ARIA的不可能差分分析。2.研究了ARIA的复合路径的差分分析。首先构造并证明了ARIA仅存在两条达到最大差分特征概率上界的差分路径,并进一步在考虑复合路径的情况下,给出了两轮ARIA的最大复合路径的循环差分路径。3.研究了基于比特的积分攻击方法,提出数据模式周期的概念,改进了基于比特的积分攻击方法。利用改进的基于比特的积分攻击方法对AC分组密码算法进行了分析,构造出3轮基于比特的积分区分器,攻击了4轮AC分组密码,恢复出了最后一轮128比特的子密钥,攻击算法所需的数据量为21 3.5,计算量为2 47。4.研究了改进的中间相遇攻击方法。利用改进的中间相遇攻击方法,对一种4路分支输入的广义Feistel结构分组密码算法模型结构进行了研究,并基于此对CLEFIA分组密码算法进行了分析。在不考虑密钥白化的情况下,构造了CLEFIA分组密码算法的三类区分器,进而攻击了10轮CLEFIA-128/192/256,11轮CLEFIA-192/256和12轮CLEFIA-256,并对攻击算法的各项指标进行了分析,分析结果表明10轮CLEFIA-128/192/256,11轮CLEFIA-192/256,12轮CLEFIA-256对改进的中间相遇攻击是不免疫的,而且在攻击上述相同轮数CLEFIA分组密码算法情况下,本文的攻击算法与其它攻击算法相比所需的数据量是最优的。更多还原

【Abstract】 As an important part of symmetric-key cryptography, the block cipher is a core component of some cryptology systems. It can provide the information security such as confidentiality and data integrity. The security analysis of block cipher is always a very active branch in cryptanalysis. Therefore, the research on some new cryptanalytic tools brings a far reaching meaning in design and analysis of block cipher.The thesis has a deep research on the impossible differential attack, the multi-trail differential attack, the bit-pattern integral attack and the improved meet-in-the-middle attack. Based on the obtained conclusion in research, we then apply these cryptanalytic tools on block ciphers such as ARIA, AC and CLEFIA. Main contributions of this dissertation are summarized as follows:1. Research on the impossible differential characteristic of a class of SP structure block cipher. A new method is designed to classify the linear diffusion input values by the weight of differential, and the impossible differential characteristics of the SP structure block cipher are analyzed. We specifically construct a new general kind of 6-rond ARIA impossible differential in detail, and prove there are only two classess of impossible differential when the input-and-output weight of differential is ten. The impossible differential structures and count values are also proposed. Finally, we prove there is no 6-round impossible differential with the input-and-output differential weight less than ten based on this new method.2. Research on the multi-trail differential attack of ARIA. We prove there are only two differentials reaching the upper bound of maximal probability. What’s more, when it comes to the multi-trial differentials, 2-round recycled multi-trial differential with maximal probability is presented.3. Research on the bit-pattern integral attack. The bit-pattern integral attack is improved with the definition of pattern period. Then we apply the improved bit-pattern integral attack on the AC block cipher, construct 3-round integral distinguisher, and finally analyze the security of 4-round AC against bit-pattern integral attack. With 213.5 chosen plaintexts and 247 4-round AC encryption, we successfully recover 128-bit final round key.4. Research on the improved meet-in-the-middle attack. We analyze the security of 4-branch generalized Feistel structure against the improved meet-in-the-middle attack and concretely take CLEFIA as an application example. Without the key whitening, we construct three classes of distinguishers and successfully attack 10-round CLEFIA-128/192/256, 11-round CLEFIA-192/256 and 12-round CLEFIA-256 respectively. The results show that 10-round CLEFIA-128/192/256, 11-round CLEFIA-192/256 and 12-round CLEFIA-256 are not immune to the improved meet-in-the-middle attack. And compared to the existing cryptanalytic tools for attacking the same round CLEFIA, the improved meet-in-the-middle attack requires the lowest data complexity.更多还原