【作者】 孙国平；

【导师】 胡予濮；

【作者基本信息】 西安电子科技大学 ， 密码学， 2010， 硕士

【摘要】 Trivium作为一种基于硬件的流密码算法,是欧洲流密码工程eSTREAM的最终胜选算法之一,它是由Christophe De Canniere和Bart Preneel提出的,由于其设计简单优美,受到很多人的青睐,因此,有很多专家学者对Trivium的安全性做了分析。本文对Trivium的安全性进行分析,分析了Trivium的生成密钥方程,通过选择差分和猜测确定攻击的方法,求解这个非线性多变量方程组,从而求解出其余的内部状态,达到破解Trivium的目的。本文在综述已有的安全性分析的基础上,取得了如下新的分析结果:首先进行错误注入,即改变内部状态的某特定52比特,生成错误密钥流,再和原始密钥流进行差分,获得了内部状态的若干额外的低次方程。然后猜测内部状态的某45比特,就可以通过使用高斯消元法求解线性方程组,得出其余的243比特,从而破解Trivium,总的复杂度约为266.8。更多还原

【Abstract】 Trivium as a hardware-oriented stream cipher was designed by Christophe De Canniere and Bart Preneel, which is one of the final winners of the European stream project eSTREAM. Because of its simple and elegant structure, it has attached a lot of interest. There have been a lot of experts and scholars to analyze and research its security.In this paper we analyze the Trivium’s key stream generation algorithm and its key stream generation equations, then through guess and determine attack based on chosen differential attack, we can solve nonlinear multivariate equations and get remaining bits of internal state so as to break Trivium.In this paper some new analyses are proposed as follows based on the summary of available analyses of the security of Trivium.Firstly, make use of fault injections, i.e. alter special 52 bits of internal state to generate the faulty key stream; Secondly, compute the difference between the faulty key stream and the original key stream to get many extra equations with low degree of internal state; Finally, 45 bits of internal state are guessed to get remaining 243 bits by using the method of Gaussian elimination for solving the linear equations so as to break Trivium. The total complexity is about 266.8.更多还原