Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules

IF 1.6 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

Chinese Journal of Electronics Pub Date : 2024-03-31 DOI:10.23919/cje.2022.00.419

Yi Zhang;Kai Zhang;Ting Cui

{"title":"Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules","authors":"Yi Zhang;Kai Zhang;Ting Cui","doi":"10.23919/cje.2022.00.419","DOIUrl":null,"url":null,"abstract":"Related-key model is a favourable approach to improve attacks on block ciphers with a simple key schedule. However, to the best of our knowledge, there are a few results in which zero-correlation linear attacks take advantage of the related-key model. We ascribe this phenomenon to the lack of consideration of the key input in zero-correlation linear attacks. Concentrating on the linear key schedule of a block cipher, we generalize the zero-correlation linear attack by using a related-key setting. Specifically, we propose the creation of generalized linear hulls (GLHs) when the key input is involved; moreover, we indicate the links between GLHs and conventional linear hulls (CLHs). Then, we prove that the existence of zero-correlation GLHs is completely determined by the corresponding CLHs and the linear key schedule. In addition, we introduce a method to construct zero-correlation GLHs by CLHs and transform them into an integral distinguisher. The correctness is verified by applying it to SIMON16/16, a SIMON-like toy cipher. Based on our method, we find 12/13/14/15/15/17/20/22-round related-key zero-correlation linear distinguishers of SIMON32/64, SIMON48/72, SIMON48/96, SIMON64/96, SIMON64/128, SIMON96/144, SIMON128/192 and SIMON128/256, respectively. As far as we know, these distinguishers are one, two, or three rounds longer than current best zero-correlation linear distinguishers of SIMON.","PeriodicalId":50701,"journal":{"name":"Chinese Journal of Electronics","volume":null,"pages":null},"PeriodicalIF":1.6000,"publicationDate":"2024-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10543213","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Chinese Journal of Electronics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10543213/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Related-key model is a favourable approach to improve attacks on block ciphers with a simple key schedule. However, to the best of our knowledge, there are a few results in which zero-correlation linear attacks take advantage of the related-key model. We ascribe this phenomenon to the lack of consideration of the key input in zero-correlation linear attacks. Concentrating on the linear key schedule of a block cipher, we generalize the zero-correlation linear attack by using a related-key setting. Specifically, we propose the creation of generalized linear hulls (GLHs) when the key input is involved; moreover, we indicate the links between GLHs and conventional linear hulls (CLHs). Then, we prove that the existence of zero-correlation GLHs is completely determined by the corresponding CLHs and the linear key schedule. In addition, we introduce a method to construct zero-correlation GLHs by CLHs and transform them into an integral distinguisher. The correctness is verified by applying it to SIMON16/16, a SIMON-like toy cipher. Based on our method, we find 12/13/14/15/15/17/20/22-round related-key zero-correlation linear distinguishers of SIMON32/64, SIMON48/72, SIMON48/96, SIMON64/96, SIMON64/128, SIMON96/144, SIMON128/192 and SIMON128/256, respectively. As far as we know, these distinguishers are one, two, or three rounds longer than current best zero-correlation linear distinguishers of SIMON.

查看原文本刊更多论文

对具有线性密钥时间表的块密码的相关密钥零相关线性攻击

关联密钥模型是改进对具有简单密钥时间表的块密码攻击的一种有利方法。然而，据我们所知，零相关线性攻击利用相关密钥模型的成果寥寥无几。我们将这一现象归咎于零相关线性攻击中缺乏对密钥输入的考虑。我们专注于块密码的线性密钥时间表，通过使用相关密钥设置来推广零相关线性攻击。具体来说，我们提出了在涉及密钥输入时创建广义线性外壳（GLH）的方法；此外，我们还指出了 GLH 与传统线性外壳（CLH）之间的联系。然后，我们证明零相关 GLH 的存在完全由相应的 CLH 和线性密钥时间表决定。此外，我们还介绍了一种用 CLH 构建零相关 GLH 并将其转化为积分区分器的方法。通过将其应用于 SIMON16/16（一种类似 SIMON 的玩具密码），验证了其正确性。根据我们的方法，我们分别找到了 SIMON32/64、SIMON48/72、SIMON48/96、SIMON64/96、SIMON64/128、SIMON96/144、SIMON128/192 和 SIMON128/256 的 12/13/14/15/15/17/20/22 轮相关密钥零相关线性区分器。据我们所知，这些分辨器比 SIMON 目前最好的零相关线性分辨器要长一轮、两轮或三轮。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Chinese Journal of Electronics 工程技术-工程：电子与电气

CiteScore

3.70

自引率

16.70%

发文量

342

审稿时长

12.0 months

期刊介绍： CJE focuses on the emerging fields of electronics, publishing innovative and transformative research papers. Most of the papers published in CJE are from universities and research institutes, presenting their innovative research results. Both theoretical and practical contributions are encouraged, and original research papers reporting novel solutions to the hot topics in electronics are strongly recommended.