Utilizing FWT in linear cryptanalysis of block ciphers with various structures

IF 1.4 2区数学 Q3 COMPUTER SCIENCE, THEORY & METHODS

Designs, Codes and Cryptography Pub Date : 2024-07-25 DOI:10.1007/s10623-024-01458-y

Yin Lv, Danping Shi, Lei Hu, Yi Guo

{"title":"Utilizing FWT in linear cryptanalysis of block ciphers with various structures","authors":"Yin Lv, Danping Shi, Lei Hu, Yi Guo","doi":"10.1007/s10623-024-01458-y","DOIUrl":null,"url":null,"abstract":"Linear cryptanalysis is one of the most classical cryptanalysis methods for block ciphers. Some critical techniques of the key-recovery phase are developed for enhancing linear cryptanalysis. Collard et al. improved the time complexity for last-round key-recovery attacks by using FWT. A generalized key-recovery algorithm for an arbitrary number of rounds with an associated time complexity formula is further provided by Flórez-Gutiérrez and Naya-Plasencia based on FWT in Eurocrypt 2020. However, the previous generalized algorithms are mainly applied to block ciphers with SPN structures, where the round-keys in the first and last round XORed to the state can be easily defined as outer keys. In Asiacrypt 2021, Leurent et al. applied the algorithm by Flórez-Gutiérrez et al. to Feistel structure ciphers. However, for other structures, such as NLFSR-based, the outer keys can not be directly deduced to utilize the previous algorithms. This paper extends the algorithm by Flórez-Gutiérrez et al. for more complicated structures, including but not limited to NLFSR-based, Feistel, ARX, and SPN. We also use the dependency relationships between ciphertext, plaintext and key information bits to eliminate the redundancy calculation and the improve analysis phase. We apply the algorithm with the improved analysis phase to KATAN (NLFSR-based) and SPARX (ARX). We obtain significantly improved results. The linear results we find for SPARX-128/128 beat other cryptanalytic techniques, becoming the best key recovery attacks on this cipher. The previous best linear attacks on KATAN32, KATAN48 and KATAN64 are improved by 9, 4, and 14 rounds, respectively.","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"16 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Designs, Codes and Cryptography","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-024-01458-y","RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Linear cryptanalysis is one of the most classical cryptanalysis methods for block ciphers. Some critical techniques of the key-recovery phase are developed for enhancing linear cryptanalysis. Collard et al. improved the time complexity for last-round key-recovery attacks by using FWT. A generalized key-recovery algorithm for an arbitrary number of rounds with an associated time complexity formula is further provided by Flórez-Gutiérrez and Naya-Plasencia based on FWT in Eurocrypt 2020. However, the previous generalized algorithms are mainly applied to block ciphers with SPN structures, where the round-keys in the first and last round XORed to the state can be easily defined as outer keys. In Asiacrypt 2021, Leurent et al. applied the algorithm by Flórez-Gutiérrez et al. to Feistel structure ciphers. However, for other structures, such as NLFSR-based, the outer keys can not be directly deduced to utilize the previous algorithms. This paper extends the algorithm by Flórez-Gutiérrez et al. for more complicated structures, including but not limited to NLFSR-based, Feistel, ARX, and SPN. We also use the dependency relationships between ciphertext, plaintext and key information bits to eliminate the redundancy calculation and the improve analysis phase. We apply the algorithm with the improved analysis phase to KATAN (NLFSR-based) and SPARX (ARX). We obtain significantly improved results. The linear results we find for SPARX-128/128 beat other cryptanalytic techniques, becoming the best key recovery attacks on this cipher. The previous best linear attacks on KATAN32, KATAN48 and KATAN64 are improved by 9, 4, and 14 rounds, respectively.

Abstract Image

查看原文本刊更多论文

利用 FWT 对各种结构的块密码进行线性密码分析

线性密码分析是块密码最经典的密码分析方法之一。为了增强线性密码分析，人们开发了一些密钥恢复阶段的关键技术。Collard 等人利用 FWT 提高了最后一轮密钥恢复攻击的时间复杂性。Flórez-Gutiérrez 和 Naya-Plasencia 在 Eurocrypt 2020 中基于 FWT 进一步提供了一种适用于任意轮数的通用密钥恢复算法，并给出了相关的时间复杂度公式。不过，之前的通用算法主要适用于具有 SPN 结构的块密码，其中第一轮和最后一轮与状态 XOR 的圆密钥可以很容易地被定义为外密钥。在 Asiacrypt 2021 中，Leurent 等人将 Flórez-Gutiérrez 等人的算法应用于 Feistel 结构密码。然而，对于其他结构，如基于 NLFSR 的结构，无法直接推导出外键来使用以前的算法。本文扩展了 Flórez-Gutiérrez 等人的算法，使其适用于更复杂的结构，包括但不限于基于 NLFSR、Feistel、ARX 和 SPN。我们还利用密文、明文和密钥信息位之间的依赖关系，消除了冗余计算和改进分析阶段。我们将改进分析阶段的算法应用于 KATAN（基于 NLFSR）和 SPARX（基于 ARX）。我们获得了明显改善的结果。我们发现 SPARX-128/128 的线性结果击败了其他密码分析技术，成为该密码的最佳密钥恢复攻击。之前对 KATAN32、KATAN48 和 KATAN64 的最佳线性攻击分别改进了 9、4 和 14 轮。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Designs, Codes and Cryptography 工程技术-计算机：理论方法

CiteScore

2.80

自引率

12.50%

发文量

157

审稿时长

16.5 months

期刊介绍： Designs, Codes and Cryptography is an archival peer-reviewed technical journal publishing original research papers in the designated areas. There is a great deal of activity in design theory, coding theory and cryptography, including a substantial amount of research which brings together more than one of the subjects. While many journals exist for each of the individual areas, few encourage the interaction of the disciplines. The journal was founded to meet the needs of mathematicians, engineers and computer scientists working in these areas, whose interests extend beyond the bounds of any one of the individual disciplines. The journal provides a forum for high quality research in its three areas, with papers touching more than one of the areas especially welcome. The journal also considers high quality submissions in the closely related areas of finite fields and finite geometries, which provide important tools for both the construction and the actual application of designs, codes and cryptographic systems. In particular, it includes (mostly theoretical) papers on computational aspects of finite fields. It also considers topics in sequence design, which frequently admit equivalent formulations in the journal’s main areas. Designs, Codes and Cryptography is mathematically oriented, emphasizing the algebraic and geometric aspects of the areas it covers. The journal considers high quality papers of both a theoretical and a practical nature, provided they contain a substantial amount of mathematics.