Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher

IF 1.5 4区 计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Sudong Ma;Jie Guan
{"title":"Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher","authors":"Sudong Ma;Jie Guan","doi":"10.1093/comjnl/bxaa154","DOIUrl":null,"url":null,"abstract":"The K2 stream cipher, designed for 32-bit words, is an ISO/IEC 18033 standard and is listed as a recommended algorithm used by the Japanese government in the CRYPTREC project. The main feature of the K2 algorithm is the use of a dynamic feedback control mechanism between the two linear feedback shift registers, which makes the analysis of the K2 algorithm more difficult. In this paper, for its simplified version algorithm, a key recovery attack is performed by using differential attacks. Firstly, for the unknown key, the same IV is fixed in two chosen IV differential attacks, and we use the input differences and the output differences of the S-box to recover the input of S-box; the internal state values can be uniquely determined by taking intersection of the input of S-box. This technology is used to improve the key recovery attack of seven-round algorithm proposed by Deike Priemuth-Schmid. Secondly, we find the constraint relationship between the keystream equations and the unknown differences by introducing the guess difference bit and eliminate the impossible differences by the constraint relationship. Thus, we expand the key recovery attack from seven to nine rounds. The time complexity of the attack is \n<tex>$\\boldsymbol{O} \\boldsymbol{(2^{113.93})}$</tex>\n, the data complexity is \n<tex>$\\boldsymbol{O}\\boldsymbol{(2^{8.71})}$</tex>\n and the success rate is \n<tex>$\\textbf{99.07\\%}$</tex>\n.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":"64 8","pages":"1253-1263"},"PeriodicalIF":1.5000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1093/comjnl/bxaa154","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9579293/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 4

Abstract

The K2 stream cipher, designed for 32-bit words, is an ISO/IEC 18033 standard and is listed as a recommended algorithm used by the Japanese government in the CRYPTREC project. The main feature of the K2 algorithm is the use of a dynamic feedback control mechanism between the two linear feedback shift registers, which makes the analysis of the K2 algorithm more difficult. In this paper, for its simplified version algorithm, a key recovery attack is performed by using differential attacks. Firstly, for the unknown key, the same IV is fixed in two chosen IV differential attacks, and we use the input differences and the output differences of the S-box to recover the input of S-box; the internal state values can be uniquely determined by taking intersection of the input of S-box. This technology is used to improve the key recovery attack of seven-round algorithm proposed by Deike Priemuth-Schmid. Secondly, we find the constraint relationship between the keystream equations and the unknown differences by introducing the guess difference bit and eliminate the impossible differences by the constraint relationship. Thus, we expand the key recovery attack from seven to nine rounds. The time complexity of the attack is $\boldsymbol{O} \boldsymbol{(2^{113.93})}$ , the data complexity is $\boldsymbol{O}\boldsymbol{(2^{8.71})}$ and the success rate is $\textbf{99.07\%}$ .
改进的K2流密码简化版密钥恢复攻击
K2流密码是为32位字设计的,是ISO/IEC 18033标准,被列为日本政府在CRYPTREC项目中使用的推荐算法。K2算法的主要特点是在两个线性反馈移位寄存器之间使用了动态反馈控制机制,这使得K2算法的分析更加困难。在本文中,对于其简化版本的算法,使用差分攻击来执行密钥恢复攻击。首先,对于未知密钥,在两个选择的IV差分攻击中,相同的IV是固定的,我们使用S盒的输入差和输出差来恢复S盒的输出;可以通过取S框的输入的交集来唯一地确定内部状态值。该技术用于改进Deike-Priemuth-Schmid提出的七轮算法的密钥恢复攻击。其次,通过引入猜测差分位,找到密钥流方程与未知差分之间的约束关系,并利用该约束关系消除不可能的差分。因此,我们将关键恢复攻击从七轮扩大到九轮。该攻击的时间复杂度为$\boldsymbol{O}\boldsymbol{(2^{113.93})}$,数据复杂度为$\ boldssymbol{0}\bold symbol{(2^{8.71})}$,成功率为$\textbf{99.07\%}$。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computer Journal
Computer Journal 工程技术-计算机:软件工程
CiteScore
3.60
自引率
7.10%
发文量
164
审稿时长
4.8 months
期刊介绍: The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信