Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher

IF 1.5 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Journal Pub Date : 2020-10-01 DOI:10.1093/comjnl/bxaa154

Sudong Ma;Jie Guan

{"title":"Improved Key Recovery Attacks on Simplified Version of K2 Stream Cipher","authors":"Sudong Ma;Jie Guan","doi":"10.1093/comjnl/bxaa154","DOIUrl":null,"url":null,"abstract":"The K2 stream cipher, designed for 32-bit words, is an ISO/IEC 18033 standard and is listed as a recommended algorithm used by the Japanese government in the CRYPTREC project. The main feature of the K2 algorithm is the use of a dynamic feedback control mechanism between the two linear feedback shift registers, which makes the analysis of the K2 algorithm more difficult. In this paper, for its simplified version algorithm, a key recovery attack is performed by using differential attacks. Firstly, for the unknown key, the same IV is fixed in two chosen IV differential attacks, and we use the input differences and the output differences of the S-box to recover the input of S-box; the internal state values can be uniquely determined by taking intersection of the input of S-box. This technology is used to improve the key recovery attack of seven-round algorithm proposed by Deike Priemuth-Schmid. Secondly, we find the constraint relationship between the keystream equations and the unknown differences by introducing the guess difference bit and eliminate the impossible differences by the constraint relationship. Thus, we expand the key recovery attack from seven to nine rounds. The time complexity of the attack is \n<tex>$\\boldsymbol{O} \\boldsymbol{(2^{113.93})}$</tex>\n, the data complexity is \n<tex>$\\boldsymbol{O}\\boldsymbol{(2^{8.71})}$</tex>\n and the success rate is \n<tex>$\\textbf{99.07\\%}$</tex>\n.","PeriodicalId":50641,"journal":{"name":"Computer Journal","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1093/comjnl/bxaa154","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9579293/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 4

Abstract

The K2 stream cipher, designed for 32-bit words, is an ISO/IEC 18033 standard and is listed as a recommended algorithm used by the Japanese government in the CRYPTREC project. The main feature of the K2 algorithm is the use of a dynamic feedback control mechanism between the two linear feedback shift registers, which makes the analysis of the K2 algorithm more difficult. In this paper, for its simplified version algorithm, a key recovery attack is performed by using differential attacks. Firstly, for the unknown key, the same IV is fixed in two chosen IV differential attacks, and we use the input differences and the output differences of the S-box to recover the input of S-box; the internal state values can be uniquely determined by taking intersection of the input of S-box. This technology is used to improve the key recovery attack of seven-round algorithm proposed by Deike Priemuth-Schmid. Secondly, we find the constraint relationship between the keystream equations and the unknown differences by introducing the guess difference bit and eliminate the impossible differences by the constraint relationship. Thus, we expand the key recovery attack from seven to nine rounds. The time complexity of the attack is $\boldsymbol{O} \boldsymbol{(2^{113.93})}$ , the data complexity is $\boldsymbol{O}\boldsymbol{(2^{8.71})}$ and the success rate is $\textbf{99.07\%}$ .

查看原文本刊更多论文

改进的K2流密码简化版密钥恢复攻击

K2流密码是为32位字设计的，是ISO/IEC 18033标准，被列为日本政府在CRYPTREC项目中使用的推荐算法。K2算法的主要特点是在两个线性反馈移位寄存器之间使用了动态反馈控制机制，这使得K2算法的分析更加困难。在本文中，对于其简化版本的算法，使用差分攻击来执行密钥恢复攻击。首先，对于未知密钥，在两个选择的IV差分攻击中，相同的IV是固定的，我们使用S盒的输入差和输出差来恢复S盒的输出；可以通过取S框的输入的交集来唯一地确定内部状态值。该技术用于改进Deike-Priemuth-Schmid提出的七轮算法的密钥恢复攻击。其次，通过引入猜测差分位，找到密钥流方程与未知差分之间的约束关系，并利用该约束关系消除不可能的差分。因此，我们将关键恢复攻击从七轮扩大到九轮。该攻击的时间复杂度为$\boldsymbol｛O｝\boldsymbol{（2^｛113.93｝）｝$，数据复杂度为$\ boldssymbol｛0｝\bold symbol｛（2^｛8.71｝）}$，成功率为$\textbf｛99.07\%｝$。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Journal 工程技术-计算机：软件工程

CiteScore

3.60

自引率

7.10%

发文量

164

审稿时长

4.8 months

期刊介绍： The Computer Journal is one of the longest-established journals serving all branches of the academic computer science community. It is currently published in four sections.