费斯特尔密码的多维线性密码分析

IF 1.7 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IACR Transactions on Symmetric Cryptology Pub Date : 2023-12-08 DOI:10.46586/tosc.v2023.i4.1-27

Betül Askin Özdemir, T. Beyne, Vincent Rijmen

{"title":"费斯特尔密码的多维线性密码分析","authors":"Betül Askin Özdemir, T. Beyne, Vincent Rijmen","doi":"10.46586/tosc.v2023.i4.1-27","DOIUrl":null,"url":null,"abstract":"This paper presents new generic attacks on Feistel ciphers that incorporate the key addition at the input of the non-invertible round function only. This feature leads to a specific vulnerability that can be exploited using multidimensional linear cryptanalysis. More specifically, our approach involves using key-independent linear trails so that the distribution of a combination of the plaintext and ciphertext can be computed. This makes it possible to use the likelihood-ratio test as opposed to the χ2 test. We provide theoretical estimates of the cost of our generic attacks and verify these experimentally by applying the attacks to CAST-128 and LOKI91. The theoretical and experimental findings demonstrate that the proposed attacks lead to significant reductions in data-complexity in several interesting cases.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"256 2","pages":""},"PeriodicalIF":1.7000,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Multidimensional Linear Cryptanalysis of Feistel Ciphers\",\"authors\":\"Betül Askin Özdemir, T. Beyne, Vincent Rijmen\",\"doi\":\"10.46586/tosc.v2023.i4.1-27\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents new generic attacks on Feistel ciphers that incorporate the key addition at the input of the non-invertible round function only. This feature leads to a specific vulnerability that can be exploited using multidimensional linear cryptanalysis. More specifically, our approach involves using key-independent linear trails so that the distribution of a combination of the plaintext and ciphertext can be computed. This makes it possible to use the likelihood-ratio test as opposed to the χ2 test. We provide theoretical estimates of the cost of our generic attacks and verify these experimentally by applying the attacks to CAST-128 and LOKI91. The theoretical and experimental findings demonstrate that the proposed attacks lead to significant reductions in data-complexity in several interesting cases.\",\"PeriodicalId\":37077,\"journal\":{\"name\":\"IACR Transactions on Symmetric Cryptology\",\"volume\":\"256 2\",\"pages\":\"\"},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2023-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Transactions on Symmetric Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tosc.v2023.i4.1-27\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2023.i4.1-27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

本文提出了针对费斯特尔密码的新的通用攻击，这种攻击只在非可逆轮函数的输入端加入密钥。这一特点导致了一个特定的漏洞，可以通过多维线性密码分析加以利用。更具体地说，我们的方法涉及使用与密钥无关的线性轨迹，这样就可以计算明文和密文组合的分布。这使得使用似然比检验而不是 χ2 检验成为可能。我们对通用攻击的成本进行了理论估算，并通过将攻击应用于 CAST-128 和 LOKI91 进行实验验证。理论和实验结果表明，所提出的攻击在几个有趣的案例中显著降低了数据复杂性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multidimensional Linear Cryptanalysis of Feistel Ciphers

This paper presents new generic attacks on Feistel ciphers that incorporate the key addition at the input of the non-invertible round function only. This feature leads to a specific vulnerability that can be exploited using multidimensional linear cryptanalysis. More specifically, our approach involves using key-independent linear trails so that the distribution of a combination of the plaintext and ciphertext can be computed. This makes it possible to use the likelihood-ratio test as opposed to the χ2 test. We provide theoretical estimates of the cost of our generic attacks and verify these experimentally by applying the attacks to CAST-128 and LOKI91. The theoretical and experimental findings demonstrate that the proposed attacks lead to significant reductions in data-complexity in several interesting cases.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IACR Transactions on Symmetric Cryptology Mathematics-Applied Mathematics

CiteScore

5.50

自引率

22.90%

发文量