利用微分和积分性质对Rocca的中间相遇键恢复攻击

IF 1.6 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

Chinese Journal of Electronics Pub Date : 2025-03-01 DOI:10.23919/cje.2024.00.032

Chan Song;Wenling Wu;Lei Zhang

{"title":"利用微分和积分性质对Rocca的中间相遇键恢复攻击","authors":"Chan Song;Wenling Wu;Lei Zhang","doi":"10.23919/cje.2024.00.032","DOIUrl":null,"url":null,"abstract":"Rocca is an Advanced Encryption Standard (AES)-based authentication encryption scheme proposed in 2021 for beyond the fifth/sixth generation systems. The latest version of Rocca injects the key into the initialization, which makes the key recovery attack on its original version no longer valid here. In this paper, we propose new key recovery attacks based on the idea of meet-in-the-middle. Benefiting from the design of the round function, we can treat each 128-bit block as a unit and then write the expressions of the internal states in terms of the initial state and the final state, respectively. Among them, we focus on the state blocks with relatively concise expressions, which have poor diffusion, and then explore their differential and integral properties. Next, in the key recovery attacks, we first guess a part of the key to calculate the specific values of state blocks at the middle matching positions, and then use the differential or integral properties on these blocks to validate the key guesses. Uniquely, in our integral crypt-analysis, we impose appropriate conditions to constrain the propagation of nonce, which corresponds to the weak keys. Consequently, we present the 9 and 10 rounds of meet-in-the-middle key recovery attacks on Rocca, as well as the weak key recovery attack for the 11-round Rocca based on integral properties, with four sets of weak keys with 2<sup>224</sup> keys each.","PeriodicalId":50701,"journal":{"name":"Chinese Journal of Electronics","volume":"34 3","pages":"828-838"},"PeriodicalIF":1.6000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11060049","citationCount":"0","resultStr":"{\"title\":\"Meet-in-the-Middle Key Recovery Attacks on Rocca Using Differential and Integral Properties\",\"authors\":\"Chan Song;Wenling Wu;Lei Zhang\",\"doi\":\"10.23919/cje.2024.00.032\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Rocca is an Advanced Encryption Standard (AES)-based authentication encryption scheme proposed in 2021 for beyond the fifth/sixth generation systems. The latest version of Rocca injects the key into the initialization, which makes the key recovery attack on its original version no longer valid here. In this paper, we propose new key recovery attacks based on the idea of meet-in-the-middle. Benefiting from the design of the round function, we can treat each 128-bit block as a unit and then write the expressions of the internal states in terms of the initial state and the final state, respectively. Among them, we focus on the state blocks with relatively concise expressions, which have poor diffusion, and then explore their differential and integral properties. Next, in the key recovery attacks, we first guess a part of the key to calculate the specific values of state blocks at the middle matching positions, and then use the differential or integral properties on these blocks to validate the key guesses. Uniquely, in our integral crypt-analysis, we impose appropriate conditions to constrain the propagation of nonce, which corresponds to the weak keys. Consequently, we present the 9 and 10 rounds of meet-in-the-middle key recovery attacks on Rocca, as well as the weak key recovery attack for the 11-round Rocca based on integral properties, with four sets of weak keys with 2<sup>224</sup> keys each.\",\"PeriodicalId\":50701,\"journal\":{\"name\":\"Chinese Journal of Electronics\",\"volume\":\"34 3\",\"pages\":\"828-838\"},\"PeriodicalIF\":1.6000,\"publicationDate\":\"2025-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11060049\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Chinese Journal of Electronics\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11060049/\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Chinese Journal of Electronics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11060049/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

Rocca是一种基于高级加密标准（AES）的认证加密方案，于2021年提出，适用于第五代/第六代以上系统。最新版本的Rocca将密钥注入到初始化中，这使得原始版本的密钥恢复攻击在这里不再有效。本文提出了一种基于中间相遇思想的密钥恢复攻击方法。得益于round函数的设计，我们可以将每个128位块视为一个单元，然后分别根据初始状态和最终状态写出内部状态的表达式。其中，我们将重点关注表达式相对简洁、弥散性较差的状态块，然后探索其微分和积分性质。接下来，在密钥恢复攻击中，我们首先猜测一部分密钥来计算中间匹配位置的状态块的具体值，然后使用这些块上的微分或积分属性来验证密钥猜测。独特的是，在我们的积分密码分析中，我们施加了适当的条件来约束nonce的传播，它对应于弱密钥。因此，我们提出了针对Rocca的9轮和10轮中间相遇密钥恢复攻击，以及基于积分性质的针对11轮Rocca的弱密钥恢复攻击，其中4组弱密钥每组2224个密钥。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Meet-in-the-Middle Key Recovery Attacks on Rocca Using Differential and Integral Properties

Rocca is an Advanced Encryption Standard (AES)-based authentication encryption scheme proposed in 2021 for beyond the fifth/sixth generation systems. The latest version of Rocca injects the key into the initialization, which makes the key recovery attack on its original version no longer valid here. In this paper, we propose new key recovery attacks based on the idea of meet-in-the-middle. Benefiting from the design of the round function, we can treat each 128-bit block as a unit and then write the expressions of the internal states in terms of the initial state and the final state, respectively. Among them, we focus on the state blocks with relatively concise expressions, which have poor diffusion, and then explore their differential and integral properties. Next, in the key recovery attacks, we first guess a part of the key to calculate the specific values of state blocks at the middle matching positions, and then use the differential or integral properties on these blocks to validate the key guesses. Uniquely, in our integral crypt-analysis, we impose appropriate conditions to constrain the propagation of nonce, which corresponds to the weak keys. Consequently, we present the 9 and 10 rounds of meet-in-the-middle key recovery attacks on Rocca, as well as the weak key recovery attack for the 11-round Rocca based on integral properties, with four sets of weak keys with 2²²⁴ keys each.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Chinese Journal of Electronics 工程技术-工程：电子与电气

CiteScore

3.70

自引率

16.70%

发文量

342

审稿时长

12.0 months

期刊介绍： CJE focuses on the emerging fields of electronics, publishing innovative and transformative research papers. Most of the papers published in CJE are from universities and research institutes, presenting their innovative research results. Both theoretical and practical contributions are encouraged, and original research papers reporting novel solutions to the hot topics in electronics are strongly recommended.