• 제목/요약/키워드: the distinguisher

검색결과 19건 처리시간 0.023초

27라운드 SKIP JACK에 대한 포화 공격 (Saturation Attacks on the 27-round SKIPJACK)

  • 황경덕;이원일;이성재;이상진;임종인
    • 정보보호학회논문지
    • /
    • 제11권5호
    • /
    • pp.85-96
    • /
    • 2001
  • 본 논문에서는 포화 공격(saturation attack)을 SKIPJACK에 적응해 본다. 우리가 제시하는 포화 공격의 핵심은 SKIPJACK에 대한 16라운드 distinguisher의 구성 방법에 있으며 이것은 18라운드(5~22)와 23라운드(5~27) SKIPJACK에 대한 공격을 가능하게 한다. 또한 16라운드 distinguisher를 기반으로 하여 20라운드 distinguisher를 구성할 수 있는데 이것은 22라운드(1~22)와 27라운드(1~27) SKIPJACK에 대한 공격을 가능하게 한다. 27라운드 SKIPJACK에 대한 공격에 필요한 선택 평문은 $2^{50}$개이며 이 때의 공격 복잡도는 3\cdot 2^{75}$이다.

Related-key Neural Distinguisher on Block Ciphers SPECK-32/64, HIGHT and GOST

  • Erzhena Tcydenova;Byoungjin Seok;Changhoon Lee
    • Journal of Platform Technology
    • /
    • 제11권1호
    • /
    • pp.72-84
    • /
    • 2023
  • With the rise of the Internet of Things, the security of such lightweight computing environments has become a hot topic. Lightweight block ciphers that can provide efficient performance and security by having a relatively simpler structure and smaller key and block sizes are drawing attention. Due to these characteristics, they can become a target for new attack techniques. One of the new cryptanalytic attacks that have been attracting interest is Neural cryptanalysis, which is a cryptanalytic technique based on neural networks. It showed interesting results with better results than the conventional cryptanalysis method without a great amount of time and cryptographic knowledge. The first work that showed good results was carried out by Aron Gohr in CRYPTO'19, the attack was conducted on the lightweight block cipher SPECK-/32/64 and showed better results than conventional differential cryptanalysis. In this paper, we first apply the Differential Neural Distinguisher proposed by Aron Gohr to the block ciphers HIGHT and GOST to test the applicability of the attack to ciphers with different structures. The performance of the Differential Neural Distinguisher is then analyzed by replacing the neural network attack model with five different models (Multi-Layer Perceptron, AlexNet, ResNext, SE-ResNet, SE-ResNext). We then propose a Related-key Neural Distinguisher and apply it to the SPECK-/32/64, HIGHT, and GOST block ciphers. The proposed Related-key Neural Distinguisher was constructed using the relationship between keys, and this made it possible to distinguish more rounds than the differential distinguisher.

  • PDF

PIPO 64/128에 대한 딥러닝 기반의 신경망 구별자 (Deep Learning-Based Neural Distinguisher for PIPO 64/128)

  • 김현지;장경배;임세진;서화정
    • 정보보호학회논문지
    • /
    • 제33권2호
    • /
    • pp.175-182
    • /
    • 2023
  • 차분 분석은 블록 암호에 대한 분석 기법 중 하나이며, 입력 차분에 대한 출력 차분이 높은 확률로 존재한다는 성질을 이용한다. 무작위 데이터와 특정 출력 차분을 갖는 데이터를 구별할 수 있다면, 차분분석에 대한 데이터 복잡도를 감소시킬 수 있다. 이를 위해 딥러닝 기반의 신경망 구별자에 대한 연구들이 다수 진행되었으며, 본 논문에서는 PIPO 64/128에 대한 최초의 딥러닝 기반의 신경망 구별자를 제안하였다. 여러 입력 차분들을 사용하여 실험한 결과, 0, 1, 3, 5-라운드의 차분 특성에 대한 3 라운드 신경망 구별자가 각각 0.71, 0.64, 0.62, 0.64의정확도를달성하였다. 이 구별자는 고전 구별자와 함께 사용될 경우 최대 8 라운드에 대한 구별 공격이 가능하도록 한다. 따라서 여러 라운드의 입력 차분을 처리할 수 있는 구별자를 찾아냄으로써 확장성을 확보하였다. 향후에는 성능 향상을 위한 최적의 신경망을 구성하기 위해 다양한 신경망 구조를 적용하고, 연관 키 차분을 사용하거나 다중 입력차분을 위한 신경망 구별자를 구현할 예정이다.

Impossible Differential Cryptanalysis on ESF Algorithm with Simplified MILP Model

  • Wu, Xiaonian;Yan, Jiaxu;Li, Lingchen;Zhang, Runlian;Yuan, Pinghai;Wang, Yujue
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제15권10호
    • /
    • pp.3815-3833
    • /
    • 2021
  • MILP-based automatic search is the most common method in analyzing the security of cryptographic algorithms. However, this method brings many issues such as low efficiency due to the large size of the model, and the difficulty in finding the contradiction of the impossible differential distinguisher. To analyze the security of ESF algorithm, this paper introduces a simplified MILP-based search model of the differential distinguisher by reducing constrains of XOR and S-box operations, and variables by combining cyclic shift with its adjacent operations. Also, a new method to find contradictions of the impossible differential distinguisher is proposed by introducing temporary variables, which can avoid wrong and miss selection of contradictions. Based on a 9-round impossible differential distinguisher, 15-round attack of ESF can be achieved by extending forward and backward 3-round in single-key setting. Compared with existing results, the exact lower bound of differential active S-boxes in single-key setting for 10-round ESF are improved. Also, 2108 9-round impossible differential distinguishers in single-key setting and 14 12-round impossible differential distinguishers in related-key setting are obtained. Especially, the round of the discovered impossible differential distinguisher in related-key setting is the highest, and compared with the previous results, this attack achieves the highest round number in single-key setting.

SHACAL의 축소 라운드에 대한 확장된 부메랑 공격 (Amplified Boomerang Attack against Reduced-Round SHACAL)

  • 김종성;문덕재;이원일;홍석희;이상진
    • 정보보호학회논문지
    • /
    • 제12권5호
    • /
    • pp.87-93
    • /
    • 2002
  • SHACAL은 NESSIE 프로젝트에 발표된 블록 암호로서 국제 해쉬 표준인 SHA-1에 기반한다. SHACAL은 XOR 연산, 덧셈에 대한 modular 연산 및 비트별 계산 가능한 부울 함수를 사용한다. 이러한 연산들과 부울 함수의 사용은 차분 공격을 어렵게 만든다. 즉, 비교적 높은 확률을 가지는 긴 라운드의 차분 특성식을 찾기 힘들게 한다. 그러나 SHACAL은 높은 확률의 짧은 차분 특성식들을 가지고 있으며, 이를 이용하여 36-step 부메랑 distinguisher를 꾸밀 수 있다. 본 논문에서는 36-step 부메랑 distinguisher를 이용하여 다양한 키 길이를 가지는 SHACAL의 축소된 라운드에 대한 확장된 부메랑 공격을 소개한다. 공격 결과를 요약하면 256 비트 키를 사용하는 39-step SHACAL과 512 비트 키를 사용하는 47-step SHACAL은 확장된 부메랑 공격이 가능하다.

Revisited Security Evaluation on Midori-64 against Differential Cryptanalysis

  • Guoyong Han;Hongluan Zhao
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제18권2호
    • /
    • pp.478-493
    • /
    • 2024
  • In this paper, the Mixed Integer Linear Programming (MILP) model is improved for searching differential characteristics of block cipher Midori-64, and 4 search strategies of differential path are given. By using strategy IV, set 1 S-box on the top of the distinguisher to be active, and set 3 S-boxes at the bottom to be active and the difference to be the same, then we obtain a 5-round differential characteristics. Based on the distinguisher, we attack 12-round Midori-64 with data and time complexities of 263 and 2103.83, respectively. To our best knowledge, these results are superior to current ones.

Pseudorandomness of Basic Structures in the Block Cipher KASUMI

  • Kang, Ju-Sung;Preneel, Bart;Ryu, Heui-Su;Chung, Kyo-Il;Park, Chee-Hang
    • ETRI Journal
    • /
    • 제25권2호
    • /
    • pp.89-100
    • /
    • 2003
  • The notion of pseudorandomness is the theoretical foundation on which to consider the soundness of a basic structure used in some block ciphers. We examine the pseudorandomness of the block cipher KASUMI, which will be used in the next-generation cellular phones. First, we prove that the four-round unbalanced MISTY-type transformation is pseudorandom in order to illustrate the pseudorandomness of the inside round function FI of KASUMI under an adaptive distinguisher model. Second, we show that the three-round KASUMI-like structure is not pseudorandom but the four-round KASUMI-like structure is pseudorandom under a non-adaptive distinguisher model.

  • PDF

Related-key Impossible Boomerang Cryptanalysis on LBlock-s

  • Xie, Min;Zeng, Qiya
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제13권11호
    • /
    • pp.5717-5730
    • /
    • 2019
  • LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 268.76 22-round encryptions and the data complexity is about 258 chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

New Analysis of Reduced-Version of Piccolo in the Single-Key Scenario

  • Liu, Ya;Cheng, Liang;Zhao, Fengyu;Su, Chunhua;Liu, Zhiqiang;Li, Wei;Gu, Dawu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제13권9호
    • /
    • pp.4727-4741
    • /
    • 2019
  • The lightweight block cipher Piccolo adopts Generalized Feistel Network structure with 64 bits of block size. Its key supports 80 bits or 128 bits, expressed by Piccolo-80 or Piccolo-128, respectively. In this paper, we exploit the security of reduced version of Piccolo from the first round with the pre-whitening layer, which shows the vulnerability of original Piccolo. As a matter of fact, we first study some linear relations among the round subkeys and the properties of linear layer. Based on them, we evaluate the security of Piccolo-80/128 against the meet-in-the-middle attack. Finally, we attack 13 rounds of Piccolo-80 by applying a 5-round distinguisher, which requires $2^{44}$ chosen plaintexts, $2^{67.39}$ encryptions and $2^{64.91}$ blocks, respectively. Moreover, we also attack 17 rounds of Piccolo-128 by using a 7-round distinguisher, which requires $2^{44}$ chosen plaintexts, $2^{126}$ encryptions and $2^{125.49}$ blocks, respectively. Compared with the previous cryptanalytic results, our results are the currently best ones if considering Piccolo from the first round with the pre-whitening layer.

Gohr의 Speck32/64 신경망 구분자에 대한 분석과 Simon32/64에의 응용 (Analysis of Gohr's Neural Distinguisher on Speck32/64 and its Application to Simon32/64)

  • 성효은;유현도;염용진;강주성
    • 정보보호학회논문지
    • /
    • 제32권2호
    • /
    • pp.391-404
    • /
    • 2022
  • Aron Gohr는 경량 블록암호 Speck에 대해 딥러닝 기술에 기반한 암호분석 기법을 제안하였다. 이는 기존의 차분분석 방식보다 높은 정확도로 선택적 평문 공격을 가능하게 한 방법이다. 본 논문에서는 이러한 딥러닝 기반 암호분석의 동작 원리에 대해 확률분포를 이용하여 분석하고 이를 경량 블록암호 Simon에 적용한 결과를 제시한다. 또한, 암호분석 알고리즘 내부에서 신경망의 예측값 확률분포가 Speck과 Simon의 각 라운드 함수 특성에 따라 차이가 있음을 규명한다. 이를 통해 Aron Gohr가 제시한 암호분석의 핵심기술인 신경망 구분자의 성능 개선 방향을 제시한다.