当前位置:
X-MOL 学术
›
Des. Codes Cryptogr.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
The phantom of differential characteristics
Designs, Codes and Cryptography ( IF 1.6 ) Pub Date : 2020-07-24 , DOI: 10.1007/s10623-020-00782-3 Yunwen Liu , Wenying Zhang , Bing Sun , Vincent Rijmen , Guoqiang Liu , Chao Li , Shaojing Fu , Meichun Cao
Designs, Codes and Cryptography ( IF 1.6 ) Pub Date : 2020-07-24 , DOI: 10.1007/s10623-020-00782-3 Yunwen Liu , Wenying Zhang , Bing Sun , Vincent Rijmen , Guoqiang Liu , Chao Li , Shaojing Fu , Meichun Cao
For differential cryptanalysis under the single-key model, the key schedules hardly need to be exploited in constructing the characteristics, which is based on the hypothesis of stochastic equivalence. In this paper, we study a profound effect of the key schedules on the validity of the differential characteristics. Noticing the sensitivity in the probability of the characteristics to specific keys, we label the keys where a characteristic has nonzero probability by effective keys. We propose the concept of singular characteristics which are characteristics with no effective keys, and exploit an algorithm to sieve them out by studying the key schedule. We show by a differential characteristic of PRINCE whose expected differential probability is much larger than that of a random permutation, i.e., $$2^{-35}$$ vs. $$2^{-64}$$ . Yet, it is indeed singular which could be mis-used to mount a differential attack. Singular characteristics are found for 3-round AES and 3-round Midori-128 as well. Furthermore, taking the possible mismatches of the effective keys in a number of differential characteristics into consideration, we present singular clusters which indicates an empty intersection of the corresponding effective keys, and this is evidenced by showing two differential characteristics of the 2-round AES. We also show that characteristics are tightly linked to the key schedule, as shown in the paper, a valid characteristic in the AES-128 can be singular for the AES-192. Our results indicate a gap over the perspectives of the designers and the attackers, which warns the latter to validate the theoretically-built distinguishers. Therefore, a closer look into the characteristics is inevitable before any attack is claimed.
中文翻译:
微分特性的幻象
对于单密钥模型下的差分密码分析,在构造特征时几乎不需要利用密钥表,这是基于随机等价假设的。在本文中,我们研究了关键时间表对差异特征有效性的深刻影响。注意到特征对特定键的概率的敏感性,我们将特征具有非零概率的键标记为有效键。我们提出了奇异特征的概念,即没有有效密钥的特征,并通过研究密钥时间表来开发一种算法来筛选它们。我们展示了 PRINCE 的微分特征,其预期微分概率远大于随机排列的概率,即 $$2^{-35}$$ 与 $$2^{-64}$$ 。然而,它确实是单一的,可能会被误用于发起差异化攻击。3 轮 AES 和 3 轮 Midori-128 也发现了奇异特征。此外,考虑到有效密钥在多个差分特征中可能的不匹配,我们提出了表示相应有效密钥的空交集的奇异簇,这通过显示 2 轮 AES 的两个差分特征来证明。我们还表明特征与密钥时间表紧密相关,如论文中所示,AES-128 中的有效特征对于 AES-192 可能是奇异的。我们的结果表明设计者和攻击者的观点存在差距,这警告后者验证理论上构建的区分器。所以,
更新日期:2020-07-24
中文翻译:
微分特性的幻象
对于单密钥模型下的差分密码分析,在构造特征时几乎不需要利用密钥表,这是基于随机等价假设的。在本文中,我们研究了关键时间表对差异特征有效性的深刻影响。注意到特征对特定键的概率的敏感性,我们将特征具有非零概率的键标记为有效键。我们提出了奇异特征的概念,即没有有效密钥的特征,并通过研究密钥时间表来开发一种算法来筛选它们。我们展示了 PRINCE 的微分特征,其预期微分概率远大于随机排列的概率,即 $$2^{-35}$$ 与 $$2^{-64}$$ 。然而,它确实是单一的,可能会被误用于发起差异化攻击。3 轮 AES 和 3 轮 Midori-128 也发现了奇异特征。此外,考虑到有效密钥在多个差分特征中可能的不匹配,我们提出了表示相应有效密钥的空交集的奇异簇,这通过显示 2 轮 AES 的两个差分特征来证明。我们还表明特征与密钥时间表紧密相关,如论文中所示,AES-128 中的有效特征对于 AES-192 可能是奇异的。我们的结果表明设计者和攻击者的观点存在差距,这警告后者验证理论上构建的区分器。所以,
京公网安备 11010802027423号