改进的减轮E2算法中间相遇攻击
Improved Meet-in-the-middle Attacks on Reduced-round E2
杜小妮 1孙瑞 2郑亚楠 3梁丽芳3
作者信息
- 1. 西北师范大学数学与统计学院 兰州 730070;甘肃省数学与统计学基础学科研究中心 兰州 730070
- 2. 西北师范大学数学与统计学院 兰州 730070;西北师范大学密码技术与数据分析重点实验室 兰州 730070
- 3. 西北师范大学数学与统计学院 兰州 730070
- 折叠
摘要
E2算法是AES首轮征集的15个候选算法之一,具有优良的软硬件实现效率和较强的安全性.该文利用多重集和差分枚举技术,对E2算法进行中间相遇攻击.首先以E2-128为例,改进了已有的4轮中间相遇区分器,将5轮密钥恢复攻击预计算复杂度降低为231次5轮算法加密.其次针对E2-256,将所得区分器向后增加两轮,构造了6轮中间相遇区分器,并实现了9轮中间相遇攻击,攻击所需的数据复杂度为2105个选择明文,存储复杂度为2200 Byte,时间复杂度为2205次9轮算法加密.与现有对E2算法的安全性分析结果相比,该文实现了对E2-256最长轮数的攻击.
Abstract
E2 is one of the 15 candidate algorithms in the first round of AES,which has the characteristics of excellent software and hardware implementation efficiency and strong security.The meet-in-the-middle attacks on E2 are carried out in this paper by using multiset tabulation technique and differential enumeration technique.First,E2-128 is taken as an example to improve the existing 4-round meet-in-the-middle distinguisher,and the pre-computation complexity of 5-round key recovery attack is reduced to231 5-round encryptions.Second,for E2-256,a 6-round distinguisher is constructed from the new 4-round distinguisher by extending two rounds backward,and then a 9-round meet-in-the-middle attack is presented,whose data complexity is 2105 chosen plaintexts,memory complexity is 2200 Byte,and time complexity is 2205 9-round encryptions.Compared with the existing security analysis results of E2,the scheme achieves the longest number of attack rounds for E2-256.
关键词
分组密码/E2算法/中间相遇攻击/差分枚举技术Key words
Block cipher/E2/Meet-in-the-middle attack/Differential enumeration technique引用本文复制引用
基金项目
甘肃省自然科学基金重点资助项目(23JRRA685)
国家自然科学基金(62172337)
甘肃省基础研究创新群体项目(23JRRA684)
出版年
2024
NETL
NSTL
万方数据