轻量级分组密码算法PFP的差分分析

Differential Cryptanalysis of Lightweight Block Cipher PFP

陆金玉 ¹刘国强 ²熊黎依 ³孙兵 ²李超²

扫码查看

作者信息

1. 青岛大学计算机科学技术学院,青岛 266071
2. 国防科技大学理学院,长沙 410073;商用密码理论与技术创新湖南省工程研究中心,长沙 410073
3. 国防科技大学理学院,长沙 410073
折叠

摘要

PFP 算法是一种基于 Feistel 结构的轻量级分组密码算法,其轮函数设计借鉴了国际标准PRESENT 算法的设计思想,设计者主张 PFP 算法的 15 轮差分特征的概率小于等于 2-106.本文旨在评估 PFP 算法对差分分析的抵抗能力.借助自动化搜索技术,构建了用于搜索 PFP 算法差分特征的SMT 模型.首次给出了该算法完整 34 轮的最优差分特征,其中 26 轮的概率为 2-64,提供了比现有差分分析结果更准确、更长轮、更全面的安全评估.这也是关于 PFP 算法目前公开发表的轮数最长的区分器,其中,相较于已有不可能差分特征长 19 轮,相较于已有积分区分器长 15 轮.通过观察这些特征,发现PFP 算法存在高概率的迭代差分特征,利用这些迭代差分特征可以构造概率最优的 7-34 轮差分特征.此外,利用 25 轮区分器成功实施了对 27 轮PFP算法的密钥恢复攻击,表明PFP算法目前只有 20.6%的轮次(剩余 7 轮)作为安全冗余.同时,本文的密钥恢复攻击结果也优于现有对PFP算法的攻击结果.

Abstract

The PFP cipher is a lightweight block cipher based on the Feistel structure.Its round function design draws inspiration from the internationally recognized ISO standard PRESENT.The designers claim that the probability of the 15-round differential characteristics in PFP is less than or equal to 2-106.This study aims to evaluate the resistance of the PFP cipher against differential cryptanalysis.By employing automated search techniques,this study constructs an SMT model for searching the differential characteristics of PFP.This paper presents the optimal differential char-acteristics for all 34 rounds of PFP for the first time,of which the probability of 26-round is 2-64.Compared with the existing differential cryptanalysis results,it provides more accurate,longer rounds,and more comprehensive security evaluation.This also represents the longest distinguisher published for the PFP cipher,which is 19 rounds longer than the existing impossible differential characteristics and 15 rounds longer than the existing integral distinguisher.By observing these characteristics,this study finds the existence of high probability iterative differential characteristics of PFP and further constructs the optimal differential characteristics from 7 to 34 rounds.In addition,by using the 25-round characteristics,this study implements the key recovery attack for 27 rounds of PFP.This attack demonstrates that only 20.6%of the rounds(the remaining 7 rounds)in PFP offer a security margin.Additionally,the key recovery attack results presented in this paper outperforms existing attack results against the PFP cipher.

关键词

PFP算法/差分分析/迭代差分特征/SAT/SMT/密钥恢复攻击

Key words

PFP cipher/differential cryptanalysis/iterative differential characteristic/SAT/SMT/key recovery attack

引用本文复制引用

出版年

2024

密码学报

中国密码学会,北京信息科学技术研究院,中国科学技术出版社

密码学报

CSTPCDCSCD北大核心

ISSN：2095-7025

段落导航