This paper combined the idea of invariant subspace attacks with linear cryptanalysis,and proposed a spectral invariant subspace analysis method. This approach leveraged the property of spectral invariant subspaces to distinguish a block cipher by examining whether a pair of input/output linear masks resides within the same non-trivial subspace. Firstly,it demonstrated that if an S-box satisfied the spectral invariant subspace property,it was linearly equivalent to several smaller S-boxes operating in parallel. Secondly,an efficient algorithm for searching spectral invariant subspaces of S-boxes was presented,which proved effective for commonly used sizes of S-boxes. Furthermore,if the S-boxes employed in a word-based block cipher shared the same spectral invariant subspace,then it followed that the entire cipher possesses this characteristic as well. By utilizing this property,an infinite-round distinguisher with probability 1 for the target cipher was constructed. This paper offered new insights into the relationship between S-boxes and block cipher security and provided valuable guidance for designing new block ciphers. As application,an infinite-round distinguisher with probability 1 specifically for variant Midori128 was developed.
关键词
线性密码分析/基于字的分组密码/谱值不变子空间/Midori128
Key words
linear cryptanalysis/word-based block ciphers/spectral invariant subspace/Midori128
维普
万方数据