基于SMT的ACORN v3算法的差分分析
Differential Cryptanalisis of ACORN v3 based on SMT
马成栋 1蒋梓龙 2魏鹏3
作者信息
- 1. 信息工程大学密码工程学院,郑州 450001
- 2. 军事科学院国防科技创新研究院,北京 100071
- 3. 武警重庆总队船艇支队,重庆 400000
- 折叠
摘要
ACORN v3算法是凯撒竞赛胜出的认证加密算法之一.本文考虑状态更新过程中非线性函数对状态差分传递的影响,给出ACORN v3算法非线性函数的差分传递模型,通过分析ACORN v3算法解密验证阶段的状态更新,重新评估了算法抗差分伪造攻击的能力,将ACORN v3算法认证阶段的有效差分伪造攻击轮数的上界从86轮提升到了102轮.本文对该算法初始化阶段分析,在选择IV的攻击条件下,通过在IV处注入差分,给出ACORN v3算法初始化阶段的差分分析,对模型求解情况进行分类,以概率1得到初始化阶段461轮输出密钥流的差分区分器,选取了 10对满足输入差分的IV,以99.9%的成功率将初始化461轮的ACORN算法和随机置换产生的密钥流区分开来.
Abstract
ACORN v3 is one of the winning algorithms of CAESAR competition.In this paper,we consider the impact of the nonlinear function on the state differential propagation during the state update process,and presents a differential propagation mod-el for the nonlinear function of the ACORN v3 algorithm.By analyzing the state update in the decryption and verification stage of ACORN v3,the differential transmission model of this stage was given and the ability of the algorithm to resist differential forgery attack was reevaluated.The upper bound of differential forgery attack in the authentication stage of the algorithm was raised from 86 rounds to 102 rounds.The initialization stage of the algorithm was analyzed.Under the attack condition of selecting Ⅳ,injecting difference at Ⅳ,the differential transmission model of the initialization stage based on SMT was given,the solution of the model was classified,and a 461 rounds differential divider of the keystream in the initialization stage was obtained to distinguish attack with probability 1.Ten pairs of IVS satisfying the input difference were selected,and the keystream generated could be distinguish-ed by initialization stage of 461 rounds of ACORN v3 and random permutation with a success rate of 99.9%.
关键词
CAESAR竞赛/ACORN/v3算法/差分分析/SAT/SMTKey words
CAESAR competition/ACORN v3/differential cryptanalysis/SAT/SMT引用本文复制引用
出版年
2024
NETL
NSTL
万方数据