不可能差分攻击AES中的新密钥筛选算法.doc

2012-07-13################2012-07-13#######2#012-07-13######## 董晓丽1，胡予濮1，陈 杰1,2 (1. 西安电子科技大学计算机网络与信息安全教育部重点实验室 西安 710071；2. 中国科学院软件研究所 北京 海淀区 100049) 【摘要】提出了一种不可能差分攻击AES的新密钥筛选算法，该算法首先利用表查询技术筛掉一部分错误密钥，再使用 分别征服攻击技术筛选剩余的密钥。研究结果表明，该算法在时间复杂度函数选择恰当的自变量时，时间复杂度低于已有的 密钥筛选方法。同时利用该算法改进了INDOCRYPT2008上针对AES的最新不可能差分攻击，给出了时间复杂度曲线，并且得 出最佳点。攻击7轮AES-128、7轮AES-192、7轮AES-256、8轮AES-256在保持数据量不变的情况下，存储访问次数分别由2117.2、 2118.8、2118.8、2229.7降低为2116.35、2116.54、2116.35、2228.21。 关 键 词 高级加密标准; 分组密码; 密码分析; 不可能差分; 密钥筛选; 时间复杂度 中图分类号 TN918.1 文献标识码 A doi:10.3969/j.issn.1001-0548.2011.03.014 New Key-Sieving Algorithm in Impossible Differential Attacks on AES DONG Xiao-li1, HU Yu-pu1, and CHEN Jie1,2 (1. Key Laboratory of Computer Networks Information Security of Ministry of Education, Xidian University Xi’an 710071； 2. Institute of Software, Chinese Academy of Sciences Haidian Beijing 100049) Abstract A new key-sieving algorithm used in impossible differential attacks on advanced encryption standard (AES) is proposed. In the new algorithm, table look-up technique is firstly applied to eliminate some error keys, and then a divide-and-conquer technique is adopted to sieve the others. It is shown that the new algorithm gains some advantage over previously published key-sieving algorithms with respect to the time complexity when proper independent variables are chosen in the function of the time complexity. Moreover, we improve the impossible differential attacks on AES proposed in INDOCRYPT2008 by means of the new algorithm, meanwhile the curves of time complexity are drawn and the best points are obtained. The memory accesses of attacks on 7-round AES-128, 7-round AES-192, 7-round AES-256, and 8-round AES-256 are reduced to 2116.35, 2116.54, 2116.35, and 2228.21 from 2117.2, 2118.8, 2118.8, and 2229.7, unchanged. Key words advanced encryption standard(AES); key sieving; time complexity respectively, and in the meanwhile the data complexity keeps block cipher; cryptanalysis;