对轻量级分组密码I-PRESENT-80和I-PRESENT-128的biclique攻击.PDFVIP

第 38 卷第 11 期 通 信 学 报 Vol.38 No.11 2017 年 11 月 Journal on Communications November 2017 doi:10.11959/j.issn.1000-436x.2017214 对轻量级分组密码 I-PRESENT-80 和 I-PRESENT-128 的biclique 攻击 崔杰，左海风，仲红 （安徽大学计算机科学与技术学院，安徽合肥 230039 ） 摘 要：I-PRESENT 是一种适用于 RFID 、无线传感节点等资源受限环境的代换——置换型分组密码。利用中间 筛选技术来构造 I-PRESENT 的biclique 结构，首次对全轮 I-PRESENT-80 和 I-PRESENT-128 算法进行了 biclique 攻击。结果表明，biclique 对 I-PRESENT-80 和 I-PRESENT-128 攻击的数据复杂度分别为 226 和 236 个选择密文； 攻击的时间复杂度分别为 279.48 和 2127.33 次加密。攻击在时间复杂度和数据复杂度上均优于穷举。利用提出的 I-PRESENT 的密钥相关性技术，攻击的时间复杂度可以进一步降低到278.61 和 2126.48 。 关键词：轻量级分组密码；PRESENT ；预计算匹配；biclique 攻击 中图分类号：TN918.1 文献标识码：A Biclique cryptanalysis on lightweight block ciphers I-PRESENT-80 and I- PRESENT-128 CUI Jie, ZUO Hai-feng, ZHONG Hong (College of Computer Science and Technology, Anhui University, Hefei 230039, China) Abstract: I-PRESENT was a lightweight SPN block cipher for resource-constraint environments such as RFID tags and sensor networks. The biclique structures of I-PRESENT with sieve-in-the-middle technique was an constracted. The bic- lique cryptanalysis schemes on full-round I-PRESENT-80 and I-PRESENT-128 were proposed for the first time. The re- sults show that the data complexity of the biclique cryptanalysis on I-PRESENT-80 and I-PRESENT-128 is 226 and 236 chosen ciphertexts respectively ，and the time complexity on them is 279.48 and 2127.33 encryptions respectively. The time and data complexity are better than that of the exhaustive attack. In addition, the time complexity on