English

应用科学学报 ›› 2013, Vol. 31 ›› Issue (6): 650-655.doi: 10.3969/j.issn.0255-8297.2013.06.015

• 计算机科学与应用 • 上一篇    下一篇

变形ARIA 密码算法的新攻击

韦永壮1,2, 苏崇茂1, 马春波1   

  1. 1. 桂林电子科技大学广西信息科学实验中心,广西桂林541004
    2. 中国科学院软件研究所, 北京100190
  • 收稿日期:2011-11-17 修回日期:2013-10-26 出版日期:2013-11-29 发布日期:2013-10-26
  • 作者简介:韦永壮,博士,研究方向:密码算法设计与分析,E-mail: walker_wei@msn.com
  • 基金资助:

    国家自然科学基金(No.61100185);广西自然科学基金(No.2011GXNSFB018071);广西无线宽带通信与信号处理重点实验
    室(桂林电子科技大学)主任基金(No.11101);保密通信重点实验室基金(No.9140C110404110C1106);中国博士后科学基金
    (No.2011M500419)资助

New Attacks on a Variant ARIA Cipher

WEI Yong-zhuang 1,2, SU Chong-mao1, MA Chun-bo1   

  1. 1. Guangxi Experiment Center of Information Science, Guilin University of Electronic Technology, Guilin 541004, Guangxi province, China
    2. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
  • Received:2011-11-17 Revised:2013-10-26 Online:2013-11-29 Published:2013-10-26

PDF

1403

摘要: ARIA 密码是韩国官方公布的分组密码标准算法,其分组长度为128 比特,支持128 比特、192 比特、256 比特3 种密钥长度. 该文检验变形ARIA,即采用相同S 盒的ARIA 算法抵抗中间相遇攻击的能力. 利用ARIA 算法结构,分别构造4、5、6 轮变形ARIA 的相遇区分器,并由此给出7 轮ARIA-192、8 轮ARIA-192、9
轮ARIA-256 的新攻击. 结果表明,如果ARIA 密码算法采用相同的S 盒,那么其安全性将明显降低. 该文还进一步说明:如果分组密码算法的非线性层与线性层组合不当,在采用时空折中方法时往往可打破数据复杂度和预处理时间复杂度等量交换的瓶颈,进而提高攻击效率.

关键词: 分组密码, ARIA 算法, 中间相遇攻击, 时间复杂度

Abstract: ARIA cipher is a standard block cipher published by South Korean. Its block size is 128 bits and supports three key lengths: 128 bits, 192 bits, and 256 bits. In this paper, the security of a variant ARIA cipher using the same S boxes against the meet-in-the-middle attack is examined. Based on the structure of
the cipher, we design 4-round, 5-round, and 6-round distinguishers, respectively. Moreover, some new attacks on 7-round ARIA-192, 8-round ARIA-192, and 9-round ARIA-256 are proposed. It is shown that the security of ARIA will be reduced significantly if the cipher only uses a nonlinear S box. Furthermore, if the linear and nonlinear layers are not properly combined, one can break the equivalent tradeoff between the dada complexity and the preprocess time complexity under a dada-time-memory tradeoff attack. In this case, a more effective attack may be obtained.

Key words: block cipher, ARIA cipher, meet-in-the-middle attack, time complexity

中图分类号: