Automated Differential-Linear Cryptanalysis for AND-RX Ciphers

IF 1.3 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS IET Information Security Pub Date : 2024-05-21 DOI:10.1049/2024/6164262

Wenya Li, Kai Zhang, Bin Hu

{"title":"Automated Differential-Linear Cryptanalysis for AND-RX Ciphers","authors":"Wenya Li, Kai Zhang, Bin Hu","doi":"10.1049/2024/6164262","DOIUrl":null,"url":null,"abstract":"<div>\n Differential and linear cryptanalysis are two important methods to evaluate the security of block ciphers. Building on these two methods, differential-linear (DL) cryptanalysis was introduced by Langford and Hellman in 1994. This cryptanalytic method has been not only extensively researched but also proven to be effective. In this paper, a security evaluation framework for AND-RX ciphers against DL cryptanalysis is proposed, which is denoted as <math></math>. In addition to modeling the structure of all the possible differential trails and linear trails at the bit level, we introduce a method to calculate this structure round by round. Based on this approach, an automatic algorithm is proposed to construct the DL distinguisher. Unlike previous methods, <math></math> uses a truncated differential and a linear hull instead of a differential characteristic and a linear approximation, which brings the bias of the DL distinguisher close to the experimental value. To validate the effectiveness of the framework, <math></math> is applied to Simon and Simeck, which are two typical AND-RX ciphers. With the automatic algorithm, we discover an 11-round DL distinguisher of Simon32 with bias 2−14.89 and a 12-round DL distinguisher of Simeck32 with bias 2−14.89. Moreover, the 14-round DL distinguisher of Simon48 with bias 2−22.30 is longer than the longest DL distinguisher currently known. In addition, the framework <math></math> shows advantages when analyzing ciphers with large block sizes. As far as we know, for Simon64/96/128 and Simeck48/64, the first DL distinguishers are obtained with our framework. The DL distinguishers are 16, 23, 32, 17, and 22 rounds of Simon64/96/128 and Simeck48/64 with bias 2−24.31, 2−47.57, 2−60.75, 2−22.54, and 2−31.41, respectively. To prove the correctness of distinguishers, experiments on Simon32 and Simeck32 have been performed. The experimental bias are 2−13.76 and 2−14.82, respectively. Comparisons of the theoretical and experimental results show good agreement.\n </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2024-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/6164262","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/2024/6164262","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Differential and linear cryptanalysis are two important methods to evaluate the security of block ciphers. Building on these two methods, differential-linear (DL) cryptanalysis was introduced by Langford and Hellman in 1994. This cryptanalytic method has been not only extensively researched but also proven to be effective. In this paper, a security evaluation framework for AND-RX ciphers against DL cryptanalysis is proposed, which is denoted as . In addition to modeling the structure of all the possible differential trails and linear trails at the bit level, we introduce a method to calculate this structure round by round. Based on this approach, an automatic algorithm is proposed to construct the DL distinguisher. Unlike previous methods, uses a truncated differential and a linear hull instead of a differential characteristic and a linear approximation, which brings the bias of the DL distinguisher close to the experimental value. To validate the effectiveness of the framework, is applied to Simon and Simeck, which are two typical AND-RX ciphers. With the automatic algorithm, we discover an 11-round DL distinguisher of Simon32 with bias 2^−14.89 and a 12-round DL distinguisher of Simeck32 with bias 2^−14.89. Moreover, the 14-round DL distinguisher of Simon48 with bias 2^−22.30 is longer than the longest DL distinguisher currently known. In addition, the framework shows advantages when analyzing ciphers with large block sizes. As far as we know, for Simon64/96/128 and Simeck48/64, the first DL distinguishers are obtained with our framework. The DL distinguishers are 16, 23, 32, 17, and 22 rounds of Simon64/96/128 and Simeck48/64 with bias 2^−24.31, 2^−47.57, 2^−60.75, 2^−22.54, and 2^−31.41, respectively. To prove the correctness of distinguishers, experiments on Simon32 and Simeck32 have been performed. The experimental bias are 2^−13.76 and 2^−14.82, respectively. Comparisons of the theoretical and experimental results show good agreement.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

AND-RX 密码的自动差分线性密码分析

微分和线性密码分析是评估块密码安全性的两种重要方法。在这两种方法的基础上，Langford 和 Hellman 于 1994 年提出了差分-线性（DL）密码分析法。这种密码分析方法不仅被广泛研究，而且被证明是有效的。本文提出了一个针对 DL 密码分析的 AND-RX 密码安全评估框架，并将其命名为 K6。除了在比特级对所有可能的差分轨迹和线性轨迹的结构进行建模外，我们还引入了一种逐轮计算这种结构的方法。基于这种方法，我们提出了一种构建 DL 识别器的自动算法。与之前的方法不同，K6 使用的是截断差分和线性外壳，而不是差分特征和线性近似，这使得 DL 区分器的偏差接近实验值。为了验证该框架的有效性，K6 被应用于 Simon 和 Simeck 这两个典型的 AND-RX 密码。通过自动算法，我们发现 Simon32 的 11 轮 DL 鉴别器偏差为 2-14.89，Simeck32 的 12 轮 DL 鉴别器偏差为 2-14.89。此外，偏差为 2-22.30 的西蒙 48 的 14 轮 DL 识别器比目前已知的最长 DL 识别器还要长。此外，K6 框架在分析大块大小的密码时也显示出优势。据我们所知，对于 Simon64/96/128 和 Simeck48/64，我们的框架首次获得了 DL 识别器。西蒙 64/96/128 和西梅克 48/64 的 DL 识别器分别为 16、23、32、17 和 22 轮，偏差分别为 2-24.31、2-47.57、2-60.75、2-22.54 和 2-31.41。为了证明区分器的正确性，对 Simon32 和 Simeck32 进行了实验。实验偏差分别为 2-13.76 和 2-14.82。理论结果和实验结果的比较显示出良好的一致性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf