【 摘 要 】

Integral cryptanalysis, which is based on the existence of (higher-order) integral distinguishers, is a powerful cryptographic method that can be used to evaluate the security of modern block ciphers. In this paper, we focus on SPN ciphers and propose a criterion to characterize how an r-round integral distinguisher can be extended to an (r+1)-round higher-order integral. This criterion, which builds a link between integral and higher-order integral of SPN cipher, is based on the theory of direct decomposition of a linear space. It can be utilized to unify the procedure for finding 4-round high-order integral distinguishers of AES and ARIA and can be further adopted to analyze higher-order integral distinguishers of various block cipher structures. We hope that the idea presented in the paper can be generalized to other kinds of block ciphers and can thus provide rigorous distinguishing bounds for block ciphers.

【 授权许可】

   

【 预 览 】

附件列表

Files	Size	Format	View
20150521125712317.pdf	312KB	PDF	download

【 参考文献 】

• [1]L.R. Knudsen and D. Wagner, "Integral Cryptanalysis," FSE, LNCS 2365, Springer, 2002, pp. 112-127.
• [2]J. Daemen, L.R. Knudsen, and V. Rijmen, "The Block Cipher SQUARE," FSE, LNCS 1267, Springer, 1997, pp. 149-165.
• [3]S. Lucks, "The Saturation Attack -- A Bait for Twofish," FSE, LNCS 2355, Springer, 2002, pp. 1-15.
• [4]A. Biryukov and A. Shamir, "Structural Cryptanalysis of SASAS," J. Cryptology, vol. 23, Springer, 2010, pp. 505-518.
• [5]E. Biham and A. Shamir. "Differential Cryptanalysis of DES-like Cryptosystems," J. Cryptology, LNCS, vol. 537, Springer, 1991, pp. 2-21.
• [6]FIPS Publication 197, Specification for the Advanced Encryption Standard (AES), US Department of Commerce, National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL), Gaithersburg, MD, USA, 2001.
• [7]D. Kwon et al., "New Block Cipher: ARIA," ICISC, LNCS, vol. 2971, Springer, 2004, pp.432-445.
• [8]M. Matsui, "Linear Cryptanalysis Method for DES Cipher," EuroCrypt, LNCS, vol. 765, Springer, 1994, pp. 386-397.
• [9]S. Hong et al., "Provable Security Against Differential and Linear Cryptanalysis for the SPN Structure," FSE, LNCS, vol. 1978, Springer, 2001, pp. 273-283.
• [10]J.-S. Kang et al., "Practical and Provable Security Against Differential and Linear Cryptanalysis for Substitution-Permutation Networks," ETRI J., vol. 23, no. 4, Dec. 2001, pp. 158-167.
• [11]S. Park et al., "Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES," FSE, LNCS, vol. 2887, Springer, 2003, pp. 247-260.
• [12]J. Daemen and V. Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard, Springer-Verlag, 2002.
• [13]H. Gilbert and M. Minier, "A Collision Attack on 7 Rounds of Rijndael," 3rd Adv. Encryption Standard Candidate Conf., 2000, pp. 230-241.
• [14]N. Ferguson et al., "Improved Cryptanalysis of Rijndael," FSE, LNCS, vol. 1978, Springer, 2001, pp. 213-230.
• [15]P. Li, B. Sun, and C. Li, "Integral Cryptanalysis of ARIA," INSCRYPT, LNCS, vol. 6151, Springer, 2011, pp. 1-14.
• [16]Y. Li, W. Wu, and L. Zhang. "Integral Attacks on Reduced-Round ARIA Block Cipher," ISPEC, LNCS, vol. 6047, Springer, 2010, pp. 19-29.
• [17]J. Kim et al., "Impossible Differential Cryptanalysis for Block Cipher Structures," INDOCRYPT, LNCS, vol. 2904, Springer, 2003, pp. 82-96.
• [18]J. Kim, S. Hong, and J. Lim, "Impossible Differential Cryptanalysis Using Matrix Method," Discrete Mathematics, vol. 310, no. 5, Elsevier, 2010, pp. 988-1002.
• [19]K. Nyberg, "Generalized Feistel Networks," ASIACRYPT, LNCS, vol. 1163, Springer, 1996, pp. 91-104.
• [20]J. Choy et al., "Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure," ACISP, LNCS, vol. 5594, Springer, 2009, pp. 73-89.
• [21]R. Li et al., "Cryptanalysis of a Generalized Unbalanced Feistel Network Structure," ACISP, LNCS, vol. 6168, Springer, 2010, pp. 1-18.