|Table of Contents|

Linear distinguishing attack analysis on ZUC stream cipher

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2016年04期
Page:
450-
Research Field:
Publishing date:

Info

Title:
Linear distinguishing attack analysis on ZUC stream cipher
Author(s):
Tang Yongli1Han Di1Yan Xixi1Ye Qing1Li Zichen2
1.School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China; 2.School of Information Engineering,Beijing Institute of Graphic Communication,Beijing 102600,China
Keywords:
ZUC linear distinguishing attack linear approximation distinguisher linear masking
PACS:
TP309.7
DOI:
10.14177/j.cnki.32-1397n.2016.40.04.012
Abstract:
In order to probe into the security of the ZUC algorithm,linear distinguishing attack on the ZUC algorithm is proposed.In this paper,we first consider the linear approximation of 2-round nonlinear function F and get linear approximation equation,and the best advantage of the linear approximation equation is 2-22.6.By combining those linear approximations,we establish a distinguisher only depending on the keystream.In order to get the best advantage of distinguisher,we search the best linear masking and the best advantage of the distinguisher is about 2-65.5.The result shows that the key stream generated by ZUC is distinguishable from a random sequence after observing approximately O(2131)bits,and it proves that the ZUC algorithm is safe.By comparison,the result of the linear distinguishing attack is superior to other attacks.

References:

[1] ETSI/SAGE.Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3&128-EIA3.Document2:ZUC Specification[S].
[2]周威,王博,潘伟涛.祖冲之算法硬件实现与研究[J].国外电子测量技术,2015,34(7):66-71.
Zhou Wei,Wang Bo,Pan Weitao.ZUC hardware implementation research[J].Measurement & Control Technology Abroad,2015,34(7):66-71.
[3]Ding L,Liu S K,Zhang Z Y,et al.Guess and determine atack on ZUC based on solving nonlinear equations[J].Proc of the Record of the 1st Int'l Workshop on ZUC Algorithm,2010,26(6-7):1-8.
[4]关杰,丁林,刘树凯.SNOW3G与ZUC流密码的猜测决定攻击[J].软件学报,2013,24(6):1324-1333.
Guan Jie,Ding Lin,Liu Shukai.Guess and determine attack on SNOW3G and ZUC[J].Journal of Software,2013,24(6):1324-1333.
[5]唐明,高剑,孙乐昊.嵌入式平台下ZUC算法的侧信道频域攻击[J].山东大学学报,2014,49(9):29-34.
Tang Ming,Gao Jian,Sun Lehao.Side channel attacks in frequency domain for ZUC algorithm in embedded platform[J].Journal of Shandong University,2014,49(9):29-34.
[6]刘志强.分组密码的线性类分析方法研究[D].上海:上海交通大学计算机学院,2011.
[7]连至助.序列密码的设计与分析研究[D].西安:西安电子科技大学计算机学院,2011.
[8]李顺波,胡予濮,王艳.流密码Sosemanuk的区分攻击[J].哈尔滨工程大学学报,2012,33(2):259-262.
Li Shunbo,Hu Yupu,Wang Yan.Distinguishing attack on the stream cipher Sosemanuk[J].Journal of Harbin Engineering University,2012,33(2):259-262.
[9]Naya-Plasencia M.Cryptanalysis of achterbahn-128/80[C]//Fast Software Encryption-FSE2007.Luxem-bourg:Springer-Verlag,2007:73-86.
[10]Hakala R M,NyberyK.Linear distinguishing attack on Shannon[C]//Information Security and Privacy.Wollongong,Australia:Springer,2008:297-305.
[11]李顺波,胡予濮.eSTREAM候选算法的区分攻击研究[D].西安:西安电子科技大学计算机学院,2012:45-48.
[12]刘艳,潘丰.线性离散系统Delta域控制器设计[J].南京理工大学学报,2015,39(5):571-577.
Liu Yan,Pan Feng.Controller design for linear discrete-time system in delta-domain[J].Journal of Nanjing University of Science and Technology,2015,39(5):571-577.
[13]Cid C,Murphy S,Piper F,et al.ZUC algorithm evaluation report[R].London:Codes & Ciphers Ltd.,2010.

Memo

Memo:
-
Last Update: 2016-06-30