[1]汤永利,韩 娣,闫玺玺,等.祖冲之序列密码的线性区分攻击分析[J].南京理工大学学报(自然科学版),2016,40(04):450.[doi:10.14177/j.cnki.32-1397n.2016.40.04.012]
 Tang Yongli,Han Di,Yan Xixi,et al.Linear distinguishing attack analysis on ZUC stream cipher[J].Journal of Nanjing University of Science and Technology,2016,40(04):450.[doi:10.14177/j.cnki.32-1397n.2016.40.04.012]
点击复制

祖冲之序列密码的线性区分攻击分析
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
40卷
期数:
2016年04期
页码:
450
栏目:
出版日期:
2016-08-29

文章信息/Info

Title:
Linear distinguishing attack analysis on ZUC stream cipher
文章编号:
1005-9830(2016)04-0450-05
作者:
汤永利1韩 娣1闫玺玺1叶 青1李子臣2
1.河南理工大学 计算机科学与技术学院,河南 焦作 454003; 2.北京印刷学院 信息工程学院,北京 102600
Author(s):
Tang Yongli1Han Di1Yan Xixi1Ye Qing1Li Zichen2
1.School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China; 2.School of Information Engineering,Beijing Institute of Graphic Communication,Beijing 102600,China
关键词:
祖冲之算法 线性区分攻击 线性逼近 区分器 线性掩码
Keywords:
ZUC linear distinguishing attack linear approximation distinguisher linear masking
分类号:
TP309.7
DOI:
10.14177/j.cnki.32-1397n.2016.40.04.012
摘要:
为了探讨祖冲之算法(ZUC)的安全性,该文对ZUC算法进行了线性区分攻击分析。文中对ZUC算法中两轮非线性函数F最优化线性逼近,得到线性逼近方程式,计算线性逼近的偏差为2-22.6。利用线性逼近方程式构造仅包含输出密钥流的区分器,并寻找最优掩码使区分器的偏差最大,在最优线性掩码的基础上计算得到区分器的区分偏差为2-65.5。该攻击需要约O(2131比特)密钥流,就能把随机序列与密钥流序列区分开,从理论上证明了ZUC算法的安全性。最后通过与已有的安全性分析结果对比发现,该文的线性区分攻击结果有一定的优越性。
Abstract:
In order to probe into the security of the ZUC algorithm,linear distinguishing attack on the ZUC algorithm is proposed.In this paper,we first consider the linear approximation of 2-round nonlinear function F and get linear approximation equation,and the best advantage of the linear approximation equation is 2-22.6.By combining those linear approximations,we establish a distinguisher only depending on the keystream.In order to get the best advantage of distinguisher,we search the best linear masking and the best advantage of the distinguisher is about 2-65.5.The result shows that the key stream generated by ZUC is distinguishable from a random sequence after observing approximately O(2131)bits,and it proves that the ZUC algorithm is safe.By comparison,the result of the linear distinguishing attack is superior to other attacks.

参考文献/References:

[1] ETSI/SAGE.Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3&128-EIA3.Document2:ZUC Specification[S].
[2]周威,王博,潘伟涛.祖冲之算法硬件实现与研究[J].国外电子测量技术,2015,34(7):66-71.
Zhou Wei,Wang Bo,Pan Weitao.ZUC hardware implementation research[J].Measurement & Control Technology Abroad,2015,34(7):66-71.
[3]Ding L,Liu S K,Zhang Z Y,et al.Guess and determine atack on ZUC based on solving nonlinear equations[J].Proc of the Record of the 1st Int'l Workshop on ZUC Algorithm,2010,26(6-7):1-8.
[4]关杰,丁林,刘树凯.SNOW3G与ZUC流密码的猜测决定攻击[J].软件学报,2013,24(6):1324-1333.
Guan Jie,Ding Lin,Liu Shukai.Guess and determine attack on SNOW3G and ZUC[J].Journal of Software,2013,24(6):1324-1333.
[5]唐明,高剑,孙乐昊.嵌入式平台下ZUC算法的侧信道频域攻击[J].山东大学学报,2014,49(9):29-34.
Tang Ming,Gao Jian,Sun Lehao.Side channel attacks in frequency domain for ZUC algorithm in embedded platform[J].Journal of Shandong University,2014,49(9):29-34.
[6]刘志强.分组密码的线性类分析方法研究[D].上海:上海交通大学计算机学院,2011.
[7]连至助.序列密码的设计与分析研究[D].西安:西安电子科技大学计算机学院,2011.
[8]李顺波,胡予濮,王艳.流密码Sosemanuk的区分攻击[J].哈尔滨工程大学学报,2012,33(2):259-262.
Li Shunbo,Hu Yupu,Wang Yan.Distinguishing attack on the stream cipher Sosemanuk[J].Journal of Harbin Engineering University,2012,33(2):259-262.
[9]Naya-Plasencia M.Cryptanalysis of achterbahn-128/80[C]//Fast Software Encryption-FSE2007.Luxem-bourg:Springer-Verlag,2007:73-86.
[10]Hakala R M,NyberyK.Linear distinguishing attack on Shannon[C]//Information Security and Privacy.Wollongong,Australia:Springer,2008:297-305.
[11]李顺波,胡予濮.eSTREAM候选算法的区分攻击研究[D].西安:西安电子科技大学计算机学院,2012:45-48.
[12]刘艳,潘丰.线性离散系统Delta域控制器设计[J].南京理工大学学报,2015,39(5):571-577.
Liu Yan,Pan Feng.Controller design for linear discrete-time system in delta-domain[J].Journal of Nanjing University of Science and Technology,2015,39(5):571-577.
[13]Cid C,Murphy S,Piper F,et al.ZUC algorithm evaluation report[R].London:Codes & Ciphers Ltd.,2010.

备注/Memo

备注/Memo:
收稿日期:2015-12-08 修回日期:2016-06-17
基金项目:国家自然科学基金(61370188; 61300216); 河南省科技厅国际科技合作计划(152102410048); 河南省基础与前沿技术研究(142300410147); 河南省教育厅自然科学项目(12A520021); 河南理工大学博士基金(B2013-043; B2014-044)
作者简介:汤永利(1972-),男,博士,副教授,主要研究方向:密码学算法监测、信息安全,E-mail:yltang@hpu.edu.cn; 通讯作者:韩娣(1989-),女,硕士生,主要研究方向:序列密码,信息安全,E-mail:handi2020@163.com。
引文格式:汤永利,韩娣,闫玺玺,等.祖冲之序列密码的线性区分攻击分析[J].南京理工大学学报,2016,40(4):450-454.
投稿网址::http://zrxuebao.njust.edu.cn
更新日期/Last Update: 2016-06-30