论文部分内容阅读
衡量密码算法安全性的重要指标是该算法抵抗已知攻击的能力。所谓结构密码分析指的是与密码算法非线性组件无关的密码分析方法,比如不可能差分分析、零相关线性分析以及计算活跃S盒数目的下界等。本文以SPN结构为例,介绍结构密码分析的基本原理和方法。文章首先提出了结构的概念,并研究了结构的差分传播规律,文章指出,若α_1→β_1和α_2→β_2均是SPN结构的可能差分,则α_1|α_2→β_1|β_2也是该SPN结构的可能差分;其次将这些规律用于分组密码针对不可能差分分析的可证明安全中,针对SPN结构线性扩散层P,提出了本原指数的概念,并利用线性扩散层P的本原指数刻画了SPN结构最长不可能差分的轮数,指出了在不考虑S盒细节的情况下,AES算法不可能差分最长轮数恰好为4,因此,若想利用不可能差分密码分析方法对AES算法取得突破,我们必须充分研究AES算法S盒的性质;文章进一步提出了对偶结构的概念,证明了密码结构的不可能差分与对偶结构的零相关线性掩码是等价的,从而可同时给出分组密码针对零相关线性分析的可证明安全。
An important indicator of cryptographic algorithm security is the ability of the algorithm to resist known attacks. The so-called structural cryptanalysis refers to the cryptanalysis method that has nothing to do with the non-linear components of the cryptographic algorithm, such as impossibility of differential analysis, zero-correlation linear analysis and calculation of the lower bound of the number of active S-boxes. This text takes SPN structure as an example, introduced the basic principle and method of structural password analysis. Firstly, the concept of structure is proposed and the law of differential propagation of structure is studied. The paper points out that if α_1 → β_1 and α_2 → β_2 are possible differences of SPN structure, then α_1 | α_2 → β_1 | β_2 is also possible for the SPN structure Secondly, we apply these rules to the demonstrable safety that the group cipher can not be differentially analyzed, and propose the concept of the primitive index for the linear diffusion layer P of SPN structure. The original index of the linear diffusion layer P is used to characterize the SPN It is pointed out that it is impossible for the AES algorithm to differentiate the longest number of rounds exactly without considering the details of the S-box. Therefore, if it is impossible to use the differential cryptanalysis to obtain the AES algorithm We must fully study the properties of the S-box of AES algorithm. We further propose the concept of dual structure, and prove that the impossibility difference of cryptographic structure is equivalent to the zero-correlation linear mask of dual structure, Proven security of passwords against zero-correlation linear analysis.