对18轮SMS4的改进矩形攻击
Improved Rectangle Attack on SMS4 Reduced to 18 Rounds
SMS4是一个32轮的加密算法,它的分组长度和密钥长度都为128比特。SMS4应用于WAPI,中国的无线局域网国家标准。在这篇论文中,本文分析了SMS4对抗矩形攻击的安全性。首先描述了SMS4的两个特性。然后提出一个概率为2^-250的16 轮的矩形区分器。最后用这个区分器攻击了18轮的SMS4,空间复杂度为2^127个选择明文,时间复杂度为2^103.83次18轮加密。在这个过程中利用了一个哈希表来降低时间复杂度。本文的攻击是目前对SMS4最有效的矩形攻击。
SMS4 is a 32-round block cipher with 128-bit block size and 128-bit secret key. It is used in WAPI, the Chinese WLAN national standard. This paper analyzes the security of SMS4 against the rectangle attack. First, this paper describes two properties of SMS4. Next, it proposes the 16-round rectangle distinguisher with probability 2^-250. Finally, the rectangle attack is then carried out on 18-round SMS4 with 2^127 chosen plaintexts and the time complexity is 2^103.83 18-round encryptions. In this process a hash table is used to reduce the time complexity. This attack is the best rectangle attack on SMS4 so far.
孔祥龙、王薇、徐秋亮
电子对抗
密码学SMS4矩形攻击
ryptanalysisSMS4Rectangle attack
孔祥龙,王薇,徐秋亮.对18轮SMS4的改进矩形攻击[EB/OL].(2013-09-06)[2025-08-23].http://www.paper.edu.cn/releasepaper/content/201309-101.点此复制
评论