SHACAL-2算法中非线性函数的差分特性及其应用

SHACAL-2算法是欧洲NESSIE计划推荐的分组密码标准算法之一，选择函数和主函数是SHACAL-2算法中两类基本的非线性函数。该文分析了这两类非线性函数的差分特性，证明了当选择函数的第1个位置输入差分非零或者主函数的前两个位置中任意一个输入差分非零时(其它位置差分均为零)，对应差分方程解的个数仅与输入差分的重量有关。将这一特性引入到SHACHL-2算法的差分故障攻击中，结果表明至少需要160个随机故障才能使该攻击以超过60%的成功概率恢复512 bit的种子密钥，至少需要240个随机故障才能以超过98%的成功概率恢复512 bit的种子密钥。

Differential Analysis of the Nonlinear Functions of SHACAL-2 Algorithm and the Application

SHACAL-2 algorithm is one of the standard block ciphers recommended by European NESSIE plan. It includes two kinds of nonlinear functions, the choice function and the major function. This paper studies mainly differential properties of the two nonlinear functions, and it is shown that the number of solutions of the differential equation is only related with the weight of the input difference when the difference only appears at the first position of the choice function, or only appears at the first or the second position of the major function. This observation is applied to the differential fault analysis on SHACAL-2. The results demonstrate that at least 160 random faults are needed to obtain 512 bit key with successful probability more than 60%, while at least 240 random faults are needed to obtain 512 bit key with successful probability more than 98%.