低轮FOX分组密码的碰撞-积分攻击

FOX是最近推出的系列分组密码,它的设计思想基于可证安全的研究结果,且在各种平台上的性能优良.本文利用碰撞攻击和积分攻击相结合的技术分析FOX的安全性,结果显示碰撞-积分攻击比积分攻击有效,攻击对4轮FOX64的计算复杂度是2^45.4,对5轮FOX64的计算复杂度是2^109.4,对6轮FOX64的计算复杂度是2^173.4,对7轮FOX64的计算复杂度是2^237.4,且攻击所需数据量均为2⁹;也就是说4轮FOX64/64、5轮FOX64/128、6轮FOX64/192和7轮FOX64/256对本文攻击是不免疫的.

Collision-Integral Attack of Reduced-Round FOX

FOX are a family of block ciphers presented recently,which are based upon some results on proven security and have high performances on various platforms.In this paper,we construct some distinguishers between 3-round FOX and a random permutation of the blocks space.By using collision-searching techniques and integral attack,the distinguishers are used to attack on 4,5,6 and 7 rounds of FOX64.The four subkeys of 4-round FOX64 can be recovered with 2 9 chosen plaintexts and 2 45.4 encryptions.The five subkeys of 5-round FOX64 can be recovered with 2 9 chosen plaintexts and 2 109.4 encryptions.The six subkeys of 6-round FOX64 can be recovered with 2 9 chosen plaintexts and 2 173.4 encryptions.The seven subkeys of 7-round FOX64 can be recovered with 2 9 chosen plaintexts and 2 237.4 encryptions.Therefore,4-round FOX64/64,5-round FOX64/128,6-round FOX64/192 and 7-round FOX64/256 are not immune to Collision-Integral attack.