10轮Midori128的中间相遇攻击

轻量级分组密码由于软硬件实现代价小且功耗低，被广泛地运用资源受限的智能设备中保护数据的安全。Midori是在2015年亚密会议上发布的轻量级分组密码算法，分组长度分为64 bit和128 bit两种，分别记为Midori64和Midori128，目前仍没有Midori128抵抗中间相遇攻击的结果。通过研究Midori128算法基本结构和密钥编排计划特点，结合差分枚举和相关密钥筛选技巧构造了一条7轮中间相遇区分器。再在此区分器前端增加一轮，后端增加两轮，利用时空折中的方法，提出对10轮的Midori128算法的第一个中间相遇攻击，整个攻击需要的时间复杂度为2126.5次10轮Midori128加密，数据复杂度为2125选择明文，存储复杂度2105 128-bit块，这是首次对Midori128进行了中间相遇攻击。

Meet-in-the-middle attacks on 10-round Midori128

The lightweight block ciphers can be widely used in various applications, such as smart cities, internet of things and cloud computation and so on, in order to protect data and information secure. Midori is a lightweight block cipher proposed in ASIACRYPT 2015. Its block size has two scenarios, i. e, 64 bits and 128 bit, denoted by Midori64 and Midori128 respectively. Up to now, there are no results about meet-in-the-middle attacks on Midori128. This paper developed a meet-in-the-middle attack on 10-round Midori128 for the first time. Specifically, studying the basic construction and key schedule of Midori128, this paper constructed a 7-round distinguisher on Midori128 by using the differential enumeration and key-dependent sieve techniques. Through appending one round at its top and two rounds at its bottom, this paper mounted a meet-in-the-middle attack on 10-round Midori128. In the attack, time-memory tradeoff technique and some weak subkeys were considered so as to reduce the time complexity of online phase. Finally, the data, time and memory complexities of our attack are 2125 chosen plaintexts, 2126.5 10-round encryptions and 2105 128-bit blocks, respectively.