Subterranean-SAE算法的条件立方攻击 |
| |
作者姓名: | 刘勇 陈思维 张莎莎 向泽军 曾祥勇 |
| |
作者单位: | 湖北大学数学与统计学学院应用数学湖北省重点实验室 |
| |
基金项目: | 武汉市科技局应用基础前沿项目(2020010601012189);国家自然科学基金(61802119)。 |
| |
摘 要: | 美国国家标准与技术研究院(NIST)于2018年开始征集轻量级认证加密和哈希算法标准,其中Subterranean 2.0密码套件是晋级到第二轮的32个候选算法之一.Subterranean-SAE是Subterranean 2.0密码套件中的一种认证加密工作模式.2019年,刘富康等人对4轮空白轮(4 blank r...
|
关 键 词: | Subterranean 2.0密码套件 Subterranean-SAE 条件立方攻击 三子集可分性 |
Conditional Cube Attacks on Subterranean-SAE |
| |
Authors: | LIU Yong CHEN Si-Wei ZHANG Sha-Sha XIANG Ze-Jun ZENG Xiang-Yong |
| |
Affiliation: | (Hubei Key Laboratory of Applied Mathematics,Faculty of Mathematics and Statistics,Hubei University,Wuhan 430062,China) |
| |
Abstract: | The National Institute of Standards and Technology(NIST)initiated the call for submissions of lightweight authenticated encryption and hash algorithms in 2018,and Subterranean 2.0 cipher suite is one of the 32 second-round candidates.Subterranean-SAE is the authenticated encryption mode of Subterranean 2.0 cipher suite.In 2019,a conditional cube attack based key recovery attack on 4 blank rounds reduced Subterranean-SAE was presented by Liu et al.,and the effectiveness of this attack is based on the premise that the algebraic degrees of the outputs are 64 when the conditions are met;otherwise,the algebraic degrees are 65.However,the effectiveness of the attack was not verified.This paper proposes a new technique based on three-subset division property to evaluate the algebraic degrees of output bits when initial states are unknown.Moreover,this technique is applied to Subterranean-SAE with 4 blank rounds.The results of our experiments show that the algebraic degrees of all output bits of Subterranean-SAE with 4 blank rounds are upper bounded by 63,which proves that Liu et al.'s key-recovery attack is in fact a distinguishing attack.Furthermore,Liu et al.'s technique of searching cubes is extended in this paper by decreasing the size of cubes and choosing cube variables from more possible positions.As a result,24 of 33-dimensional cubes are obtained based on which a conditional cube attack on 4 blank rounds reduced Subterranean-SAE can be made successful.This paper partially veri?ed the proposed conditional cube attack by experiments,and a full 128-bit key can be recovered with data complexity of 2^{41.8}and time complexity of 2^{124}respectively.Although the proposed attack on reduced Subterranean-SAE does not threaten the security of Subterranean-SAE,it is helpful to better understand the security of Subterranean-SAE. |
| |
Keywords: | Subterranean 2 0 cipher suite Subterranean-SAE conditional cube attack three-subset division property |
本文献已被 维普 等数据库收录! |