减缩轮PRIDE算法的线性分析

PRIDE是Albrecht等人在2014美密会上提出的轻量级分组密码算法.PRIDE采用典型SPN密码结构，共迭代20轮.其设计主要关注于线性层，兼顾了算法的效率和安全.该文探讨了S盒和线性层矩阵的线性性质，构造了16条优势为2^-5的2轮线性逼近和8条优势为2^-3的1轮线性逼近.利用合适的线性逼近，结合密钥扩展算法、S盒的线性性质和部分和技术，我们对18轮和19轮PRIDE算法进行了线性分析.该分析分别需要2⁶⁰个已知明文，2^74.9次18轮加密和2⁶²个已知明文，2^74.9次19轮加密.另外，我们给出了一些关于S盒差分性质和线性性质之间联系的结论，有助于减少攻击过程中的计算量.本文是已知明文攻击.本文是关于PRIDE算法的第一个线性分析.

Linear Cryptanalysis of Reduced-Round PRIDE Block Cipher

PRIDE is a light weight block cipher designed by Albrecht et al.in CRYPTO 2014,which adopts the classical SPN (Substitution Permutation Network) structure and iterates for 20 rounds.The construction of linear layers is very interesting and performances good both in security and efficiency.This paper investigates the properties of the S-boxes and the linear matrices,and then constructs 16 different 2-round iterative linear approximations with the bis 2-5 and 8 different 1-round iterative linear approximations with the bis 2-3.Base on some suitable approximations,attacks on 18-round and 19-round PRIDE are presented by means of linear cryptanalysis with the properties of key schedule,the linear characteristics and the partial-sum technique,which need about 274.9 encryptions with 260 known plaintexts and 274.9 encryptions with 262 known plaintexts,respectively.Furthermore,some interesting links between differential and linear characteristics are shown,which are helpful to reduce the compute complexity.Our analysis is the first linear attack on PRIDE block cipher with known plaintexts.