###
Journal of Software:2012.23(1):171-176

流密码算法Grain 的立方攻击
宋海欣,范修斌,武传坤,冯登国
(中国科学院 软件研究所 信息安全国家重点实验室,北京 100190;中国科学院 研究生院,北京 100049)
Cube Attack on Grain
SONG Hai-Xin,FAN Xiu-Bin,WU Chuan-Kun,FENG Deng-Guo
(State Key Laboratory of Information Security, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China;Graduate University, The Chinese Academy of Sciences, Beijing 100049, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 3842   Download 4312
Received:October 26, 2010    Revised:December 31, 2010
> 中文摘要: Dinur 和Shamir 在2009 年欧洲密码年会上提出了立方攻击的密码分析方法.Grain 算法是欧洲序列密码工程eSTREAM 最终入选的3 个面向硬件实现的流密码算法之一,该算法密钥长度为80 比特,初始向量(initialvector,简称IV)长度为64 比特,算法分为初始化过程和密钥流产生过程,初始化过程空跑160 拍.利用立方攻击方法对Grain 算法进行了分析,在选择IV 攻击条件下,若算法初始化过程空跑70 拍,则可恢复15 比特密钥,并找到了关于另外23 比特密钥的4 个线性表达式;若算法初始化过程空跑75 拍,则可恢复1 比特密钥.
Abstract:At EUROCRYPT 2009, Dinur and Shamir proposed a new type of algebraic attacks named cube attack. Grain is one of the 3 final hardware-oriented stream ciphers in the eSTREAM portfolio, which takes an 80-bit secret key and a 64-bit initial vector as input and produces its keystream after 160 rounds of initialization. Applying cube attack on Grain with 70 initialization rounds, the study finds that 15-bit secret key can be recovered and can find 4 linear equations on another 23 bits of the secret key. Moreover, 1-bit secret key can be recovered by applying cube attack on Grain with 75 initialization rounds.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(60833008, 60902024) 国家自然科学基金(60833008, 60902024)
Foundation items:
Reference text:

宋海欣,范修斌,武传坤,冯登国.流密码算法Grain 的立方攻击.软件学报,2012,23(1):171-176

SONG Hai-Xin,FAN Xiu-Bin,WU Chuan-Kun,FENG Deng-Guo.Cube Attack on Grain.Journal of Software,2012,23(1):171-176