èŠ‚ç‚¹æ–‡çŒ®

æ”¹è¿›çš„MIBS-64ç®—æ³•ç§¯åˆ†åˆ†æžç ”ç©¶

Improved Integral Attacks on MIBS-64 Block Cipher

æŽ¨è CAJä¸‹è½½
PDFä¸‹è½½
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æŽè‰³ä¿Šï¼› å™å¯é¾™ï¼› æ¬§æµ·æ–‡ï¼› æ±ªæŒ¯ï¼›

ã€Authorã€‘ LI Yan-Jun;SUN Qi-Long;OU Hai-Wen;WANG Zhen;Beijing Electronic Science and Technology Institute;State Key Laboratory of Cryptology;

ã€é€šè®¯ä½œè€…ã€‘ å™å¯é¾™;

ã€æœºæž„ã€‘ åŒ—äº¬ç”µåç§‘æŠ€å¦é™¢ï¼› å¯†ç ç§‘å¦æŠ€æœ¯å›½å®¶é‡ç‚¹å®žéªŒå®¤ï¼›

ã€æ‘˜è¦ã€‘ MIBSç®—æ³•æ˜¯2009å¹´åœ¨CANSä¼šè®®ä¸Šæå‡ºçš„è½»é‡çº§åˆ†ç»„å¯†ç ,å…¶ç›®æ ‡æ˜¯åº”ç”¨äºŽæžå…¶æœ‰é™çš„èµ„æºçŽ¯å¢ƒ,ä¾‹å¦‚RFIDæ ‡ç¾å’Œä¼ æ„Ÿå™¨ç½‘ç»œ.å®ƒåŸºäºŽ32è½®Feistelç»“æž„ã€åˆ†ç»„é•¿åº¦64æ¯”ç‰¹,åŒ…å«64æ¯”ç‰¹ã€80æ¯”ç‰¹ä¸¤ç§ä¸»å¯†é’¥é•¿åº¦.æœ¬æ–‡åŸºäºŽè¯¥ç®—æ³•çš„å¯†é’¥ç¼–æŽ’ä¸ç¬¬1è½®åˆ°ç¬¬11è½®åå¯†é’¥ä¹‹é—´å˜åœ¨éƒ¨åˆ†é‡å¤å’Œç‰ä»·å…³ç³»,ç»™å‡ºäº†ä¸€ç±»5è½®ç§¯åˆ†åŒºåˆ†å™¨.åœ¨æ¤ç§¯åˆ†åŒºåˆ†å™¨çš„åŸºç¡€ä¸Š,å‘å‰åŠ 3è½®,å‘åŽåŠ 3è½®,é¦–æ¬¡å®Œæˆäº†MIBS-64çš„11è½®ç§¯åˆ†æ”»å‡».æ”»å‡»æ•°æ®å¤æ‚åº¦ä¸º2⁵⁸,æ—¶é—´å¤æ‚åº¦ä¸º2^59.75æ¬¡11è½®åŠ å¯†,æ”»å‡»æˆåŠŸæ¦‚çŽ‡ä¸º100%.è¯¥ç»“æžœå¯ä»¥ç±»ä¼¼åœ°æŽ¨å¹¿åˆ°MIBS-80.æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ MIBS is a lightweight block cipher with a 32-round Feistel structure, 64-bit block length,and the master can be of 64 bits or 80 bits long. MIBS was proposed by Izadi M. I. at CANS2009,it was designed for resource-constrained devices such as RFID tags and sensors. According to the key schedule of MIBS, there exist partially repeated and equivalent bits between the 1 st to the 11 th round keys. Based on that, a class of 5-round integral distinguishers are designed. On the basis of the5-round integral distinguisher, adding 3 rounds forward and 3 rounds backward, this paper presents a11-round MIBS integral attack, which has the data complexity of 2⁵⁸, time complexity of 2^59.75, and 100% success rate. This result can be similarly extended to MIBS-80.æ›´å¤š è¿˜åŽŸ