CN107070632A - Impossible differential and zero correlation path automatic search method based on SAT - Google Patents

Impossible differential and zero correlation path automatic search method based on SAT Download PDF

Info

Publication number
CN107070632A
CN107070632A CN201710155958.1A CN201710155958A CN107070632A CN 107070632 A CN107070632 A CN 107070632A CN 201710155958 A CN201710155958 A CN 201710155958A CN 107070632 A CN107070632 A CN 107070632A
Authority
CN
China
Prior art keywords
sat
constraint formula
zero correlation
differential
automatic search
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710155958.1A
Other languages
Chinese (zh)
Inventor
陈少真
张仕伟
任炯炯
田亚
龚涛
洪豆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710155958.1A priority Critical patent/CN107070632A/en
Publication of CN107070632A publication Critical patent/CN107070632A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention belongs to cryptanalysis method and technology field, and in particular to a kind of impossible differential and zero correlation path automatic search method based on SAT, comprise the following steps:Constraint formula is converted using ARX types password;Using Boolean satisfiability restricted problem, constraint formula is carried out to meet checking;Constraint formula is verified using SAT checkings, with traditional impossible differential(Zero correlation)Path automatic search algorithm, the property of non-linear component can not be taken into full account, thus it can not show that complete, accurate result is compared, the features such as impossible differential of the present invention based on SAT and zero correlation path automatic search method have accurate, efficiency, under conditions of using parallel, generally obtained a result in the time quickly.In today of computing resource still costliness, with good application value.Due to algorithm efficiently, make it possible the longer impossible differential for taking turns number of searching and zero correlation path, to accelerate the progress of impossible differential and zero correlation analysis.

Description

Impossible differential and zero correlation path automatic search method based on SAT
Technical field
The invention belongs to cryptanalysis method and technology field, and in particular to a kind of impossible differential based on SAT and Zero correlation path automatic search method.
Background technology
For block cipher, it is impossible to which it is all critically important analysis means that difference and zero correlation, which are analyzed, and extensively should In the cryptanalysis for using various structures.Impossible differential analysis is proposed by Biham and Knudsen earliest, for analyzing DEAL It is a kind of effective cryptanalysis method with Skipjack.The difference of a maximum probability is found with difference analysis Path is different, it is impossible to which difference analysis purpose is the differential path that one probability of searching is zero, and the candidate for carrying out debug is close Key.It is at present not possible to which differential attack has been widely applied in the attack of the block cipher of various structures, in AES, MISTY1 etc. There is extraordinary attack effect on password.Generally, realize that impossible differential attack mainly includes two steps, be to construct not respectively Possible difference circuit sectionalizer and recovery key.Zero correlation linear analysis method by Bogdanov and Rijmem in 2012 propose, with The linear relationship for the high deviation that linear analysis is utilized is opposite, the linear approximation that zero correlation linear analysis is mainly zero using deviation Relation distinguishes cryptographic algorithm and random function, and then obtains some or all of key information.The of zero correlation linear analysis One step is zero correlation linear approximation relation of the construction on cryptographic algorithm.Second step is close using obtained circuit sectionalizer progress Key recovers.
Occur in that the automation search in many impossible differentials for being directed to block cipher and zero correlation path is calculated in recent years Method, such as μ-method, UID-method.μ methods therein provide impossible in a kind of general scheme searching algorithm Password differential path, the S boxes with algorithm are unrelated, and the diffusion layer of only algorithm is relevant.But these algorithms there is also some shortcomings and Deficiency, due to not taking into full account the property of non-linear component (such as S boxes), tends not to the difference travel of accurate description cryptographic algorithm Property.
The content of the invention
The present invention is directed to the deficiency of existing impossible differential and zero correlation path automatic search method, non-linear by studying The property that assembly mould adds, and then obtain the constraint formula for portraying ARX types password wheels function difference and linear propagation characteristic, then base In Boolean satisfiability restricted problem, a kind of impossible differential and zero correlation path automatic search method based on SAT are proposed.
The technical scheme is that:A kind of impossible differential and zero correlation path automatic search method based on SAT, bag Include following steps:
Constraint formula is converted using ARX types password;
Using Boolean satisfiability restricted problem, constraint formula is carried out to meet checking;
Constraint formula is verified using SAT checkings.
The described impossible differential and zero correlation path automatic search method based on SAT, the utilization ARX types password turns Changing constraint formula mainly includes:Using linear, the non-linear component property in ARX type passwords, difference is constructed by round function Boolean constrains formula, and then constructs the difference travel constraint formula of whole n wheels password, and n is natural number.
The described impossible differential and zero correlation path automatic search method based on SAT, the round function is divided into wheel letter Add without key mould in number and there is key mould to add in round function.
The described impossible differential and zero correlation path automatic search method based on SAT, the utilization Boolean satisfiability Restricted problem, can meet checking to the progress of constraint formula includes:The input of given difference, output set, can by every a pair under set The input and output difference of energy, brings constraint formula into, using Boolean satisfiability restricted problem, and constraint formula is carried out to meet checking.
The described impossible differential and zero correlation path automatic search method based on SAT, the utilization SAT checkings are to about Beam formula is verified as:Constraint formula is verified with SAT respectively, all ungratified differential pairs (mask to) are exported, it is each Individual differential pair (mask to) is an impossible differential zero correlation path.
The beneficial effects of the invention are as follows:A kind of impossible differential and zero correlation path automatic search method based on SAT, with Traditional impossible differential (zero correlation) path automatic search algorithm, it is impossible to take into full account the property of non-linear component, thus not It can show that complete, accurate result is compared, impossible differential and zero correlation path automatic search method tool of the present invention based on SAT Ask path efficiency very high, under conditions of using parallel, generally obtained a result in the time quickly.Due to algorithm efficiently, make to seek Look for it is longer wheel number impossible differential and zero correlation path be possibly realized, accelerate impossible differential and zero correlation analysis enter Exhibition.The algorithm also can determine whether whether specific differential pair (mask to) constitutes an impossible differential in addition to for searching for automatically (zero correlation) path, facilitates the design and analysis of ARX type passwords.
Brief description of the drawings
Fig. 1 is automatic search routine schematic diagram of the invention.
Embodiment
Embodiment 1, with reference to Fig. 1, a kind of impossible differential and zero correlation path automatic search method based on SAT, it is special Levy and be, comprise the following steps:
Constraint formula is converted using ARX types password, is mainly included:Utilize linear, the non-linear component in ARX type passwords Matter, constructs boolean constraint formula of the difference by round function, and then constructs the difference travel constraint formula of whole n wheels password, and n is Natural number.Round function, which is divided into round function, to be added without key mould and has key mould to add in round function.
Using Boolean satisfiability restricted problem, constraint formula is carried out to meet checking, including:It is the inputting of given difference, defeated Go out set, by every a pair of possible input and output difference under set, bring constraint formula into, it is right using Boolean satisfiability restricted problem Constraint formula carries out that checking can be met.
Constraint formula is verified using SAT checkings, including:Constraint formula is verified with SAT respectively, output is all not The differential pair of satisfaction, each differential pair is an impossible differential zero correlation path.
Embodiment 2, with reference to Fig. 1, impossible differential and zero correlation path automatic search method based on SAT,
Step one, Changeover constraint formula is as follows in principle of the conversion constraint formula step used in us:Difference is provided first (to cover Code) pass through the propagation constraint formula that non-linear component mould adds, then with being combined by the constraint formula of linear modules, provide whole The difference (mask) of round function propagates constraint formula.
For in step one, we build constraint formula by following theorem.
On situation about adding in round function without key mould:
Theorem 1. we use xdp+(α, β → γ) is represented adds 2 by mouldnDifference travel probability, wherein α, β for input it is poor Point, γ is output difference, and (α, β → γ) is an effective bang path, and and if only if:
Wherein
Theorem 2. (v, w → u) is to add 2 by mouldnMask transmission, wherein u be output masking, v, w is input mask.z It is a n-dimensional vector for meeting following formula,
Then,
Know from above formula, we can obtain an effective mask propagation path, and if only if meets,
zn-1=0
Wherein 0≤i≤n-1,0≤j≤n-3.
On the situation for thering is key mould to add in round function:
Theorem 3. (α, β → γ) is one and adds 2 by mouldnEffective difference bang path, and if only if α, beta, gamma is most Low order non-zero bit position is identical.
Theorem 4. (v, w → u) is one and adds 2 by mouldnEffective mask bang path, and if only if v, w, u highest Significance bit non-zero bit positions are identical.
Using four theorems above, using linear, the non-linear component property in ARX type passwords, construct difference and (cover Code) by boolean's constraint formula of round function, and then construct difference (mask) the propagation constraint formula of whole n wheels password.Linear group Part mainly includes XOR and cyclic shift, and differential path (α, β → γ), its input difference α, β, output difference γ pass through XOR Afterwards, it then follows relation be:Input difference α is after ring shift left r, and its output difference is met:α<<<r.Cover Code bang path (v, w → u), its input mask v, w, output masking u are after XOR, and the relation followed should be v=w=u. Its input mask v is after ring shift left r, and its output masking meets v<<<r.
Step 2:Bring input and output differentiation step into, using Boolean satisfiability restricted problem, constraint formula is carried out to meet Checking.We concentrate in input and output difference (mask) and choose any to input and output difference (mask), and by constraint formula Input and output mask value is replaced with this pair of input and output difference (mask) chosen.
Can this method can determine that any to input and output difference (mask), constitute effective difference (zero correlation) road Footpath.But in view of the block length of ARX type passwords, such as SPECK32, its block length is 32bit, all input and output difference Situation to (mask to) has 264Kind, it is very unrealistic with current computing capability.So we only consider specifically input it is defeated Go out differential pair situation, the weight that generally we give tacit consent to input and output difference (mask) is 1.We will each input again Output difference is to (mask to), the constraint formula brought into previous step.
Step 3:SAT verify, we are verified above-mentioned constraint formula with SAT respectively, judged result whether be false.We by result for false difference (mask) to preserve.Such difference (mask) is to being one impossible poor Divide (zero correlation) path.

Claims (5)

1. a kind of impossible differential and zero correlation path automatic search method based on SAT, it is characterised in that including following step Suddenly:
Constraint formula is converted using ARX types password;
Using Boolean satisfiability restricted problem, constraint formula is carried out to meet checking;
Constraint formula is verified using SAT checkings.
2. impossible differential and zero correlation path automatic search method according to claim 1 based on SAT, its feature exist In the utilization ARX types password conversion constraint formula mainly includes:Using linear, the non-linear component property in ARX type passwords, Construct difference and pass through boolean's constraint formula of round function, and then construct the difference travel constraint formula of whole n wheels password, n is certainly So count.
3. impossible differential and zero correlation path automatic search method according to claim 1 based on SAT, its feature exist In:The round function, which is divided into round function, to be added without key mould and has key mould to add in round function.
4. impossible differential and zero correlation path automatic search method according to claim 1 based on SAT, its feature exist In, the utilization Boolean satisfiability restricted problem, can meet checking to the progress of constraint formula includes:Input, the output of given difference Set, by every a pair of possible input and output difference under set, brings constraint formula into, using Boolean satisfiability restricted problem, to about Beam formula carries out that checking can be met.
5. impossible differential and zero correlation path automatic search method according to claim 1 based on SAT, its feature exist In:It is described that constraint formula is verified as using SAT checkings:Constraint formula is verified with SAT respectively, all be unsatisfactory for is exported Differential pair, each differential pair is an impossible differential path.
CN201710155958.1A 2017-03-15 2017-03-15 Impossible differential and zero correlation path automatic search method based on SAT Pending CN107070632A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710155958.1A CN107070632A (en) 2017-03-15 2017-03-15 Impossible differential and zero correlation path automatic search method based on SAT

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710155958.1A CN107070632A (en) 2017-03-15 2017-03-15 Impossible differential and zero correlation path automatic search method based on SAT

Publications (1)

Publication Number Publication Date
CN107070632A true CN107070632A (en) 2017-08-18

Family

ID=59618289

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710155958.1A Pending CN107070632A (en) 2017-03-15 2017-03-15 Impossible differential and zero correlation path automatic search method based on SAT

Country Status (1)

Country Link
CN (1) CN107070632A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398638A (en) * 2020-10-19 2021-02-23 山东大学 Zero correlation linear code analysis method, system, medium and electronic equipment
CN112953703A (en) * 2021-01-28 2021-06-11 华东师范大学 MILP-based Tweakable GOST2 differential route searching method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398638A (en) * 2020-10-19 2021-02-23 山东大学 Zero correlation linear code analysis method, system, medium and electronic equipment
CN112398638B (en) * 2020-10-19 2022-04-26 山东大学 Zero correlation linear code analysis method, system, medium and electronic equipment
CN112953703A (en) * 2021-01-28 2021-06-11 华东师范大学 MILP-based Tweakable GOST2 differential route searching method
CN112953703B (en) * 2021-01-28 2022-12-06 华东师范大学 MILP-based Tweakable GOST2 differential route searching method

Similar Documents

Publication Publication Date Title
Guo et al. Shadow: A lightweight block cipher for IoT nodes
Du et al. Building decision tree classifier on private data
US11132923B2 (en) Encryption using spatial voting
Thorat et al. Implementation of new hybrid lightweight cryptosystem
US20240062072A1 (en) Federated learning system and federated learning method
CN106656459A (en) Side channel energy analysis method and device for SM3-HMAC
CN107070632A (en) Impossible differential and zero correlation path automatic search method based on SAT
Chatterjee et al. Design of Cryptographic model for End-to-End Encryption in FPGA based systems
Kishore et al. Design and comparative analysis of inexact speculative adder and multiplier
CN111934852A (en) AES password chip electromagnetic attack method and system based on neural network
Patra et al. SynCirc: efficient synthesis of depth-optimized circuits for secure computation
Sathishkumar et al. A novel image encryption algorithm using pixel shuffling and base 64 encoding based chaotic block cipher (IMPSBEC)
El Hennawy et al. LEA: link encryption algorithm proposed stream cipher algorithm
Albahrani et al. New secure and efficient substitution and permutation method for audio encryption algorithm
Wellens A tighter bound on the number of relevant variables in a bounded degree Boolean function
Ren et al. Cryptanalysis of reduced-round speck
Mohamed et al. Domination number and secure resolving sets in cyclic networks
CN110022202B (en) Method for searching minimum hardware realization gate number of S box and S box circuit structure
Bellini et al. CLAASP: a cryptographic library for the automated analysis of symmetric primitives
US10333697B2 (en) Nondecreasing sequence determining device, method and program
CN112953703B (en) MILP-based Tweakable GOST2 differential route searching method
Bodine-Baron et al. Distance-dependent kronecker graphs for modeling social networks
CN116094686A (en) Homomorphic encryption method, homomorphic encryption system, homomorphic encryption equipment and homomorphic encryption terminal for quantum convolution calculation
Mandal et al. Synthesis of ternary Grover's algorithm
Dockendorf et al. Graph Algorithms over Homomorphic Encryption for Data Cooperatives.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170818

RJ01 Rejection of invention patent application after publication