Simpira置换的差分路线研究

对称密码算法设计由算法结构设计和内部置换函数设计组成,但又不是一种单纯的累加,算法结构与置换函数之间的配合与相互作用也是至关重要的,相应的分析工作可为密码算法的安全性评估和设计提供参考。Simpira是一族密码置换,整体结构为广义Feistel结构,其F函数基于AES,最终选取的F函数相当于2轮AES轮函数。研究的对象是Simpira设计文档中提到的一种结构,是Simpira-2的一种简化情形,算法的状态大小为256比特,整体结构为Feistel结构,其中F函数采用1轮AES。在这种简化的情况中,研究给出了4轮6个活跃S盒和5轮15个活跃S盒的截断差分路线的可能模式,通过S盒、列混合操作中差分的计算和分析,对应上述4轮、5轮截断差分,具体路线的概率分别可达到2?36、2?91。

Study for differential trails of Simpira

The design of symmetric cryptographic algorithms is composed of structure and internal permutation, but it is not a simple accumulation, the coordination and interaction between the structure and the internal permutation is also crucial, the corresponding cryptanalysis can help to the security evaluation and the design of symmetric cryptographic algorithms. Simpira is a family of cryptographic permutation. The overall structure is a generalized Feistel structure, and its F function is based on AES. The object of this paper is a structure mentioned in the Simpira document, which is a simplified case of Simpira-2. The algorithm''s state size is 256 bits, and the overall structure is Feistel structure, whose F function is 1-round AES. This paper focuses on the simplified case mentioned above, so the 4-round truncated differential trail with 6 active S-boxes and the 5-round truncated differential trail with 15 active S-boxes are presented. By the computation and analysis of differentials in S-box and MixColumns, corresponding to the 4-round and 5-round truncated differential trails, the probabilities of two differential trails can reach 2^-36, 2^-91, respectively.