摘要: 根据Rijndael密码的算法结构,构造一个新的5轮相遇区分器:若输入状态的第一个字节可变动,而余下字节固定不变,则通过5轮加密后,算法输出的每个字节差分值均可由输入状态的第一个字节值及25个常量字节以概率2-96确定。基于该区分器,给出一种针对9轮Rijndael-256的中间相遇攻击。分析结果表明,该攻击的数据复杂度约为2128个选择明文数据量,时间复杂度约为2211.6次9轮Rijndael- 256加密。
关键词:
分组密码,
Rijndael算法,
区分器,
中间相遇攻击
Abstract: A 5-round meet-in-the-middle distinguisher is constructed by exploiting the properties of Rijndael-256 cipher. It shows that, if only the first byte is variable in the input data state, then each byte differential value of the output of fifth round Rijndael-256 encryption is completely determined by the first byte value in the input data state and 25 constant bytes with a probability of 2-96. Based on the distinguisher, a meet-in-the-middle attack on 9-round Rijndael-256 is proposed. Analysis reslut shows that the attack requires data complexity of about 2128 chosen plaintexts and time complexity of about 2211.6 9-round Rijndael-256 encryptions.
Key words:
block cipher,
Rijndael algorithm,
distinguisher,
meet-in-the-middle attack
中图分类号:
韦永壮, 苏崇茂, 马春波. Rijndael-256算法的中间相遇攻击[J]. 计算机工程, 2012, 38(7): 107-109.
HUI Yong-Zhuang, SU Chong-Mao, MA Chun-Bei. Meet-in-the-Middle Attack on Rijndael-256 Algorithm[J]. Computer Engineering, 2012, 38(7): 107-109.