作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (7): 107-109. doi: 10.3969/j.issn.1000-3428.2012.07.035

• 安全技术 • 上一篇    下一篇

Rijndael-256算法的中间相遇攻击

韦永壮1,2,苏崇茂1,马春波1,3   

  1. (1. 桂林电子科技大学信息与通信学院,广西 桂林 541004;2. 综合业务网理论及关键技术国家重点实验室,西安 710071; 3. 中国科学院软件研究所信息安全国家重点实验室,北京 100190)
  • 收稿日期:2011-11-04 出版日期:2012-04-05 发布日期:2012-04-05
  • 作者简介:韦永壮(1976-),男,副教授、博士,主研方向:密码学;苏崇茂,硕士研究生;马春波,教授、博士
  • 基金资助:
    国家自然科学基金资助项目(60862001, 61100185);广西自然科学基金(青年基金)资助项目(2011GXNSFB018071);桂林电子科技大学广西无线宽带通信与信号处理重点实验室主任基金资助项目(11101)

Meet-in-the-Middle Attack on Rijndael-256 Algorithm

WEI Yong-zhuang   1,2, SU Chong-mao   1, MA Chun-bo   1,3   

  1. (1. School of Information and Communication, Guilin University of Electronic Technology, Guilin 541004, China; 2. State Key Laboratory of Integrated Services Networks, Xi’an 710071, China; 3. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China)
  • Received:2011-11-04 Online:2012-04-05 Published:2012-04-05

摘要: 根据Rijndael密码的算法结构,构造一个新的5轮相遇区分器:若输入状态的第一个字节可变动,而余下字节固定不变,则通过5轮加密后,算法输出的每个字节差分值均可由输入状态的第一个字节值及25个常量字节以概率2-96确定。基于该区分器,给出一种针对9轮Rijndael-256的中间相遇攻击。分析结果表明,该攻击的数据复杂度约为2128个选择明文数据量,时间复杂度约为2211.6次9轮Rijndael- 256加密。

关键词: 分组密码, Rijndael算法, 区分器, 中间相遇攻击

Abstract: A 5-round meet-in-the-middle distinguisher is constructed by exploiting the properties of Rijndael-256 cipher. It shows that, if only the first byte is variable in the input data state, then each byte differential value of the output of fifth round Rijndael-256 encryption is completely determined by the first byte value in the input data state and 25 constant bytes with a probability of 2-96. Based on the distinguisher, a meet-in-the-middle attack on 9-round Rijndael-256 is proposed. Analysis reslut shows that the attack requires data complexity of about 2128 chosen plaintexts and time complexity of about 2211.6 9-round Rijndael-256 encryptions.

Key words: block cipher, Rijndael algorithm, distinguisher, meet-in-the-middle attack

中图分类号: