- 學位論文
利用旁道資訊對RC6進行的代數攻擊分析
Algebraic Cryptanalysis of RC6 with Side Channel Information
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
本篇論文詳述一種新的CCA(Chosen Ciphertext Attack)攻擊法,可利用旁道攻擊(Side Channel Attack)所獲得的資訊,建立減法差分代數式並以SAT Solver工具求解。經學理分析驗證,本論文所提方法可在2^43的資料量與2^78的計算複雜度內成功破譯RC6最末回合之加密密鑰(round key),並利用末回合密鑰還原對應的漂白密鑰值(whitening key),其計算複雜度僅約2^32。另外,本論文亦在不同強度之資訊假設(又稱oracle)下,分析攻擊所需資料量與計算複雜度之間的trade-off關係。
並列摘要
This paper details a novel chosen ciphertext attack on RC6 cipher which has been chosen as one of the finalists for AES competition (March 1999) and has been declared to be resistant to all known cryptanalysis since then. In this paper, it’ll be shown that with the aid of side channel information and algebraic analysis the attacker can recover all round keys and whitening keys by using at most 2^43 ciphertext pairs and 2^78 computations. Moreover, this paper also provides theoretic analysis of the trade-off between different oracles and the general assumption (without any side channel information given), and then proves that the distribution of round key candidates may not be uniformly random.
參考文獻
[2]E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer-Verlag, New York, 1993.
[10]M. Matsui, The first experimental cryptanalysis of the Data Encryption Standard". In Advances in Cryptology - Crypto'94, pp 1-11, Springer Verlag, New York, 1994.
[11]B.S. Kaliski and Y.L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. In D. Coppersmith, editor, Advances in Cryptology Crypto '95, volume 963 of Lecture Notes in Computer Science, pages 171-184, 1995. Springer Verlag.
[12]M.H. Heys. Linearly weak keys of RC5. IEE Electronic Letters, Vol. 33, pages 836-838, 1997.
[14]A. A. Selcuk. New results in linear cryptanalysis of RC5. In S. Vaudenay, editor, Fast Software Encryption, volume 1372 of Lecture Notes in Computer Science, pages 1-16, 1998, Springer-Verlag.