Применение атаки различения на легковесные блочные шифры, основанные на ARX-операциях

Abstract

Рассмотрено применение атаки различения на ряд легковесных блочных шифров, основанных на ARX-операциях (сложение по модулю, циклический сдвиг и исключающее ИЛИ). Представлены экспериментальные результаты и теоретические оценки устойчивости легковесных шифров Speck, Simon, Simeck, HIGHT, LEA к атаке различения. Вывод, что семейство шифров Simeck не выдерживает эту атаку, сделан на основе прогнозов, полученных путем экстраполяции экспериментальных данных. The distinguishing attack on modern lightweight ARX-based block ciphers was applied. Distinguishing attack is any form of cryptanalysis on data encrypted by a cipher that allows an attacker distinguishing the encrypted data from random data. Purpose. Modern symmetric-key ciphers must be designed to be immune to such an attack. The purpose of the work was to estimate the resistance of lightweight ciphers Speck, Simon, Simeck, HIGHT, and LEA to a distinguishing attack. Methodology. We note that these ciphers are iterated block ciphers. It is means that they transform blocks of plain text into blocks of cipher text by using the cyclically repeated invertible function known as the round function where each iteration is to be referred as a round. We have experimentally found a maximum number of rounds where encrypted data looked like random bit-sequence by using statistical test “Book Stack”. Then we extrapolated the theoretical length required for a successful distinguishing attack on cipher with full-number rounds by a polynomial of a low degree. Note that cryptography attack is considered as successful if the length of the encrypted sequence is less than the length 2K (K — key size). Originality/value. Our experiments and estimations show, that Simeck with 48bit block size and 96-bit key size is not immune to distinguishing attack. We recommended increasing the number of rounds by 15–20% in order to improve the reliability of the Simeck 48/96.