Author : Haruhisa
Kosuge and Hidema Tanaka
Volume, Issue,
Month, Year : Vol. 6,
No. 3/4, December 2016
ABSTRACT
Integral attack is a powerful
method to recover the secret key of block cipher by exploiting a characteristic
that a set of outputs after several rounds encryption has ( integral
distinguisher). Recently, Todo proposed a new algorithm to construct integral
distinguisher with division property. However, the existence of integral
distinguisher which holds in additional rounds can not be denied by the
algorithm. On the contrary, we take an approach to obtain the number of rounds
which integral distinguisher does not hold ( upper-bound integral
distinguisher). The approach is based on algebraic degree estimation. We execute
a random search for a term which has a degree equals the number of all inputted
variables. We propose an algorithm and apply it to PRESENT and RECTANGLE. Then,
we confirm that there exists no 8-round integral distinguisher in PRESENT and
no 9-round integral distinguisher in RECTANGLE. From the facts, integral attack
for more than 11-round and 13-round of PRESENT and RECTANGLE is infeasible,
respectively.
No comments:
Post a Comment