约减轮数LELBC算法的特征搜索及密钥恢复攻击

doi:10.3778/j.issn.1002-8331.2506-0130

计算机工程与应用 ›› 2025, Vol. 61 ›› Issue (22): 288-294.DOI: 10.3778/j.issn.1002-8331.2506-0130

约减轮数LELBC算法的特征搜索及密钥恢复攻击

李艳俊，黄丁韫，刘健，李浩宇，霍珊珊

1.中国电子科技集团公司第十五研究所信息产业信息安全测评中心，北京 100083
2.北京电子科技学院密码科学与技术系，北京 100070
3.清华大学网络科学与网络空间研究院，北京 100084

出版日期:2025-11-15 发布日期:2025-11-14

Feature Search and Key Recovery Attack on Reduced-Round LELBC Algorithm

LI Yanjun, HUANG Dingyun, LIU Jian, LI Haoyu, HUO Shanshan

1.Information Industry Information Security Evaluation Center, The 15th Research Institute, China Electronics Technology Group Corporation, Beijing 100083, China
2.Department of Cryptography Science and Technology, Beijing Institute of Electronic Science and Technology, Beijing 100070, China
3.Institute for Network Science and Cyberspace, Tsinghua University, Beijing 100084, China

Online:2025-11-15 Published:2025-11-14

摘要/Abstract

摘要： 低能耗轻量级分组密码（low energy lightweight block cipher，LELBC）算法是一种基于置换-替换-置换（permutation-substitution-permutation，PSP）结构的轻量级分组密码算法，主要适用于计算能力、存储空间及功耗受限的物联网终端设备，通过对数据加密实现数据安全保障，因此对该算法安全性的准确评估尤为关键。为了深入研究该算法的安全性，首先建立S盒的差分-线性连通表，然后基于约束规划（constraint programming，CP）方法对S盒组件、中间层和整体结构进行数学建模，搜索得到概率为[2-25.96]的9轮差分-线性区分器，并进一步在这个区分器的基础上分别向前添加1轮，向后添加2轮，实现了对LELBC算法的12轮密钥恢复攻击，其中数据复杂度为[228]个明文，时间复杂度为[2114.42]次12轮加密。研究结果表明，相较于整体16轮，LELBC算法仍然具有足够轮数的安全冗余。

关键词: LELBC算法, 轻量级分组密码, 差分-线性区分器, 密钥恢复攻击

Abstract: Low energy lightweight block cipher (LELBC) algorithm is a lightweight block cipher algorithm based on the permutation-substitution-permutation (PSP) structure, which is mainly applicable to the IoT terminal devices with limited computational power, storage space and power consumption, and realizes data security by encrypting the data, therefore, an accurate assessment for the security of this algorithm is particularly critical. In order to study the security of this algorithm in depth, the differential-linear connectivity table of the S-box is first established, and then mathematical modeling of S-box components, middle layer and overall structure is carried out based on the constraint programming (CP) method, and a 9-round differential-linear distinguisher with probability 2?25.96 is obtained by searching and further adding 1 round forward and 2 rounds backward respectively to this distinguisher. A 12-round key recovery attack on the LELBC algorithm is realized, in which the data complexity is 228 plaintexts and the time complexity is 2114.42 12-round encryptions. The research results show that compared to the overall 16 rounds, the LELBC algorithm still has a sufficient number of secure redundant rounds.

Key words: LELBC algorithm, lightweight block cipher, differential-linear distinguisher, key recovery attack

李艳俊, 黄丁韫, 刘健, 李浩宇, 霍珊珊. 约减轮数LELBC算法的特征搜索及密钥恢复攻击[J]. 计算机工程与应用, 2025, 61(22): 288-294.

LI Yanjun, HUANG Dingyun, LIU Jian, LI Haoyu, HUO Shanshan. Feature Search and Key Recovery Attack on Reduced-Round LELBC Algorithm[J]. Computer Engineering and Applications, 2025, 61(22): 288-294.

参考文献

[1] 梁广俊, 辛建芳, 王群, 等. 物联网取证综述[J]. 计算机工程与应用, 2022, 58(8): 12-32.
LIANG G J, XIN J F, WANG Q, et al. Survey of IoT forensics[J]. Computer Engineering and Applications, 2022, 58(8): 12-32.
[2] WU W L, ZHANG L. LBlock: a lightweight block cipher[C]//Proceedings of the 9th International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2011: 327-344.
[3] 黄玉划, 代学俊, 时阳阳, 等. 基于Feistel结构的超轻量级分组密码算法(PFP)[J]. 计算机科学, 2017, 44(3): 163-167.
HUANG Y H, DAI X J, SHI Y Y, et al. Ultra-lightweight block cipher algorithm (PFP) based on Feistel structure[J]. Computer Science, 2017, 44(3): 163-167.
[4] PATIL J, BANSOD G, KANT K S. LiCi: a new ultra-lightweight block cipher[C]//Proceedings of the 2017 International Conference on Emerging Trends & Innovation in ICT. Piscataway: IEEE, 2017: 40-45.
[5] BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT: an ultra-lightweight block cipher[C]//Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems. Berlin, Heidelberg: Springer, 2007: 450-466.
[6] BANIK S, PANDEY S K, PEYRIN T, et al. GIFT: a small present[C]//Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems. Cham: Springer, 2017: 321-345.
[7] SONG Q L, LI L, HUANG X T. LELBC: a low energy lightweight block cipher for smart agriculture[J]. Internet of Things, 2024, 25: 101022.
[8] KANG M, LI Y Q, JIAO L, et al. Differential analysis of ARX block ciphers based on an improved genetic algorithm[J]. Chinese Journal of Electronics, 2023, 32(2): 225-236.
[9] AZIMI S A, RANEA A, SALMASIZADEH M, et al. A bivector differential model for the modular addition by a constant and its applications to differential and impossible-differential cryptanalysis[J]. Designs, Codes and Cryptography, 2022, 90(8): 1797-1855.
[10] 周锴, 王薇. Pholkos算法的不可能差分分析[J]. 密码学报, 2025, 12(1): 39-48.
ZHOU K, WANG W. Impossible differential cryptanalysis of pholkos[J]. Journal of Cryptologic Research, 2025, 12(1): 39-48.
[11] 吴铜, 袁征, 魏锦鹏, 等. LiCi算法的相关密钥不可能差分分析[J]. 密码学报, 2024, 11(5): 1078-1089.
WU T, YUAN Z, WEI J P, et al. Impossible differential analysis of correlation key of LiCi algorithm[J]. Journal of Cryptologic Research, 2024, 11(5): 1078-1089.
[12] 石康康, 任炯炯, 陈少真. 基于MILP的PICO算法差分和线性区分器的搜索[J]. 密码学报, 2023, 10(5): 910-921.
SHI K K, REN J J, CHEN S Z. MILP-based search for differential and linear distinguishers of PICO algorithm[J]. Journal of Cryptologic Research, 2023, 10(5): 910-921.
[13] 谢雨欣, 高莹. 轻量级分组密码算法FBC的积分分析[J]. 密码学报, 2024, 11(3): 681-691.
XIE Y X, GAO Y. Integral analysis of lightweight block cipher FBC[J]. Journal of Cryptologic Research, 2024, 11(3): 681-691.
[14] 谭林, 曾新皓, 刘加美. AES-192的相关密钥飞去来器攻击和矩形攻击[J]. 密码学报, 2024, 11(5): 1018-1028.
TAN L, ZENG X H, LIU J M. Related-key boomerang and rectangle attacks on AES-192[J]. Journal of Cryptologic Rese-arch, 2024, 11(5): 1018-1028.
[15] LANGFORD S K, HELLMAN M E. Differential-linear cryptanalysis[C]//Proceedings of the 14th Annual International Cryptology Conference. Berlin, Heidelberg: Springer, 1994: 17-25.
[16] BAR-ON A, DUNKELMAN O, KELLER N, et al. DLCT: a new tool for differential-linear cryptanalysis[C]//Proceedings of the 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Cham: Springer, 2019: 313-342.
[17] BELLINI E, GERAULT D, GRADOS J, et al. Fully automated differential-linear attacks against ARX ciphers[C]//Topics in Cryptology CT-RSA 2023. Cham: Springer, 2023: 252-276.
[18] CHEN Y, BAO Z Z, YU H B. Differential-linear approximation semi-unconstrained searching and partition tree: application to LEA and Speck[C]//Proceedings of the 29th International Conference on the Theory and Application of Cryptology and Information Security. Singapore: Springer, 2023: 223-255.
[19] HADIPOUR H, DERBEZ P, EICHLSEDER M. Revisiting differential-linear attacks via a Boomerang perspective with application to AES, Ascon, CLEFIA, SKINNY, PRESENT, KNOT, TWINE, WARP, LBlock, Simeck, and SERPENT[C]//Advances in Cryptology CRYPTO 2024. Cham: Springer, 2024: 38-72.
[20] HADIPOUR H, NAGELER M, EICHLSEDER M. Throwing boomerangs into Feistel structures: application to CLEFIA, WARP, LBlock, LBlock-s and TWINE[J]. IACR Transactions on Symmetric Cryptology, 2022: 271-302.
[21] KAUR M, YADAV T, KUMAR M, et al. Differential cryptanalysis of the lightweight block cipher?LELBC[J]. Cryptologia, 2025, 49(5): 470-485.

约减轮数LELBC算法的特征搜索及密钥恢复攻击

Feature Search and Key Recovery Attack on Reduced-Round LELBC Algorithm

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics