Computer Engineering and Applications ›› 2023, Vol. 59 ›› Issue (21): 296-302.DOI: 10.3778/j.issn.1002-8331.2305-0193

• Network, Communication and Security • Previous Articles     Next Articles

Differential Attack on Lightweight PFP Algorithm

LI Yanjun, LI Yinshuang, YANG Minghua, ZHANG Lixian, LIU Jian   

  1. 1.Information Industry Information Security Evaluation Center, The 15th Research Institute of China Electronics Technology Group Corporation, Beijing 100083, China
    2.Beijing Institute of Electronic Science and Technology, Beijing 100070, China
    3.Beijing Technology and Business University, Beijing 100048, China
  • Online:2023-11-01 Published:2023-11-01

轻量级PFP算法的差分攻击

李艳俊,李寅霜,杨明华,张黎仙,刘健   

  1. 1.中国电子科技集团公司 第十五研究所 信息产业信息安全测评中心,北京 100083
    2.北京电子科技学院,北京 100070
    3.北京工商大学,北京 100048

Abstract: The PFP algorithm is a lightweight block cipher algorithm proposed in 2017 based on the design idea of the international standard PRESENT algorithm, designed based on the Feistel-SP structure with bit substitution, which has higher efficiency of hardware and software implementation compared to the PRESENT algorithm. In order to perform a new evaluation of the ability of algorithm to resist differential analysis, the S-box and the overall structure are first modeled based on the mixed integer linear programming(MILP) method, and a 4-round iterative differential path with probability 2?11 is searched for the PFP algorithm, and a 22-round differential distinguisher with probability 2?59 is constructed; further, 2 rounds are added before and after the distinguisher to obtain 26 rounds, and by studying the characteristics of the added 4-round key arrangement, the guessing sequence of the key bits is optimized, and at the same time, the 26-round key recovery of the PFP algorithm is performed for the first time by using the early abort technique. The data complexity required for the whole differential attack process is 260 plaintexts, and the time complexity is 254.3 times 26 rounds of encryption, which still has sufficient security redundancy compared with the overall 34-round PFP algorithm.

Key words: block cipher, differential attack, key recovery attack, early abort technique

摘要: PFP算法借鉴国际标准PRESENT算法的设计思想,在2017年提出的一种轻量级分组密码算法,基于Feistel-SP结构设计,采用比特置换,相比PRESENT算法有着更高的软硬件实现效率。为了对该算法的抗差分分析的能力进行新的评估,基于混合整数线性规划(MILP)方法对S盒和整体结构进行建模,针对PFP算法搜索到了概率为2?11的4轮迭代差分路径,构造了概率为2?59的22轮差分区分器;进一步,在区分器前后各增加2轮,得到26轮,通过研究增加的4轮轮密钥编排特点,对密钥比特的猜测顺序进行了优化,同时采用提前抛弃技术,首次对PFP算法进行了26轮的密钥恢复。整个差分攻击过程需要的数据复杂度为260个明文,时间复杂度为254.3次26轮加密,与整体34轮PFP算法相比,仍然具有足够的安全冗余。

关键词: 分组密码, 差分攻击, 密钥恢复攻击, 提前抛弃技术