论文信息 - Cryptanalysis of Simpira v1

Cryptanalysis of Simpira v1

Simpira v1 is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The designers’ security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We show that the underlying assumptions of independence, and thus the derived bounds, are incorrect. For family member Simpira-4, we provide differential trails with only 40 (instead of 75) active S-boxes for the recommended 15 rounds. Based on these trails, we propose full-round collision attacks on the proposed Simpira-4 Davies-Meyer hash construction, with complexity \(2^{82.62}\) for the recommended full 15 rounds and a truncated 256-bit hash value, and complexity \(2^{110.16}\) for 16 rounds and the full 512-bit hash value. These attacks violate the designers’ security claims that there are no structural distinguishers with complexity below \(2^{128}\).

[1] Jérémy Jean,et al. Cryptanalysis of Haraka , 2016, IACR Trans. Symmetric Cryptol..

[2] Leslie Lamport,et al. Constructing Digital Signatures from a One Way Function , 2016 .

[3] Jérémy Jean,et al. Efficient Design Strategies Based on the AES Round Function , 2016, FSE.

[4] Nicky Mouha,et al. Simpira v2: A Family of Efficient Permutations Using the AES Round Function , 2016, ASIACRYPT.

[5] Sondre Rønjom,et al. Invariant subspaces in Simpira , 2016, IACR Cryptol. ePrint Arch..

[6] E. Biham,et al. The SHAvite-3 Hash Function , 2008 .

[7] Liam Keliher,et al. Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard , 2007, IET Inf. Secur..

[8] Dawu Gu,et al. Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[9] Yu Sasaki,et al. Practical Forgeries and Distinguishers against PAES , 2016, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10] Tetsu Iwata,et al. Type 1.x Generalized Feistel Structures , 2014, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11] Andreeva,et al. Submission to the CAESAR competition AES-COPA v . 2 Designers / Submitters : , 2015 .

[12] Florian Mendel,et al. Haraka v2 - Efficient Short-Input Hashing for Post-Quantum Applications , 2017, IACR Trans. Symmetric Cryptol..

[13] Yu Sasaki,et al. Practical Cryptanalysis of PAES , 2014, Selected Areas in Cryptography.