学术报告《Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS》的通知

发布日期:2019/11/27

题 目:Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS


时 间:2019年11月29日 14:00—17:30

地 点:淦昌苑D320

摘要:We show that the correlation of any quadratic Boolean function can be read out from its so-called disjoint quadratic form. We further propose a polynomial-time algorithm that can transform an arbitrary quadratic Boolean function into its disjoint quadratic form. With this algorithm, the exact correlation of quadratic Boolean functions can be computed efficiently. We apply this method to analyze the linear trails of MORUS (one of the seven finalists of the CAESAR competition), which are found with the help of a generic model for linear trails of MORUS-like key-stream generators. In our model, any tool for finding linear trails of block ciphers can be used to search for trails of MORUSlike key-stream generators. As a result, a set of trails with correlation 2^{38} is identified for all versions of full MORUS, while the correlations of previously published best trails for MORUS-640 and MORUS-1280 are 2^{73} and 2^{76} respectively (ASIACRYPT 2018). This significantly improves the complexity of the attack on MORUS-1280-256 from 2152 to 276. These new trails also lead to the first distinguishing and message-recovery attacks on MORUS-640-128 and MORUS-1280-128 with surprisingly low complexities around 276.Moreover, we observe that the condition for exploiting these trails in an attack can be more relaxed than previously thought, which shows that the new trails are superior to previously published ones in terms of both correlation and the number of ciphertextblocks involved.

个人简介: 孙思维,中国科学院信息工程研究所副研究员。主要研究兴趣为对称密码算法设计与分析自动化、密码算法的优化与安全实现。近些年在CRYPTO、ASIACRYPT、FSE、USENIX Security等密码学和信息安全顶级会议发表论文30余篇,参与了973和国家重点研发计划等多个重要项目,国家重点研发计划课题负责人。设计并开发了⼀套基于混合整数规划的自动化密码分析软件框架,在多个国家相关部门的算法分析与设计任务中得到了重要应用。




