MIBS-80的13轮不可能差分分析

该文首次对13轮MIBS-80算法进行了不可能差分分析。首先基于MIBS-80中S盒的不可能差分筛选明文对，其次通过第1轮轮密钥与第2轮轮密钥、第1轮轮密钥与第13轮轮密钥之间的制约关系进一步筛选明文对。该文的攻击排除掉的明文对数量是已有的不可能差分攻击排除掉的明文对数量的218.2倍，因而同时降低了攻击的存储复杂度和时间复杂度。此外，该文多次利用查表的方法求出攻击中涉及的密钥，进一步降低了攻击所需的时间复杂度和存储复杂度。最后，该文利用独立的80 bit轮密钥来恢复主密钥，确保得到正确密钥。该文的攻击需要260.1个选择明文，269.5次13轮加密，存储量为271.2个64 bit，该结果优于已有的不可能差分攻击。

Impossible Differential Cryptanalysis on 13-round MIBS-80

This paper presents the 13-round impossible differential cryptanalysis on MIBS-80 for the first time. Firstly, this paper filters the plaintexts based on the impossible differentia of S-box in MIBS-80. Secondly, by taking advantage of the restrict relation between key in the first round and in the second round, the restrict relation between key in the first round and in the 13th round, the number of plaintexts is further reduced. To sum up,218.2times can be eliminated as big as the number of plaintexts eliminated in former impossible attacks, therefore both the time complexity and memory complexity are saved. Besides, by looking up various tables to get the needed key bits in the attack, the time complexity and memory complexity are thereafter reduced. Finally, 80 independent key bit are used to recover the main key, which ensures that only the right key is kept. The presented attack needs260.1 chosen plaintexts,269.5 13-round encryptions and271.2 64 bit blocks, which is the best result of impossible differential attack on MIBS so far.