{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214462","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214462","title":["Modular差分を用いたストリーム暗号ZUC-256の解析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"36dce123-251e-48a7-95e7-841128588734"},"_deposit":{"id":"214462","pid":{"type":"depid","value":"214462","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Modular差分を用いたストリーム暗号ZUC-256の解析","author_link":["550769","550771","550768","550770","550772","550767"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Modular差分を用いたストリーム暗号ZUC-256の解析"},{"subitem_title":"Analysis of the Stream Cipher ZUC-256 by Modular Difference","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"stream cipher，ZUC-256，differential attack，modular difference","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"兵庫県立大学"},{"subitem_text_value":"兵庫県立大学"},{"subitem_text_value":"兵庫県立大学／国立研究開発法人情報通信研究機構／国立研究開発法人科学技術振興機構"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"University of Hyogo","subitem_text_language":"en"},{"subitem_text_value":"University of Hyogo","subitem_text_language":"en"},{"subitem_text_value":"University of Hyogo / National Institute of Information and Communications Technology / PRESTO, Japan Science and Technology Agency","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214462/files/IPSJCSS2021062.pdf","label":"IPSJCSS2021062.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021062.pdf","filesize":[{"value":"420.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ad65f53b-d457-4146-9bd8-49e766eb4315","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"堀部, 佳吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Liu, Fukang"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"五十部, 孝典"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Keigo, Horibe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Liu, Fukang","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takanori, Isobe","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"ZUC-256 は 5G アプリケーションのために設計されたストリーム暗号で，現在，5G モバイル通信における標準的なアルゴリズムの評価が進められている．ZUC-256 では，LFSR (Linear Feedback Shift Register) は GF (2^{31}-1) 上で，FSM (Finite State Machine) は GF (2^{32}) 上で定義されている．既存の解析結果では，BabbageとMaximov により初期化フェーズの 28 段に対する XOR 差分を用いた識別攻撃が提案されている．本論文では，初期化フェーズに対して，Modular 差分を用いることで，この攻撃が改良できることを示す．ZUC-256 内部には Modular 加算があるため，Modular 差分で解析することで，差分の広がりを XOR 差分と比較して抑えることが可能である．また，差分を入れる位置を適切に選ぶことで，確率的に差分のキャンセルイベントを発生させ，差分の伝搬を制限する．その結果，28 ラウンドの ZUC-256 に対して Babbage と Maximov の 2^{-10.46} よりも大きな 2^{-4.39} のバイアスを得ることができた．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"ZUC-256 is a stream cipher designed for 5G applications and is currently being under evaluation for standardized algorithms in 5G mobile telecommunications. A feature of ZUC-256 is that the LFSR (Linear Feedback Shift Register) is defined in GF(2^{31}-1), while the FSM (Finite State Machine) is defined in GF(2^{32}). Recently, Babbage and Maximov proposed a distinguishing attack on 28-round ZUC-256 with the XOR difference. We show that Babbage-Maximov's attack can be improved with modular differences. This is because in the round update function of ZUC-256, many additions modulo 2^{31}-1 are involved and the modular difference linearly propagates through the modular addition. Moreover, by properly selecting the input modular difference, we can slow down the propagation of the difference. Consequently, we obtain a linear relation with a bias of 2^{-4.39}, which is in terms of the state word in LFSR after 28 rounds. This improves the bias 2^{-10.46} in Babbage-Maximov's attack.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"461","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"455","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":214462,"updated":"2025-01-19T16:37:19.004189+00:00","links":{},"created":"2025-01-19T01:15:16.760609+00:00"}