Analyzing the Spanish strip cipher by combining combinatorial and statistical methods

According to historical reports, many telegrams that date from the Spanish Civil War (1936–1939) still remain undisclosed. It is believed that these telegrams were encrypted with a cryptosystem called the “Spanish Strip Cipher” (SSC).

During this civil war, SSC was the most used cryptographic algorithm. This method corresponds to a homophonic substitution cipher in which a plaintext letter can map to between three and five ciphertext symbols.

By means of cryptanalysis, the authors detect a weakness in the encryption process of the SSC. In this article, they describe how this vulnerability is exploited to efficiently reconstruct a plaintext from a relatively short ciphertext. The attack is based on combinatorial and statistical methods, and it is divided into three phases: homophones-table analysis, letter-frequency analysis, and dictionary search.

The attack was implemented in Java and tested on a laptop with an i7 processor and 4 GB of RAM. The tests were carried out with several real telegrams from the Spanish Civil War. In this article, the authors provide the results of one test that was successfully performed only using the first 201 ciphertext symbols of a Spanish telegram.     

针对简化版Trivium算法的线性分析

流密码Trivium算法是欧洲密码工程eSTREAM的7个最终获选算法之一.该文针对初始化为288轮的简化版Trivium算法进行了线性分析,更正了Turan等人给出的关于密钥、初始化向量和密钥流比特的表达式,并给出了当允许选取特殊的密钥和Ⅳ时,搜索最佳线性逼近式的算法.据此算法,找到了3个线性偏差为2-25的线性逼近式,改进了Turan等人给出的线性偏差为2-31的线性分析结果.     

多重线性密码分析中线性逼近方程的构造

到目前为止,还没有利用构造多个逼近方程来实现B.S.Kaliski和M.J.B.Robshaw的多重线性逼近的例子。利用Mastui构造的线性组合传递链是周期为8的线性组合传递链这个特点,选取该线性组合传递链的8个不同起点,就可由该线性组合传递链构造出8条新的线性组合传递链,再加上其对偶的线性组合传递链,共可构造出16条线性组合传递链,利用它们可实现对DES的密钥比特进行攻击。     

Finding the key length of a Vigenère cipher: How to improve the twist algorithm

Abstract

A Vigenère cipher applies a single short key repeatedly to encrypt a plaintext. If a cryptanalyst correctly finds out the key length, the ciphertext can be divided into multiple instances of shift cipher and be broken by frequency analysis. To determine the key length, the twist algorithm, an alternate method to the standard Kasiski and Friedman tests, was recently proposed. In this article, we propose the twist⁺ algorithm, an improved twist algorithm, which can estimate the key length more accurately than the original twist algorithm.     

Classic cryptanalysis using hidden Markov models

In this article, the authors present a detailed introduction to hidden Markov models (HMM). They then apply HMMs to the problem of solving simple substitution ciphers, and they empirically determine the accuracy as a function of the ciphertext length and the number of random restarts. Application to homophonic substitutions and other classic ciphers is briefly considered.     

一类基于混沌函数的分组密码的安全性评估

评估了一类基于混沌函数的分组密码(generalized Feistel structure,简称GFS)抵抗差分密码分析和线性密码分析的能力.如果轮函数是双射且它的最大差分特征概率和线性逼近概率分别是p和q,则r轮GFS的最大差分特征和线性逼近的概率分别以p^r-1和q^r-1为其上界.     

缩减轮数的CAST-256积分分析*

CAST-256是在CAST-128基础上改进的Feistel结构分组密码,作为首轮AES候选算法,该算法的分析成果已有不少。目前,已知的攻击方法分析中,多维零相关线性分析和积分分析能实现28轮的密钥恢复攻击。本文详细分析如何利用积分分析与零相关分析两种方法之间联系,实现28轮CAST-256算法积分分析,并且密钥恢复算法的复杂度达到2₂₄₇Enc。     

8轮PRINCE的快速密钥恢复攻击

PRINCE算法是J.Borghoff等在2012年亚密会上提出的一个轻量级分组密码算法,它模仿AES并采用α-反射结构设计,具有加解密相似的特点.2014年,设计者发起了针对PRINCE实际攻击的公开挑战,使得该算法的安全性成为研究的热点.目前对PRINCE攻击的最长轮数是10轮,其中P.Derbez等利用中间相遇技术攻击的数据和时间复杂度的乘积D×T=2¹²⁵,A.Canteaut等利用多重差分技术攻击的复杂度D×T=2^118.5,并且两种方法的时间复杂度都超过了257.本文将A.Canteaut等给出的多重差分技术稍作改变,通过考虑输入差分为固定值,输出差分为选定的集合,给出了目前轮数最长的7轮PRINCE区分器,并应用该区分器对8轮PRINCE进行了密钥恢复攻击.本文的7轮PRINCE差分区分器的概率为2^-56.89,8轮PRINCE的密钥恢复攻击所需的数据复杂度为2^61.89个选择明文,时间复杂度为219.68次8轮加密,存储复杂度为2^15.21个16比特计数器.相比目前已知的8轮PRINCE密钥恢复攻击的结果,包括将A.Canteaut等给出的10轮攻击方案减少到8轮,本文给出的攻击方案的时间复杂度和D×T复杂度都是最低的.     

CRYPTANALYSTS' CORNER

Abstract

The Hill cipher, also known as matrix encryption, is a polygraphic substitution cipher, developed by the mathematician Lester S. Hill in 1929. While various attacks had been known on the Hill cipher, the ciphertext-only attack without assumptions about the encryption matrix or probable plaintext words was introduced only recently by Bauer and Millward. They obtained high efficiency of attack by recovering the decryption matrix row by row rather than all rows at once. In this paper, we extend their ciphertext-only attack in two ways. First, we present a better scoring system for cryptanalysis based on the goodness-of-fit statistics. Specifically, we reduce the average number of candidate rows from 24.83 to 7.00 for 3 × 3 matrix and from 4027.78 to 1220.38 for 4 × 4 matrix. Second, we show how to apply our attacks to the Hill cipher without knowing the numeric equivalents of the letters of the plaintexts.     

Slippery hill-climbing technique for ciphertext-only cryptanalysis of periodic polyalphabetic substitution ciphers

Abstract

We present a stochastic method for breaking general periodic polyalphabetic substitution ciphers using only the ciphertext and without using any additional constraints that might come from the cipher’s structure. The method employs a hill-climbing algorithm for individual key alphabets, with occasional slipping down the hill. We implement the method with a computer and achieve reliable results for a sufficiently long ciphertext (150 characters per key alphabet). Because no constraints among the key alphabets are used, this method applies to any periodic polyalphabetic substitution cipher.     

Improved Linear Attacks on the Chinese Block Cipher Standard

The block cipher used in the Chinese Wireless LAN Standard （WAPI）, SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government. This paper gives a method for finding the linear approximations of SMS4. With this method, 19-round one-dimensional approximations are given, which are used to improve the previous linear cryptanalysis of SMS4. The 19-round approximations hold with bias 2-62.27; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.     

一种基于演化计算的序列密码分析方法

序列密码是一类重要的密码,演化计算是一种重要的智能计算。在研究利用演化计算进行序列密码分析方法的基础上,具体给出了一种利用演化计算对非线性滤波型序列密码体制进行分析的方法。分别在移位器初态未知和抽头位置未知两种情况下,对滤波流密码体制进行了密码分析。实验结果表明,该算法的攻击复杂度远远小于穷举攻击的复杂度。     

FROM THE ARCHIVES: CODETALKERS NOT WANTED

Abstract

The Hill Cipher, also known as matrix encryption, uses matrices to encipher and decipher text. Various attacks, such as those found by Jack Levine [2 Levine , J. 1961 . “Some Applications of High-Speed Computers to the Case n = 2 of Algebraic Cryptography,” Mathematics of Computation , 15 ( 75 ). [Google Scholar] 3 Levine , J. 1961 . “Some Elementary Cryptanalysis of Algebraic Cryptography,” American Mathematical Monthly , 68 ( 5 ): 411 – 418 .[Taylor &; Francis Online] , [Google Scholar] 5 Levine , J. and R. Chandler . 1989 . “The Hill Cryptographic System with Unknown Cipher Alphabet but Known Plaintext,” Cryptologia , 13 ( 1 ): 1 – 28 .[Taylor &; Francis Online] , [Google Scholar]], have been published for this system. This article reviews a few previous results and presents a powerful new attack in which the rows of the matrix can be determined independent of one another, greatly reducing the amount of time needed for decipherment.     

一个混沌分组密码算法的分析*

研究了一个基于混沌设计的分组密码算法的安全性,发现该算法所产生的混沌序列具有前几个值对混沌初态和参数的低位比特变化不够敏感的性质,在选择明文攻击条件下,提出了攻击加密算法等效密钥的分割攻击方法。分组密码算法的密钥长度为106 bit,分割攻击方法的计算复杂性约为260,存储复杂性约为250,成功率为0.928 4。     

21轮CRAFT算法不可能差分分析

CRAFT是FSE 2019年提出的一种轻量级可调分组密码,适用于硬件实现面积小且资源受限设备保护信息的安全.该算法使用128 bit密钥和64 bit调柄值加密64 bit明文,对其进行安全性评估,可以为日后使用提供理论依据.通过研究CRAFT的结构特点和密钥编排方案的冗余性,利用预计算表、等效密钥和轮密钥线性关系等技术,选取一条充分利用密钥冗余性的13轮不可能差分链,在其前后分别接3轮和5轮,提出了对21轮CRAFT的不可能差分分析.攻击的时间、数据和存储复杂度为296.74次加密,253.6个选择明文和256.664-比特块.此攻击是对缩减轮CRAFT算法在单密钥和单调柄值情形下时间复杂度最低的分析.该方法依赖于调柄值调度算法的线性相关,有助于更进一步理解CRAFT的设计.     

概率积分密码分析

在传统的积分密码分析中,积分区分器都是以概率1成立的.虽然Knudsen等学者提到过:“就像差分一样,积分也可以是概率的”,但是,没有文献报道过进一步的研究.文中对此问题进行了探讨,提出了概率积分密码分析方法,并从理论和实验两方面验证了概率积分分析方法的有效性.对于采用S盒设计的分组密码,文中证明了如果S盒的差分均匀性越接近随机概率,则分组密码抵抗概率积分密码分析的能力就越强.同时,文中指出高阶积分分析的某些技巧对于概率积分分析是行不通的,主要原因是随着求和变量个数的增加,积分特征概率趋近于随机概率.最后,文中通过对AES和LBlock这两个算法的概率积分分析实例,说明目前广泛使用的分组密码算法对于概率积分密码分析方法都是免疫的.     

基于正交表的双无规范密码方案

如何安全有效地进行数据加密 ,是现代密码学中最重要的问题 .文献 [1]中提出了 4元双无规范密码体制并对其安全性进行了分析 .考虑序列密码可能遭受到的已知明文密文攻击 ,给出了一种特殊的正交表 ,并基于这种正交表和平方根问题建立了密码方案 .最后 ,对该密码方案的安全性进行了分析