稀疏形式下的区块式快速指数运算算法

针对在许多类 ElGamal 公钥密码体制中计算 AX mod n 与 AXBX mod n 复杂度高等问题,提出了稀松形式下的区块式快速指数运算算法来改善其模指数运算。使用转换状态图来分析其效能,同时将其概念加以延伸,加强其实用性。分析表明,此算法在预先计算量小的时候有较好的效能,因此也特别适用于像智能卡这类存储空间受限的装置。     

Practical security against linear cryptanalysis for SMS4-like ciphers with SP round function

SMS4,a block cipher whose global structure adopts a special unbalanced Feistel scheme with SP round function,is accepted as the Chinese National Standard for securing Wireless LANs.In this paper,in order to evaluate the security against linear cryptanalysis,we examine the upper bound of the maximum linear characteristic probability of SMS4-like ciphers with SP round function.In the same way as for SPN ciphers,it is sufficient to consider the lower bound of the number of linear active s-boxes.We propose a formula to compute the lower bound of the number of linear active s-boxes with regard to the number of rounds.The security threshold of SMS4-like ciphers can be estimated easily with our result.Furthermore,if the number of input words in each round of SMS4-like cipher is m,we find that it is unnecessary for designers to make the linear branch number of P greater than 2 m with respect to linear cryptanalysis.     

Cryptanalysis of RSA for a special case with d > e

In this paper, we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N ^0.258 ⩽ e ⩽ N ^0.854, d > e and satisfies the given conditions, we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee’s researches on low private key RSA, and provides a new solution to finding weak keys in RSA cryptosystems. Supported partially by the National Basic Research Program of China (Grant No. 2003CB314805), the National Natural Science Foundation of China (Grant Nos. 90304014 and 60873249), and the Project funded by Basic Research Foundation of School of Information Science and Technology of Tsinghua     

Cryptanalysis of RSA for a special case with d>e

In this paper,we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N0.258 e N0.854,d > e and satisfies the given conditions,we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee's researches on low private key RSA,and provides a new solution to finding weak keys in RSA cryptosystems.     

A note on the method of puzzles for key distribution

In this paper we show that a solution to Merkle's puzzle problem,⁽¹⁾ presented by Kak⁽²⁾ is a reformulation of the McEliece public key cryptosystem based on linear error correcting codes.⁽³⁾ In fact, it can be seen that any other public key cryptosystem would have worked equally well.This work was partially supported under NSERC Grant Number A0282.     

对一个背包公钥密码的格攻击*

对一个新的基于Merkle-Hellman背包密码和Rabin公钥密码的背包公钥密码算法进行了安全性分析。使用格规约算法求解一个联立丢番图逼近问题和一个二元整数线性规划问题就恢复出了该密码算法的部分密钥。重构的部分密钥可以解密任意密文。因此,该背包公钥密码算法是不安全的。     

SM2算法模逆加速器的设计

SM2公钥密码在智能卡领域有广泛的应用,其运算中难以避免模逆运算,而模逆算法因为其具有幂指数级别的运算复杂度,成为制约SM2算法性能的一个重要瓶颈。以SM2算法公钥引擎为基础,巧妙地利用了已有的蒙哥马利乘法器结构,设计出了一种长度可伸缩的快速模逆算法。并复用已有模乘资源,给出了节省存储空间、不增加面积成本的硬件实现结构以及数据存储方案。其速度性能远远优于传统的费马小定理算法和扩展欧几里德算法,对比同类蒙哥马利模逆算法也有良好的性能。     

Efficient Craig interpolation for linear Diophantine (dis)equations and linear modular equations

The use of Craig interpolants has enabled the development of powerful hardware and software model checking techniques. Efficient algorithms are known for computing interpolants in rational and real linear arithmetic. We focus on subsets of integer linear arithmetic. Our main results are polynomial time algorithms for obtaining interpolants for conjunctions of linear Diophantine equations, linear modular equations (linear congruences), and linear Diophantine disequations. We also present an interpolation result for conjunctions of mixed integer linear equations. We show the utility of the proposed interpolation algorithms for discovering modular/divisibility predicates in a counterexample guided abstraction refinement (CEGAR) framework. This has enabled verification of simple programs that cannot be checked using existing CEGAR based model checkers. This paper is an extended version of [14]. This research was sponsored by the Gigascale Systems Research Center (GSRC), Semiconductor Research Corporation (SRC), the National Science Foundation (NSF), the Office of Naval Research (ONR), the Naval Research Laboratory (NRL), the Defense Advanced Research Projects Agency (DARPA), the Army Research Office (ARO), and the General Motors Collaborative Research Lab at CMU. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of GSRC, SRC, NSF, ONR, NRL, DARPA, ARO, GM, or the U.S. government.     

信息安全中的公钥密码软件-大整数模拟实现

文章主要介绍用软件模拟实现了大整数模乘功能模块。该模拟软件解决了大整数在计算机内表示、数制转换、加法器模拟、加法链计算、计算补码、模加运算、模乘运算等关键难点问题．开发目的是要提高公钥密码运算速度，应用RSA公钥密码体制实现密钥管理、加密通信、数字签名以及身份验证等信息安全功能。     

针对离散私钥比特泄漏的RSA格攻击方法

RSA算法是目前应用最广泛的公钥密码体制之一,而格攻击是针对RSA体制的一类重要攻击方法。为此,将RSA算法的部分私钥泄漏问题转化为多变元线性同余方程的求解问题,基于同余方程构造出特定的格,利用LLL格基约化算法进行约化,从而以一定的概率求得同余方程的小根。以上述多变元线性同余方程的小根求解技术为基础,提出一种针对离散私钥比特泄漏的RSA格攻击方法。在该方法下,如果RSA算法的公钥参数e=N~β≤N~(1/2),并且私钥d的未知部分N≤N~((1/2)-β),则能以高概率恢复出RSA算法的私钥d。通过NTL包对长度为1024 bit的大整数进行实验,结果验证了该攻击方法的有效性。     

TTM密码系统的扰动变形

把内部扰动加到TTM密码系统之上,构建了该密码系统的新变形．然后针对该变形给定小参数的实例,考察了它们在极小秩攻击和线性化函数方程攻击下的安全性．给出了该变形不存在线性化函数方程的必要条件;计算机模拟实验表明,该TTM密码系统变形几乎不存在线性化函数方程．最后给出了一个实例,并且评估了其实现性能以及安全性．     

Algorithms for solving systems of linear diophantine equations in residue rings

Algorithms are proposed that construct the basis of the set of solutions to a system of homogeneous or inhomogeneous linear Diophantine equations in a residue ring modulo n when the prime factors of n are known. __________ Translated from Kibernetika i Sistemnyi Analiz, No. 6, pp. 27–40, November–December 2007.     

Algorithms for solution of systems of linear diophantine equations in residue fields

Algorithms are proposed for computing the basis of the solution set of a system of linear Diophantine homogeneous or inhomogeneous equations in the residue field modulo a prime number. __________ Translated from Kibernetika i Sistemnyi Analiz, No. 2, pp. 15–23, March–April 2007.     

A new unconditionally stable ADI compact scheme for the two-space-dimensional linear hyperbolic equation

We formulate a new alternating direction implicit compact scheme of O(τ²+h ⁴) for the linear hyperbolic equation u _tt +2α u _t +β² u=u _xx +u _yy +f(x, y, t), 0<x, y<1, 0<t≤T, subject to appropriate initial and Dirichlet boundary conditions, where α>0 and β≥0 are real numbers. In this article, we show the method is unconditionally stable by the Von Neumann method. At last, numerical demonstrations are given to illustrate our result.     

Radial basis functions method for numerical solution of the modified equal width equation

The numerical solution of the modified equal width equation is investigated by using meshless method based on collocation with the well-known radial basis functions. Single solitary wave motion, two solitary waves interaction and three solitary waves interaction are studied. Results of the meshless methods with different radial basis functions are presented.     

Asymptotic stability of general linear methods for systems of linear neutral delay differential-algebraic equations

This paper is concerned with numerical stability of general linear methods (GLMs) for a system of linear neutral delay differential-algebraic equations. A sufficient and necessary condition for asymptotic stability of GLMs solving such system is derived. Based on this main result, we further investigate the asymptotic stability of linear multistep methods, Runge–Kutta methods, and block θ-methods, respectively. Numerical experiments confirm our theoretical result.     

Algorithms for solving systems of linear diophantine equations in integer domains

Algorithms are described that solve homogeneous systems of linear Diophantine equations over natural numbers and over the set {0, 1}. Properties of the algorithms and their time estimates are given. __________ Translated from Kibernetika i Sistemnyi Analiz, No. 2, pp. 3–17, March–April 2006.     

多变量公钥密码扩展方案的安全性分析

扩展的多变量公钥密码方案(Extended Multivariate Public Key Cryptosystem,EMC)是Wang等人在2011年提出的一种新的增强多变量公钥加密体制安全性的方法,其核心是在加密之前先对明文变量进行一次基于杂凑函数的驯顺变换(Hash-based Tame Transformation,简称HT变换)处理.Wang等人将EMC方法和加方法相结合构造出了多变量加密方案HTTP(Hash-based tame and plus).作者声称HTTP方案可以抵挡现有的对多变量公钥密码体制的攻击.文中对EMC方案和HTTP加密方案进行了安全性分析,分析结果表明EMC方案并没有真正增强原始多变量公钥密码体制的安全性.如果存在一种攻击方法可恢复原始的多变量公钥加密体制的合法密文对应的明文,那么同样可以恢复增强后的加密方案的合法密文对应的明文.计算机实验表明,我们的攻击是有效的.