多重线性密码分析中线性逼近方程的构造

到目前为止,还没有利用构造多个逼近方程来实现B.S.Kaliski和M.J.B.Robshaw的多重线性逼近的例子。利用Mastui构造的线性组合传递链是周期为8的线性组合传递链这个特点,选取该线性组合传递链的8个不同起点,就可由该线性组合传递链构造出8条新的线性组合传递链,再加上其对偶的线性组合传递链,共可构造出16条线性组合传递链,利用它们可实现对DES的密钥比特进行攻击。     

稀疏形式下的区块式快速指数运算算法

针对在许多类 ElGamal 公钥密码体制中计算 AX mod n 与 AXBX mod n 复杂度高等问题,提出了稀松形式下的区块式快速指数运算算法来改善其模指数运算。使用转换状态图来分析其效能,同时将其概念加以延伸,加强其实用性。分析表明,此算法在预先计算量小的时候有较好的效能,因此也特别适用于像智能卡这类存储空间受限的装置。     

多变量密码体制下大型布尔矩阵生成算法

大型可逆布尔矩阵在多变量公钥密码体制设计中有着其广泛用途,而高效的大型可逆布尔矩阵生成算法直接影响多变量公钥密码体制设计的质量。利用线性变换的思想,提出了布尔矩阵B_8n*12n的一种生成算法,具有简单有效的优点。并给出了该大型布尔矩阵生成算法的具体描述,分析了该算法的时间复杂度,密钥的存储空间。整个求解过程和结果表明该算法的有效性。最后给出了其逆矩阵的求解算法。     

Practical security against linear cryptanalysis for SMS4-like ciphers with SP round function

SMS4,a block cipher whose global structure adopts a special unbalanced Feistel scheme with SP round function,is accepted as the Chinese National Standard for securing Wireless LANs.In this paper,in order to evaluate the security against linear cryptanalysis,we examine the upper bound of the maximum linear characteristic probability of SMS4-like ciphers with SP round function.In the same way as for SPN ciphers,it is sufficient to consider the lower bound of the number of linear active s-boxes.We propose a formula to compute the lower bound of the number of linear active s-boxes with regard to the number of rounds.The security threshold of SMS4-like ciphers can be estimated easily with our result.Furthermore,if the number of input words in each round of SMS4-like cipher is m,we find that it is unnecessary for designers to make the linear branch number of P greater than 2 m with respect to linear cryptanalysis.     

Cryptanalysis of RSA for a special case with d > e

In this paper, we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N ^0.258 ⩽ e ⩽ N ^0.854, d > e and satisfies the given conditions, we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee’s researches on low private key RSA, and provides a new solution to finding weak keys in RSA cryptosystems. Supported partially by the National Basic Research Program of China (Grant No. 2003CB314805), the National Natural Science Foundation of China (Grant Nos. 90304014 and 60873249), and the Project funded by Basic Research Foundation of School of Information Science and Technology of Tsinghua     

Cryptanalysis of RSA for a special case with d>e

In this paper,we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N0.258 e N0.854,d > e and satisfies the given conditions,we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee's researches on low private key RSA,and provides a new solution to finding weak keys in RSA cryptosystems.     

对DES线性攻击的改进算法

给出了DES的两个较大的14轮线性逼近,它们的相关系数分别为最佳线性逼近相关系数的0.8倍和0.6倍,且涉及到完全相同的密钥和不同的明密文。结合这两个较好的线性逼近,提出了攻击DES的改进算法,利用改进后的算法可以在等量明密文对的情况下多得到9比特密钥值。     

A note on the method of puzzles for key distribution

In this paper we show that a solution to Merkle's puzzle problem,⁽¹⁾ presented by Kak⁽²⁾ is a reformulation of the McEliece public key cryptosystem based on linear error correcting codes.⁽³⁾ In fact, it can be seen that any other public key cryptosystem would have worked equally well.This work was partially supported under NSERC Grant Number A0282.     

基于扩展的低阶多元广义线性模型的脑节点识别方法

针对现有单节点模型识别准确度较低以及低阶多元广义线性模型（LRMGLM）计算时间过长和使用局限性问题,提出基于扩展的低阶多元广义线性模型（ELRMGLM）的脑节点识别方法。首先,建立可以同时处理两次实验所有节点数据的ELRMGLM,以更多的时间空间信息来提高算法的准确度;然后,利用带时空平滑惩罚项的优化函数引入先验信息,并通过迭代函数对模型参数进行求解;最后,使用基于K-means的快速选择策略实现惩罚参数和大脑节点的快速选择。三次样本实验中,ELRMGLM的准确度分别比经典血液动力学响应函数（canonical）方法、平滑有限脉冲响应（SFIR）方法、正则化和广义交叉验证（Tik-GCV）方法的最优结果提升了约20%、8%、20%,略优于LRMGLM,且计算时间是LRMGLM的1/750。实验结果表明,ELRMGLM能有效提高大脑节点的识别准确度,减少计算时间。     

对一个背包公钥密码的格攻击*

对一个新的基于Merkle-Hellman背包密码和Rabin公钥密码的背包公钥密码算法进行了安全性分析。使用格规约算法求解一个联立丢番图逼近问题和一个二元整数线性规划问题就恢复出了该密码算法的部分密钥。重构的部分密钥可以解密任意密文。因此,该背包公钥密码算法是不安全的。     

SM2算法模逆加速器的设计

SM2公钥密码在智能卡领域有广泛的应用,其运算中难以避免模逆运算,而模逆算法因为其具有幂指数级别的运算复杂度,成为制约SM2算法性能的一个重要瓶颈。以SM2算法公钥引擎为基础,巧妙地利用了已有的蒙哥马利乘法器结构,设计出了一种长度可伸缩的快速模逆算法。并复用已有模乘资源,给出了节省存储空间、不增加面积成本的硬件实现结构以及数据存储方案。其速度性能远远优于传统的费马小定理算法和扩展欧几里德算法,对比同类蒙哥马利模逆算法也有良好的性能。     

Efficient Craig interpolation for linear Diophantine (dis)equations and linear modular equations

The use of Craig interpolants has enabled the development of powerful hardware and software model checking techniques. Efficient algorithms are known for computing interpolants in rational and real linear arithmetic. We focus on subsets of integer linear arithmetic. Our main results are polynomial time algorithms for obtaining interpolants for conjunctions of linear Diophantine equations, linear modular equations (linear congruences), and linear Diophantine disequations. We also present an interpolation result for conjunctions of mixed integer linear equations. We show the utility of the proposed interpolation algorithms for discovering modular/divisibility predicates in a counterexample guided abstraction refinement (CEGAR) framework. This has enabled verification of simple programs that cannot be checked using existing CEGAR based model checkers. This paper is an extended version of [14]. This research was sponsored by the Gigascale Systems Research Center (GSRC), Semiconductor Research Corporation (SRC), the National Science Foundation (NSF), the Office of Naval Research (ONR), the Naval Research Laboratory (NRL), the Defense Advanced Research Projects Agency (DARPA), the Army Research Office (ARO), and the General Motors Collaborative Research Lab at CMU. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of GSRC, SRC, NSF, ONR, NRL, DARPA, ARO, GM, or the U.S. government.     

信息安全中的公钥密码软件-大整数模拟实现

文章主要介绍用软件模拟实现了大整数模乘功能模块。该模拟软件解决了大整数在计算机内表示、数制转换、加法器模拟、加法链计算、计算补码、模加运算、模乘运算等关键难点问题．开发目的是要提高公钥密码运算速度，应用RSA公钥密码体制实现密钥管理、加密通信、数字签名以及身份验证等信息安全功能。     

针对离散私钥比特泄漏的RSA格攻击方法

RSA算法是目前应用最广泛的公钥密码体制之一,而格攻击是针对RSA体制的一类重要攻击方法。为此,将RSA算法的部分私钥泄漏问题转化为多变元线性同余方程的求解问题,基于同余方程构造出特定的格,利用LLL格基约化算法进行约化,从而以一定的概率求得同余方程的小根。以上述多变元线性同余方程的小根求解技术为基础,提出一种针对离散私钥比特泄漏的RSA格攻击方法。在该方法下,如果RSA算法的公钥参数e=N~β≤N~(1/2),并且私钥d的未知部分N≤N~((1/2)-β),则能以高概率恢复出RSA算法的私钥d。通过NTL包对长度为1024 bit的大整数进行实验,结果验证了该攻击方法的有效性。     

TTM密码系统的扰动变形

把内部扰动加到TTM密码系统之上,构建了该密码系统的新变形．然后针对该变形给定小参数的实例,考察了它们在极小秩攻击和线性化函数方程攻击下的安全性．给出了该变形不存在线性化函数方程的必要条件;计算机模拟实验表明,该TTM密码系统变形几乎不存在线性化函数方程．最后给出了一个实例,并且评估了其实现性能以及安全性．     

Algorithms for solving systems of linear diophantine equations in residue rings

Algorithms are proposed that construct the basis of the set of solutions to a system of homogeneous or inhomogeneous linear Diophantine equations in a residue ring modulo n when the prime factors of n are known. __________ Translated from Kibernetika i Sistemnyi Analiz, No. 6, pp. 27–40, November–December 2007.     

Algorithms for solution of systems of linear diophantine equations in residue fields

Algorithms are proposed for computing the basis of the solution set of a system of linear Diophantine homogeneous or inhomogeneous equations in the residue field modulo a prime number. __________ Translated from Kibernetika i Sistemnyi Analiz, No. 2, pp. 15–23, March–April 2007.     

A new unconditionally stable ADI compact scheme for the two-space-dimensional linear hyperbolic equation

We formulate a new alternating direction implicit compact scheme of O(τ²+h ⁴) for the linear hyperbolic equation u _tt +2α u _t +β² u=u _xx +u _yy +f(x, y, t), 0<x, y<1, 0<t≤T, subject to appropriate initial and Dirichlet boundary conditions, where α>0 and β≥0 are real numbers. In this article, we show the method is unconditionally stable by the Von Neumann method. At last, numerical demonstrations are given to illustrate our result.