共查询到19条相似文献,搜索用时 171 毫秒
1.
2.
MORUS算法是由H.Wu等人设计的一类认证加密算法,目前已顺利进入CAESAR竞赛第3轮竞选.研究MORUS算法故障模型下的差分扩散性质.采用面向比特的随机故障模型,结合差分分析技术与中间相遇思想,改进了针对MORUS算法的差分链搜索算法.运用该算法找到了5步概率为2-85的差分链,从而实现了对初始化过程5步的简化版MORUS-640-128算法的差分-区分攻击,攻击所需的数据量和区分优势分别为289和0.99965.最后,利用差分故障分析方法对认证过程3步的简化版MORUS-640-128算法进行了伪造攻击. 相似文献
3.
作为AES的候选算法,E2算法由于其特殊的两层SP结构一直是人们研究的热点。研究了E2算法抵抗中间相遇攻击的能力。基于E2算法的结构,利用中间相遇的思想设计了一个4轮区分器,利用该区分器,对E2算法进行了5轮、6轮中间相遇攻击。研究结果表明,E2-128算法对于5轮中间相遇攻击以及E2-256算法对于6轮中间相遇攻击是不抵抗的。这是首次用中间相遇的攻击方法对E2算法进行的分析,相对于已有的结果,该方法降低了所用数据复杂度。 相似文献
4.
5.
针对3D分组密码算法的安全性分析,对该算法抵抗中间相遇攻击的能力进行了评估。基于3D算法的基本结构及S盒的差分性质,减少了在构造多重集时所需的猜测字节数,从而构建了新的6轮3D算法中间相遇区分器。然后,将区分器向前扩展2轮,向后扩展3轮,得到11轮3D算法中间相遇攻击。实验结果表明:构建区分器时所需猜测的字节数为42 B,攻击时所需的数据复杂度约为2497个选择明文,时间复杂度约为2325.3次11轮3D算法加密,存储复杂度约为2342 B。新攻击表明11轮3D算法对中间相遇攻击是不免疫的。 相似文献
6.
目前,在非平衡环境下的r-碰撞问题还没有得到有效的解决.本文提出了一种新的高效算法来对r个不同的非平衡函数寻找对应的r-碰撞.新算法是将现有的r-碰撞算法、并行碰撞搜索算法与非平衡中间相遇攻击技术进行有机结合.具体攻击过程如下所示:首先,攻击者把r个函数分成左右两个集合,当r为偶数时,其对应的左右集合分别为■和■, 并需要在左右集合中对应位置的两个非平衡函数fli和■之间寻找碰撞.以第i对为例,攻击者在碰撞-收集阶段可以采用PCS算法收集两个非平衡函数fli和fti的2mi个碰撞.注意到,攻击者需要对左右集合中?r/2?个位置对重复上述寻找碰撞的操作.如果r是奇数,攻击者还需要对剩下的函数f收集2m0个函数值.在碰撞-收集阶段之后,攻击者采用中间相遇攻击在r-?r/2?个列表中寻找r-碰撞.新算法的主要结果是:(1)与现有的r-碰撞算法不同,新算法的时间复杂度是由所需存储量和所选择的分组方法决定的.(2)在存储足够的情况下,新的r-碰... 相似文献
7.
将Biclique初始结构与标准的三子集中间相遇攻击相结合,给出了一种普遍的中间相遇攻击模式.与Biclique分析相比,该模式下的攻击作为算法抗中间相遇攻击的结果更为合理.进一步地,评估了算法TWINE抗中间相遇攻击的能力,通过合理选择中立比特位置以及部分匹配位置,给出了18轮TWINE-80以及22轮TWINE-128算法的中间相遇攻击结果.到目前为止,这是TWINE算法分析中数据复杂度最小的攻击结果. 相似文献
8.
轻量级分组密码由于软硬件实现代价小且功耗低,被广泛地运用资源受限的智能设备中保护数据的安全。Midori是在2015年亚密会议上发布的轻量级分组密码算法,分组长度分为64 bit和128 bit两种,分别记为Midori64和Midori128,目前仍没有Midori128抵抗中间相遇攻击的结果。通过研究Midori128算法基本结构和密钥编排计划特点,结合差分枚举和相关密钥筛选技巧构造了一条7轮中间相遇区分器。再在此区分器前端增加一轮,后端增加两轮,利用时空折中的方法,提出对10轮的Midori128算法的第一个中间相遇攻击,整个攻击需要的时间复杂度为2126.5次10轮Midori128加密,数据复杂度为2125选择明文,存储复杂度2105 128-bit块,这是首次对Midori128进行了中间相遇攻击。 相似文献
9.
MIBS算法于2009年在CANS会议上提出,是一个32轮Feistel结构、64比特分组长度以及包含64比特、80比特两种主密钥长度的轻量级分组密码.针对该算法密钥编排中第1轮到第11轮子密钥之间存在部分重复和等价关系,本文首次完成了MIBS-64的11轮三子集中间相遇攻击,数据复杂度为2^[47],存储复杂度为2^[47]64-bit,时间复杂度为2^[62.25]次11轮加密.与目前已有的对MIBS-64算法的中间相遇攻击相比,将攻击轮数由10轮扩展至11轮,刷新了该算法在中间相遇攻击下的安全性评估结果. 相似文献
10.
11.
Riham AlTawy Aleksandar Kircanski Amr Youssef 《Information Processing Letters》2013,113(19-21):764-770
At the Cryptographic Hash Workshop hosted by NIST in 2005, Lee et al. proposed the DHA-256 (Double Hash Algorithm-256) hash function. The design of DHA-256 builds upon the design of SHA-256, but introduces additional strengthening features such as optimizing the message expansion and step function against local collision attacks. Previously, DHA-256 was analyzed by J. Zhong and X. Lai, who presented a preimage attack on 35 steps of the compression function with complexity 2239.6. In addition, the IAIK Krypto Group provided evidence that there exists a 9-step local collision for the DHA-256 compression function with probability higher than previously predicted. In this paper, we analyze DHA-256 in the context of higher order differential attacks. In particular, we provide a practical distinguisher for 42 out of 64 steps and give an example of a colliding quartet to validate our results. 相似文献
12.
Hans Dobbertin,Antoon Bosselaers和Bart Preneel在1996年提出hash函数RIPEMD-128,它包含两个独立并行的部分,每一部分的输出组合成RIPEMD-128的输出结果.给出前32步RIPEMD-128的碰撞实例,其计算复杂度是2~(28)次32-步RIPEMD-128运算.本文是对前32步RIPEMD-128分析的第一次公开. 相似文献
13.
首先分析了Leurent提出的MD-4原象攻击方法,该方法利用MD-4布尔函数的吸收性质,迭代函数的可逆性以及消息扩展方式的特殊性,首先形成伪原象攻击,之后利用基于树的方法将伪原象转变为原象攻击。采用随机图的方法,对其后一部分进行了改进,提高了攻击效率,将复杂度从2102降低到298。 相似文献
14.
In this paper,we give a new fast attack on HAVAL-128.Our attack includes many present methods of constructing hash collisions.Moreover,we present a neighborhood modification.We propose a new difference path different from the previous ones.The conclusion is that,when the output of each step satisfies our condition,the message m can collide with m’= m + Δm,where Δm =(0,0,0,0,231,0,...,0).There is only one bit difference between m and m’.Two pairs of collision examples for HAVAL-128 are given.In order to improve the probability of collision,we use four tricks of message modification.The attack’s running time is less than 225.83 2-pass HAVAL computations,which is the best result for one-bit collision of HAVAL so far. 相似文献
15.
MD4 is a hash function designed by Rivest in 1990. The design philosophy of many important hash functions, such as MD5, SHA-1 and SHA-2, originated from that of MD4. We propose an improved preimage attack on one-block MD4 with the time complexity 295 MD4 compression function operations, as compared to the 2107 1 complexity of the previous attack by Aoki et al. (SAC 2008). The attack is based on previous methods, but introduces new techniques. We also use the same techniques to improve the pseudo-preimage and preimage attacks on Extended MD4 with 225.2 and 212.6 improvement factor, as compared to previous attacks by Sasaki et al. (ACISP 2009). 相似文献
16.
In this paper, we present a preimage attack on reduced versions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating the conjunctive normal form, CNF, which is passed to the SAT solver PrecoSAT. We found preimages for some reduced versions of the function and showed that full Keccak function has a comfortable security margin against this kind of attack. 相似文献
17.
Keccak哈希函数是第三代安全哈希函数,具有可证明的安全性与良好的实现性能.讨论基于代数系统求解的4轮Keccak-256原像攻击,对已有的4轮原像攻击方法进行了完善,有效降低了理论复杂度.目前,4轮Keccak-256原像攻击的理论复杂度最低为2239,通过充分利用二次比特的因式之间的关系,在自由度相同的情况下,线... 相似文献
18.
Hash functions play an important role in constructing cryptographic schemes that provide security services, such as confidentiality in an encryption scheme, authenticity in an authentication protocol and integrity in a digital signature scheme and so on. Such hash function is needed to process a challenge, a message, an identifier or a private key. In this paper, we propose an attack against HAVAL-3 hash function, which is used in open source Tripwire and is included in GNU Crypto. Under the meet-in-the-middle (MITM) preimage attack framework proposed by Aoki and Sasaki in 2008, the one-wayness of several (reduced-)hash functions had been broken recently. However, most of the attacks are of complexity close to brute-force search. Focusing on reducing the time complexity of such MITM attacks, we improve the preimage attacks against HAVAL-3 hash function to within lower time complexity and memory requirement, compared with the best known attack proposed by Sasaki and Aoki in ASIACRYPT 2008. Besides the 256-bit variant of HAVAL-3, similar improvements can be applied to some truncated variants as well. Interestingly, due to the low complexity of our attack, the preimage attack applies to the 192-bit variant of HAVAL-3 for the first time. 相似文献
19.
For an n-bit random permutation, there are three types of boomerang distinguishers, denoted as Type I, II and III, with generic complexities 2n, 2n/3 and 2n/2 respectively. In this paper, we try to evaluate the security margins of three hash functions namely SHA-512, SHA-256 and DHA-256 against the boomerang attack. Firstly, we give a boomerang attack on 48-step SHA-512 with a practical complexity of 251. The correctness of this attack is verified by providing a Type III boomerang quartet. Then, we extend the existing differential characteristics of the three hash functions to more rounds. We deduce the sufficient conditions and give thorough evaluations to the security margins as follows: Type I boomerang method can attack 54-step SHA-512, 51-step SHA-256 and 46-step DHA-256 with complexities 2480, 2218 and 2236 respectively. Type II boomerang method can attack 51-step SHA-512, 49-step SHA-256 and 43-step DHA-256 with complexities 2158.50, 272.91 and 274.50 respectively. Type III boomerang method can attack 52-step SHA-512, 50-step SHA-256 and 44-step DHA-256 with complexities 2223.80, 2123.63 and 299.85 respectively. 相似文献