Attacks on Block Ciphers of Low Algebraic Degree

In this paper an attack on block ciphers is introduced, the interpolation attack. This method is useful for attacking ciphers that use simple algebraic functions (in particular quadratic functions) as S-boxes. Also, attacks based on higher-order differentials are introduced. They are special and important cases of the interpolation attacks. The attacks are applied to several block ciphers, the six-round prototype cipher by Nyberg and Knudsen, which is provably secure against ordinary differential cryptanalysis, a modified version of the block cipher SHARK, and a block cipher suggested by Kiefer. Received April 1999 and revised October 2000 Online publication 9 April 2001     

分组密码算法抗故障攻击能力度量方法研究

该文从算法层面对分组密码固有的故障泄露特点进行了分析,提出一种可用于刻画其故障传播特性的传播轨迹框架,并以此为基础构建了适用于单次和多次故障注入场景的抗故障攻击能力度量方法。实验表明,该度量方法能够有效刻画不同故障注入场景下密钥空间的变化规律,进而揭示其算法层面的抗故障攻击能力。     

A General Construction of Tweakable Block Ciphers and Different Modes of Operations

This work builds on earlier work by Rogaway at Asiacrypt 2004 on tweakable block cipher (TBC) and modes of operations. Our first contribution is to generalize Rogaway's TBC construction by working over a ring and by the use of a masking sequence of functions. The ring can be instantiated as either GF or as . Further, over GF, efficient instantiations of the masking sequence of functions can be done using either a binary linear feedback shift register (LFSR); a powering construction; a cellular automata map; or by using a word-oriented LFSR. Rogaway's TBC construction was built from the powering construction over GF. Our second contribution is to use the general TBC construction to instantiate constructions of various modes of operations including authenticated encryption (AE) and message authentication code (MAC). In particular, this gives rise to a family of efficient one-pass AE modes of operation. Out of these, the mode of operation obtained by the use of word-oriented LFSR promises to provide a masking method which is more efficient than the one used in the well known AE protocol called OCB1.     

对迭代型混沌密码的逆推压缩攻击

 本文发现了迭代型混沌密码的一个新信息泄漏规律,即对每个时刻i,由乱数序列求出的混沌映射在该时刻的可能输(及可能密钥参数)全体都可用若干个区间的并集简单描述,且对多对一混沌映射而言,每个区间内都有等效解的概率很大,并随着时刻i的减小,区间的长度急剧缩短.基于该信息泄漏规律,本文提出了攻击迭代型混沌密码的一个新方法,即逆推压缩攻击方法.在一定的条件下,该攻击方法的成功率为1,且计算复杂性、存储复杂性和数据复杂性都是密钥规模的线性函数.本文对廖旎焕等人在2006年发表的混沌扩频序列密码算法在密钥规模为64比特时做了100例攻击实验,每例实验平均仅需011秒就可求出等效密钥,从而验证了逆推压缩攻击方法的有效性和正确性.与现有的攻击混沌密码的一般方法相比,本文提出的方法是首个复杂性为密钥长度线性量级的攻击方法.     

Cryptanalysis of Multiple Modes of Operation

In recent years, several new attacks on DES were introduced. These attacks have led researchers to suggest stronger replacements for DES, and in particular new modes of operation for DES. The most popular new modes are triple DES variants, which are claimed to be as secure as triple DES. To speed up hardware implementations of these modes, and to increase the avalanche, many suggestions apply several standard modes sequentially. In this paper we study these multiple (cascade) modes of operation. This study shows that many multiple modes are much weaker than multiple DES, and their strength is theoretically comparable to a single DES. We conjecture that operation modes should be designed around an underlying cryptosystem without any attempt to use intermediate data as feedback, or to mix the feedback into an intermediate round. Thus, in particular, triple DES used in CBC mode is more secure than three single DESs used in triple CBC mode. Alternatively, if several encryptions are applied to each block, the best choice is to concatenate them to one long encryption, and build the mode of operation around it. Received 15 February 1996 and revised 30 May 1996     

基于遗传算法的快速相关攻击

给出了基于遗传算法的快速相关攻击算法,并对其进行了大量实验,取得了较好的效果,对用遗传算法来解决密码学难题的思想作了有益的尝试。     

Lightweight Chaos-Based Nonlinear Component of Block Ciphers

Chaos influence different fields of science and technology. The development of sciences is at peak expected to the rapid broadcast of information with the smart machine in constrained resources atmosphere. With the help of our smartphone, we can easily access the information within no time and with much ease. This ease makes our information open and can be accessed from the web or misuse by any person. To secure our information on the internet of things (IOTs), lightweight cryptographic algorithms were introduced. We offered an efficient lightweight confusion component scheme constructed on the composition of chaotic iterative maps. The proposed chaotic lightweight substitution box (S-box) offers decent cryptographic characteristics. The suggested chaotic S-box is used for adding a confusion layer in small lightweight block cipher algorithms. The outcome of cryptographic characteristics displays that the anticipated chaotic Substitution box is appropriate for the lightweight block cipher in a constrained source environment.

     

NIST新分组密码工作模式及快速实现研究

分组密码是密码学中使用最为广泛的工具之一,而分组密码的工作模式是指使用分组密码对任意长度的消息进行加解密、认证等的方案。美国国家标准与技术研究院（ NIST ）积极致力于分组密码工作模式的研究,十余年来陆续发布了大量的工作模式。文中集中讨论了NIST近几年发布的几种新型工作模式,包括加密认证模式GCM、磁盘加密模式XTS、密钥封装模式KeyWrap,并且对这几种新型工作模式的快速实现进行了深入研究。     

A New Criterion for Nonlinearity of Block Ciphers

For years, the cryptographic community has searched for good nonlinear functions. Bent functions, almost perfect nonlinear functions, and similar constructions have been suggested as a good base for cryptographic applications due to their highly nonlinear nature. In the first part of this paper, we examine using these functions as block ciphers, and present several distinguishers between almost perfect nonlinear permutations and random permutations. In the second part of the paper, we suggest a criterion to measure the effective linearity of a given block cipher. We devise a general distinguisher for block ciphers based on their effective linearity. Finally, we show that for several constructions, our distinguishing attack is better than previously known techniques.     

基于超混沌序列的分组密码算法及其应用

利用混沌现象的“蝴蝶”效应和难以预测性等特点，提出利用超混沌序列改进分组密码算法的思想，实现基于超混沌序列的DES（数据加密标准）和AES（高级加密标准）算法，给出改进算法用于加密文本和图像数据的应用实例，分析比较改进后的算法和传统分组密码算法在安全性和抗破译性方面的性能。研究表明，分组密码算法和超混沌序列技术结合能够进一步提高系统的安全性和抗破译性能。     

DDoS攻击方式与防御措施浅议

随着Internet互联网络带宽的增加和多种DDoS黑客工具的不断发布,DDoS拒绝服务攻击的实施越来越容易,DDoS攻击事件正在成上升趋势。论文通过对常用的各种DDoS攻击方式进行分类,对攻击的原理进行了探讨,最后在此基础上有针对性地提出了一些防御DDoS攻击的方法。     

无线传感器网络中的分组加密算法评测与分析

无线传感器网络节点受到能耗和物理尺寸的限制,选择占用存储少和节能高效的分组加密算法对无线传感器网络非常重要。针对多种分组加密算法,构建评测系统框架,于不同的应用环境和网络结构中,对算法安全性能、存储量和能效指标进行评测。分析评测结果表明:Rijndael加密算法的高安全性、高能效使其最为适合无线传感器网络。     

迭代分组密码模型及其分析

从原理上给出了迭代型分组密码的构造思路,例示了有限域上的幂函数不具幂等性,最后设计了一种旨在提高保密强度的迭代密码模型。     

分组密码算法的三种硬件实现结构及性能分析

针对分组密码算法,研究了反复循环,循环展开和流水线三种实现结构,分析了三种结构下系统的资源占用、吞吐率、最高工作频率等参数,以求在各种不同应用环境,找出满足其需求的实现方案.以3DES为例分别实现了这三种结构,最后给出了基于Altera公司的CYCLONE系列FPGA的实现结果,对结果进行了比较和分析.     

Differential Analysis of ARX Block Ciphers Based on an Improved Genetic Algorithm

Differential cryptanalysis is one of the most critical analysis methods to evaluate the security strength of cryptographic algorithms. This paper first applies the genetic algorithm to search for differential characteristics in differential cryptanalysis. A new algorithm is proposed as the fitness function to generate a high-probability differential characteristic from a given input difference. Based on the differential of the differential characteristic found by genetic algorithm, Boolean satis...     

Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

In this paper, we propose efficient masking methods for ARIA and AES. In general, a masked S‐box (MS) block can be constructed in different ways depending on the implementation platform, such as hardware and software. However, the other components of ARIA and AES have less impact on the implementation cost. We first propose an efficient masking structure by minimizing the number of mask corrections under the assumption that we have an MS block. Second, to make a secure and efficient MS block for ARIA and AES, we propose novel methods to solve the table size problem for the MS block in a software implementation and to reduce the cost of a masked inversion which is the main part of the MS block in the hardware implementation.     

Attacks on Fast Double Block Length Hash Functions

The security of hash functions based on a block cipher with a block length of m bits and a key length of k bits, where , is considered. New attacks are presented on a large class of iterated hash functions with a 2m -bit hash result which processes in each iteration two message blocks using two encryptions. In particular, the attacks break three proposed schemes: Parallel-DM, the PBGV hash function, and the LOKI DBH mode. Received 1 March 1996 and revised 16 December 1996     

Grouped Genetic Algorithm Based Optimal Tests Selection for System with Multiple Operation Modes

To insure various operation modes operated properly, important modules or potential fault sources must be monitored. Due to the hardware resource limit, only part of modules and potential faults can be covered by online test. The percentage of modules or fault sources been covered is termed as fault detection rate (FDR). Lower mode FDR constraints must be satisfied to insure the whole mission executed successfully. It’s a typical multi-constraint optimization problem. In this paper, a grouped genetic algorithm (GGA) is proposed to minimize the test cost and satisfy the FDR constraints. Each GA is used to optimize the test set for one mode. The final chromosome of each GA represents the selected tests in one mode. The union set of the chromosomes of all GAs gives the final solution. Each GA is subjected to one FDR constraint, therefore, the optimal solution is more likely be found. The group of GAs are executed in parallel, hence, the proposed method is efficient. The effectiveness and efficiency of the proposed method are verified by statistical experiments.