随机分组密码算法框架及实现

针对现有的对分组密码的攻击方法对于未知结构的密码算法是无效的特点,提出了一个根据已有分组密码算法生成随机密码算法的框架,其密码算法是由随机控制密钥生成的,因而算法是随机的,能抵抗针对固定结构的密码算法的线性密码分析和差分密码分析。同时还提出了一个具体的AES的随机化算法,该算法具有可证明的安全性,其安全性高于原始的AES,性能与原始的AES算法接近。     

Protecting lightweight block cipher implementation in mobile big data computing

The Mobile Big Data Computing is a new evolution of computing technology in data communication and processing. The data generated from mobile devices can be used for optimization and personalization of mobile services and other profitable businesses. Mobile devices are usually with limited computing resources, thus the security measures are constrained. To solve this problem, lightweight block ciphers are usually adopted. However, due to the easily exposed environment, lightweight block ciphers are apt to suffer from differential power attack. To counteract this attack, Nikova et al. proposed a provably secure method, namely sharing, to protect the cipher’s implementation. But the complexity of sharing method is so high, making this method not practical. To address this issue, in this paper, we propose a GPU-based approach of sharing a 4-bit S-box by automatic search. GPU is a promising acceleration hardware with powerful parallel computing. By analyzing the sharing method carefully, we devise an optimal approach, namely OptImp, that improves the performance massively. The experiment results show that the proposed approach can achieve up to 300 times faster than the original method. With our approach, the sharing method can be used to protect lightweight block ciphers in practice.     

ORSCA-GPU: one round stream cipher algorithm for GPU implementation

Data confidentiality is one of the most critical security services. Many encryption algorithms are currently used to provide data confidentiality. That is why there are continuous research efforts on the design and implementation of efficient cipher schemes. For this purpose, different lightweight cipher algorithms have been presented and implemented on GPUs with different optimizations to reach high performance. Some examples of these ciphers are Speck, Simon which both require less latency compared to Advanced Encryption Standard (AES). However, these solutions require a higher number of rounds but with a more simple round function compared to AES. Therefore, in this paper, a new cipher scheme called “ORSCA” is defined which only requires one round with the dynamic key-dependent approach. The proposed cipher is designed according to the GPU characteristics. The proposed one-round stream cipher solution is suitable for the high data rate applications. According to the performance results, it can achieve high data throughput compared to existing ones, with throughput greater than 5 Terabits/s on a Tesla A100 GPU. Thus, this approach can be considered as a promising candidate for real-time applications. Finally, the security level is ensured by using the dynamic cryptographic primitives that can be changed for each new input message (or for a set of messages: sub-session key). Thus, the proposed solution is a promising candidate for high secure GPU cryptographic algorithms.

     

Design,implementation and analysis of hardware efficient stream ciphers using LFSR based hash functions

Design and implementation of hardware efficient stream ciphers using hash functions and analysis of their periodicity and security are presented in this paper. The hash generation circuits used for the design and development of stream ciphers are low power, low hardware complexity Linear Feedback Shift Register (LFSR) based circuits. One stream cipher design uses LFSR based Toeplitz hash generation circuit together with LFSR keystream generator circuit, while the other design combines LFSR based filter generator circuit with LFSR based polynomial modular division circuit. Both designs possess good security and periodicity properties for the keystreams generated. The developed circuits can compete with the most popular classic LFSR based stream ciphers in hardware complexity at the same time providing additional advantage that the same circuit can be used for hash generation.     

A secure image encryption scheme based on genetic operations and a new hybrid pseudo random number generator

This paper presents an encryption scheme based on genetic operations and a new hybrid pseudo random number generator (HPRNG). The new HPRNG is designed based on linear feedback shift register (LFSR), chaotic asymmetric tent map and chaotic logistic map. The scheme uses XOR and genetic operations (mutation, and multipoint crossover) to encrypt the image blocks. The first block of the plain image is encrypted with the help of a pseudo-random bit sequence generated by the HPRNG. The subsequent blocks are based on the previous cipher block and the XOR operator. The scheme can be extended to encrypt color images and text as well. The cipher images produced have very low correlation with their corresponding plain images and have high values of entropy, making it unpredictable and difficult to detect redundancies in the image pixel values. More over the scheme is compared with some existing schemes and found that the proposed scheme is comparatively secure and efficient.

     

基于流密码的可重构处理结构及其专用指令集研究

在对多种流密码算法生成结构进行分析的基础上,提出一种基于流密码的可重构处理结构,并在总结重构流密码算法使用频率较高的基本操作类型的基础上,为该流密码可重构处理结构设计了一种专用指令集。描述了指令的具体格式,并对指令性能进行了评估。结果表明,该指令集作用在该流密码可重构结构上可灵活高效地实现多种流密码算法。     

MA4210 ALPHANUMERIC POCKET CIPHER

Abstract

Vigenère ciphers can be broken, if the key length is known. In trying to break the Vigenère cipher, Charles Babbage and Friedrich Wilhelm Kasiski found the length of the key by searching for periodical repetitions in the ciphertext to split the cipher into multiple Caesar ciphers. William Friedman's, “index of coincidence,” also requires an adequate length of the ciphertext to retrieve the key length. Both methods lack, if the ciphertext is short or does not include repetitions and no other effective linguistic solution to break short Vigenère ciphers is known. Massively decreasing the solution space by logic, reverse digram frequency, and language properties allows breaking short and long Vigenère ciphers with and without repetitions.     

基于FCSR和LSFR相结合的密钥流生成器

分析了由Schneier提出的FCSR和线性反馈移位寄存器（LFSR）相结合的密钥流生成器的结构特性,给出了其可生成密钥流的周期和线性复杂度的理论上界,讨论如何选择LFSR和FCSR的参数以使产生的密钥流具有较好的伪随机特性,并使其周期和线性复杂度尽可能接近理论上界。利用美国技术与标准局（NIST）提供的STS软件包进行生成器选定参数下输出的密钥流的8项随机性测试,结果表明,在该文论述的参数选择方法下,生成器产生的序列具有良好的伪随机特性。利用FPGA实现了该密钥流生成器,并通过与5种现有流密码方案实现结果的性能比较发现,该方案具有较高的密钥流吞吐量和性价比,可在移动终端实施。     

A CRYPTOGRAPHER'S WAR MEMORIES

Georgiou [4] proposed a method to strengthen ciphers based on a combination of an enciphering transformation and a multiplication. If the enciphering transformation is a homomorphism and the multiplication in the domain is used in the A cipher and the multiplication in the range is known to the cryptanalyst, his method does not strengthen the cipher at all.     

A comparative study of hardware architectures for lightweight block ciphers

A hardware-based performance comparison of lightweight block ciphers is conducted in this paper. The DESL, DESXL, CURUPIRA-1, CURUPIRA-2, HIGHT, PUFFIN, PRESENT and XTEA block ciphers have been employed in this comparison. Our objective is to survey what ciphers are suitable for security in Radio Frequency Identification (RFID) and other security applications with demanding area restrictions. A general architecture option has been followed for the implementation of all ciphers. Specifically, a loop architecture has been used, where one basic round is used iteratively. The basic performance metrics are the area, power consumption and hardware resource cost associated with the implementation resulting throughput of each cipher. The most compact cipher is the 80-bit PRESENT block cipher with a count of 1704 GEs and 206.4 Kbps, while the largest in area cipher is the CURUPIRA-1. The CURUPIRA-1 cipher consumes the highest power of 118.1 μW, while the PRESENT cipher consumes the lowest power of 20 μW. All measurements have been taken at a 100 kHz clock frequency.     

Elastic block ciphers: method, security and instantiations

We introduce the concept of an elastic block cipher which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples from existing block ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for block ciphers.

Slippery hill-climbing technique for ciphertext-only cryptanalysis of periodic polyalphabetic substitution ciphers

Abstract

We present a stochastic method for breaking general periodic polyalphabetic substitution ciphers using only the ciphertext and without using any additional constraints that might come from the cipher’s structure. The method employs a hill-climbing algorithm for individual key alphabets, with occasional slipping down the hill. We implement the method with a computer and achieve reliable results for a sufficiently long ciphertext (150 characters per key alphabet). Because no constraints among the key alphabets are used, this method applies to any periodic polyalphabetic substitution cipher.     

THE NAVY CIPHER BOX MARK II

Recent suggestions in [8] that optimization techniques such as the genetic algorithm can be used to successfully solve knapsack ciphers are somewhat optimistic. The inability to assign an appropriate fitness to an arbitrary solution of the knapsack cipher is the downfall with this method. In this paper a detailed analysis of the proposed fitness function is undertaken and numerical results are presented displaying the futility of using this fitness function in a genetic algorithm for solving knapsack ciphers of any reasonable size.     

Visually meaningful image encryption using data hiding and chaotic compressive sensing

A visually secure multiple image encryption using chaotic map and compressive sensing is proposed. The existing image encryption algorithms transform a secret image into a random noise like cipher image which can lead to cryptanalysis by an intruder. In the proposed method, compressive sampling is done using a chaos based, key controlled measurement matrix. An image dependent key generation scheme is used to generate the parameters of the chaotic map. The secret images are transformed into wavelet coefficients, and scrambled along a zigzag path, so that the high correlation among them can be reduced and thereby provide increased security level. The sparse coefficients are measured using the chaotic map-based measurement matrix, whose initial parameters are obtained from the keys generated. Then the reduced measurements are embedded into the sub-bands of the wavelet transformed cover image. Therefore, the proposed algorithm is highly sensitive to the secret images and can effectively withstand known-plaintext and chosen-plaintext attacks. Additionally, the cipher image and the secret images are of same size and do not require additional transmission bandwidth and storage space.

     

一种新的基于混沌映射的分组密码算法研究

通过引入二进制分数及其相关运算,提出一种新的基于混沌映射的分组密码算法.该密码算法主要由三个部分组成,即基于Tent混沌映射的扩散过程和混淆过程以及基于分段线性混沌映射的密钥生成过程.分析表明,该算法具有较大的密钥空间,并在密文随机性测试、明文与密文的相关性测试、明文敏感性测试和密文敏感性测试中具有良好的表现,同时,由于将浮点运算转换成整数运算,其效率将高于其他基于混沌系统的密码算法.     

基于碰撞模型的PRESENT密码代数旁路攻击

提出了一种新的分组密码通用的基于碰撞模型的分组密码代数旁路分析方法—代数功耗碰撞攻击,将代数攻击与功耗碰撞攻击结合,首先利用代数分析方法建立密码算法等效布尔代数方程组;然后通过功耗攻击手段获取密码加密过程运行时泄露的功耗信息,经分析转化为加密过程碰撞信息,并表示为关于加密中间状态变元的代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。应用该方法对在8位微控制器上实现的PRESENT密码进行了实际攻击,实验结果表明,代数攻击基础上引入额外的代数方程组,可有效降低方程组求解的复杂度;PRESENT易遭受此类代数功耗攻击的威胁,明密文已知,以4个样本全轮碰撞或8个样本部分轮碰撞信息成功获取PRESENT 80bit完整密钥。此外,文中分析方法也可为其它分组密码功耗碰撞分析提供一定思路。     

基于抗退化混沌系统的动态S盒设计与分析

S盒是分组密码算法中的关键部件之一,其混淆和置乱作用决定着整个密码算法的安全强度。为使基于混沌系统生成的S盒具有更好的密码学性能,提出了一种基于抗退化混沌系统的动态S盒设计方案。首先,使用Lorenz混沌映射扰动Chebyshev混沌映射;然后,使用截取位数法和划分区间法生成两种初始S盒;最后,使用索引排序扰乱法得到最终S盒。所提抗退化混沌系统生成的混沌序列不存在短周期现象,具有遍历性、不可预测性等特点;运用于S盒的设计中能极大提升S盒的安全性能,消除混沌生成源的安全隐患;并且,通过对系统参数的调控可批量地生成动态S盒。对S盒的安全性能,即非线性度、差分均匀性、严格雪崩准则、输出比特间独立性和双射特性进行了测试和对比,实验结果表明,所提方案生成的S盒具有更好的密码学性能,可用于分组密码算法的设计中。     

基于泡沫图像特征和物元可拓模型的锑浮选工况识别

针对锑浮选泡沫图像特征相互耦合、重要度差异显著引起工况难以识别的问题, 提出一种锑浮选工况识别方法. 首先, 在结合敏感性指数与主元分析法选取关键泡沫特征的基础上, 建立物元可拓模型, 通过关联函数计算关键泡沫特征与预设工况类别的关联度; 然后, 引入博弈论, 将层次分析法和熵权法确定的主、客观权重优化融合, 得到泡沫特征的综合权重; 最后, 计算综合关联度, 实现浮选工况的准确识别. 锑浮选工业现场的生产数据验证了所提出方法的有效性.

     

Grain-128同步流密码的选择初始向量相关性能量攻击

不同于分组密码,序列密码构造相对简单且大量使用线性运算,因此攻击点功耗与其他功耗成分之间往往存在较强的相关性,使得能量分析攻击难以实施。针对上述现状,提出了一种面向Grain-128同步流密码的选择初始向量（IV）相关性能量攻击方案。首先对Grain-128的输出函数h(x)进行了分析,并基于此确定了攻击点表达式;其次通过选取特定的初始向量,消除了攻击点功耗和其他功耗成分之间的相关性,从而解决了能量攻击所面临的关键问题;最后基于功耗分析工具PrimeTimePX对攻击方案进行了验证。结果表明,该方案仅需736个IV样本即可实施23轮攻击,恢复46比特密钥。     

CORAL SEA,MIDWAY, AND ALEUTIANS NAVAL INTELLIGENCE

Abstract

A quantitative analysis of sixteenth-century to seventeenth-century Hungarian ciphers (300 cipher keys and 1,600 partly or entirely enciphered letters) reveals that besides the dominance of diplomatic use of cryptography, there is a presence of “private” applications as well. The article attempts to reconstruct the main reasons and goals why historical actors chose to use ciphers in a diary or private letter, when no political or military reason was present. Only a close analysis of the practices of secrecy may shed light on the question. As the first author on secrecy, Georg Simmel, pointed out, often shame is the main motivating factor behind secrecy, and this is indeed a major explication for several ciphers in the diaries under study.