对强化MD结构杂凑函数的一个新的“牧群”攻击

该文构造了具有2k个起始点的变长"钻石树"结构的多碰撞,并据此提出了对强化MD结构杂凑函数的一个新的选择目标强制前缀且原像长度为2k+3块的原像攻击(即"牧群"攻击).由于增大了攻击过程中可利用的中间链接值的数量,故当k≤n/4-1.05时,新的牧群攻击可将该攻击的计算复杂性由现有结果O(2n-2(k+1)+2n/2+k+5+2)降至O(2n-k/3+2n/2+k+2).     

带消息填充的 29 步 SM3 算法原根和伪碰撞攻击简

基于中间相遇攻击技术,提出了一种针对密码杂凑函数SM算法的原根攻击和伪碰撞攻击方法,给出了从第1步开始的带消息填充的29步SM3算法的原根攻击和伪碰撞攻击。结果表明：对于29步SM3算法的原根攻击的时间复杂度为2254;对于29步SM3伪碰撞攻击的时间复杂度为2125。说明从第1步开始的带消息填充的29步SM3算法不能抵抗原根攻击和伪碰撞攻击。     

密码杂凑函数

杂凑函数作为一种保护消息真实性的工具在密码学上是七十年代末期引进的，很快就变得很清楚，它们在建立分组密码以解决远程通信和计算机网络领域里的其它安全问题方面是非常有用的。本文概述了杂凑函数概念的来历，讨论了杂凑函数的应用，并介绍了已经遵循的构造杂凑函数的方法，此外，我们试图提供选择实际的杂凑函数所必需的信息，我们给出了杂凑函实际的结构和它们的效率的综述，并讨论了一些攻击。特别值得注意的是处理杂凑函数     

GSM系统认证算法的设计与安全性分析

本文按照GSM系统认证算法的标准而构造的杂凑函数符合平衡性、高非线性度及严格雪崩特性的设计准则从而能有效地抵抗线性攻击和差分攻击。针对HansDobbertin对MD4 的有效攻击 ,我们提出右移位数不确定性的设计准则     

基于杂凑函数的RFID标签数据安全研究与实现

提出一种改进的基于杂凑函数的RFID标签数据的安全认证算法.该算法采用RFID标签和读写器的双向认证机制,并利用BAN逻辑对其进行形式化分析,结果表明该算法具有前行安全性、重传攻击、哄骗攻击、位置跟踪、不可分辨性等特点,能够较好的解决RFID标签数据的安全隐患问题.     

杂凑算法扩散性能的偏差分析

对杂凑算法安全性的统计性能的分析,通常采用χ2检验的方法。给出另一种易于操作的新的方法:偏差分析法。给出了杂凑算法扩散性能偏差分析的理论分布和选取样本容量的下界的计算公式,并给出了MD5算法的运用实例。     

扩展整数帐篷映射与动态散列函数

在分析扩展整数帐篷映射均匀分布特性的基础上,提出一种输出长度为160bit的动态散列函数构造方案.另外,对MD结构进行了改进,在无需扩展中间状态的情况下,提高了散列函数抵抗部分消息碰撞攻击的能力.初步的安全性测试表明,这种散列函数具有很强的安全性,且实现简单、运行速度快,是传统散列函数的一种理想的替代算法.     

《现代Hash函数综述》

Hash函数,或者称为密码学Hash函数,是密码学应用的重要组成部分.Hash函数由于其压缩特性,常常被用做消息的核实和认证.近年来,各种基于密码学Hash函数的攻击方式被广泛发现.在这些攻击中不但包含了针对MD4,MD5的攻击还包含了针对其它MD家族Hash函数的攻击.本文从密码分析学的角度讨论了安全Hash函数的构成和它们在消息认证码(MAC)中的应用.并进一步讨论了其当前的研究状况,简要分析了针对MD家族Hash函数密码分析学的进展.     

基于密码杂凑函数的光纤传感大数据异常监测系统

已有光纤传感大数据异常监测系统由于数据异常检测响应过慢,导致数据异常预警延迟时间过长,无法满足现今社会生产需求,因此提出了基于密码杂凑函数的光纤传感大数据异常监测方法.引入密码杂凑函数设计光纤传感大数据异常监测系统,其硬件单元包括光传感单元、系统控制单元与数据采集单元;软件模块包括光纤传感大数据采集模块、光纤传感大数据...     

一种改进的宽管道Hash结构模型

宽管道结构是由Lucks在2005年的亚洲密码学会议上提出的改进MD结构Hash函数模型。宽管道结构由于迭代宽度大于输出宽度,可能会产生内部碰撞,攻击者可能使用离线攻击并结合不动点攻击的方法对宽管道结构的Hash函数造成安全威胁。在宽管道的结构模型基础上,结合随机Hash的思想,提出一种改进的Hash模型,称为加盐宽管道(SWP)模型。并从碰撞抵抗性的角度证明并验证了新的SWP结构的安全性不弱于原始的SWP结构模型,并能抵抗任何离线攻击。     

Improved preimage and pseudo-collision attacks on SM3 hash function

A preimage attack on 32-step SM3 hash function and a pseudo-collision attack on 33-step SM3 hash function respectively were shown.32-step preimage attack was based on the differential meet-in-the-middle and biclique technique,while the previously known best preimage attack on SM3 was only 30-step.The 33-step pseudo-collision attack was constructed by using the same techniques.The preimage attack on 32-step SM3 can be computed with a complexity of 2^254.5,and a memory of 2⁵.Furthermore,The pseudo-preimage and pseudo-collision attacks on 33-step SM3 by extending the differential characteristic of the 32-step preimage attack were present.The pseudo-collision attack on 33-step SM3 can be computed with a complexity of 2^126.7,and a memory of 2³.     

Generalized Kasami Sequences: The Large Set

In this correspondence, new binary sequence families F^k of period 2ⁿ-1 are constructed for even n and any k with gcd(k,n)=2 if n/2 is odd or gcd(k,n)=1 if n/2 is even. The distribution of their correlation values is completely determined. These families have maximum correlation 2^n/2+1 and family size 2^3n/2 + 2^n/2 for odd n/2 or 2^3n/2+2^n/2-1 for even n/2. The proposed families include the large set of Kasami sequences, where the k is taken as k=n/2+1.     

Linear complexity of de Bruijn sequences-old and new results

The linear complexity of a de Bruijn sequence is the degree of the shortest linear recursion which generates the sequence. It is well known that the complexity of a binary de Bruijn sequence of length 2ⁿ is bounded below by 2^n-1+n and above by 2^n-1 for n⩾3. We briefly survey the known knowledge in this area. Some new results are also presented, in particular, it is shown that for each interval of length 2^{[log n]+1} in the above range, there exist binary de Bruijn sequences of length 2ⁿ with linear complexity in the interval     

RNS-To-Binary Converter for a New Three-Moduli Set {2n+1−1,2n,2n−1}

In this brief, the design of residue number system (RNS) to binary converters for a new powers-of-two related three-moduli set {2ⁿ⁺¹ - 1, 2ⁿ, 2ⁿ - 1} is considered. This moduli set uses moduli of uniform word length (n to n + 1 bits). It is derived from a previously investigated four-moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2^{n +1} - 1}. Three RNS-to-binary converters are proposed for this moduli set: one using mixed radix conversion and the other two using Chinese remainder theorem. Detailed architectures of the three converters as well as comparison with some earlier proposed converters for three-moduli sets with uniform word length and the four-moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ⁺¹ - 1} are presented.     

RNS-to-Binary Converters for Two Four-Moduli Sets {2n−1,2n,2n+1,2n+1−1} and {2n−1,2n,2n+1,2n+1+1}

In this paper, reverse converters for two recently proposed four-moduli sets {2ⁿ - 1,2ⁿ,2ⁿ + 1,2ⁿ+1 - 1} and {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ+1 + 1} are described. The reverse conversion in the three-moduli set {2ⁿ - 1,2ⁿ,2ⁿ + 1} has been optimized in literature. Hence, the proposed converters are based on two new moduli sets {(2ⁿ(2²ⁿ-1)),2ⁿ⁺¹-1} and {(2ⁿ(2²ⁿ-1)), 2ⁿ⁺¹+1} and use mixed radix conversion. The resulting designs do not require any ROM. Both are similar in their architecture except that the converter for the moduli set {2ⁿ - 1, 2ⁿ, 2ⁿ + 1, 2ⁿ+1 + 1} is slightly complicated due to the difficulty in performing reduction modulo (2ⁿ⁺¹+1) as compared with modulo (2ⁿ⁺¹-1). The proposed conversion techniques are compared with earlier realizations described in literature with regard to conversion time as well as area requirements.     

On the binary quadratic residue system with noncoprime moduli

The residue number system (RNS) appropriate for implementing fast digital signal processors since it can support parallel, carry-free, high-speed arithmetic. A development in residue arithmetic is the quadratic residue number system (QRNS), which can perform complex multiplications with only two integer multiplications instead of four. An RNS/QRNS is defined by a set of relatively prime integers, called the moduli set, where the choice of this set is one of the most important design considerations for RNS/QRNS systems. In order to maintain simple QRNS arithmetic, moduli sets with numbers of forms 2ⁿ+1 (n is even) have been considered. An efficient such set is the three-moduli set (2^2k-2+1.2^2k+1.2^2k+2+1) for odd k. However, if large dynamic ranges are desirable, QRNS systems with more than three relatively prime moduli must be considered. It is shown that if a QRNS set consists of more than four relatively prime moduli of forms 2ⁿ+1, the moduli selection process becomes inflexible and the arithmetic gets very unbalanced. The above problem can be solved if nonrelatively prime moduli are used. New multimoduli QRNS systems are presented that are based on nonrelatively prime moduli of forms 2ⁿ +1 (n even). The new systems allow flexible moduli selection process, very balanced arithmetic, and are appropriate for large dynamic ranges. For a given dynamic range, these new systems exhibit better speed performance than that of the three-moduli QRNS system     

Tr（...）的二阶非线性度下界

作为影响系统安全的重要因素,对称密码中的密码函数应具有较高的r阶非线性度。对于r>1,目前对r阶非线性度的研究主要根据布尔函数微商的非线性度与其二阶非线性度之间的关系来进行。对于正整数n≡2（mod 4）,确定了一类布尔函数Tr(x^{2n/2+2n/2-1+1})的二阶非线性度下界。与相同变元数的两类已知布尔函数相比,研究的函数具有更紧的二阶非线性度下界。     

On the capacity of two-dimensional run-length constrained channels

Two-dimensional binary patterns that satisfy one-dimensional (d, k) run-length constraints both horizontally and vertically are considered. For a given d and k, the capacity C_d,k is defined as C_d,k=lim_m,n→∞log₂N_m,n ^d,k/mn, where N_m,n^d,k denotes the number of m×n rectangular patterns that satisfy the two-dimensional (d,k) run-length constraint. Bounds on C_d,k are given and it is proven for every d⩾1 and every k>d that C_d,k=0 if and only if k=d+1. Encoding algorithms are also discussed     

Using Hash Tree for Delegation Revocation in Grids

Grid security infrastructure （GSI） provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list （CRL） and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.