A new method for resynchronization attack

This paper presents a new method for resynchronization attack, which is the combination of the differential cryptanalysis and algebraic attack. By using the new method one gets a system of linear equations or low-degree equations about initial keys, and the solution of the system of equations results in the recovery of the initial keys. This method has a lower computational complexity and better performance of attack in contrast to the known methods. Accordingly, the design of the resynchronization stream generators should be reconsidered to make them strong enough to avoid our attacks. When implemented to the Toyocrypt, our method gains the computational complexity of O（2^17）, and that of 0（2^67） for LILI-128.     

On Probability of Success in Linear and Differential Cryptanalysis

Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount.     

Substitution-permutation networks resistant to differential and linear cryptanalysis

In this paper we examine a class of product ciphers referred to as substitution-permutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large S-boxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.This work was supported by the Natural Sciences and Engineering Research Council of Canada and the Telecommunications Research Institute of Ontario, and was presented at the rump session of CRYPTO '93. Howard Heys is now with Electrical Engineering, Faculty of Engineering and Applied Science, Memorial University of Newfoundland, St. John's, Newfoundland, Canada A1B 3X5.     

差分分析中的特征概率计算问题研究

该文指出了长期以来在差分密码分析中所采用的差分特征概率计算方法与差分分析基本原理不相符合的矛盾,对这一问题进行了深入研究,给出了二者等价的充分条件,力图解决差分分析方法的理论基础问题．     

抗差分功耗分析和差分故障分析的AES算法VLSI设计与实现

提出了一种抗差分功耗分析和差分故障分析的AES算法硬件设计与实现方案,该设计主要采用了数据屏蔽和二维奇偶校验方法相结合的防御措施.在保证硬件安全性的前提下,采用将128bit运算分成4次32bit运算、模块复用、优化运算次序等方法降低了硬件实现成本,同时使用3级流水线结构提高了硬件实现的速度和吞吐率.基于以上技术设计的AES IP核不仅具有抗双重旁道攻击的能力,而且拥有合理的硬件成本和运算性能.     

一类非平衡Feistel网络的差分可证明安全性分析

该文深入研究了一类非平衡Feistel网络的差分可证明安全性。给出了其圈函数的具有非零差分概率的差分对应的结构形式。给出了连续m个非平凡差分对应的一个分布规律。证明了s(s2m)圈非平凡差分对应概率的上界为其轮函数非平凡差分对应概率最大值(pmax)的平方的2倍;当相应的轮函数为双射时,此上界可进一步改进为其轮函数非平凡差分对应概率的最大值的平方。最后对非平衡Feistel网络进行了讨论。     

一类Feistel密码的线性分析

该文提出一种新的求取分组密码线性偏差上界的方法,特别适用于密钥线性作用的Feistel密码．该分析方法的思路是,首先对密码体制线性偏差进行严格的数学描述,分别给出密码线性偏差与轮函数F及S盒的线性偏差的数学关系;然后通过求取线性方程组最小重量解,确定密码线性偏差的上界．     

Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards

With the broad implementations of the electronic business and government applications,robust system security and strong privacy protection have become essential requirements for remote user authentication schemes.Recently,Chen et al.pointed out that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack,and proposed an enhanced version to overcome the identified security flaws.In this paper,however,we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems:(1) It suffers from the offline password guessing attack,key compromise impersonation attack and known key attack;(2) It fails to provide forward secrecy;(3) It is not easily repairable.As our main contribution,a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects,while preserving the merits of different related schemes.The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.     

对轻量级密码算法MIBS的相关密钥不可能差分攻击

研究了轻量级分组密码算法MIBS抵抗相关密钥不可能差分的能力。利用MIBS-80密钥编排算法的性质,给出了一个密钥差分特征,并结合特殊明密文对的选取,构造了一个10轮不可能差分。在此不可能差分特征上进行扩展,对14轮的MIBS-80进行了攻击,并给出了复杂度分析。此攻击的结果需要的数据复杂度为254和时间复杂度为256。     

Non deterministic caches: a simple and effective defense against side channel attacks

Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor’s cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.     

M-ary FSK with limiter discriminator integrator detection and DPSK with differential phase detection in a Rician Fading channel

We derive an expression for the error probability of M-ary differential phase shift keying with differential phase detection and of M-ary frequency shift keying with limiter discriminator integrator detection which is valid for Rician. Rayleigh and Gaussian channels.     

The effectiveness of a current flattening circuit as countermeasure against DPA attacks

This paper presents an on-chip current flattening circuit designed in 0.18-μm CMOS technology, which can be integrated with secure microsystems, such as smart cards, as a countermeasure against power analysis attacks. The robustness of the proposed countermeasure is evaluated by measuring the number of current traces required for a differential power analysis attack. We analyze the relationship between the required number of current traces and the dynamic current variations, and we show empirically that the required numbers of current traces is proportional to an inverse of the square of the rms value of the flattened current. Finally, we evaluate the effectiveness of the proposed design by using the experimental results of the fabricated chip. The analysis of the experimental results confirms the effectiveness of the current flattening circuit.     

Compact differential bandpass filter with a narrow notched band using APCL structure suitable for UWB application

A compact differential band pass filter with asymmetric parallel-coupled lines (APCL) and center frequency of 5.6 GHz is proposed in this paper. The APCL suppresses unwanted RFID signals by introducing a fully tunable notched band at 6.8 GHz. By combining the concept of transmission matrix with modal analysis and extracting a novel model for symmetric three parallel coupled lines (SPCL), role of each resonant frequency is clearly explained. Measurement results in the differential mode show a pass band from 3.1 to 8.1 GHz and a wide stop band from 9.1 to 16 GHz with attenuation of more than 20 dB. In addition, S₂₁ in common mode is lower than −10.5 dB over the pass band.