A conference key distribution system

Encryption is used in a communication system to safeguard information in the transmitted messages from anyone other than the intended receiver(s). To perform the encryption and decryption the transmitter and receiver(s) ought to have matching encryption and decryption keys. A clever way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, admits only one pair of communication stations to share a particular pair of encryption and decryption keys, The public key distribution system is generalized to a conference key distribution system (CKDS) which admits any group of stations to share the same encryption and decryption keys. The analysis reveals two important aspects of any conference key distribution system. One is the multitap resistance, which is a measure of the information security in the communication system. The other is the separation of the problem into two parts: the choice of a suitable symmetric function of the private keys and the choice of a suitable one-way mapping thereof. We have also shown how to use CKDS in connection with public key ciphers and an authorization scheme.     

基于字的流密码的分布式解密

该文分析了Magnus berg提出的简单加法流密码的分布式解密方案,指出了其最主要的缺点是：加解密要在不同的有限域内进行、加解密运算所依赖的域的阶必须为素数而且要满足一定的关系。提出了基于字的流密码的分布式解密方案。新提出的方案有两个主要优点：一是将加解密统一在同一个有限域内进行,且域的阶不再要求是素数;二是在安全性和效率两方面比原有方案均有了明显的提高。在应用方面,新方案可应用于诸如数据库信息的保护,Ad-hoc网中分布式密钥管理,等等。     

现代密码算法研究

密码技术是信息安全的核心技术。密码技术主要包括对称密码算法和非对称密码算法及协议。对称加密算法加密密钥和解密密钥相互推导容易,加/解密速度非常快,适用于大批量数据加密的场合。非对称密钥密码体制从私有密钥推导公开密钥是计算不可行的,虽然公钥加密算法在运行速度方面无法和对称加密算法媲美,但很好地解决了对称密码学面临的密钥的分发与管理问题,同时对于数字签名问题也给出了完美的解答。     

用于一种反取证目的的可伪装对称加密方案

In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted file to different meaningful values when different keys are put to the decryption algorithm. This notion is aimed for the following anti-forensics purpose: the attacker can cheat the forensics investigator by decrypting an encrypted file to a meaningful file other than that one he encrypted, in the case that he is caught by the forensics investigator and ordered to hand over the key for decryption. We then present a construction of secure disguisable symmetric encryption schemes.     

两个SAFER类分组密码

针对迭代分组密码ＳＡＦＥＲ的缺陷,本文在变形ＳＡＦＥＲ＾３的基础上构造了两类分组密码,它们的结构与ＡＳＦＥＲ相象,复杂度略高于ＳＡＦＥＲ,具有加解密相似性,更好的扩散特性和更强的抗差分攻击的能力。     

基于Simulink的序列密码仿真研究

提出了利用Simulink对序列密码编码系统仿真的方法。根据基于移位寄存器产生伪随机序列的原理，使用Simulink的存储器模块模拟移位寄存器，以此为基础加上逻辑运算、双路选择等模块建立密钥序列生成器的仿真模型，并使用子系统技术，建立信息加（解）密系统的仿真模型。还以3种基本的序列模型m序列、前馈序列和钟控序列为例，给出了密钥序列生成器以及序列密码加（解）密系统的仿真设计。     

基于整数的多对一全同态加密方案

全同态加密是在不解密密文的情况下直接对密文进行操作。现有的基于整数的全同态加密方案是针对两个参与者“一方加密,一方解密”(一对一)设计的,计算效率普遍低,明文空间小,不能应用于大数据、云计算等环境。为此,该文提出一种“多方加密,一方解密”(多对一)的全同态加密方案,该方案在保证安全性的基础上简化密钥生成过程,并在全同态运算过程中给出能够正确解密的加密方个数的具体范围。同时,在随机预言机模型下,基于近似最大公因子问题证明了方案的安全性。数值结果表明,该方案与已有方案相比不仅扩展了数据传输量,而且提高了效率。模拟实验表明,该方案在整数范围内具有可行性,满足用户对系统响应的需求,最后将明文空间扩展为3 bit,并与1 bit的方案做出了实验上的对比分析。     

FPGA Implementation and Energy Cost Analysis of Two Light-Weight Involutional Block Ciphers Targeted to Wireless Sensor Networks

In this paper, we investigate the energy cost of the FPGA implementation of two cryptographic algorithms targeted to wireless sensor networks (WSNs). Recent trends have seen the emergence of WSNs using sensor nodes based on reconfigurable hardware, such as a field-programmable gate arrays (FPGAs), thereby providing flexible functionality with higher performance than classical microcontroller based sensor nodes. In our study, we investigate the hardware implementation of involutional block ciphers since the characteristics of involution enables performing encryption and decryption using the same circuit. This characteristic is particularly appropriate for a wireless sensor node which requires the function of both encryption and decryption. Further, in order to consider the suitability of a cipher for application to a wireless sensor node, which is an energy constrained device, it is most critical to consider the cost of encryption in terms of energy consumption. Hence, we choose two involutional block ciphers, KHAZAD and BSPN, and analyze their energy efficiency for FPGA implementation.     

Identity-based key agreement and encryption for wireless sensor networks

1 Introduction WSN has received considerable attention during last decade [1?4] (see, for example, the proceedings of the ACM and IEEE Workshops on WSN). It has wide variety of applications, including military sensing and tracking, environment and securit…     

An Authenticated Identity-Based Key Establishment and Encryption Scheme for Wireless Sensor Networks

1Introduction Wirelesscommunicationhasbeenahotissuesince1990.includingAdhocandwirelesssensornetworks,etc.Especially,WirelessSensorNetwork(WSN).Whichhasreceivedconsiderableattentionduringlast decade[1-2].Ithasbeendevelopedforawidevarietyof applications,inc…     

An identity attribute–based encryption using elliptic curve digital signature for patient health record maintenance

Providing security to the data that stored in personal health record (PHR) is an emerging and critical task in recent years. For this purpose, some of the encryption and key generation techniques are developed in the traditional works. But it has the drawbacks such as lacks in access control policies, reduced security, and ineffective. So this work implemented the efficient techniques, namely, elliptic curve Diffie‐Hellman for the secret key generation and identity attribute–based encryption for improving the security of the cloud data. Initially, the cloud user can request the patient's data to the PHR admin, and then they can generate the secret by using the elliptic curve Diffie‐Hellman algorithm. The key that used for encryption and decryption is generated by using the identity attribute–based encryption technique. Then, the access control is provided to the users based on their roles. The requested data are encrypted by applying the advanced encryption standard technique. After that, the elliptic curve digital signature algorithm is used to generate the digital signature for the encrypted data. Furthermore, it is verified with the user's digital signature; if it matches, the data can be accessed by the user with the help of advanced encryption standard decryption mechanism. Finally, the authenticated user can able to access the patient's data from PHR. In experiments, the performance of the proposed encryption and key generation technique is evaluated and compared with the existing techniques for proving the effectiveness of the implemented system.     

TEA密码算法的VLSI实现

提出了两种实现 TEA的结构 ,并采用其中一种结构设计了 TEA加解密处理器电路模块 ,将其成功地应用在非接触的智能 IC卡中 .该加解密处理器硬件模块可分别实现加密和解密运算 ,循环迭代次数具有可编程特性 .该处理器模块占用较小的芯片面积 ,具有很小的功耗 ,可以方便地与 8位微处理器连接 ,适用于各种嵌入式系统中 .     

A Chaotic System Based Image Encryption Scheme with Identical Encryption and Decryption Algorithm

A new symmetric key image encryption scheme based on hyper-chaotic Lorenz system is proposed.The encryption process and the decryption process are identical in the proposed scheme.They both include two diffusion operations,one plaintext-related scrambling operation and three matrix rotating 180 degrees operations.The hyper-chaotic Lorenz system is employed to generate the secret code streams to encrypt the plain image,and to implement the diffusion process with XOR operation.The plaintext-related scrambling is used in this scheme to make different plain images correspond to different secret code streams even when the secret keys are the same,so that the scheme can fight against the chosen/known plaintext attacks.Simulation results show that the proposed scheme has the merits of high encryption speed,large key space,strong key sensitivity,strong plaintext sensitivity,good statistical properties of cipher-text,and etc.,and can be used in practical communications.     

Shadowsocks及ShadowsocksR安全性分析

对网络代理软件Shadowsocks和ShadowsocksR产生的流量的安全性进行分析。首先,还原Shadowsocks和ShadowsocksR的报文格式;其次,澄清其使用的密码算法,包括密钥生成算法和加解密算法;最后,分析Shadowsocks(R)的理论和实际安全性,提出了流量解密的方法。综上所述,建议Shadowsocks的开发者使用SHA-3、SM3替代MD5、SHA-1用于密钥生成,并采用加盐方式生成主密钥;建议用户使用长的随机值作密码。     

RSA算法及其一种简单实现方法的设计

分析了RSA公钥密码算法的基本原理,根据算法原理中加密时所取素数应等长的建议,在PC机限制的范围内利用列等长素数表的方法设计了一种较为简单的实现方法.该实现方法既可以作为研究加密算法的平台,又可以通过延伸该平台应用于一些实际的通信系统.通过分析对明文信息的加密和密文信息的解密过程,列出了本算法实现的具体步骤,并给出了程序主模块的执行结果和加密、解密函数的程序流程,举例演示了加密和解密的过程.     

一种网络传输信息加密解密系统研制的方法

在对公钥密码体制分析的基础上，研究了RSA密码体制的实现算法，设计了系统程序模块。开发了端对端的网络传输信息加密解密系统。测试表明采用RSA密码体制可以研制出安全性更高的网络传输信息加密解密系统。     

一种软件密钥托管设计方案

近年来密钥托管算法受到了广泛的关注。Clipper、Capstone等硬件芯片均采用保密的加密算法,而遭到公众的不满和怀疑。1993年8月,NIST宣布了一项工业合作计划,考虑用开发软件技术实现密钥托管。本文设计了一种用软件实现的密钥托管方案,采用单钥密码算法加密消息,并利用公钥密码算法、单向杂凑函数算法等实现用户识别和密钥检验。     

Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution‐Permutation Networks

We examine the diffusion layers of some block ciphers referred to as substitution‐permutation networks. We investigate the practical and provable security of these diffusion layers against differential and linear cryptanalysis. First, in terms of practical security, we show that the minimum number of differentially active S‐boxes and that of linearly active S‐boxes are generally not identical and propose some special conditions in which those are identical. We also study the optimal diffusion effect for some diffusion layers according to their constraints. Second, we obtain the results that the consecutive two rounds of SPN structure provide provable security against differential and linear cryptanalysis, i.e., we prove that the probability of each differential (resp. linear hull) of the consecutive two rounds of SPN structure with a maximal diffusion layer is bounded by pⁿ (resp. qⁿ) and that of each differential (resp. linear hull) of the SDS function with a semi‐maximal diffusion layer is bounded by p^n‐1 (resp. q^n‐1), where p and q are maximum differential and linear probabilities of the substitution layer, respectively.     

一种高效的彩色图像加密和解密算法

分析了基于Amold变换的加密方案在加密效果及加密效率方面的不足。提出了一种新的彩色图像加密及解密算法。加密过程将像素的物理位置置乱并映射到不同的色彩空间;解密过程提出了一种针对彩色图像的逆变换算法,使解密的时间仅依赖加密的密钥而不依赖变换周期。仿真分析比较了该算法在加密效果及加密效率方面的优势。实验数据表明,该加密算法的加密效果理想,且加密效率较高,是一种简单、可行的彩色图像加密方法。     

基于Hopfield神经网络模型的加密解密原理分析

本文介绍一种基于Hopfield神经网络模型的加密解密专用芯片设计方案,采用传统的弱金匙(Weak Key)和半弱金匙(Semi-weak Key)的加密方法会降低安全性,而在本文中所采用的Hopfield神经网络模型却能避免出现此弱点,本文还针对加密解密步骤做了具体的分析,加密和解密安全性和有效性大幅度提升。