共查询到16条相似文献,搜索用时 62 毫秒
1.
2.
针对初始化轮数为288个时钟的简化版Trivium算法(又称2轮Trivium)进行了线性逼近研究,设计了搜索最佳线性近似式算法,并通过对第1轮关于密钥、初始化向量和密钥流比特的表达式做非线性逼近,结合该算法,在同等条件下给出了2轮Trivium 16个偏差为 的线性近似式,使通过多线性攻击去识别2轮Trivium的一个具有特定比特的密钥所需要的数据量降为 个选择IV,为Turan方案所需数据量的 ,且成功率保持不变。 相似文献
3.
Trivium是欧洲eSTREAM工程评选出的7个最终胜出的流密码算法之一.本文提出了针对Trivium的基于自动推导的差分分析技术,利用该技术可以得到任意轮Trivium算法的差分传递链.将该技术应用于轮数为288的简化版Trivium算法,提出了一个有效的区分攻击,仅需226个选择IV,区分优势为0.999665,攻击结果远优于已有的线性密码分析和多线性密码分析.将该技术应用于更多轮的Trivium算法和由Turan和Kara提出的修改Trivium算法,结果表明,初始化轮数低于359的Trivium算法不能抵抗差分分析,修改Trivium算法在抵抗差分分析方面优于原Trivium算法. 相似文献
4.
5.
Trivium是C.De Cannière和B.Preneel在2005年为欧洲eSTREAM项目设计的序列密码,Trivium被选为最终的7个算法之一.Trivium的内部状态为288比特,密钥长度为80比特.文中给出Trivium的分组密码迭代模型,在这个模型下,利用计算程序得出了Trivium各轮输出关于内部状态的线性逼近及其线性逼近概率,当初始化轮数超过246时,其输出关于输入的线性逼近概率不大于1/2+2-41.利用计算机搜索程序,给出Trivi-um在轮的代数方程规模,利用l 152个输出比特,得到的二次方程组包含6 788个变量、11 232个方程,从实验上证明了Trivium算法能抗线性攻击和代数攻击. 相似文献
6.
针对Trivium算法的立方攻击中恢复超级多项式表达式时遇到的模型求解费时问题,提出了一种快速方法,该方法结合了Delaune等人的有向图建模方法以及胡凯等人的模型分解方法。初始化845轮的Trivium算法的攻击实验结果表明,相比于公开结果,恢复超级多项式表达式的模型求解时间由约3周下降至约1周。 相似文献
7.
一类Feistel密码的线性分析 总被引:5,自引:0,他引:5
该文提出一种新的求取分组密码线性偏差上界的方法,特别适用于密钥线性作用的Feistel密码.该分析方法的思路是,首先对密码体制线性偏差进行严格的数学描述,分别给出密码线性偏差与轮函数F及S盒的线性偏差的数学关系;然后通过求取线性方程组最小重量解,确定密码线性偏差的上界. 相似文献
8.
SAFER 是进入NESSIE第二轮评估的 7个算法之一 .设计者称 2 .5轮SAFER 可以抵抗线性密码分析 .JNakahara指出对某些密钥 ,改进型线性密码分析攻击 4轮SAFER 比强力攻击有效 .本文对SAFER 的基础模块深入分析和测试后 ,对 5轮SAFER 进行非线性密码分析 ;攻击对 2 2 52 个 2 5 6比特长度的密钥有效 ,攻击的数据复杂度为 2 12 0 .虽然此攻击对SAFER 的实际安全构不成威胁 ,但是显示非线性密码分析攻击 5轮SAFER 比强力攻击有效 ,也说明了非线性密码分析攻击 5轮SAFER 比线性密码分析和JNakahara等的改进型线性密码分析有效 相似文献
9.
CS-CIPHER两个变体的线性密码分析 总被引:2,自引:0,他引:2
CS-CIPHER是NESSIE公布的17个候选算法之一,它的分组长度为64-比特.本文对CS-CIPHER的两个变体进行了线性密码分析.对第一个变体的攻击成功率约为78.5%,数据复杂度为252,处理复杂度为232.对第二个变体的攻击成功率约为78.5%,数据复杂度为252,处理复杂度为2112. 相似文献
10.
本文中,利用我们提出的一种对二元前馈流密码序列进行纵向信息泄漏收集的方法,深入地研究了具有谱值均匀性质非线性滤波函数的前馈流密码之相关分析的问题。 相似文献
11.
In this paper, we focus on a novel technique called the cube–linear attack, which is formed by combining cube attacks with linear attacks. It is designed to recover the secret information in a probabilistic polynomial and can reduce the data complexity required for a successful attack in specific circumstances. In addition to the different combination strategies of the two attacks, two cube–linear schemes are discussed. Applying our method of a cube–linear attack to a reduced‐round Trivium, as an example, we get better linear cryptanalysis results. More importantly, we believe that the improved linear cryptanalysis technique introduced in this paper can be extended to other ciphers. 相似文献
12.
13.
ARIA is a 128‐bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential‐linear cryptanalysis. We present five rounds of differential‐linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential‐linear attacks based on six rounds of ARIA‐128 and seven rounds of ARIA‐256. This is the first multidimensional differential‐linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future. 相似文献
14.
Ali Aydın Selçuk 《Journal of Cryptology》2008,21(1):131-147
Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment
of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion.
In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks.
The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking
candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results
in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential
cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext
requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that
affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount. 相似文献
15.
Eli Biham 《Journal of Cryptology》1998,11(1):45-58
In recent years, several new attacks on DES were introduced. These attacks have led researchers to suggest stronger replacements
for DES, and in particular new modes of operation for DES. The most popular new modes are triple DES variants, which are claimed
to be as secure as triple DES. To speed up hardware implementations of these modes, and to increase the avalanche, many suggestions
apply several standard modes sequentially. In this paper we study these multiple (cascade) modes of operation. This study shows that many multiple modes are much weaker than multiple DES, and their strength
is theoretically comparable to a single DES.
We conjecture that operation modes should be designed around an underlying cryptosystem without any attempt to use intermediate
data as feedback, or to mix the feedback into an intermediate round. Thus, in particular, triple DES used in CBC mode is more
secure than three single DESs used in triple CBC mode. Alternatively, if several encryptions are applied to each block, the
best choice is to concatenate them to one long encryption, and build the mode of operation around it.
Received 15 February 1996 and revised 30 May 1996 相似文献
16.