共查询到20条相似文献,搜索用时 15 毫秒
1.
对于序列密码,输出密钥流比特可以视为关于密钥变元和Ⅳ变元的布尔函数,而该布尔函数的代数次数是影响密码算法安全性的重要因素;当代数次数偏低时,密码算法抵抗代数攻击、立方攻击和积分攻击的能力比较弱.目前,针对Trivium-型序列密码算法,最有效的代数次数估计方法是数值映射方法和基于MILP的可分性质方法.本文通过分析两种典型方法的特点,结合两种方法的优势,对Trivium-型算法的代数次数估计进行了改进.我们利用改进后的方法对大量随机选取的Ⅳ变量集进行了实验.实验结果表明,对于Trivium-型算法,改进后的方法能够给出比数值映射方法更紧的代数次数上界.特别地,针对Trivium算法,当输入变元为全密钥变元和全Ⅳ变元时,即80个密钥变元和80个Ⅳ变元,输出比特代数次数未达到160的最大轮数从907轮提高到912轮,这是目前已知的全变元情形下的最优代数次数估计结果. 相似文献
2.
3.
Lu Xiao 《Information Processing Letters》2005,95(3):409-412
This paper presents a simple power analysis attack against the key schedule of Camellia. The attack works for the smart card environment which leaks the Hamming weight of data being processed, making use of the Hamming weight to deduce all key bits. It is shown that determining the cipher key given accurate power analysis data is very fast and does not require any pair of plaintext and ciphertext. 相似文献
4.
5.
Niu Pan-Pan Wang Xiang-Yang Liu Yu-Nan Yang Hong-Ying 《Multimedia Tools and Applications》2017,76(3):3403-3433
Desynchronization attacks that cause displacement between embedding and detection are usually difficult for watermark to survive. It is a challenging work to design a robust image watermarking scheme against desynchronization attacks, especially for color images. In this paper, we propose a robust color image watermarking approach based on local invariant significant bitplane histogram. The novelty of the proposed approach includes: 1) A fast and effective color image feature points detector is constructed, in which probability density and color invariance model are used; 2) The fully affine invariant local feature regions are built based on probability density Hessian matrix; and 3) The invariant significant bitplane histograms are introduced to embed digital watermark. The extensive experimental works are carried out on a color image set collected from Internet, and the preliminary results show that the proposed watermarking approach can survive numerous kinds of distortions, including common image processing operations and desynchronization attacks. 相似文献
6.
A.A. Razborov 《Computational Complexity》1998,7(4):291-324
We show that polynomial calculus proofs (sometimes also called Groebner proofs) of the pigeonhole principle must have degree at least over any field. This is the first non-trivial lower bound on the degree of polynomial calculus proofs obtained without using
unproved complexity assumptions. We also show that for some modifications of , expressible by polynomials of at most logarithmic degree, our bound can be improved to linear in the number of variables.
Finally, we show that for any Boolean function in n variables, every polynomial calculus proof of the statement “ cannot be computed by any circuit of size t,” must have degree . Loosely speaking, this means that low degree polynomial calculus proofs do not prove .
Received: January 15, 1997. 相似文献
7.
A. N. Alekseichuck 《Cybernetics and Systems Analysis》2000,36(3):468-471
Relationships for the maximum of a minimal number of summands among all canonical polarized polynomials of a Boolean function
are obtained.
Translated from Kibernetika i Sistemnyi Analiz, No. 3, pp. 179–183, May–June, 2000. 相似文献
8.
代数免疫是衡量布尔函数抵抗代数攻击能力的重要指标,本文证明了在仿射变换作用下,代数免疫保持不变,并且通过证明布尔函数与仿射函数异或后所得到的新函数与原布尔函数代数免疫最多相差1,找到了Walsh谱与代数免疫的关系,使得代数免疫作为密码函数的一个性质特征与其他特征类似,同样可以通过谱来衡量。 相似文献
9.
In recent years, distributed denial of service (DDoS) attacks have become a major security threat to Internet services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel framework to robustly and efficiently detect DDoS attacks and identify attack packets. The key idea of our framework is to exploit spatial and temporal correlation of DDoS attack traffic. In this framework, we design a perimeter-based anti-DDoS system, in which traffic is analyzed only at the edge routers of an internet service provider (ISP) network. Our framework is able to detect any source-address-spoofed DDoS attack, no matter whether it is a low-volume attack or a high-volume attack. The novelties of our framework are (1) temporal-correlation based feature extraction and (2) spatial-correlation based detection. With these techniques, our scheme can accurately detect DDoS attacks and identify attack packets without modifying existing IP forwarding mechanisms at routers. Our simulation results show that the proposed framework can detect DDoS attacks even if the volume of attack traffic on each link is extremely small. Especially, for the same false alarm probability, our scheme has a detection probability of 0.97, while the existing scheme has a detection probability of 0.17, which demonstrates the superior performance of our scheme. 相似文献
10.
Abstract. Security of quantum key distribution against sophisticated attacks is among the most important issues in quantum information
theory. In this work we prove security against a very important class of attacks called collective attacks (under a compatible noise model) which use quantum memories and gates, and which are directed against the final key. This
work was crucial for a full proof of security (against the joint attack) recently obtained by Biham, Boyer, Boykin, Mor, and
Roychowdhury [1]. 相似文献
11.
LOUIS KRUH 《Cryptologia》2013,37(3):246-248
Abstract Skipjack is a block cipher designed by the NSA for use in US government phones, and commercial mobile and wireless products by AT&;T. Among its initial implementations in hardware were the Clipper chip and Fortezza PC cards, which have since influenced the private communications market to be compatible with this technology. For instance, the Fortezza card comes in PCMCIA interface and is a very easy plug-n-play device to add on to mobile and wireless systems to provide encryption for wireless transmissions. Initially classified when it was first proposed, Skipjack was declassified in 1998, and it sparked numerous security analyses from security researchers worldwide because it provides insight into the state-of-the-art security design techniques used by a highly secretive government intelligence agency such as the NSA. In this paper, commemorating a decade since Skipjack's public revelation, we revisit the security of Skipjack, in particular its resistance to advanced differential-style distinguishers. In contrast to previous work that considered conventional and impossible differential distinguishers, we concentrate our attention on the more recent advanced differential-style and related-key distinguishers that were most likely not considered in the original design objectives of the NSA. In particular, we construct first-known related-key impossible differential, rectangle and related-key rectangle distinguishers of Skipjack. Our related-key attacks (i.e., related-key miss-in-the-middle and related-key rectangle attacks) are better than all the previous related-key attacks on Skipjack. Finally, we characterize the strength of Skipjack against all these attacks and motivate reasons why, influenced by the Skipjack structure, some attacks fare better. What is intriguing about Skipjack is its simple key schedule and a structure that is a cross between conventional Feistel design principles and the unconventional use of different round types. This work complements past results on the security analysis of Skipjack and is hoped to provide further insight into the security of an NSA-designed block cipher; the only one publicly known to date. 相似文献
12.
Debra L. Cook Moti Yung Angelos D. Keromytis 《International Journal of Information Security》2009,8(3):211-231
We introduce the concept of an elastic block cipher which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while
incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing
block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to
form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic
version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note
that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete
components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete
block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples
from existing block ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of
the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext.
We also use our examples to demonstrate the concept of a generic key schedule for block ciphers.
相似文献
Angelos D. KeromytisEmail: |
13.
Zahra Ahmadian Author Vitae Javad Mohajeri Author Vitae 《Journal of Systems and Software》2010,83(4):543-547
In this paper, we present a practical linear distinguisher on the Shannon stream cipher. Shannon is a synchronous stream cipher that uses at most 256-bit secret key. In the specification for Shannon, designers state that the intention of the design is to make sure that there are no distinguishing attacks on Shannon requiring less than 280 keystream words and less than 2128 computations. In this work we use the Crossword Puzzle attack technique to construct a distinguisher which requires a keystream of length about 231 words with workload about 231. 相似文献
14.
Generic Certificateless Encryption Secure Against Malicious-but-Passive KGC Attacks in the Standard Model 总被引:1,自引:0,他引:1
下载免费PDF全文
![点击此处可从《计算机科学技术学报》网站下载免费的PDF全文](/ch/ext_images/free.gif)
Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under
a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic construction of certificateless encryption, which can be proven secure against malicious-but-passive KGC attacks in the standard
model. In order to encrypt a message of any length, we consider the KEM/DEM (key encapsulation mechanism/data encapsulation
mechanism) framework in the certificateless setting, and propose a generic construction of certificateless key encapsulation mechanism (CL-KEM) secure against malicious-but-passive KGC attacks in
the standard model. It is based on an identity-based KEM, a public key encryption and a message authentication code. The high
efficiency of our construction is due to the efficient implementations of these underlying building blocks, and is comparable
to Bentahar et al.’s CL-KEMs, which have only been proven secure under the random oracle model with no consideration of the malicious-but-passive
KGC attack. We also introduce the notion of certificateless tag-based KEM (CL-TKEM), which is an extension of Abe et al.’ s work to the certificateless setting. We show that an efficient CL-TKEM can be constructed by modifying our CL-KEM scheme.
We also show that with a CL-TKEM and a data encapsulation mechanism secure under our proposed security model, an efficient
certificateless hybrid encryption can be constructed by applying Abe et al.'s transformation in the certificateless setting. 相似文献
15.
The design of S-boxes by simulated annealing 总被引:3,自引:0,他引:3
Substitution boxes (S-boxes) are important components in many modern-day symmetric key ciphers. Their study has attracted
a great deal of attention over many years. The emergence of a variety of cryptosystem attacks has shown that substitutions
must be designed with great care. Some general criteria such as high non-linearity and low autocorrelation have been proposed
(providing some protection against attacks such as linear cryptanalysis and differential cryptanalysis). The design of appropriate
S-boxes is a difficult task; several criteria must be traded off and the design space is huge. There has been little application
of evolutionary search to the development of S-boxes. In this paper we show how a cost function that has found excellent single-out
put Boolean functions can be generalised to provide improved results for small S-boxes.
John A. Clark: He is Professor of Critical Systems at the University of York, where he leads the software testing, security and cryptography
work. Much of this has been concerned with the application of meta-heuristic search.
Jeremy L. Jacob: He has a BSc. in Mathematics from the University of Hull, England, M.Sc. and D. Phil. in Computation from the University
of Oxford, England and now works for the Univerity of York. His research interests include modelling secure systems and software
engineering practices for secure systems.
Susan Stepney: She is Professor of computer Science at the University of York, and leads the Non-Standard Computation research group there.
She is a member of the ACM, Fellow of the British Computer Society, and moderator of the UKCRC Grand Challenge in Non-Classical
Computation. Her main research interests include novel applications of nature-inspired computation, modelling self-organising
complex systems and designing and reasoning about emergent properties. 相似文献
16.
RALPH ERSKINE 《Cryptologia》2013,37(4):332-336
Abstract Simple substitution ciphers are a class of puzzles often found in newspapers, in which each plaintext letter is mapped to a fixed ciphertext letter and spaces are preserved. In this article, a system for automatically solving them is described even when the ciphertext is too short for statistical analysis, and when the puzzle contains non-dictionary words. The approach is based around a dictionary attack; several important performance optimizations are described as well as effective techniques for dealing with non-dictionary words. Quantitative performance results for several variations of the approach and two other implementations are presented. 相似文献
17.
Achterbahn is one of the candidate stream ciphers submitted to the eSTREAM, which is the ECRYPT Stream Cipher Project. The cipher Achterbahn uses a new structure which is based on several nonlinear feedback shift registers (NLFSR) and a nonlinear combining output Boolean function. This paper proposes distinguishing attacks on Achterbahn-Version 1 and -Version 2 on the reduced mode and the full mode. These distinguishing attacks are based on linear approximations of the output functions. On the basis of these linear approximations and the periods of the registers, parity checks with noticeable biases are found. Then distinguishing attacks can be achieved through these biased parity checks. As to Achterbahn-Version 1, three cases that the output function has three possibilities are analyzed. Achterbahn-Version 2, the modification version of Achterbahn-Version 1, is designed to avert attacks based on approximations of the output Boolean function. Our attack with even much lower complexities on Achterbahn-Version 2 shows that Achterbahn-Version 2 cannot prevent attacks based on linear approximations. 相似文献
18.
《Information Security Journal: A Global Perspective》2013,22(5):248-256
ABSTRACT A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2. 相似文献
19.
In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintext–ciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a superposition of related keys can be queried, then the key can be extracted efficiently. 相似文献
20.
Attacking a polynomial-based cryptosystem: Polly Cracker 总被引:1,自引:0,他引:1
Rainer Steinwandt Willi Geiselmann Regine Endsuleit 《International Journal of Information Security》2002,1(3):143-148
We describe several attacks on Polly Cracker, a public key cryptosystem proposed by Fellows and Koblitz. The first kind of
attack shows that variations in the CPU time needed for evaluating polynomials can leak significant information about the
secret key. This kind of attack might also be of interest when dealing with other cryptosystems using polynomial evaluations,
like Patarin’s hidden fields equations.
Next, we exhibit some “structural” weaknesses in Polly Cracker’s encryption procedure. In particular, we demonstrate that
with the parameters considered in a book by Koblitz it is often possible to reveal the private key easily.
Published online: 9 April 2002 相似文献