对八阵图算法的不可能差分密码分析和线性密码分析

该文对八阵图(ESF)算法抵抗不可能差分密码分析和线性密码分析的能力进行了研究。ESF算法是一种具有Feistel结构的轻量级分组密码算法,它的轮函数为代换置换(SP)结构。该文首先用新的不可能差分区分器分析了12轮ESF算法,随后用线性密码分析的方法分析了9轮ESF算法。计算得出12轮不可能差分分析的数据复杂度大约为O(2⁶⁷),时间复杂度约为O(2^110.7),而9轮线性密码分析的数据复杂度仅为O(2³⁵),时间复杂度不大于O(2^15.6)。结果表明ESF算法足够抵抗不可能差分密码分析,而抵抗线性密码分析的能力相对较弱。     

非平衡Feistel网络的线性可证明安全性的进一步分析

线性密码分析已成为分组密码最主要的密码分析方法之一.基于此,本文深入研究了一类非平衡Feistel网络的线性可证明安全性.设LP为该非平衡Feistel网络的轮函数F的线性偏差的最大值,本文从非平衡Feistel网络的线性偏差的结构形式入手,在轮子密钥是相互独立且均匀分布的假设下,证明了当轮数不少于m轮时,该非平衡Feistel网络的线性偏差关于密钥的平方均值的上界为LP的平方;当轮数不少于2m轮时,证明了该非平衡Feistel网络的线性偏差关于密钥的平方均值的上界为LP四次方的2倍.     

一类非平衡Feistel网络的差分可证明安全性分析

该文深入研究了一类非平衡Feistel网络的差分可证明安全性。给出了其圈函数的具有非零差分概率的差分对应的结构形式。给出了连续m个非平凡差分对应的一个分布规律。证明了s(s2m)圈非平凡差分对应概率的上界为其轮函数非平凡差分对应概率最大值(pmax)的平方的2倍;当相应的轮函数为双射时,此上界可进一步改进为其轮函数非平凡差分对应概率的最大值的平方。最后对非平衡Feistel网络进行了讨论。     

线性分析法和差分分析法几个问题的研究

对DES—型密码体制的线性分析和差分分析法进行了研究,给出了差分分析法成功率与所需明文量之间的关系式,计算出了成功率公式。进而,提出了两种分组密码的分析方法并严格或举例证明了本文所提出方法的优越性。     

类CLEFIA动态密码结构抵抗差分密码分析能力评估

将动态思想融入分组密码设计,使得算法具有动态性能从而提高抗攻击能力,按照这种想法,本文提出"类CLEFIA动态密码结构",并通过建立两类不同密码结构的差分对应之间的联系,给出类CLEFIA动态密码结构的差分密码分析结果.具体地,对4r(r≥1)轮类CLEFIA动态密码结构,在轮函数都是双射时,证明了l(l≥1)轮差分特征至少有l-1个活动轮函数.     

四分组类CLEFIA变换簇抵抗差分密码分析的安全性评估

差分密码分析是针对分组密码的强有力的攻击方法,估计分组密码抵抗差分密码分析的能力是分组密码安全性评估的重要内容之一.基于实际应用背景,提出了“四分组类CLEFIA变换簇”的概念,并利用变换簇中两种特殊分组密码结构的差分对应之间的关系,给出了变换簇中所有密码结构抵抗差分密码分析的安全性评估结果.     

Impossible Differential Cryptanalysis on Lai‐Massey Scheme

The Lai‐Massey scheme, proposed by Vaudenay, is a modified structure in the International Data Encryption Algorithm cipher. A family of block ciphers, named FOX, were built on the Lai‐Massey scheme. Impossible differential cryptanalysis is a powerful technique used to recover the secret key of block ciphers. This paper studies the impossible differential cryptanalysis of the Lai‐Massey scheme with affine orthomorphism for the first time. Firstly, we prove that there always exist 4‐round impossible differentials of a Lai‐Massey cipher having a bijective F‐function. Such 4‐round impossible differentials can be used to help find 4‐round impossible differentials of FOX64 and FOX128. Moreover, we give some sufficient conditions to characterize the existence of 5‐, 6‐, and 7‐round impossible differentials of Lai‐Massey ciphers having a substitution‐permutation (SP) F‐function, and we observe that if Lai‐Massey ciphers having an SP F‐function use the same diffusion layer and orthomorphism as a FOX64, then there are indeed 5‐ and 6‐round impossible differentials. These results indicate that both the diffusion layer and orthomorphism should be chosen carefully so as to make the Lai‐Massey cipher secure against impossible differential cryptanalysis.     

Multidimensional Differential‐Linear Cryptanalysis of ARIA Block Cipher

ARIA is a 128‐bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential‐linear cryptanalysis. We present five rounds of differential‐linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential‐linear attacks based on six rounds of ARIA‐128 and seven rounds of ARIA‐256. This is the first multidimensional differential‐linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.     

On Probability of Success in Linear and Differential Cryptanalysis

Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount.     

一类分组密码变换簇抵抗线性密码分析的安全性评估

线性密码分析是针对分组密码的强有力的攻击方法，估计分组密码抵抗线性密码分析的能力是分组密码安全性评估的重要内容之一.基于实际应用背景，提出了"四分组类CLEFIA变换簇"的概念，并利用变换簇中两种特殊分组密码结构的线性逼近之间的关系，给出了变换簇中所有密码结构抵抗线性密码分析的安全性评估结果，并提出了需要进一步探讨的若干问题.这种利用变换簇对分组密码进行研究的方法，为分组密码的安全性评估提供了一个较为新颖的思路.     

对DES线性攻击的综合方法

论文分析了在DES的线性攻击过程中候选密钥总量与第一候选密钥正确率之间的关系,给出了DES的另外两个较好的14轮线性逼近。参考多重线性逼近的方法,结合两个较好的线性逼近和最佳线性逼近,提出了能提高攻击DES速度的综合算法A。     

Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

Discrete Lyapunov Exponent and Differential Cryptanalysis

Partly motivated by the developments in chaos-based block cipher design, a definition of the discrete Lyapunov exponent for an arbitrary permutation of a finite lattice was recently proposed. We explore the relation between the discrete Lyapunov exponent and the maximum differential probability of a bijective mapping (i.e., an S-box or the mapping defined by a block cipher). Our analysis shows that "good" encryption transformations have discrete Lyapunov exponents close to the discrete Lyapunov exponent of a mapping that has a perfect nonlinearity. The converse does not hold.     

Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture

From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.     

异构无线网络可证安全的接人认证和密钥交换协议

针对异构网络模型BRAIN（Broadband Radio Access for IP based Network）中的安全第一跳通信，提出一种新的基于Canetti-Krawczyk（CK）可证安全模型的双向认证和密钥交换协议．根据该模型方法，首先构造并证明了一种理想环境下的混合密钥交换协议HKE；然后利用现有安全的消息传输认证器构造一个适合BRAIN网络安全第一跳的认证器．最后利用该认证器自动编译理想的HKE协议，得到可证安全和实际可行的PHKE协议．分析比较表明，该协议更安全有效．     

Address Permutation for Privacy‐Preserving Searchable Symmetric Encryption

This paper proposes a privacy‐preserving database encryption scheme that provides access pattern hiding against a service provider. The proposed scheme uses a session key to permute indices of database records each time they are accessed. The proposed scheme can achieve access pattern hiding in situations in which an adversary cannot access the inside of the database directly, by separating the entity with an index table and data table and permuting both the index and position where the data are stored. Moreover, it is very efficient since only O(1) server computation and communication cost are required in terms of the number of the data stored. It can be applied to cloud computing, where the intermediate entities such as cloud computing service provider can violate the privacy of users or patients.     

A Substitution‐Dependent Light‐Up Fluorescence Probe for Selectively Detecting Fe3+ Ions and Its Cell Imaging Application

Deliberate design of specific and sensitive molecular probes with distinctive physical/chemical properties for analyte sensing is of great significance. Herein, by taking advantage of the position‐dependent substituent effects, an aggregation‐induced emission featured iron (III) probe from ortho‐substituted pyridinyl‐functionalized tetraphenylethylene (TPE‐o‐Py) is synthesized. It displays high sensitivity and selectivity toward iron (III) detection. The recognition arises from the position isomer of ortho‐substitution, and the fact that TPE‐o‐Py has a low acid dissociation constant (pK _a) that is close to that of hydrolyzed Fe³⁺. Importantly, TPE‐o‐Py as a light‐up fluorescence probe could be employed for Fe³⁺ sensing in living cells with a pronounced red‐shift in fluorescence emission.     

基于公钥的可证明安全的异构无线网络认证方案

该文针对3G-WLAN异构网络的接入安全,对异构网络的实体进行抽象,建立了一种通用的认证模型。在该模型的基础上,利用Canetti-Krawczyk (CK)模型设计了一种新的接入认证与密钥协商方案。该方案利用公钥基础设施分配公钥,简化接入端服务器和归属端服务器间的认证过程和认证信息;利用椭圆曲线密码机制,减少了移动终端的认证计算量;最后利用CK模型对提出的协议进行了形式化分析和证明。分析表明该方案是安全有效的。     

Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks

Authentication protocols with anonymity attracted wide attention since they could protect users’ privacy in wireless communications. Recently, Hsieh and Leu proposed an anonymous authentication protocol based on elliptic curve Diffie–Hellman problem for wireless access networks and claimed their protocol could provide anonymity. However, by proposing a concrete attack, we point out that their protocol cannot provide user anonymity. To overcome its weakness, we propose an improved protocol. We also provide an analysis of our proposed protocol to prove its superiority, even though its computational cost is slightly higher.