AKF: A key alternating Feistel scheme for lightweight cipher designs

In the classical Feistel structure the usage of alternating keys makes the cipher insecure against the related key attacks. In this work, we propose a new block cipher scheme, AKF, based on a Feistel structure with alternating keys but resistant against related key attacks. AKF leads constructions of lightweight block ciphers suitable for resource restricted devices such as RFID tags and wireless sensor nodes.     

How to decrypt or even substitute DES-encrypted messages in 2 steps

In this paper we analyze the complexity of recovering cryptographic keys when messages are encrypted under various keys. We suggest key-collision attacks, which show that the theoretic strength of a block cipher (in ECB mode) cannot exceed the square root of the size of the key space. As a result, in some circumstances, some keys can be recovered while they are still in use, and these keys can then be used to substitute messages by messages more favorable to the attacker (e.g., transfer $1000000 to bank account 123-4567890). Taking DES as our example, we show that one key of DES can be recovered with complexity 2²⁸, and one 168-bit key of (three-key) triple-DES can be recovered with complexity 2⁸⁴. We also discuss the theoretic strength of chaining modes of operation, and show that in some cases they may be vulnerable to such attacks.     

一种分组密码强化安全方法的研究

分析了级联加密的特点,讨论了分组密码的三种强化技术:密码级联技术、多重加密技术和白化技术,提出了一种双重级联加密方案NCC,并用现有的级联加密模式进行了比较,分析了其安全性和特点。同时为了减少密钥量,设计了一种密钥生成方案,用两个主密钥生成三个加密密钥,并且分析了它的安全性。     

从DES算法论分组密码的设计原则

分组密码一直是解决信息系统安全问题的常用技术方法。尽管作为分组密码典型代表的DES算法目前已被更为安全的Rijndael算法取代,但其中所体现的设计思想和设计原则依然值得研究和借鉴。文中以DES加密算法为例,在分析DES加密过程、密钥计算、加密函数和解密过程的基础上,探讨分组密码的设计原则。指出组件结构标准化原则、算法和密钥分离原则、扩散和混淆原则以及均匀性和随机性原则是现代分组密码设计的基本原则。这些原则是现代分组密码设计的出发点。     

Cryptanalysis of columnar transposition cipher with long keys

The classical columnar transposition cipher was the most popular type of transposition cipher. It was in use mainly during the second half of the nineteenth century and the first half of the twentieth century. It also served as a building block for more complex ciphers, such as the ADFGVX cipher and the double transposition cipher. Pen-and-paper as well as computerized methods for the cryptanalysis of the columnar transposition cipher have been published, but those apply mainly to the easier cases of short keys and complete transposition rectangles. In this article, a novel approach for the cryptanalysis of the columnar transposition cipher (when used with long keys) is presented. It is based on a two-phase hill climbing algorithm, a two-dimensional fitness score, and special transformations on key segments. This ciphertext-only method allows for the recovery of transposition keys with up to 1,000 elements, and up to 120 elements for worst case transposition rectangles.     

基于非S盒变换的DES分组密码的改进

通过对分组密码安全性设计的分析,针对DES分组密码的不足进行改进,设计了一种基于非S盒变换的变种DES,用随机数产生S盒的排列顺序,通过对密钥和S盒顺序的交替移位,使所有的明文采用不同的密钥加密或不同的S盒处理,任意两组相同的明文加密后都会产生不同的密文,从而实现牢不可破的"一次一密"的密码体制.     

A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock

LBlock is a new lightweight block cipher proposed by Wu and Zhang (2011) [12] at ACNS 2011. It is based on a modified 32-round Feistel structure. It uses keys of length 80 bits and message blocks of length 64 bits.In this letter, we examine the security arguments given in the original article and we show that we can improve the impossible differential attack given in the original article on 20 rounds by constructing a 22-round related key impossible differential attack that relies on intrinsic weaknesses of the key schedule. This attack has a complexity of 2⁷⁰ cipher operations using 2⁴⁷ plaintexts. This result was already published in Minier and Naya-Plasencia (2011) [9].     

Chaos block cipher for wireless sensor network

New block cipher algorithm in single byte for wireless sensor network with excellence of many cipher algorithms is studied. The child keys are generated through the developed discrete Logistic mapping, and the Feistel encrypting function with discrete chaos operation is constructed. The single byte block is encrypted and decrypted through one turn permutation, being divided into two semi-byte, quadri- Feistel structural operation, and one turn permutation again. The amount of keys may be variable with the turns of Feistel structural operation. The random and security of the child key was proven, and the experiment for the block cipher in wireless sensor network was completed. The result indicates that the algorithm is more secure and the chaos block cipher in single byte is feasible for wireless sensor network.     

LEX算法的相关密钥攻击

LEX算法是入选欧洲序列密码工程eSTREAM第三阶段的候选流密码算法之一,在分组密码算法AES的基础上进行设计。为此,针对LEX算法进行基于猜测决定方法的相关密钥攻击,在已知一对相关密钥各产生239.5个字节密钥流序列的条件下,借助差分分析的思想和分组密码算法AES轮变换的性质,通过穷举2个字节密钥值和中间状态的8个字节差分恢复出所有候选密钥,利用加密检验筛选出正确的密钥。分析结果表明,该密钥攻击的计算复杂度为2100.3轮AES加密、成功率为1。     

一个强安全的无证书密钥协商协议的安全性分析与改进

Yang和Tan提出一个不需要双线性对的无证书密钥协商协议,并声称该协议满足前向安全性,即双方参与者的私钥和临时秘密信息不全部泄露,敌手就无法获得双方参与者协商的会话密钥。给出一种攻击方法:敌手只要得到一个参与者的私钥和另一个参与者的临时秘密信息,就可以获得双方已经协商的会话密钥。针对此缺陷,对协议做了改进,在改进协议中,双方参与者的私钥和临时秘密信息互相交织在一起,因而能抵抗上述攻击。     

PEAK分组密码

提出了一个对称分组密码算法——PEA K。其分组长度为128bit,密钥长度为128bit到512bit可变,但要64bit对齐。该算法整体结构为变种的非平衡Feistel网络,具有天然的加解密相似性。同时在设计中采用了宽轨迹策略,确保算法对差分密码分析和线性密码分析的安全性。该文的目的是寻求公众对PEAK分组密码的测试、分析和评估。     

一种基于令牌的认证密钥交换协议

对称密钥系统较之非对称密钥系统具有惊人的速度优势,但是管理对称密钥系统的密钥却是需要解决的一个难题。Diffie-Hellman密钥交换是一个可以使通信双方在不可信信道上一同建立共享密钥,并使之应用于后继对称密钥通信系统的一种密码协议。应当注意到,Diffie-Hellman密钥交换协议不支持对所建立的密钥的认证。处于两个通信参与者Alice和Bob之间的一个恶意的攻击者Mallary可以主动操纵协议运行过程的信息并成功实施所谓的中间人攻击(man-in-the-middleattack)。因此为了能够真正在两个通信参与者Alice和Bob之间协商一个密钥就必须确保他们在协议运行过程中收到的信息的确是来自真实的对方。本文就是给出一种基于令牌的认证密钥交换协议以对Diffie-Hellman密钥交换协议进行改进。这对于电子商务等等很多网络应用而言是至关重要的。本文也给出了这种协议的安全性分析,并描述了基于JAVA的实现。     

Less is more: relaxed yet composable security notions for key exchange

Although they do not suffer from clear attacks, various key agreement protocols (for example that used within the TLS protocol) are deemed as insecure by existing security models for key exchange. The reason is that the derived keys are used within the key exchange step, violating the usual key-indistinguishability requirement. In this paper, we propose a new security definition for key exchange protocols that offers two important benefits. Our notion is weaker than the more established ones and thus allows the analysis of a larger class of protocols. Furthermore, security in the sense that we define enjoys rather general composability properties. In addition, our composability properties are derived within game-based formalisms and do not appeal to any simulation-based paradigm. Specifically, we show that for protocols, whose security relies exclusively on some underlying symmetric primitive, can be securely composed with key exchange protocols provided that two main requirements hold: (1) No adversary can break the underlying primitive, even when the primitive uses keys obtained from executions of the key exchange protocol in the presence of the adversary (this is essentially the security requirement that we introduce and formalize in this paper), and (2) the security of the protocol can be reduced to that of the primitive, no matter how the keys for the primitive are distributed. Proving that the two conditions are satisfied, and then applying our generic theorem should be simpler than performing a monolithic analysis of the composed protocol. We exemplify our results in the case of a profile of the TLS protocol.     

Breaking the short certificateless signature scheme

Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key escrow problem in the identity-based cryptography. Recently, Huang et al. proposed two certificateless signature schemes from pairings. They claimed that their first short certificateless signature scheme is provably secure against a normal type I adversary and a super type II adversary. In this paper, we show that their short certificateless signature scheme is broken by a type I adversary who can replace users’ public keys and access to the signing oracle under the replaced public keys.     

Improved differential fault analysis on PRESENT-80/128

PRESENT is a hardware-optimized 64-bit lightweight block cipher which supports 80- and 128-bit secret keys. In this paper, we propose a differential fault analysis (DFA) on PRESENT-80/128. The proposed attack is based on a 2-byte random fault model. In detail, by inducing several 2-byte random faults in input registers after 28 rounds, our attack recovers the secret key of the target algorithm. From simulation results, our attacks on PRESENT-80/128 can recover the secret key by inducing only two and three 2-byte random faults, respectively. These are superior to known DFA results on them.     

一种基于密钥回收的量子加密算法

基于Damgard等人的密钥回收算法,提出了一种更有效的新型量子加密算法。使用通用的哈希函数来检测窃听,如果没有监测到窃听,加解密双方共享的密钥可以被安全地重复使用,否则需要抛弃并重新协商与明文等长的密钥串。在加密经典明文的同时,也为剩余未加密的明文协商密钥。当协商好的密钥量与剩余的明文相同时,就可以使用一次一密来加密从而避免反馈是否存在窃听以及重新协商密钥的过程,显著提高了加密效率。     

有效的强安全组群密钥交换协议

组合公钥密码(CPK)体制无需证书来保证公钥的真实性,克服了用户私钥完全由密钥管理中心生成的问题。基于CPK设计了一个常数轮的组群密钥交换协议,该协议在CDH假设下可证安全并具有完美的前向安全性,只需两轮通信即可协商一个组群会话密钥,在通信和计算方面都很高效;并且高效地支持组群成员动态加入/离开,尤其对于多成员加入/离开的情况,只需额外的少量通信和计算即可更新组群密钥,确保了前向保密性和后向保密性。此外,本协议提供了强安全性保证,它能保持密钥的秘密性,除非某一方的临时私钥和长期私钥同时被泄露。最后,该协议提供了一个设计常数轮强安全组群密钥交换协议的方法,大部分的秘密共享体制均可直接应用于该协议。     

Robin算法改进的6轮不可能差分攻击

Robin算法是Grosso等人在2014年提出的一个分组密码算法。研究该算法抵抗不可能差分攻击的能力。利用中间相错技术构造一条新的4轮不可能差分区分器,该区分器在密钥恢复阶段涉及到的轮密钥之间存在线性关系,在构造的区分器首尾各加一轮,对6轮Robin算法进行不可能差分攻击。攻击的数据复杂度为2118.8个选择明文,时间复杂度为293.97次6轮算法加密。与已有最好结果相比,在攻击轮数相同的情况下,通过挖掘轮密钥的信息,减少轮密钥的猜测量,进而降低攻击所需的时间复杂度,该攻击的时间复杂度约为原来的2?8。     

随机分组密码算法框架及实现

针对现有的对分组密码的攻击方法对于未知结构的密码算法是无效的特点,提出了一个根据已有分组密码算法生成随机密码算法的框架,其密码算法是由随机控制密钥生成的,因而算法是随机的,能抵抗针对固定结构的密码算法的线性密码分析和差分密码分析。同时还提出了一个具体的AES的随机化算法,该算法具有可证明的安全性,其安全性高于原始的AES,性能与原始的AES算法接近。     

基于MILP搜索的ANU算法积分分析

ANU算法是由Bansod等人发表在SCN 2016上的一种超轻量级的Feistel结构的分组密码算法。截至目前,没有人提出针对该算法的积分攻击。为了研究ANU算法抗积分攻击的安全性,根据ANU算法的结构建立起基于比特可分性的MILP模型。对该模型进行求解,首次得到ANU算法的9轮积分区分器;利用搜索到的9轮区分器以及轮密钥之间的相关性,对128 bit密钥长度的ANU算法进行12轮密钥恢复攻击,能够恢复43 bit轮密钥。该攻击的数据复杂度为2^63.58个选择明文,时间复杂度为2^88.42次12轮算法加密,存储复杂度为2³³个存储单元。