Cryptanalysis of RSA with two decryption exponents

In this paper, we consider RSA with N=pq, where p,q are of same bit size, i.e., q<p<2q. We study the weaknesses of RSA when multiple encryption and decryption exponents are considered with same RSA modulus N. A decade back, Howgrave-Graham and Seifert (CQRE 1999) studied this problem in detail and presented the bounds on the decryption exponents for which RSA is weak. For the case of two decryption exponents, the bound was N^0.357. We have exploited a different lattice based technique to show that RSA is weak beyond this bound. Our analysis provides improved results and it shows that for two exponents, RSA is weak when the RSA decryption exponents are less than N^0.416. Moreover, we get further improvement in the bound when some of the most significant bits (MSBs) of the decryption exponents are same (but unknown).     

Cryptanalysis of a knapsack-based probabilistic encryption scheme

Wang et al. [B. Wang, Q. Wu, Y. Hu, A knapsack-based probabilistic encryption scheme, Information Sciences 177(19) (2007) 3981-3994] proposed a high density knapsack-based probabilistic encryption scheme with non-binary coefficients. In this paper, we present a heuristic attack that can be used to recover the private key parameters from the known public key parameters. In particular, we show that the restrictions imposed on the system parameters allow the attacker to recover a short list of candidates for the first half of the public key. The second half of the public key can then be recovered using an attack based on lattice basis reduction. Finally, by encrypting an arbitrary plaintext using the known public key then decrypting the resulting ciphertext using these estimated candidate solutions, the right private key can be uniquely determined.     

基于身份的受控文档透明加解密方案

针对日益严峻的文档安全形势,为了更好地保护受控文档,将基于身份的加密机制与透明加密(OTFE)技术相结合,提出基于身份的受控文档透明加解密方案。采用文件系统过滤驱动技术监控程序对受控文档的操作,并使用基于身份的加密机制执行加解密操作。特别地,提出将原始密文耦合后分块存储的新算法,使得敌手不可能获取完整密文进而恢复出原始明文。从系统层面和算法层面对方案进行了详细描述,安全分析表明该方案能有效地保护受控文档。     

可重构的串行高级加密标准加解密电路设计

为了进一步提高高级加密标准(AES)算法在现场可编程门阵列(FPGA)上的硬件资源使用效率,提出一种可支持密钥长度128/192/256位串行AES加解密电路的实现方案。该设计采用复合域变换实现字节乘法求逆,同时实现列混合与逆列混合的资源共享以及三种AES算法密钥扩展共享。该电路在Xilinx Virtex-Ⅴ系列的FPGA上实现,硬件资源消耗为1871slice、4RAM。结果表明,在最高工作频率173.904MHz时,密钥长度128/192/256位AES加解密吞吐率分别可达2119/1780/1534Mb·s^(-1)。该设计吞吐率/硬件资源比值较高,且适用支持千兆以太网。     

基于Linux的文件加密传输技术

为实现Linux系统服务器端与客户端的文件加密传输,对RSA加密算法和Linux系统线程池技术进行了研究。通过在Linux上配置安装Openssl库来实现非对称RSA加密过程,并且利用线程池技术处理一个服务器与多个客户端的文件传输过程。最终实现了嵌入式ARM客户端与Linux服务器端的网络连接功能,并完成了基于TCP/IP协议上的文件加密以及传输过程。结论表明使用SSL协议设计的加密系统能够完成加密和传输过程,充分保障资料的私密性,并且能够方便的移植到安全级别需求高的嵌入式系统。     

素数阶群上快速解密的KP-ABE方案

大部分基于属性的加密方案(ABE)解密开销随解密时用到的属性数量呈线性增长,解密时双线性对运算为常数次的快速解密ABE方案(FABE)能用来解决此问题。针对现有自适应安全的FABE方案在合数阶群上构造,解密运算时双线性配对计算开销过大的问题,提出一种素数阶群上快速解密的密钥策略ABE(PFKP-ABE)方案。首先基于对偶正交基和线性秘密共享(LSSS)技术提出一个PFKP-ABE方案,然后采用对偶系统加密技术构建一系列两两不可区分的攻击游戏证明该方案在标准模型下是自适应安全的。性能分析表明,与现有的合数阶群上一种快速解密自适应安全密钥策略ABE方案(FKP-ABE)相比,该方案在自适应安全的前提下,解密计算速率提高了约15倍。     

可外包解密和成员撤销的身份基加密方案

针对可撤销成员的身份基加密（RIBE）方案中密钥更新效率较低,且解密的工作量较大,难以应用于轻量级设备的问题,提出了一个可外包解密和成员撤销的身份基加密方案（RIBE-OD）。首先,生成一个完全二叉树,为这棵树的每个节点指定一个一次多项式。然后,将基于指数逆模式构造的身份基加密（IBE）方案和完全子树方法相结合,利用该一次多项式计算所有用户的私钥和未撤销用户的更新密钥,撤销用户因不能获得与之匹配的更新密钥而失去解密能力。其次,利用外包解密技术修改密钥生成算法,增加密文转换算法,从而将大部分解密运算量安全外包给云服务器,轻量级设备仅需少量运算即可解密密文。最后,基于判定双线性Diffie-Hellman逆转（DBDHI）假设,证明了所提方案的安全性。与BGK方案相比,该方案的密钥更新效率提高了85.7%,轻量级设备的解密过程减少到一个椭圆曲线指数运算,非常适合于轻量级设备解密密文。     

固定密文长度的可验证属性基外包解密方案

传统密钥策略属性基加解密方案存在密文长度随着属性增加而线性增加,在通信过程中消耗用户大量的通信带宽的缺点。提出了属性加密的改进方案,基于密钥策略属性加密,提出具有固定密文长度的可验证外包解密方案,在非单调访问结构实现密文长度固定,有效节省通信带宽,通过对外包密钥生成算法的改进,实现一次模指数运算,有效缩短外包密钥生成时间。通过运用哈希函数,实现外包解密的验证性,并对其安全性进行了证明。     

A knapsack-based probabilistic encryption scheme

Knapsack-based cryptosystems had been viewed as the most attractive and the most promising asymmetric cryptographic algorithms for a long time due to their NP-completeness nature and high speed in encryption/decryption. Unfortunately, most of them are broken for the low-density feature of the underlying knapsack problems. In this paper, we investigate a new easy compact knapsack problem and propose a novel knapsack-based probabilistic public-key cryptosystem in which the cipher-text is non-linear with the plaintext. For properly chosen parameters, the underlying knapsack problem enjoys a high density larger than 1.06 in the worst case. Hence, it is secure against the low-density subset-sum attacks. Our scheme can also defeat other potential attacks such as the brute force attacks and the simultaneous Diophantine approximation attack. Compared with previous knapsack-based cryptosystems, our scheme is efficient and practical.     

基于中国剩余定理的公钥加密方案同态性

针对现有(全)同态加密方案的整体性能不能达到实用要求的问题,为获得新的性能更好的同态加密思路,对基于中国剩余定理(CRT)的快速公钥加密方案的同态性进行了研究。考察了基于原方案构造加法和乘法同态操作的可能性,指出基于原方案不适于构造加法同态操作和乘法同态操作,并分析了原方案在安全性和效率方面存在的几个问题。提出了一个改进方案,分析了算法的安全性,尤其是对抗格基规约攻击的性能。研究了基于改进方案构造同态操作的可行性,并对原方案和改进方案的主要性能作了对比。最后对同态性构建过程中的经验进行了总结,提出了构建理想(全)同态加密方案的思路。     

一种符合数字电影规范实时AES解密系统

数字电影业界遵循的数字电影系统规范(DCSS)对电影数据的加密与解密过程提出了复杂的要求。提出了一种符合DCSS规范的AES解密过程的硬件设计与FPGA实现方法,满足DCSS对数据解密的多种要求,并达到了数字电影实时播放的速率要求。在FPGA芯片上的实验表明,该解密系统稳定工作在66Mhz时钟下,数据输出率达到了528Mbits/s,大于DCSS规范规定的250Mbits/s数据输出带宽。     

On the uniformity of distribution of the decryption exponent in fixed encryption exponent RSA

Let us fix a security parameter n and a sufficiently large encryption exponent e. We show that for a random choice of the RSA modulus m=pq, where p and q are n-bit primes, the decryption exponent d, defined by is uniformly distributed modulo φ(m). It is known, due to recent work of Boneh, Durfee and Frankel, that additional information about some bits of d may turn out to be dramatic for the security of the whole cryptosystem. Our uniformity of distribution result implies that sufficiently long strings of the most and the least significant bits of d, which are vulnerable to such attacks, behave as random binary vectors.     

基于VLIW DSP 加密与认证算法的实现

针对HD视频数据流传输过程中数据安全与完整性问题,介绍了一种专用于DES、3DES、SHA1、MD5、RSA的加密VLIW DSP(LILY-DSP)。 为了提高性能和降低成本,DSP设计成具有11级流水线和2个并行执行簇,每一簇具有3个功能单元的专用并行结构。为了提高速率,定制了专用指令实现复杂操作。提出了基于此DSP的对称加密算法、公钥加密和认证算法实现方法。仿真实现结果表明,基于VLIW DSP加密和认证算法能很好地满足实时HD video数据流需求。     

一种基于AES和三素数RPrime RSA认证加密方案

运用中国剩余定理加快处理三素数RPrime RSA解密算法,提出了一种全新的基于AES算法和三素数RPrime RSA算法的认证加密方案,具有高效、安全等特点,非常适合在智能卡之间、智能卡和终端之间的认证和信息交换。     

Fixed points of the RSA encryption algorithm

In this paper the problem of the number of fixed points for an RSA algorithm is considered. This is an important question from the point of view of any cryptosystem. We have estimated the expected value of this number for randomly chosen RSA parameters. It turned out that it is O(ln²n), and the probability of finding such a point is O(ln²n/n). Thus, these values are really negligible, which had been intuitively expected.     

A Parallel Algorithm for determining the inverse of a matrix for use in blockcipher encryption/decryption

In the current world that we live in, of rapid growing technology, and especially reliance on the Internet for our daily lively hood (Banking, shopping, entertainment, news), and also with current crimes (Identity-theft, hacking, spyware), computer security is becoming more and more important. By “computer security” we often refer to addressing three important aspects of a computer-related system: Confidentiality, integrity, and availability. Encryption clearly addresses the need for confidentiality of data, both in storage and transmission. However, the use of encryption can be cumbersome and time consuming. It is important to have a fast algorithm to both encrypt and decrypt data as needed. Public key encryption, though secure, is definitely not fast enough to be used for large size data. We introduce a Parallel Algorithm for computation of inverses of matrices modulo n. This is used in conjunction with Block Ciphers and Hill Ciphers in symmetric encryption and decryption of data for transmission on open lines. Experimental studies were done to compare the run-time of this algorithm on parallel machines, to the traditional one. The new algorithm was found to perform much better than the traditional one, and would be useful to use in encryption/decryption of large sensitive data.

A new algorithm for encryption/decryption for field applications

This paper proposes a novel scheme where the key k is generated as discrete logarithm of indices involving prime modulus p and any base value q. This base value q is an element of Z_p. The Discrete logarithm values are substituted for k in the encryption equation. During decryption the corresponding k’s are used to recover the plaintext. The sender embeds the p, q values along with the encrypted message and transmits it. This obviates the need for sending the full-length key along with the encrypted message. The proposed method ensures higher security in the transmission. The strength of the method lies in the difficulty of guessing p, q values, the entire key need not be transmitted and the full set of ASCII values of the Z₂₅₆ plane figure in the encryption process. The paper also discusses the difficulty of attempting brute force technique to discover p, q values. As an extension of this work, the authors are exploring the possibility of using the full set of UNICODE values instead of the restricted 8-bit ASCII set.     

Cryptanalysis of RSA for a special case with d > e

In this paper, we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N ^0.258 ⩽ e ⩽ N ^0.854, d > e and satisfies the given conditions, we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee’s researches on low private key RSA, and provides a new solution to finding weak keys in RSA cryptosystems. Supported partially by the National Basic Research Program of China (Grant No. 2003CB314805), the National Natural Science Foundation of China (Grant Nos. 90304014 and 60873249), and the Project funded by Basic Research Foundation of School of Information Science and Technology of Tsinghua     

一种新的基于多素数RSA认证加密方案

根据RSA加密系统和中国剩余定理,提出了一种新的基于多密钥的RSA认证加密方案。该方案与通常的RSA加密系统不同,每个用户只有一个加密密钥,但解密密钥由两个以上的短密钥组成,大大地加快了解密的速度。在解密过程中,巧妙地运用了中国剩余定理,减少了求逆元的个数,提高了效率。特别地,根据该方案可得到改进的Paixao方案和Boneh方案,计算速度更快,效果更好。分析表明,此方案可以有效地减少计算复杂度,并且不会降低其安全性,十分适合智能卡之间、智能卡和终端之间的认证和信息交换。