SM3国产密码算法在JWT认证技术中的应用

<正>目前，JWT用户认证体系的应用越来越广泛，但JWT令牌存在使用的杂凑算法安全性不够，采用国外杂凑算法不符合国家信创要求等问题。SM3作为自主可控的国产密码杂凑算法，应用在JWT认证技术中，大幅提高了JWT令牌的安全性。同时，SM3国产密码算法的应用更能够满足国家相关机构的安全合规性要求。     

一种在智能卡芯片中实现SHA-1算法的方法

SHA是由美国国家安全局(NSA)设计的安全杂凑算法.该算法主要应用在通讯完整性验证以及数字签名认证领域.以面积优化为目标,从系统设计入手到模块级设计,以具体设计为实例,在智能卡芯片中以较小的面积代价实现了SHA-1算法,对于类似的杂凑算法设计具有普遍的参考价值.     

SHA-2（256，384，512）系列算法的硬件实现

在同一系统中存在着对安全性要求不同的应用,可能需要对SHA--256、SHA-384、SHA一512算法进行选择,目前大部分研究只是对这几种算法单独地进行了硬件实现．本文提出了一种SHA--2（256,384,512）系列算法的VLSI结构,基于这种结构,根据不同的要求,每一种SHA-2算法都可以单独灵活地执行．本文还对该系列算法和各个独立sHA-2算法的FPGA实现进行了比较,结果表明,在面积较SHA-256实现增加40％,而与SHA-384／512基本相同的情况下,频率可达到74MHz．     

SM3杂凑算法的ASIC设计和实现

针对国家商用密码SM3杂凑算法提出了一种四合一的ASIC实现架构.该架构采用进位保留加法器和循环展开方式,与单轮结构相比,时钟周期数减少了75%,吞吐率提高了29.4%.采用65nm的SMIC工艺,在125MHz的低时钟频率下,吞吐率达到了4Gb/s.此款SM3杂凑算法芯片已经进行了流片,支持填充和暂停功能.     

SM3算法在硬件加密模块中的实现与应用

随着互联网、物联网技术的发展,嵌入式设备已经广泛应用于生活的方方面面,并承载着越来越大的信息量。因此嵌入式通信系统的信息安全问题也随之变得愈加重要。SM3算法作为国密算法的一种,目前应用相对较少,但与国际杂凑密码算法MD5相比有着更高的安全性。文章重点介绍了SM3算法原理,研究了C语言的实现以及基于TC277单片机硬件加密模块HSM的算法移植,并探讨了后续的应用前景。     

带消息填充的 29 步 SM3 算法原根和伪碰撞攻击简

基于中间相遇攻击技术,提出了一种针对密码杂凑函数SM算法的原根攻击和伪碰撞攻击方法,给出了从第1步开始的带消息填充的29步SM3算法的原根攻击和伪碰撞攻击。结果表明：对于29步SM3算法的原根攻击的时间复杂度为2254;对于29步SM3伪碰撞攻击的时间复杂度为2125。说明从第1步开始的带消息填充的29步SM3算法不能抵抗原根攻击和伪碰撞攻击。     

支持国产密码算法的高速PCIe密码卡的设计与实现

密码卡在信息安全领域发挥着重要作用,但当前密码卡存在性能不足的问题,难以满足高速网络安全服务的需要。该文提出一种基于MIPS64多核处理器的高速PCIe密码卡的设计与系统实现方法,支持SM2/3/4国产密码(GM)算法以及RSA, SHA, AES等国际密码算法,系统包括硬件模块,密码算法模块,主机驱动模块和接口调用模块;对SM3的实现提出一种优化方案,性能提升了19%;支持主机以Non-Blocking方式发送请求,单进程应用即可获得密码卡满载性能。该卡在10核CPU下SM2签名和验证速度分别为18000次/s和4200次/s, SM3杂凑速度2200 Mbps, SM4加/解密速度8/10 Gbps,多项指标达到较高水平;采用1300 MHz主频16核CPU时,SM2/3的性能指标提高1倍,采用48核CPU时SM2签名速度可达到10⁵次/s。     

一种安全可信的项目全生命周期管理系统设计

针对目前IT企业项目管理信息安全得不到保障、项目管理进度难以把控等问题,设计了一种安全可信的项目全生命周期管理系统。系统集成了SM3密码算法,在启动及使用过程中主动对信息进行完整性检测,同时结合项目管理中WBS分解技术,形成可灵活配置的项目体系模板。系统采用前后端分离式架构,使用Vue作为前端框架,Django作为服务端提供API接口,数据库使用MySQL、Redis。测试结果表明,系统将密码等信息经过SM3算法加密后生成的256 bit杂凑值与数据库中预存杂凑值进行比对,能主动校验数据完整性。经验证,系统可对项目流程及审批过程灵活配置,把控项目进度。     

高频率、低成本的SHA-256算法VLSI实现

SHA-256安全散列算法广泛应用于数据完整性校验及数字签名等领域.为满足安全SoC系统对SHA-256高工作频率和低硬件成本的设计需求,提出了一种新颖的SHA-256 VLSI实现方法,通过分解算法实现步骤,进而缩短关键路径,节省硬件资源.采用SMIC 0.13μm CMOS工艺综合实现,结果表明其最高工作频率达334.5MHz,资源消耗减少了70%.     

Shadowsocks及ShadowsocksR安全性分析

对网络代理软件Shadowsocks和ShadowsocksR产生的流量的安全性进行分析。首先,还原Shadowsocks和ShadowsocksR的报文格式;其次,澄清其使用的密码算法,包括密钥生成算法和加解密算法;最后,分析Shadowsocks(R)的理论和实际安全性,提出了流量解密的方法。综上所述,建议Shadowsocks的开发者使用SHA-3、SM3替代MD5、SHA-1用于密钥生成,并采用加盐方式生成主密钥;建议用户使用长的随机值作密码。     

A Fault Detection Scheme for the FPGA Implementation of SHA-1 and SHA-512 Round Computations

The Secure Hash Algorithm is the most popular hash function currently used in many security protocols such as SSL and IPSec. Like other cryptographic algorithms, the hardware implementation of hash functions is of great importance for high speed applications. Because of the iterative structure of hash functions, a single error in their hardware implementation could result in a large number of errors in the final hash value. In this paper, we propose a novel time-redundancy-based fault diagnostic scheme for the implementation of SHA-1 and SHA-512 round computations. This scheme can detect permanent as well as transient faults as opposed to the traditional time redundancy technique which is only capable of detecting transient errors. The proposed design does not impose significant timing overhead to the original implementation of SHA-1 and SHA-512 round computation. We have implemented the proposed design for SHA-1 and SHA-512 on Xilinx xc2p7 FPGA. It is shown that for the proposed fault detection SHA-1 and SHA-512 round computations, there are, respectively, 3% and 10% reduction in the throughput with 58% and 30% area overhead as compared to the original schemes. The fault simulation of the implementation shows that almost 100% fault coverage can be achieved using the proposed scheme for transient and permanent faults.     

一种基于循环展开结构的SHA-1算法实现

哈希算法在信息安全领域主要应用于验证数据完整性和签名认证。通过对SHA-1算法进行深入分析，提出了一种快速实现此算法的硬件方案。该方案改变了标准算法中的迭代结构，减少消息处理时钟周期数，进而提高吞吐量。与其他IP）核相比，该设计在面积、频率和吞吐量等方面表现出了较强的优势。     

High-speed &amp; Low Area Hardware Architectures of the Whirlpool Hash Function

High-speed and low area hardware architectures of the Whirlpool hash function are presented in this paper. A full Look-up Table (LUT) based design is shown to be the fastest method by which to implement the non-linear layer of the algorithm in terms of logic. An unrolled Whirlpool architecture implemented on the Virtex XC4VLX100 device achieves a throughput of 4.9 Gbps. This is faster than a SHA-512 design implemented on the same device and other previously reported hash function architectures. A low area iterative architecture, which utilises 64-bit operations as opposed to full 512-bit operations, is also described. It runs at 430 Mbps and occupies 709 slices on a Virtex X4VLX15. This proves to be one of the smallest 512-bit hash function architectures currently available.     

Gr?stl-512积分区分器的改进

校正了CANS2010会议上Minier等人关于GrФstl区分器的分析结果,改进了GrФstl算法中压缩函数的积分区分器,充分利用渗透技术首次提出了关于P函数和Q函数的11轮积分区分器。虽然针对散列函数的分析是目前SHA3研究的主流,但是所提出的关于积分区分器的研究反映了压缩函数的随机性,对新的散列函数的设计具有重要意义。     

LTE系统密钥生成算法研究

介绍了单向散列函数特性和SHA-256算法原理.基于C语言实现SHA-256算法的程序设计,在Visual C++6.0环境下仿真测试结果,对该算法的单向散列函数特性进行了分析.对24组1 024 bit测试数据测试分析,结果表明,SHA-256算法具有理想的单向散列函数特性.     

High-speed & Low Area Hardware Architectures of the Whirlpool Hash Function

High-speed and low area hardware architectures of the Whirlpool hash function are presented in this paper. A full Look-up Table (LUT) based design is shown to be the fastest method by which to implement the non-linear layer of the algorithm in terms of logic. An unrolled Whirlpool architecture implemented on the Virtex XC4VLX100 device achieves a throughput of 4.9 Gbps. This is faster than a SHA-512 design implemented on the same device and other previously reported hash function architectures. A low area iterative architecture, which utilises 64-bit operations as opposed to full 512-bit operations, is also described. It runs at 430 Mbps and occupies 709 slices on a Virtex X4VLX15. This proves to be one of the smallest 512-bit hash function architectures currently available.

Cost-Efficient SHA Hardware Accelerators

This paper presents a new set of techniques for hardware implementations of Secure Hash Algorithm (SHA) hash functions. These techniques consist mostly in operation rescheduling and hardware reutilization, therefore, significantly decreasing the critical path and required area. Throughputs from 1.3 Gbit/s to 1.8 Gbit/s were obtained for the SHA implementations on a Xilinx VIRTEX II Pro. Compared to commercial cores and previously published research, these figures correspond to an improvement in throughput/slice in the range of 29% to 59% for SHA-1 and 54% to 100% for SHA-2. Experimental results on hybrid hardware/software implementations of the SHA cores, have shown speedups up to 150 times for the proposed cores, compared to pure software implementations.      

Rotational Rebound Attacks on Reduced Skein

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.