共查询到19条相似文献,搜索用时 343 毫秒
1.
2.
利用遗传算法构造S-盒 总被引:1,自引:0,他引:1
S(substitution) -盒是许多分组密码算法中的唯一非线性映射 ,它的密码强度决定了整个密码算法的安全强度。目前多采用m -序列、幂函数等方法来构造S -盒 ,但对于构造性能优良的 8× 8S -盒上述方法并不十分有效。本文采用遗传算法构造S -盒 ,引入约束条件减小了S -盒的搜索空间 ,提高了搜索S -盒的效率。实验结果表明 ,该方法可以快速搜索到大量能够较强地抵抗差分密码分析和线性密码分析的S -盒 相似文献
3.
4.
基于自动化搜索算法求解差分特征与线性逼近,成为了分组密码的差分与线性攻击研究热点。提出一种面向半个字节MILP模型自动化搜索密码算法的差分特征与线性逼近方法,对轻量级LED密码进行分析,以较少的变量与约束不等式求解活跃S盒数量,4轮运算至少有25个活跃S盒,这个结果与算法设计者给出的活跃S盒理论值相同,验证了该方法的正确性。最后,计算LED算法的最大差分特征及线性逼近概率,证明其能够抵抗差分与线性攻击。 相似文献
5.
许向阳 《小型微型计算机系统》2010,31(9)
AC分组密码是2002年提出的一个征求公众测试的密码算法.文中采用面向比特的随机故障模型,结合差分分析技术,利用置换层对故障的扩散特性和S盒的差分分布性质,对AC算法进行了深入分析.并在普通PC机上进行了2000次模拟试验.实验结果表明:平均需要诱导195个错误就可以恢复AC密码的128比特密钥信息.结论是该算法对差分故障攻击不具有免疫力. 相似文献
6.
研究了AES分组密码对差分故障攻击的安全性,攻击采用面向字节的随机故障模型,结合差分分析技术,通过在AES第8轮列混淆操作前导入随机单字节故障,一次故障导入可将AES密钥搜索空间由2128降低到232.3,在93.6%的概率下,两次故障导入无需暴力破解可直接恢复128位AES密钥.数学分析和实验结果表明:分组密码差分S盒取值的不完全覆盖性为差分故障分析提供了可能性,而AES密码列混淆操作良好的扩散特性极大的提高了密钥恢复效率,另外,本文提出的故障分析模型可适用于其它使用S盒的分组密码算法. 相似文献
7.
密码S盒是对称密码算法的核心部件,其代数性质通常决定着密码算法整体的安全强度.密码S盒的差分均匀度是度量其抵御差分密码分析的能力.对于n比特输入及n比特输出的密码S盒,传统求解其差分均匀度的方法需要大约O(23n)次运算;而当n较大时(比如n>15),因搜索空间较大,从而导致花销时间太长(甚至计算不可行)等问题.如何快速判定(大状态)密码S盒的差分均匀度是目前的研究难点之一.本文基于密码S盒的循环差分特性,提出了一种求解其差分均匀度下界的新方法:通过统计循环差分对出现的次数,快速评估其解存在的个数,并由此给出密码S盒差分均匀度的下界.该方法所需的时间复杂度仅为O(2n)次运算.实验结果证实:对于4比特、5比特、7比特、8比特、9比特及多个16比特的S盒,利用该求解算法捕获的差分均匀度下界与真实的差分均匀度值是完全一致的.特别地,针对PRESENT、Keccak、MISTY-7、AES、MISTY-9、NBC及其变体使用的密码S盒,该方法求解其差分均匀度下界时所花销的时间均比传统算法节省82%以上.该方法为进一步评估大状态密码S盒的代数性... 相似文献
8.
9.
S盒是许多分组密码唯一的非线性部件,它的密码强度决定了整个密码算法的安全强度.足够大的S盒是安全的,但为了便于实现,分组密码多采用若干小S盒拼凑.针对一类分组密码算法,通过将S盒与密钥相关联,给出了S盒重组算法,丰富了S盒的应用模式,有效提高了分组密码的安全强度. 相似文献
10.
刘正斌 《网络与信息安全学报》2021,7(4):131-140
PRINCE是一个低时延轻量级分组密码算法,广泛应用于各种资源受限设备.PRINCE使用FX结构,其核心部件是PRINCEcore.差分-线性分析是一种经典分析方法,它将差分分析和线性分析结合起来,使用短的高概率差分特征和线性特征来攻击密码算法.研究了 PRINCEcore的差分-线性分析,使用2轮差分-线性区分器攻击... 相似文献
11.
积分分析是一种针对分组密码十分有效的分析方法,其通常利用密文某些位置的零和性质构造积分区分器.基于高阶差分理论,可通过研究密文与明文之间多项式的代数次数来确定密文某些位置是否平衡.从传统的积分分析出发,首次考虑常数对多项式首项系数的影响,提出了概率积分分析方法,并将其应用于PUFFIN算法的安全性分析.针对PUFFIN算法,构造了7轮概率积分区分器,比已有最好的积分区分器轮数长1轮.进一步,利用构造的概率积分区分器,对9轮PUFFIN算法进行密钥恢复攻击.该攻击可恢复92比特轮密钥,攻击的数据复杂度为224.8个选择明文,时间复杂度为235.48次9轮算法加密,存储复杂度为220个存储单元. 相似文献
12.
HUI Lucas C.K. 《中国科学:信息科学(英文版)》2010,(3):546-556
Differential cryptanalysis is a general cryptanalytic tool that makes use of diFFerentials over some rounds of a cipher, combined with some key bit guesses of one or two rounds. This paper introduces a new cryptanalysis strategy of block ciphers named differential-algebraic cryptanalysis. The idea of differential-algebraic cryptanalysis is to find a differential with high probability and build the multivariable system equations for the last few rounds. The subkey values of the last few rounds can be obtaine... 相似文献
13.
Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers 总被引:1,自引:0,他引:1
Joan Daemen Mario Lamberger Norbert Pramstaller Vincent Rijmen Frederik Vercauteren 《Computing》2009,85(1-2):85-104
In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes. 相似文献
14.
《中国科学:信息科学(英文版)》2012,(9):2161-2170
SMS4,a block cipher whose global structure adopts a special unbalanced Feistel scheme with SP round function,is accepted as the Chinese National Standard for securing Wireless LANs.In this paper,in order to evaluate the security against linear cryptanalysis,we examine the upper bound of the maximum linear characteristic probability of SMS4-like ciphers with SP round function.In the same way as for SPN ciphers,it is sufficient to consider the lower bound of the number of linear active s-boxes.We propose a formula to compute the lower bound of the number of linear active s-boxes with regard to the number of rounds.The security threshold of SMS4-like ciphers can be estimated easily with our result.Furthermore,if the number of input words in each round of SMS4-like cipher is m,we find that it is unnecessary for designers to make the linear branch number of P greater than 2 m with respect to linear cryptanalysis. 相似文献
15.
In this paper, we propose a new lightweight block cipher called SCENERY. The main purpose of SCENERY design applies to hardware and software platforms. SCENERY is a 64-bit block cipher supporting 80-bit keys, and its data processing consists of 28 rounds. The round function of SCENERY consists of 8 4 × 4 S-boxes in parallel and a 32 × 32 binary matrix, and we can implement SCENERY with some basic logic instructions. The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology, and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles on 8-bit microcontrollers and 364 clock cycles on 64-bit processors. Compared with other encryption algorithms, the performance of SCENERY is well balanced for both hardware and software. By the security analyses, SCENERY can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key attacks. 相似文献
16.
Howard M. Heys 《Cryptologia》2013,37(3):189-221
In this paper, we present a detailed tutorial on linear cryptanalysis and differential cryptanalysis, the two most significant attacks applicable to symmetric-key block ciphers. The intent of the paper is to present a lucid explanation of the attacks, detailing the practical application of the attacks to a cipher in a simple, conceptually revealing manner for the novice cryptanalyst. The tutorial is based on the analysis of a simple, yet realistically structured, basic Substitution-Permutation Network cipher. Understanding the attacks as they apply to this structure is useful, as the Rijndael cipher, recently selected for the Advanced Encryption Standard (AES), has been derived from the basic SPN architecture. As well, experimental data from the attacks is presented as confirmation of the applicability of the concepts as outlined. 相似文献
17.
18.
The classical columnar transposition cipher was the most popular type of transposition cipher. It was in use mainly during the second half of the nineteenth century and the first half of the twentieth century. It also served as a building block for more complex ciphers, such as the ADFGVX cipher and the double transposition cipher. Pen-and-paper as well as computerized methods for the cryptanalysis of the columnar transposition cipher have been published, but those apply mainly to the easier cases of short keys and complete transposition rectangles. In this article, a novel approach for the cryptanalysis of the columnar transposition cipher (when used with long keys) is presented. It is based on a two-phase hill climbing algorithm, a two-dimensional fitness score, and special transformations on key segments. This ciphertext-only method allows for the recovery of transposition keys with up to 1,000 elements, and up to 120 elements for worst case transposition rectangles. 相似文献