高密度背包型公钥密码体制的设计

该文提出了一类新的易解背包问题,基于此问题构造了一个新的加法背包型公钥密码体制。该公钥密码体制具有较高的背包密度,因此可以抵抗低密度子集和攻击。对该密码体制的其它的攻击方法进行了分析。     

基于随机背包的公钥密码

该文构造了一个背包型公钥密码算法。该背包公钥密码具有如下优点：加解密只需要加法和模减法运算,因此加解密速度快;该算法是基于随机背包问题而不是易解背包问题而构造的;证明了在攻击者不掌握私钥信息情况下该密码算法能抵抗直接求解背包问题的攻击,包括低密度攻击和联立丢番图逼近攻击等;证明了攻击者能够恢复私钥信息与攻击者能够分解一个大整数是等价的。分析表明,该算法是一个安全高效的公钥加密算法。     

关于Niederreiter代数码公钥密码体制的安全性及参数优化

本文分析了Niederreiter代数码公钥密码体制(简称为N公钥体制)的安全性，给出了一种攻击N公钥体制的解线性方程组的攻击法．揭示出N公钥体制与McEliece公钥体制(简称M公钥体制)在安全性上是等价的．最后通过对N公钥与M公钥体制在安全性保证下的参数优化，给出这两类体制的参数设计范围与性能比较．     

基于Niederreiter纠错码的公钥密码体制的研究

二十多年来,纠错码成功地用于构造诸多纠错码公钥密码体制。文中首先研究了N公钥体制的性能指标,给出了它的计算机模拟曲线;通过分析N公钥体制的安全性,给出了一种攻击N公钥体制的新方法;然后探讨M公钥体制与N公钥体制的内在关系,揭示了它们之间安全性等价的事实,给出了M公钥与N公钥体制性能比较的结果。     

McEliece公钥体制的修正

本文针对Ｋｏｒｚｈｉｋ对Ｔｕｒｋｉｎ公钥密码体制的攻击，对ＭｃＥｌｉｅｃｅ密码体制提出一种修正方案。分析了它的安全性的其它性能，论证了这些修正方案不仅能有效地抗击Ｋｏｒｚｈｉｋ和Ｔｕｒｋｉｎ提出的攻击，而且也能很能好地抗击其它已知的攻击方法。     

MC公钥密码体制

本文从NP完全问题——Matrix Cover问题出发,构造一种新的公钥密码体制,即MC体制(二次型背包体制)。并针对目前已知的几种破译背包密码的方法,论证了MC体制的安全性。     

公钥密码体制研究与进展

公钥密码体制的思想是密码史上一个重要的里程碑。本文详细的介绍了公钥密码体制的研究发展及实现应用,其中着重讨论了目前已有的几个比较重要的、有代表性的公钥密码体制如RSA、ECC、XTR的攻击现状,介绍了它们长期的安全性、标准化及其实现状况。最后我们简单的介绍了最近所提出的一些公钥密码体制如基于辫群的密码体制,量子公钥密码体制等。     

公钥密码体制综述

自从1976年首次提出公钥密码体制的思想以来，公钥密码得到了广泛的研究与巨大的发展。本文介绍了公钥密码体制的基本思想，并简单描述了几种典型的公钥密码体制的数学基础、实现方式以及攻击现状。     

广义逆公钥密码体制

本文利用一般矩阵具有许多个广义逆的性质,设计出一种公钥密码体制方案。同时利用了纠错码的一些理论,使可纠的错误模式作为对信息进行保护的手段。文中对体制的各种性能指标进行了详细分析,同时对该体制的许多特性与McEliece公钥密码体制进行对比,指出该体制的优点和缺陷。本文还通过对各种可能的攻击的研究,指出这些攻击方法都有着大得难以实现的运算量,从而说明这种体制具有较高的安全性。本文也是矩阵广义逆理论应用于密码学的初次尝试。     

伪素数编码序列在背包向量公钥密码体制中的应用

本文研究了一组伪素数编码序列,给出求解该序列的通项公式。并利用它们的超递增序列特性,将其应用在常规的陷门背包公钥密码体制中。为防止破译,本文采取变形的非超递增序列作为陷门背包向量,来提高背包公区县密码体制的安全性。     

Linearly shift knapsack public-key cryptosystem

Two algorithms are proposed to improve the Merkle-Hellman knapsack public-key cryptosystem. an approach to transform a superincreasing sequence to a high-density knapsack sequence is proposed. The algorithm is easy to implement and eliminates the redundancy of many knapsack cryptosystems. A linear shift method is used to improve the security of the knapsack public-key cryptosystem. It is shown that several knapsacks (e.g., the so-called useless knapsack), which cannot be generated by using the Merkle-Hellman scheme, can be generated by the linear shift method. Thus A. Shamir's (1982, 1984) attack to the original knapsack, as well as the low-density attack to the iterated knapsack, cannot be applied to this system successfully. It is interesting to note that the concept of the requirement of being one-to-one in practical enciphering keys is not necessary for this system.<>     

Cryptanalysis: a survey of recent results

Cryptosystems are tested by subjecting them to cryptanalytic attacks by experts. Most of the cryptosystems that have been publicly proposed in the last decade have been broken. Some of the attacks that have been used are outlined, and some of the basic tools available to the cryptanalyst are explained. Attacks on the knapsack cryptosystems, congruential generators, and a variety of two key secrecy and signature schemes are discussed. There is also a brief discussion of the status of the security of cryptosystems for which there is no known feasible attack, such as the RSA, discrete exponentiation, and DES cryptosystems     

新的具有隐私保护功能的异构聚合签密方案

异构聚合签密方案不仅可以保证异构密码系统之间数据的机密性和不可伪造性,而且可以提供多个密文批量验证。该文分析了一个具有隐私保护功能的异构聚合签密方案的安全性,指出该方案不能抵挡恶意密钥生成中心(KGC)攻击,恶意KGC可以伪造有效的单密文和聚合密文。为了提高原方案的安全性,该文提出一种新的具有隐私保护功能的异构聚合签密方案。该方案克服了原方案存在的安全性问题,实现了无证书密码环境到身份密码环境之间的数据安全传输,在随机预言机模型下证明新方案的安全性。效率分析表明新方案与原方案效率相当。     

Securing Threshold Cryptosystems against Chosen Ciphertext Attack

For the most compelling applications of threshold cryptosystems, security against chosen cipher text attack is a requirement. However, prior to the results presented here, there appeared to be no practical threshold cryptosystems in the literature that were provably chosen ciphertext secure, even in the idealized random oracle model. The contribution of this paper is to present two very practical threshold cryptosystems, and to prove that they are secure against chosen ciphertext attack in the random oracle model. Not only are these protocols computationally very efficient, but they are also non-interactive, which means they can be easily run over an asynchronous communication network. Received November 2000 and revised September 2001 Online publication 11 March 2002     

Differential cryptanalysis of Lucifer

Differential cryptanalysis was introduced as an approach to analyze the security of DES-like cryptosystems. The first example of a DES-like cryptosystem was Lucifer, the direct predecessor of DES, which is still believed by many people to be much more secure than DES, since it has 128 key bits, and since no attacks against (the full variant of) Lucifer were ever reported in the cryptographic literature. In this paper we introduce a new extension of differential cryptanalysis, devised to extend the class of vulnerable cryptosystems. This new extension suggests key-dependent characteristics, calledconditional characteristics, selected to increase the characteristics' probabilities for keys in subsets of the key space. The application of conditional characteristics to Lucifer shows that more than half of the keys of Lucifer are insecure, and the attack requires about 2³⁶ complexity and chosen plaintexts to find these keys. The same extension can also be used to attack a new variant of DES, called RDES, which was designed to be immune against differential cryptanalysis. These new attacks flash new light on the design of DES, and show that the transition of Lucifer to DES strengthened the later cryptosystem.     

ECPS2和ECPS3中的加密也是不安全的

本文讨论了基于纠错码的公钥体制ＰＥＰＳ２和ＥＣＰＳ３中加密过程的安全性，指出可以在Ｏ（ｎ＾３）时间内由体制的公开钥信息找到一个转换矩阵，用它也可以解密由秘密置换阵加密的消息，其中ｎ为稳定置换阵的行（列）数，进而，本文给出了用所找到的置换阵破译ＥＣＰＳ２加密和ＥＣＰＳ３部分情况下加密的方法。     

信息反馈流密码体制

传统流密码体制的安全性已越来越严重地受到各种攻击的威胁,对此人们在尽各种努力寻找新型的安全体制。本文发展了早期人们考虑到的信息反馈流密码体制,分析了它们的安全性并指出这种新型流密码的实用价值。初步分析表明,信息反馈流密码体制具有较高的安全性。