共查询到20条相似文献,搜索用时 0 毫秒
1.
分组密码Kalyna在2015年6月被确立为乌克兰的加密标准,它的分组长度为128 bit、256 bit和512 bit,密钥长度与分组长度相等或者是分组长度的2倍,记为Kalyna-b/2b。为了保证该算法在实际环境中能安全使用,必须对其抵抗当下流行的攻击方法中的中间相遇攻击的能力进行评估。通过研究Kalyna-128/256轮密钥之间的线性关系,再结合多重集、差分枚举和相关密钥筛选等技巧构造了四条6轮中间相遇区分器链,在此区分器前端接1轮后端接3轮,再利用时空折中实现了对10轮Kalyna-128/256的中间相遇攻击,攻击所需的数据、时间和存储复杂度分别为2111△个选择明文、2238.63△次10轮加密和2222△个128 bit块。将之前10轮Kalyna-128/256中间相遇攻击最优结果的数据、时间和存储复杂度分别降低了24△倍、214.67△倍和226.8△倍。 相似文献
2.
In this paper, we examine the security of reduced AES-192 and AES-256 against related-key rectangle attacks by exploiting
the weakness in the AES key schedule. We find the following two new attacks: 9-round reduced AES-192 with 4 related keys,
and 10-round reduced AES-256 with 4 related keys. Our results show that related-key rectangle attack with 4 related keys on
9-round reduced AES-192 requires a data complexity of about 2 101 chosen plaintexts and a time complexity of about 2 174.8 encryptions, and moreover, related-key rectangle attack with 4 related keys on 10-round reduced AES-256 requires a data complexity
of about 2 97.5 chosen plaintexts and a time complexity of about 2 254 encryptions. These attacks are the first known attacks on 9-round reduced AES-192 and 10-round reduced AES-256 with only
4 related keys. Furthermore, we give an improvement of the 10-round reduced AES-192 attack presented at FSE2007, which reduces
both the data complexity and the time complexity.
Supported by the National Natural Science Foundation of China (Grant No. 60673072), and the National Basic Research Program
of China (Grant No. 2007CB311201) 相似文献
3.
SHA-3第二轮候选算法BLAKE采用局部宽管道技术和改进的MD迭代结构,其内核为Chacha密码算法的内核,该算法的安全性还未得到证明。通过分析BLAKE算法的结构及其消息置换特征,首次采用分段—连接技术对其进行了3轮的自由起始原象攻击。结果表明,消息置换的设计存在缺陷,而且这一设计缺陷影响了BLAKE算法的安全性。 相似文献
4.
研究AES-256抵抗相关密钥-不可能差分密码分析的能力.首先给出相关密钥的差分,该差分可以扩展到8轮(甚至更多轮)子密钥差分;然后构造出一个5.5轮的相关密钥不可能差分特征.最后,给出一个对7轮AES-256的攻击和4个对8轮AES-256的攻击. 相似文献
5.
In this paper, we present a preimage attack on reduced versions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating the conjunctive normal form, CNF, which is passed to the SAT solver PrecoSAT. We found preimages for some reduced versions of the function and showed that full Keccak function has a comfortable security margin against this kind of attack. 相似文献
6.
轻量级分组密码由于软硬件实现代价小且功耗低,被广泛地运用资源受限的智能设备中保护数据的安全。Midori是在2015年亚密会议上发布的轻量级分组密码算法,分组长度分为64 bit和128 bit两种,分别记为Midori64和Midori128,目前仍没有Midori128抵抗中间相遇攻击的结果。通过研究Midori128算法基本结构和密钥编排计划特点,结合差分枚举和相关密钥筛选技巧构造了一条7轮中间相遇区分器。再在此区分器前端增加一轮,后端增加两轮,利用时空折中的方法,提出对10轮的Midori128算法的第一个中间相遇攻击,整个攻击需要的时间复杂度为2126.5次10轮Midori128加密,数据复杂度为2125选择明文,存储复杂度2105 128-bit块,这是首次对Midori128进行了中间相遇攻击。 相似文献
7.
MD4 is a hash function designed by Rivest in 1990. The design philosophy of many important hash functions, such as MD5, SHA-1 and SHA-2, originated from that of MD4. We propose an improved preimage attack on one-block MD4 with the time complexity 2 95 MD4 compression function operations, as compared to the 2 107 1 complexity of the previous attack by Aoki et al. (SAC 2008). The attack is based on previous methods, but introduces new techniques. We also use the same techniques to improve the pseudo-preimage and preimage attacks on Extended MD4 with 2 25.2 and 2 12.6 improvement factor, as compared to previous attacks by Sasaki et al. (ACISP 2009). 相似文献
8.
通过分析高级加密标准AES的三轮加密内部特征,推导出一个新的3轮差分路径,该路径存在的可能性为2-22,在该性质的基础上利用不可能差分分析方法,分析了8轮AES_128.该分析方法需要287对明文、约299个存储单元和约296加解密运算.通过该分析可以看出AES算法的行列变换的混淆程度不够,这为我们提升和改进AES安全性提供理论依据. 相似文献
9.
CAST-256, a first-round AES (Advanced Encryption Standard) candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with 128-bit block accepting 128, 160, 192, 224 ... 相似文献
10.
Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec and VPN's utilize hash functions - a special family of cryptographic algorithms. Hardware implementations of cryptographic hash functions provide high performance and increased security. However, potential faults during their normal operation cause significant problems in the authentication procedure. Hence, the on-time detection of errors is of great importance, especially when they are used in security-critical applications, such as military or space. In this paper, two Totally Self-Checking (TSC) designs are introduced for the two most-widely used hash functions: SHA-1 and SHA-256. To the best of authors’ knowledge, there is no previously published work presenting TSC hashing cores. The achieved fault coverage is 100% in the case of odd erroneous bits. The same coverage is achieved for even erroneous bits, if they are appropriately spread. Additionally, experimental results in terms of frequency, area, throughput, and power consumption are provided. Compared to the corresponding Duplicated with Checking (DWC) architectures, the proposed TSC-based designs are more efficient in terms of area, throughput/area, and power consumption. Specifically, the introduced TSC SHA-1 and SHA-256 cores are more efficient by 16.1% and 20.8% in terms of area and by 17.7% and 23.3% in terms of throughput/area, respectively. Also, compared to the corresponding DWC architectures, the proposed TSC-based designs are on average almost 20% more efficient in terms of power consumption. 相似文献
11.
Twelve PGV models, MDC-2, and HIROSE, which are blockcipher-based hash functions, have been proven to be secure as hash functions when they are instantiated with ideal blockciphers. However, their security cannot be guaranteed when the base blockciphers use weak key-schedules. In this paper, we propose various related-key or chosen-key differential paths of Fantomas, Midori-128, GOST, and 12-round reduced AES-256 using key-schedules with weak diffusion effects. We then describe how these differential paths undermine the security of PGV models, MDC-2, or HIROSE. In addition, we show that the invariant subspace attacks on PRINT and Midori-64 can be transferred to collision attacks on their some hash modes. 相似文献
12.
We present some known-key distinguishers for a type-1 Feistel scheme with a permutation as the round function. To be more specific, the 29-round known-key truncated differential distinguishers are given for the 256-bit type-1 Feistel scheme with an SP (substitution-permutation) round function by using the rebound attack, where the S-boxes have perfect differential and linear properties and the linear diffusion layer has a maximum branch number. For two 128-bit versions, the distinguishers can be applied on 25- round structures. Based on these distinguishers, we construct near-collision attacks on these schemes with MMO (Matyas- Meyer-Oseas) and MP (Miyaguchi-Preneel) hashing modes, and propose the 26-round and 22-round near-collision attacks for two 256-bit schemes and two 128-bit schemes, respectively. We apply the near-collision attack on MAME and obtain a 26-round near-collision attack. Using the algebraic degree and some integral properties, we prove the correctness of the 31-round known-key integral distinguisher proposed by Sasaki et al. We show that if the round function is a permutation, the integral distinguisher is suitable for a type-1 Feistel scheme of any size. 相似文献
13.
首先分析了Leurent提出的MD-4原象攻击方法,该方法利用MD-4布尔函数的吸收性质,迭代函数的可逆性以及消息扩展方式的特殊性,首先形成伪原象攻击,之后利用基于树的方法将伪原象转变为原象攻击。采用随机图的方法,对其后一部分进行了改进,提高了攻击效率,将复杂度从2102降低到298。 相似文献
14.
We present some known-key distinguishers for a type-1 Feistel scheme with a permutation as the round function. To be more specific, the 29-round known-key truncated differential distinguishers are given for the 256-bit type-1 Feistel scheme with an SP (substitution-permutation) round function by using the rebound attack, where the S -boxes have perfect differential and linear properties and the linear diffusion layer has a maximum branch number. For two 128-bit versions, the distinguishers can be applied on 25-round structures. Based on these distinguishers, we construct near-collision attacks on these schemes with MMO (Matyas-Meyer-Oseas) and MP (Miyaguchi-Preneel) hashing modes, and propose the 26-round and 22-round near-collision attacks for two 256-bit schemes and two 128-bit schemes, respectively. We apply the near-collision attack on MAME and obtain a 26-round near-collision attack. Using the algebraic degree and some integral properties, we prove the correctness of the 31-round known-key integral distinguisher proposed by Sasaki et al. We show that if the round function is a permutation, the integral distinguisher is suitable for a type-1 Feistel scheme of any size. 相似文献
15.
Triviurn是国际重要的序列密码,贾艳艳等人曾提出对2轮Trivium进行单线性和多线性密码攻击(电子与信息学报,2011年第1期)。针对其中的线性近似方程个数少和偏差小问题,提出通过改变第1轮Trivium所占的时钟数和线性逼近式的方法对2轮进行线性逼近,给出一个偏差为2书的线性符合和8个偏差为2。。的线性符合,并利用贾艳艳文中算法对2轮Trivium进行单线性和多线性密码攻击。研究结果表明,在相同攻击成功概率的前提下,所需的数据量均为上文中所需数据量的1/16,即需要选择初始化向量的个数分别为258和257。 相似文献
16.
描述了一种对AES-128的差分错误分析原理,给出了攻击的算法,分析了算法成功的概率。该算法可以得到AES-128的中间加密结果M9,利用M9和一组正确密文可以推出AES-128的最后一轮轮密钥,从而恢复AES-128的初始密钥。软件模拟结果表明,在物理技术达到的情况下,如果能向M9中反复随机地引入140个比特错误,那么找到初始密钥的可能性将超过90%。最后指出以密文分组链模式工作的AES可以抵抗以上提到的攻击。 相似文献
18.
HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent zero-correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify zero-correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key. 相似文献
19.
本文提出了一个Midori64算法的7轮不可能差分区分器,并研究了Midori64算法所用S盒的一些差分性质。在密钥恢复过程中,提出将分组的部分单元数据寄存,分步猜测轮密钥的方法,使时间复杂度大幅下降。利用这个区分器和轮密钥分步猜测的方法,给出了Midori64算法的11轮不可能差分攻击,最终时间复杂度为 次11轮加密,数据复杂度为 个64比特分组。这个结果是目前为止对Midori64算法不可能差分分析中最好的。 相似文献
20.
MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems. 相似文献
|
