SHA-3的安全性分析*

为分析Hash函数新标准SHA-3算法的安全性,从算法统计性能和轮函数Keccak-f的对称性两个方面对其进行测试。测试结果表明,SHA-3算法雪崩效应良好,平均变化比特数和平均变化概率都非常接近理想值且方差比较小,具有较高的稳定性和较低的碰撞程度; Keccak-f中添加常数的变换会严重扰乱轮函数的对称性,利用轮函数对称性对SHA-3进行内部差分攻击只适用于轮数较少的情况。     

SHA-3置换函数的差分转移概率分析

通过对SHA-3算法置换函数Keccak-f的分析,提出三维数组的循环移位方法。根据置换函数Keccak-f每一步变换的结构,构造出输出差分的布尔函数表达式。通过研究输出差的差分布尔函数表达式,证明了Keccak-f每一步变换的输入输出差分通过循环移位后,其差分转移概率不变。在此基础上,通过分析得出,当Keccak-f每一步变换的两个输入差分之间和对应输出差分之间均满足相同循环移位特性时,整个置换函数Keccak-f的输入输出差分在循环移位后,其差分转移概率不变。     

SHA-3候选算法Keccak的Matlab设计与实现

由KIST发起的新一代Hash函数标准SHA-3的全球公开征集过程目前已进入最后一轮筛选,Kcccak是进入最后一轮的J个候选者之一。介绍了Keccak算法及特点,给出了一种基于Matlab、带有图形界面GUI的Keccak程序设计与实现过程。本程序既可用于实际的Keccak Hash值运算,最重要的是为Keccak的教学与研究提供了一个方便直观的工具。     

On the computation of spherical Bessel functions of complex arguments

In this short paper, problems with existing algorithms for computing spherical Bessel functions of complex arguments are reported. As a remedy, a revised algorithm based on the recurrence is proposed. The upper and lower limits for the starting order that can be used in the backward recurrence to reach a desired accuracy are given. The proposed algorithm is stable and is capable of computing a wide range of arguments approaching machine accuracy.     

应用于后量子密码的高速高效SHA-3硬件单元设计

随着量子计算技术的高速发展,传统的公钥密码体制正在遭受破译的威胁,将现有加密技术过渡到具有量子安全的后量子密码方案上是现阶段密码学界的研究热点。在现有的后量子密码(Post-Quantum Cryptography,PQC)方案中,基于格问题的密码方案由于其安全性,易实施性和使用灵活的众多优点,成为了最具潜力的PQC方案。SHA-3作为格密码方案中用于生成伪随机序列以及对关键信息散列的核心算子之一,其实现性能对整体后量子密码方案性能具有重要影响。考虑到今后PQC在多种设备场景下部署的巨大需求,SHA-3的硬件实现面临着高性能与有限资源开销相互制约的瓶颈挑战。对此,本文提出了一种高效高速的SHA-3硬件结构,这种结构可以应用于所有的SHA-3家族函数中。首先,本设计将64 bit轮常数简化为7 bit,既减少了轮常数所需的存储空间,也降低了运算复杂度。其次,提出了一种新型的流水线结构,这种新型结构相比于通常的流水线结构对关键路径分割得更加均匀。最后,将新型流水线结构与展开的优化方法结合,使系统的吞吐量大幅提高。本设计基于XilinxVirtex-6现场可编程逻辑阵列(FPGA)完成了原型实现,结果显示,所设计的SHA-3硬件单元最高工作频率可达459 MHz,效率达到14.71 Mbps/Slice。相比于现有的相关设计,最大工作频率提高了10.9%,效率提升了28.2%。     

浅析校园网的安全

计算机网络已经应用了几十年,互联网已经发展成为一个全球的大网络。期间校园网也得到了飞速的发展,但是到目前为止,网络的安全仍然存在着很大的风险,整个校园网络的安全一直是各学校重点关心及研究的领域。     

On the security of individual data

We will consider the following problem in this paper: Assume that there are numerical data (like salaries of individuals) stored in a database and some subsums of these numbers are made public or just available for persons not eligible to learn the original data. Our motivating question is: At most how many of these subsums may be disclosed such that none of the numbers can be uniquely determined from these sums. These types of problems arise in the cases when certain tasks concerning a database are done by subcontractors who are not eligible to learn the elements of the database, but naturally should be given some data to fulfill there task. In database theory such examples are called statistical databases as they are used for statistical purposes and no individual data are supposed to be obtained using a restricted list of SUM queries. This problem was originally introduced by [1], originally solved by Miller et al. [7] and revisited by Griggs [4, 5]. It was shown in [7] that no more than subsums of a given set of secure data may be disclosed without disclosing at least one of the data, which upper bound is sharp as well. To calculate a subsum, it might need some operations whose number is limited. This is why it is natural to assume that the disclosed subsums of the original elements of the database will contain only a limited number of elements, say at most . The goal of the present paper is to determine the maximum number of subsums of size at most which can be disclosed without making possible to calculate any of the individual data . The maximum is exactly determined for the case when the number of data is much larger than the size restriction .     

SHA-256输出序列的随机性研究

密码学中Hash函数能够用于数据完整性和消息认证以及数字签名,SHA-256是使用最广泛的一种Hash函数。针对SHA-256,用已有统计检测方法中的x2检验对其进行了随机性测试以及雪崩效应的测试,并对测试结果进行了分析讨论,指出了该算法中的一些不足之处,并验证了算法的有效性。     

On the secure implementation of security protocols

We consider the problem of implementing a security protocol in such a manner that secrecy of sensitive data is not jeopardized. Implementation is assumed to take place in the context of an API that provides standard cryptography and communication services. Given a dependency specification, stating how API methods can produce and consume secret information, we propose an information flow property based on the idea of invariance under perturbation, relating observable changes in output to corresponding changes in input. Besides the information flow condition itself, the main contributions of the paper are results relating the admissibility property to a direct flow property in the special case of programs which branch on secrets only in cases permitted by the dependency rules. These results are used to derive an unwinding theorem, reducing a behavioural correctness check (strong bisimulation) to an invariant.     

油田内网数据库安全性浅谈

本文论述了数据库在油田内网各数字化系统中使用情况.分析了数据库由于默认设置及人为操作等因素,引起的安全方面的问题,实例论证了使用关系型数据库漏洞对服务器渗透及提权的全过程,并对存在的问题提出相应的解决办法.     

On the security of open source software

Abstract With the rising popularity of so‐called ‘open source’ software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internet's basic infrastructure, many still question the suitability of such software for the commerce‐oriented Internet of the future. This paper evaluates the suitability of open source software with respect to one of the key attributes that tomorrow's Internet will require, namely security. It seeks to present a variety of arguments that have been made, both for and against open source security and analyses in relation to empirical evidence of system security from a previous study. The results represent preliminary quantitative evidence concerning the security issues surrounding the use and development of open source software, in particular relative to traditional proprietary software.     

On the security of fair non-repudiation protocols

We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To prevent these attacks, we propose generic countermeasures that considerably strengthen the design and implementation of non-repudiation protocols. The application of these countermeasures is finally shown by our construction of a new fair non-repudiation protocol.     

On the security of the WinRAR encryption feature

Originally written to provide the file compression feature, computer software such as WinRAR and WinZip now also provide encryption features due to the rising need for security and privacy protection of files within a computer system or for sharing within a network. However, since compression has been much in use well before users saw the need for security, most are more familiar with compression software than they are with security ones. Therefore, encryption-enabled compression software such as WinRAR and WinZip tend to be more widely used for security than a dedicated security software. In this paper, we present several attacks on the encryption feature provided by the WinRAR compression software. These attacks are possible due to the subtlety in developing security software based on the integration of multiple cryptographic primitives. In other words, no matter how securely designed each primitive is, using them especially in association with other primitives does not always guarantee secure systems. Instead, time and again such a practice has shown to result in flawed systems. Our results, compared to recent attacks on WinZip by Kohno, show that WinRAR appears to offer slightly better security features. Gary S.-W. Yeo completed his B.Eng in Electronics & Computer Systems in the first half of 2005, and is currently working as an electronics engineer with a semiconductor fab facility. Raphael C.-W. Phan is currently Director of the Information Security Research (iSECURES) Laboratory at the Swinburne University of Technology (Sarawak Campus) – SUTS, Kuching, Malaysia. Raphael researches on cryptography, cryptanalysis, authentication and key exchange protocols, smart card security, hash functions and digital watermarking. His work has been published in refereed journals published by IEE, IEEE, Elsevier Science and US Military Academy; and in internationally refereed cryptology conferences published by Springer-Verlag, Germany. He is referee for several IEEE journals on the area of information security. He is General Chair of Mycrypt '05 and Asiacrypt '07, Program Chair of the International Workshop on Information Security & Hiding (ISH '05), and technical Program Committee member of Mycrypt '05, the International Conference on Information Security & Cryptology (ICISC '05) and International Conference on Applied Cryptography & Network Security (ACNS '06).     

SHA-3轮函数中χ及θ变换的性质研究

Keccak自2012被宣布为新Hash函数标准SHA-3后受到众多学者的关注,成为当前的研究热点之一。χ及θ是Keccak轮函数中最重要也是最复杂的两个变换。首先对Keccak轮函数中唯一的非线性变换χ的性质进行分析,将χ表示为布尔函数表达式形式,对χ输入差分的32种情况逐一进行推导,得到32种输出差分的布尔函数表达式,进而构造出χ的输入输出差分分布表,并对其差分分布规律进行了分析。Double Kernel形式的差分保证差分通过θ变换时不被其扩散,针对文献[1]中的低汉明重量Double Kernel形式差分的搜索算法,提出了一种新的搜索算法,新算法的复杂度较之原算法有明显降低。实验和理论推导证明了汉明重量为4及以下的Double Kernel形式差分不存在。     

论第2次数理逻辑革命

人工智能理论危机暴露了经典数理逻辑的局限性，各种非经典数理逻辑的大量涌现表明，第2次数理逻辑革命已经丌始．为了使各种逻辑能在统一的泛逻辑学框架内协调一致地发展，为人工智能提供新的逻辑理论基础，提出了第2次数理逻辑革命的总纲领：实现部分辨证逻辑的数学化，建立可包容各种不确定性、矛盾和演化的柔性逻辑学；根据总纲领和逻辑学4要素，提出了革命的若干具体纲领，并指出当前最重要的任务是建立柔性命题逻辑学，它是建立整个柔性逻辑学的基石，根据纲领建立了柔性命题逻辑学，表明它可包容或生成各种命题逻辑。     

校园网安全策略研究

随着互联网的普及,校校通工程的推进,我国校园网的建设和应用得到了迅速普及和发展,对学校的教育信息化工作发挥了积极的作用。但是校园网接入互联网后,导致校园网面临网内和网外的各种严重的安全威胁,校园网的安全问题日益突出,成为了人们重点关注的焦点。本文在分析校园网的安全威胁的基础上,重点对构筑校园网的安全防护体系的各种安全策略进行了研究探讨。     

On the security of cryptosystem using automorphism groups

A public key cryptosystem using the discrete logarithm problem (DLP) in inner automorphism groups was proposed by Paeng et al. [Advances in Cryptology-Crypto, 2001, pp. 470-485; Preprint, 2001]. We show that there are subexponential time algorithms to solve the DLP in inner automorphism groups of suggested non-abelian groups.     

SHA2 and SHA-3 accelerator design in a 7 nm technology within the European Processor Initiative

This paper proposes the architecture of the hash accelerator, developed in the framework of the European Processor Initiative. The proposed circuit supports all the SHA2 and SHA-3 operative modes and is to be one of the hardware cryptographic accelerators within the crypto-tile of the European Processor Initiative. The accelerator has been verified on a Stratix IV FPGA and then synthesised on the Artisan 7 nanometres TSMC silicon technology, obtaining throughputs higher than 50 Gbps for the SHA2 and 230 Gbps for the SHA-3, with complexity ranging from 15 to about 30 kGE and estimated power dissipation of about 13 (SHA2) to 26 (SHA-3) mW (supply voltage 0.75 V). The proposed design demonstrates absolute performances beyond the state-of-the-art and efficiency aligned with it. One of the main contributions is that this is the first SHA-2 SHA-3 accelerator synthesised on such advanced technology.