ZF-02分组密码算法的设计与分析

提出了一种以换位变换为核心的分组密码算法(ZF-02算法)．该算法的分组长度为128bits，密钥长度可变．其加解密算法的基本结构可归结为：密钥控制下的入口状态复合换位变换、非线性性能良好的可逆置换和密钥控制下的出口状态复合换位变换．该算法逻辑结构简洁规范，而且易于在软、硬件及多种环境下实现．文中给出了算法的加解密流程和必要的数据参数表，并对其安全性做了基本分析，结果表明它拥有相当好的安全性．     

Commentary on Alan M. Turing: The Applications of Probability to Cryptography

Abstract

In April 2012, two papers written by Alan Turing during the Second World War on the use of probability in cryptanalysis were released by GCHQ. The longer of these presented an overall framework for the use of Bayes's theorem and prior probabilities, including four examples worked out in detail: the Vigenère cipher, a letter subtractor cipher, the use of repeats to find depths, and simple columnar transposition. (The other paper was an alternative version of the section on repeats.) Turing stressed the importance in practical cryptanalysis of sometimes using only part of the evidence or making simplifying assumptions and presents in each case computational shortcuts to make burdensome calculations manageable. The four examples increase roughly in their difficulty and cryptanalytic demands. After the war, Turing's approach to statistical inference was championed by his assistant in Hut 8, Jack Good, which played a role in the later resurgence of Bayesian statistics.     

一个基于混沌系统的动态换位加密方案

在对换位加密技术研究的基础上,提出了一个基于混沌系统的动态换位加密方案。该方案通过二进制数据转换、数据替换及动态换位等加密步骤,很好地实现了明文的混淆与扩散。与传统的换位加密相比,新方案不仅有较大的密钥空间,而且产生的换位序列具有很强的随机性。理论分析及实验结果表明,给出的新方案可以抵抗多种已知的密码攻击,克服了传统换位加密技术的弱点,具有较高的安全性。     

Slide attacks and LC-weak keys in T-310

T-310 is an important Cold War cipher (Cryptologia 2006). In a recent article (Cryptologia 2018), researchers show that, in spite of specifying numerous very technical requirements, the designers do not protect the cipher against linear cryptanalysis and some 3% of the keys are very weak. However, such a weakness does not necessarily allow breaking the cipher because it is extremely complex and extremely few bits from the internal state are used for the actual encryption. In this article, we finally show a method that allows recovering a part of the secret key for about half of such weak keys in a quasi-realistic setting. For this purpose, we revisit another recent article from Cryptologia from 2018 and introduce a new peculiar variant of the decryption oracle slide attack with d?=?0.     

PEAK分组密码

提出了一个对称分组密码算法——PEA K。其分组长度为128bit,密钥长度为128bit到512bit可变,但要64bit对齐。该算法整体结构为变种的非平衡Feistel网络,具有天然的加解密相似性。同时在设计中采用了宽轨迹策略,确保算法对差分密码分析和线性密码分析的安全性。该文的目的是寻求公众对PEAK分组密码的测试、分析和评估。     

Linear cryptanalysis and block cipher design in East Germany in the 1970s

Linear cryptanalysis (LC) is an important codebreaking method that became popular in the 1990s and has roots in the earlier research of Shamir in the 1980s. In this article we show evidence that linear cryptanalysis is even older. According to documents from the former East Germany cipher authority ZCO, the systematic study of linear characteristics for nonlinear Boolean functions was routinely performed in the 1970s. At the same time East German cryptologists produced an excessively complex set of requirements known as KT1, which requirements were in particular satisfied by known historical used in the 1980s. An interesting line of inquiry, then, is to see if KT1 keys offer some level of protection against linear cryptanalysis. In this article we demonstrate that, strangely, this is not really the case. This is demonstrated by constructing specific counterexamples of pathologically weak keys that satisfy all the requirements of KT1. However, because we use T-310 in a stream cipher mode that uses only a tiny part of the internal state for actual encryption, it remains unclear whether this type of weak key could lead to key recovery attacks on T-310.     

SCENERY: a lightweight block cipher based on Feistel structure

In this paper, we propose a new lightweight block cipher called SCENERY. The main purpose of SCENERY design applies to hardware and software platforms. SCENERY is a 64-bit block cipher supporting 80-bit keys, and its data processing consists of 28 rounds. The round function of SCENERY consists of 8 4 × 4 S-boxes in parallel and a 32 × 32 binary matrix, and we can implement SCENERY with some basic logic instructions. The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology, and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles on 8-bit microcontrollers and 364 clock cycles on 64-bit processors. Compared with other encryption algorithms, the performance of SCENERY is well balanced for both hardware and software. By the security analyses, SCENERY can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key attacks.     

Louis Kruh,Cryptologist, Editor,Activist

Abstract

The double transposition cipher was considered to be one of the most secure types of manual ciphers. It was extensively used in both World Wars and during the Cold War. In 1999, Otto Leiberich, the former head of the German federal office for information security, suggested that a double transposition challenge be published with specific parameters designed to ensure its security. Such a challenge was published by Klaus Schmeh in 2007. In November 2013, the authors solved the challenge using a ciphertext-only hill climbing attack. They also solved the challenge using a dictionary attack. In this article, they describe both methods, which are based on a “divide-and-conquer” approach. They additionally discuss the impact of their solutions with respect to the general security of the double transposition cipher.     

???????????????

原有对称加密算法采用置换与替换技术.该文提出一种基于圆性质的对称密钥加密算法,采用随机数技术与密码学杂凑函数,使加密后的密文随机分布于n维几何空间,实现了抗密码分析攻击,而穷举攻击在计算上是不可行的.该算法适用于带时间戳加密、短明文加密等应用环境,实验结果验证了其可行性.     

基于圆性质的加密算法

原有对称加密算法采用置换与替换技术。该文提出一种基于圆性质的对称密钥加密算法,采用随机数技术与密码学杂凑函数,使加密后的密文随机分布于n维几何空间,实现了抗密码分析攻击,而穷举攻击在计算上是不可行的。该算法适用于带时间戳加密、短明文加密等应用环境,实验结果验证了其可行性。     

A survey on the Metaheuristics for Cryptanalysis of Substitution and Transposition Ciphers

This paper presents state-of-art cryptanalysis studies on attacks of the substitution and transposition ciphers using various metaheuristic algorithms. Traditional cryptanalysis methods employ an exhaustive search, which is computationally expensive. Therefore, metaheuristics have attracted the interest of researchers in the cryptanalysis field. Metaheuristic algorithms are known for improving the search for the optimum solution and include Genetic Algorithm, Simulated Annealing, Tabu Search, Particle Swarm Optimization, Differential Evolution, Ant Colony, the Artificial Bee Colony, Cuckoo Search, and Firefly algorithms. The most important part of these various applications is deciding the fitness function to guide the search. This review presents how these algorithms have been implemented for cryptanalysis purposes. The paper highlights the results and findings of the studies and determines the gaps in the literature.     

LEX算法的相关密钥攻击

LEX算法是入选欧洲序列密码工程eSTREAM第三阶段的候选流密码算法之一,在分组密码算法AES的基础上进行设计。为此,针对LEX算法进行基于猜测决定方法的相关密钥攻击,在已知一对相关密钥各产生239.5个字节密钥流序列的条件下,借助差分分析的思想和分组密码算法AES轮变换的性质,通过穷举2个字节密钥值和中间状态的8个字节差分恢复出所有候选密钥,利用加密检验筛选出正确的密钥。分析结果表明,该密钥攻击的计算复杂度为2100.3轮AES加密、成功率为1。     

Zodiac密码算法的多维零相关线性分析

分组密码算法Zodiac支持3种密钥长度,分别为Zodiac-128、Zodiac-192、Zodiac-256。利用零相关线性分析方法评估了Zodiac算法的安全性,首先根据算法的结构特性,构造了一些关于Zodiac算法的10轮零相关线性逼近,然后对16轮Zodiac-192进行了多维零相关分析。分析结果显示：攻击过程中一共恢复了19个字节的密钥,其数据复杂度约为2^124.40个明密文对,计算复杂度为2^181.58次16轮加密。由此可得：16轮（即全轮）192 bit密钥的Zodiac算法（Zodiac-192）对于零相关线性分析方法是不安全的。     

基于混沌序列和分组密码的数字图像置乱技术

给出了一种全新的数字图像置乱方案,其中混沌序列用于给出分组密码算法的初始密钥,分组密码采用以换位变换为核心的ZF-02分组密码算法.该算法的优点是能够很好地抵抗线性、差分等多种攻击,又易于软、硬件实现.     

THE PAPAL CIPHER SECTION IN THE EARLY NINETEENTH CENTURY

In the early 19th century, papal cryptography was moribund. The pope's Secretariat maintained a small cipher section, but this unit was sadly neglected. It shunned cryptanalysis, and limited itself to handling the few secret communications that passed between the Vatican and its diplomatic representative abroad. Papal ciphers were simple, and provided only modest security.     

DESL轮特征搜索算法的实观

DESL是一种轻量级分组密码,对于分组密码最常用的密码分析技术是差分密码分析。差分密码分析根据差分概率表搜索轮特征,采用C＋＋语言实现了搜索轮特征的算法,并搜索得到了三轮、五轮等多种轮特征,为进一步的差分密码分析打下了基础。     

PRINCE密码算法的差分-线性分析

PRINCE是一个低时延轻量级分组密码算法,广泛应用于各种资源受限设备.PRINCE使用FX结构,其核心部件是PRINCEcore.差分-线性分析是一种经典分析方法,它将差分分析和线性分析结合起来,使用短的高概率差分特征和线性特征来攻击密码算法.研究了 PRINCEcore的差分-线性分析,使用2轮差分-线性区分器攻击...     

对称密码算法中两类线性表达式的概率优势

分析欧洲序列密码候选算法ABC的安全性,提炼出两类与安全性密切相关的具有概率优势的线性表达式。两个概率优势反映了模加法运算之间的两种线性相关性。利用每类表达式及其概率优势都可以推导出ABC算法的大量弱密钥。在弱密钥条件下,可以计算出算法的1 257 bit初始密钥,从而导致了算法的有效破解方法。第一类表达式反映了两个模加法方程普遍存在的一种线性相关性,第二类表达式反映了三个模加法方程的比特进位之间的线性相关性。其中,第二类中一个典型的表达式最初是由Wu和Preneel发现,并由此得到2~(96)个弱密钥,但他们只是通过测试试验数据得到了该表达式的概率优势估计值,并未给出严格证明。文中给出两类表达式的概率优势的严格证明。模加运算被广泛应用于对称密码的设计中,相信这两类线性表达式的概率优势不仅可以用来分析其它对称密码算法,而且对于设计安全的对称密码算法也是非常重要的。     

Rijndael算法中密钥生成方案的研究

经过三轮的评选，Rijndael算法被定为高级加密标准(AES)。Rijndael算法的安全性是现在研究的热点之一。本文对Rijndael算法的密钥生成方案进行了研究，提出了新的密钥生成方案。方案避免了种子密钥直接出现在轮子密钥中，同时也考虑了密钥的雪崩效应、兼顾了密钥间的线性关系，在一定程度上，增强了对密钥攻击的抵抗。新方案可改进AES的安全性。     

概率积分密码分析

在传统的积分密码分析中,积分区分器都是以概率1成立的.虽然Knudsen等学者提到过:“就像差分一样,积分也可以是概率的”,但是,没有文献报道过进一步的研究.文中对此问题进行了探讨,提出了概率积分密码分析方法,并从理论和实验两方面验证了概率积分分析方法的有效性.对于采用S盒设计的分组密码,文中证明了如果S盒的差分均匀性越接近随机概率,则分组密码抵抗概率积分密码分析的能力就越强.同时,文中指出高阶积分分析的某些技巧对于概率积分分析是行不通的,主要原因是随着求和变量个数的增加,积分特征概率趋近于随机概率.最后,文中通过对AES和LBlock这两个算法的概率积分分析实例,说明目前广泛使用的分组密码算法对于概率积分密码分析方法都是免疫的.