基于深度学习的SIMON32/64安全性分析

轻量级分组密码的安全性分析越来越倾于向自动化和智能化的方向发展.目前基于深度学习对轻量级分组密码进行安全性分析正在成为一个全新的研究热点.针对由美国国家安全局在2013年发布的一款轻量级分组密码SIMON算法,将深度学习技术应用于SIMON32/64的安全性分析.分别采用前馈神经网络和卷积神经网络模拟多差分密码分析当中...     

Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA

A simple way of creating new and very efficient distinguishers for cryptographic primitives, such as block ciphers or hash functions, is introduced. This technique is then successfully applied over reduced round versions of the block cipher TEA, which is proven to be weak with less than five cycles.     

Related-key rectangle attack on 36 rounds of the XTEA block cipher

XTEA is a 64-round block cipher with a 64-bit block size and a 128-bit user key, which was designed as a short C program that would run safely on most computers. In this paper, we present a related-key rectangle attack on a series of inner 36 rounds of XTEA without making a weak key assumption, and a related-key rectangle attack on the first 36 rounds of XTEA under certain weak key assumptions. These are better than any previously published cryptanalytic results on XTEA in terms of the numbers of attacked rounds.

A comparative study of hardware architectures for lightweight block ciphers

A hardware-based performance comparison of lightweight block ciphers is conducted in this paper. The DESL, DESXL, CURUPIRA-1, CURUPIRA-2, HIGHT, PUFFIN, PRESENT and XTEA block ciphers have been employed in this comparison. Our objective is to survey what ciphers are suitable for security in Radio Frequency Identification (RFID) and other security applications with demanding area restrictions. A general architecture option has been followed for the implementation of all ciphers. Specifically, a loop architecture has been used, where one basic round is used iteratively. The basic performance metrics are the area, power consumption and hardware resource cost associated with the implementation resulting throughput of each cipher. The most compact cipher is the 80-bit PRESENT block cipher with a count of 1704 GEs and 206.4 Kbps, while the largest in area cipher is the CURUPIRA-1. The CURUPIRA-1 cipher consumes the highest power of 118.1 μW, while the PRESENT cipher consumes the lowest power of 20 μW. All measurements have been taken at a 100 kHz clock frequency.     

CHAM算法的安全性分析

本文主要研究基于ARX结构的轻量级分组密码CHAM算法,利用不可能差分分析、零相关线性分析对其进行安全性分析.首先,利用线性不等式组对算法的每个组件进行等价刻画,描述了差分特征和线性掩码的传播规律,建立了基于MILP(混合整数规划问题)的不可能差分和零相关线性自动化搜索模型.其次,根据CHAM算法四分支广义Feistel结构的特点,得到CHAM算法特定形式(输入或者输出差分(掩码)仅含有一个非零块)下的最长不可能差分路径和零相关线性路径具有的性质,优化了搜索策略,缩小了搜索空间.最后,利用搜索算法,遍历特定的输入输出集合,共得到CHAM-64的5条19轮不可能差分区分器,CHAM-128的1条18轮不可能差分区分器和15条19轮零相关线性区分器,均为目前公开发表的最长同类型区分器.     

对MIBS算法的Integral攻击

MIBS是M.Izadi等人在2009开发研制的轻量级分组密码算法,它广泛用于电子标签和传感器网络等环境.本文给出了对MIBS算法Integral攻击的4.5轮区分器,利用该区分器对MIBS算法进行了8轮和9轮的Integral攻击,并利用密钥编排算法中轮密钥之间的关系,结合“部分和”技术降低了攻击的时间复杂度.攻击结果如下:攻击8轮MIBS-64的数据复杂度和时间复杂度分别为238.6和224.2;攻击9轮MIBS-80的数据复杂度和时间复杂度分别为239.6和268.4.本文攻击的数据复杂度和时间复杂度都优于穷举攻击.这是对MIBS算法第一个公开的Integral攻击.     

CRYPTOLOGY AND THE LAW

Abstract

Skipjack is a block cipher designed by the NSA for use in US government phones, and commercial mobile and wireless products by AT&;T. Among its initial implementations in hardware were the Clipper chip and Fortezza PC cards, which have since influenced the private communications market to be compatible with this technology. For instance, the Fortezza card comes in PCMCIA interface and is a very easy plug-n-play device to add on to mobile and wireless systems to provide encryption for wireless transmissions. Initially classified when it was first proposed, Skipjack was declassified in 1998, and it sparked numerous security analyses from security researchers worldwide because it provides insight into the state-of-the-art security design techniques used by a highly secretive government intelligence agency such as the NSA. In this paper, commemorating a decade since Skipjack's public revelation, we revisit the security of Skipjack, in particular its resistance to advanced differential-style distinguishers. In contrast to previous work that considered conventional and impossible differential distinguishers, we concentrate our attention on the more recent advanced differential-style and related-key distinguishers that were most likely not considered in the original design objectives of the NSA. In particular, we construct first-known related-key impossible differential, rectangle and related-key rectangle distinguishers of Skipjack. Our related-key attacks (i.e., related-key miss-in-the-middle and related-key rectangle attacks) are better than all the previous related-key attacks on Skipjack. Finally, we characterize the strength of Skipjack against all these attacks and motivate reasons why, influenced by the Skipjack structure, some attacks fare better. What is intriguing about Skipjack is its simple key schedule and a structure that is a cross between conventional Feistel design principles and the unconventional use of different round types. This work complements past results on the security analysis of Skipjack and is hoped to provide further insight into the security of an NSA-designed block cipher; the only one publicly known to date.     

Midori64分组密码算法的积分攻击

积分攻击是一种重要的密钥恢复攻击方法,已被广泛应用于多种分组算法分析任务。Midori64算法是一种轻量级分组密码算法,为对其进行积分攻击,构建3个6轮零相关区分器,将其分别转化为6轮平衡积分区分器并合成为一个性质优良的6轮零和积分区分器,将该零和积分区分器向前扩展1轮得到一个7轮零和积分区分器。分别采用部分和技术与快速Walsh-Hadamard变换技术,得到Midori64算法的10轮积分攻击和11轮积分攻击。分析结果表明,10轮积分攻击的数据复杂度为2⁴⁰个明密文对,时间复杂度为2^67.85次10轮加密运算,11轮积分攻击的数据复杂度为2^40.09个明密文对,时间复杂度为2^117.37次11轮加密运算。     

The Multics encipher_Algorithm

Abstract

A fast software block encryption algorithm with a 72-bit key was written by (then) Major Roger R. Schell (United States Air Force) in April 1973 and released as part of the source code for the Multics operating system. The design of the Multics encipher_ algorithm includes features such as variable data-dependent rotations that were not published until the 1990s—20 years after the Multics cipher. This article describes the history and details of the Multics encipher_algorithm and how it was used for Key Generation, File Encryption, and Password Hashing. A cryptographic analysis of the algorithm has not been performed, although similarities are noted with algorithms such as XTEA, SEAL, and RC5.     

深度学习在分组密码差分区分器上的研究应用

差分分析在分组密码分析领域是一种重要的研究方法, 针对分组密码的差分分析的重点在于找到一个轮数或者概率更大的差分区分器. 首先描述了通过深度学习技术构造差分区分器时所需要的数据集的构造方法, 并且分别基于卷积神经网络(convolutional neural networks, CNN)和残差神经网络(residual...     

Collision attack on reduced-round Camellia

Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. Th     

分组密码的并行工作模式

以AES为例，探讨分组密码的并行工作模式。在分组密码的四种标准工作模式中，除ECB模式外，其余工作模式均存在着反馈形式的迭代，这对数据的并行操作是一大障碍，给出了相应的三种并行密码模式，在不改变原分组密码算法的密码学特征的前提下，可以达到线性的加速比。     

自动化搜索ARX分组密码不可能差分与零相关线性闭包

首先,构造了ARX分组密码差分特征及线性掩码的传播方程;然后,利用SAT求解器求解传播方程并且判定该传播系统是否为有效传播;最后,遍历差分特征及线性掩码自动化搜索不可能差分及零相关线性闭包。利用该算法搜索TEA、XTEA和SIMON的不可能差分与零相关线性闭包,并得到TEA、XTEA及SIMON 族分组密码的最优不可能差分与零相关线性闭包。此外,利用差分以及线性分布表,该算法能有效搜索基于S盒分组密码的不可能差分及零相关线性闭包。     

PEAK分组密码

提出了一个对称分组密码算法——PEA K。其分组长度为128bit,密钥长度为128bit到512bit可变,但要64bit对齐。该算法整体结构为变种的非平衡Feistel网络,具有天然的加解密相似性。同时在设计中采用了宽轨迹策略,确保算法对差分密码分析和线性密码分析的安全性。该文的目的是寻求公众对PEAK分组密码的测试、分析和评估。     

A secure image encryption scheme based on genetic operations and a new hybrid pseudo random number generator

This paper presents an encryption scheme based on genetic operations and a new hybrid pseudo random number generator (HPRNG). The new HPRNG is designed based on linear feedback shift register (LFSR), chaotic asymmetric tent map and chaotic logistic map. The scheme uses XOR and genetic operations (mutation, and multipoint crossover) to encrypt the image blocks. The first block of the plain image is encrypted with the help of a pseudo-random bit sequence generated by the HPRNG. The subsequent blocks are based on the previous cipher block and the XOR operator. The scheme can be extended to encrypt color images and text as well. The cipher images produced have very low correlation with their corresponding plain images and have high values of entropy, making it unpredictable and difficult to detect redundancies in the image pixel values. More over the scheme is compared with some existing schemes and found that the proposed scheme is comparatively secure and efficient.

     

分组密码及其研究

本文讨论了秘密密钥分组密码的设计原则,介绍了DES、IDEA等分组密码,指出了它们的一些弱点,如何更好地用人工神经网络设计分组密码是值得进一步深入研究的课题。     

TAE模式的分析和改进

TAE(tweakable authenticated encryption)模式是一种基于可调分组密码的加密认证模式.研究结果表明,安全的可调分组密码不是安全的TAE模式的充分条件.只有当可调分组密码是强安全的时候,TAE模式才是安全的.同时,还给出了TAE模式的一些改进,得到模式MTAE(modifiedtweakable authenticated encryption),并且证明了其安全性.     

Tweakable enciphering schemes using only the encryption function of a block cipher

A new construction of block cipher based tweakable enciphering schemes (TES) is described. The major improvement over existing TESs is that the construction uses only the encryption function of the underlying block cipher. Consequently, this leads to substantial savings in the size of hardware implementation of TES applications such as disk encryption. This improvement is achieved without loss in efficiency of encryption and decryption compared to previously known schemes. We further show that the same idea can also be used with a stream cipher which supports an initialization vector (IV) leading to the first example of a TES from such a primitive.     

基于多层前馈神经网络的分组密码设计

基于多层前馈神经网络的特性和分组密码的设计原则,构造了一种分组密码的数学模型,并用一个两层前馈网络具体实现了该分组密码体制.通过仿真,说明了该分组密码体制是可行的;通过对其安全性进行分析并与DES相比较,说明该分组密码体制具有较高的安全性,具有很好的混乱特征和扩散特征,并易于实现.     

分组密码复杂线性层可分性传播的MILP刻画方法

混合整数线性规划(MILP)作为一种自动化搜索工具, 被广泛地应用于搜索分组密码的差分、线性、积分等密码性质. 提出一种基于动态选取策略构建MILP模型的新技术, 该技术在不同的条件下采用不同的约束不等式刻画密码性质的传播. 具体地, 从可分性出发根据输入可分性汉明重量的不同, 分别采用不同的方法构建线性层可分性传播的MILP模型. 最后, 将该技术应用于搜索uBlock和Saturnin算法的积分区分器. 实验结果表明: 对于uBlock128算法, 该技术可以搜索到比之前最优区分器多32个平衡比特的8轮积分区分器. 除此之外, 搜索到uBlock128和uBlock256算法比之前最优区分器更长一轮的9和10轮积分区分器. 对于Saturnin256算法, 同样搜索到比之前最优区分器更长一轮的9轮积分区分器.