Plateaued函数的正规性

Plateaued函数作为Bent函数和部分Bent函数的扩展,是一类能实现多个密码学准则折中的性质优良的密码函数。该文基于布尔函数与其分解函数的Walsh谱之间的关系研究了Plateaued函数的复杂性度量指标之一的正规性,根据其正规性质给出了判定给定Plateaued函数是否正规的一个较为简单的算法,并分析了已知Plateaued函数类的正规性。     

Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol

In the quest for open systems, standardization of security mechanisms, framework, and protocols are becoming increasingly important. This puts high demands on the correctness of the standards. In this paper we use a formal logic-based approach to protocol analysis introduced by Burrows et al. [1]. We extend this logic to deal with protocols using public key cryptography, and with the notion of duration to capture some time-related aspects. The extended logic is used to analyse an important CCITT standard, the X.509 Authentication Framework. We conclude that protocol analysis can benefit from the use of the notation and that it highlights important aspects of the protocol analysed. Some aspects of the formalism need further study.This research was sponsored by the Royal Norwegian Council for Scientific and Industrial Research under Grant IT 0333.22222, and was performed while K. Gaarder was at Alcatel STK Research Centre.     

A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two improvements of the Yang and Chang's scheme have been proposed recently, however, it has been found that the schemes have similar security flaws as in the Yang and Chang's scheme. In order to remove the security pitfalls of the Yang and Chang and the subsequent schemes, we proposed an enhanced remote user mutual authentication scheme that uses elliptic curve cryptography and identity-based cryptosystem with three-way challenge-response handshake technique. It supports flawless mutual authentication of participants, agreement of session key and the leaked key revocation capability. In addition, the proposed scheme possesses low power consumption, low computation cost and better security attributes. As a result, the proposed scheme seems to be more practical and suitable for mobile users for secure Internet banking, online shopping, online voting, etc.     

Abstraction and resolution modulo AC: How to verify Diffie–Hellman-like protocols automatically

We show how cryptographic protocols using Diffie–Hellman primitives, i.e., modular exponentiation on a fixed generator, can be encoded in Horn clauses modulo associativity and commutativity. In order to obtain a sufficient criterion of security, we design a complete (but not sound in general) resolution procedure for a class of flattened clauses modulo simple equational theories, including associativity–commutativity. We report on a practical implementation of this algorithm in the MOP modular platform for automated proving; in particular, we obtain the first fully automated proof of security of the IKA.1 initial key agreement protocol in the so-called pure eavesdropper model.     

一种用于密码协议形式化验证的简单逻辑

给出了一个可用于密码协议形式化验证与设计的简单逻辑.该逻辑采用抽象的通道概念表示具有多种安全特性的通信链路,可在比现有认证逻辑的更抽象的层次上对协议进行处理.     

Cryptographic Hash Functions from Expander Graphs

We propose constructing provable collision resistant hash functions from expander graphs in which finding cycles is hard. As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. When the hash function is constructed from one of Pizer’s Ramanujan graphs, (the set of supersingular elliptic curves over with ℓ-isogenies, ℓ a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. For the LPS graphs, the underlying hard problem is a representation problem in group theory. Constructing our hash functions from optimal expander graphs implies that the outputs closely approximate the uniform distribution. This property is useful for arguing that the output is indistinguishable from random sequences of bits. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings.     

The Impossibility of Basing One-Way Permutations on Central Cryptographic Primitives

We know that trapdoor permutations can be used to construct all kinds of basic cryptographic primitives, including trapdoor functions, public-key encryption, private information retrieval, oblivious transfer, key agreement, and those known to be equivalent to one-way functions such as digital signature, private-key encryption, bit commitment, pseudo-random generator and pseudo-random functions. On the other hand, trapdoor functions are not as powerful as trapdoor permutations, so the structural property of permutations seems to be something special that deserves a more careful study. In this paper we investigate the relationships between one-way permutations and all these basic cryptographic primitives. Following previous works, we focus on an important type of reductions called black-box reductions. We prove that no such reductions exist from one-way permutations to either trapdoor functions or private information retrieval. Together with previous results, all the relationships with one-way permutations have now been established, and we know that no such reductions exist from one-way permutations to any of these primitives except trapdoor permutations. This may have the following meaning, with respect to black-box reductions. We know that one-way permutations imply none of the primitives in "public cryptography," where additional properties are required on top of "one-wayness" \cite{IR89}, so permutations cannot be traded for any of these additional properties. On the other hand, we now know that none of these additional properties can be traded for permutations either. Thus, being a permutation seems to be something orthogonal to those additional properties on top of one-wayness. Like previous non-reducibility results, our proofs follow the oracle separation paradigm of Impagliazzo and Rudich.     

Kernel-based template attacks of cryptographic circuits using static power

Side-channel attacks using static power have been shown to be successful against cryptographic circuits in different environments. This class of attacks exploits the power leakage when the circuit is in a static state, during which the power leakage is expected to be a fixed value. Due to the low signal-to-noise ratio of static power, usually more traces are needed for a static power attack to reach the same success rate as a dynamic power attack. The probabilistic distribution pattern of static power varies significantly in different devices, which further poses challenges to the accurate modeling of static power. In this paper we propose non-parametric template attacks which use a kernel methodology to improve the accuracy of modeling static power consumption. The proposed template attacks are tested using transistor-level simulations of circuits designed with a 45-nm standard cell library. Our test results show that our approach improves the success rate of template attacks using static power in cases where the distribution of static power consumption cannot be accurately modeled by Gaussian models.     

一种新的密码本原:棘轮密钥交换的定义、模型及构造

在传统密码学应用中,人们总假定终端是安全的,并且敌手只存在于通信信道上.然而,主流的恶意软件和系统漏洞给终端安全带来了严重和直接的威胁和挑战,例如容易遭受存储内容被病毒破坏、随机数发生器被腐化等各种攻击.更糟糕的是,协议会话通常有较长的生存期,因此需要在较长的时间内存储与会话相关的秘密信息.在这种情况下,有必要设计高强...     

“对BAN逻辑中新鲜子的研究”的注记

该文通过一个反例说明,宋荣功等“对BAN逻辑中新鲜子的研究”中关于BAN逻辑新鲜子规则条件过于严格,可能把一个安全的协议分析成不安全的协议。