白盒密码的设计与研究

白盒攻击环境指的是密码软件的执行对攻击者完全可见的环境。在白盒攻击环境中,攻击者通过观察或者执行密码软件,很容易就可以获得密钥信息。白盒密码是针对这种环境提出来的,其目的是为了在白盒攻击环境中,有效地防止攻击者获得密钥信息,并介绍了白盒密码的主要设计方法并进行了分析。     

白盒SM4的分析与改进

差分计算分析(DCA)是一种应用于白盒实现安全性分析的侧信道分析手段,其高效性在白盒高级数据加密标准(AES)的分析工作中已得到验证。该文针对白盒SM4方案提出一种类差分计算分析的自动化分析方法,该分析以白盒SM4方案中的查找表结果为分析对象,采用统计分析的方法提取密钥,称为中间值平均差分分析(IVMDA)。相比于已有的白盒SM4的分析方法,中间值平均差分分析所需要的条件更少,分析效率更高。在对白盒SM4方案进行成功分析后,该文提出一种软件对策以提高白盒SM4方案的安全性,该对策利用非线性部件对白盒方案中的中间状态进行混淆,消除中间状态与密钥之间的相关性。实验证明该对策可以有效抵抗中间值平均差分分析。     

AES算法S盒性质验证

AES作为广泛使用的高级数据加密标准,其密码算法的安全性取决于非线性部件S盒的密码特性。本文首先学习了AES算法的基本加解密过程,特别分析了AES49436算法采用的时空折衷的思想。然后从布尔函数出发,利用C语言实现了AES的S盒,推导和计算了S盒平衡性、非线性度等密码特性,说明AES抗差分和抗线性攻击的本质原因。最后利用拉格朗日插值法,拟合了S盒的代数表达式。结果表明AESS盒代数表达式项数过少,表达式比较简单,存在一定的安全隐患。     

一种基于Feistel结构混沌分组密码的研究

混沌系统具有良好的伪随机性、混频特性、对初始状态的敏感性、复杂的映射参数等特性,这些特性与密码学要求的产生伪随机信号、混乱和扩散、加解密密钥的难以预测等属性十分吻合。文中针对一种较新的基于Feistel结构的混沌分组密码,应用线性密码分析方法,分别在固定S盒、动态S盒两种情况对该算法进行了分析,并进行了大量的仿真测试。分析测试结果表明,相比较于传统分组密码,该混沌分组密码能够更有效地抵抗线性密码攻击,性能良好。     

混沌分组密码抗差分密码攻击的分析

混沌系统具有良好的伪随机性、混频特性、对初始状态的敏感性和复杂的映射参数等特性,这些特性与密码学要求的产生伪随机信号、混乱和扩散、加、解密密钥的难以预测等属性是十分吻合的。近些年来,不少学者提出了多种基于混沌理论的密码算法,但对其安全性并没有详尽的分析。针对一种较新的基于Feistel结构的混沌分组密码,应用不可能差分的分析方法,在固定S盒的情况下对其安全性进行了分析,并在动态S盒的情况下说明了其安全性所在。     

基于时空混沌和S盒的彩色图像加密算法

利用时空混沌系统和S盒代数运算产生彼此独立的密钥流,加密过程中引入密文反馈且嵌入明文长度,分别用来加密彩色图像的各基色成分.对加密算法的性能分析表明该方案密钥空间大,统计特性好,能有效抵抗穷举攻击、差分攻击和熵攻击,有较高的加/解密速度,有利于应用到对安全性和速度都有较高要求的实时信息密码系统,是一种通用的流密码结构的彩色图像加密方案.     

基于神经网络混沌吸引子的混合加密

把Diffe-Hellman密钥交换协议和流密码算法相结合,设计了一种基于神经网络混沌吸引子的混合加密算法。算法采用基于混沌吸引子的Diffe-Hellman公钥体制,保证了密钥分发的安全性,同时拥有流密码速度快的优点,提高了加密速度,因此实用性较好,能够满足下一代通信实时快速的需求。分析了算法的安全性和加解密效率,利用vc编程实现算法,并对仿真生成的密钥流和密文进行测试。实验结果表明,算法具有较好的安全性和加解密速度。     

分组密码中基于混沌映射的动态S盒构造

S盒是分组密码算法的唯一非线性部件,为了产生更加安全的动态S盒,提出了一种基于Logistic混沌映射和Tent混沌映射构造动态S盒的方法。在Logistic混沌映射的初值敏感性的基础上,生成的动态S盒是与密钥相关的。对S盒的双射性、非线性度、严格雪崩准则、输出比特间独立性、均匀差分性和灵敏度进行了测试和分析。各项理论分析和实验结果表明,该算法产生的动态S盒能够较好地符合各项设计准则,可以满足密码算法的安全性。     

基于持续性故障的分组密码算法S盒表逆向分析

基于故障注入的逆向分析技术通过向运行保密算法的设备中注入故障,诱导异常加密结果产生,进而恢复保密算法内部结构和参数.在除S盒表外其他运算结构已知的前提下,本文基于持续性故障提出了一种分组密码算法S盒表逆向分析方法.我们利用算法中使用故障元素的S盒运算将产生错误中间状态并导致密文出错这一特点,构造特殊的明文和密钥,诱导保密算法第二轮S盒运算取到故障值,从而逆向推导出第一轮S盒运算的输出,进而恢复出保密算法S盒表的全部元素.以类AES-128(Advanced Encryption Standard-128)算法为例,我们的方法以1 441 792次加密运算成功恢复出完整S盒表,与现有的其他逆向分析方法进行对比,新方法在故障注入次数和计算复杂度上有明显优势.进一步,我们将该方法应用于类SM4算法,并以1 900 544次加密运算恢复出保密S盒表.最后,我们综合考虑了分组密码算法的两种典型结构Feistel和SPN(Substitution Permutation Network)的特点,对新方法的普适性进行了讨论,总结出适用算法需具备的条件.     

一种可用于光学密码的安全增强工作模式

 为满足云计算对高安全、高效率密码方案的需求,该文提出一种安全增强密码工作模式——密码反馈“一组一密”(Cipher FeedBack one Block one Key, CFB-BK)模式,并基于数学密码和光学密码组合实现：光学密码对数据分组进行“一组一密”加解密,数学密码利用光学密码密文生成供光学密码下一组数据加解密使用的密钥。安全性分析表明,攻击者在密码学技术范围内,只能采用穷举密钥攻击方式,攻击复杂度高;效率分析表明,比基于数学密码实现的模式效率更高。     

基于矢量分解和相位剪切的非对称光学图像加密

结合矢量分解和相位剪切提出一种新的非对称光学图像加密算法,明文经过4个密钥加密得到分布均匀的密文和3个解密密钥。解密密钥在加密过程中产生,不同于加密密钥,实现了非对称加密,增加了系统的安全性。在矢量分解过程中产生的解密密钥与明文关联强,比现有光学非对称加密算法中明文对密文和解密密钥更为敏感,抵御选择明文攻击能力更强,同时也提高了解密密钥的敏感性。相位剪切的引入扩大了密钥空间,增强算法安全性,产生实数密文更便于传输。实验分析表明:该算法密文分布均匀、相邻像素相关性低,解密密钥、明文对解密密钥和密文敏感性高,抵御各种攻击能力强,有更好光学图像加密效果。     

General digital rights management solution based on white-box cryptography

Digital rights management(DRM) applications are usually confronted with threats like key extraction, code lifting, and illegal distribution. White-box cryptography aims at protecting software implementations of cryptographic algorithms and can be employed into DRM applications to provide security. A general DRM solution based on white-box cryptography was proposed to address the three threats mentioned above. The method is to construct a general perturbation-enabled white-box compiler for lookup-table based white-box block ciphers, such that the white-box program generated by this compiler provides traceability along with resistance against key extraction and code lifting. To get a traceable white-box program, the idea of hiding a slight perturbation in the lookup-table was employed, aiming at perturbing its decryption functionality, so that each user can be identified. Security analysis and experimental results show that the proposed DRM solution is secure and practical.     

Hash key-based video encryption scheme for H.264/AVC

An improved H.264/AVC comprehensive video encryption scheme is proposed. In the proposed scheme, the intra-prediction mode, motion vector difference, and quantization coefficients are encrypted. A novel hierarchical key generation method is likewise proposed, in which the encryption keys are generated based on the cryptographic hash function. Generated frame keys are consistent with the corresponding frame serial numbers, which can ensure frame synchronization in the decrypting process when frame loss occurs. This function provides the property that our scheme is secure against some special attacks for video, such as the frame regrouping attack and frame erasure attack. Our method not only avoids the distribution of encryption keys, but also increases the security. Experimental results show that the proposed scheme is efficient in computing, the encryption process does not affect the compression ratio greatly, and the encryption/decryption process hardly affects the video quality.     

一种改进的网络安全信道建立算法

讨论了基于对称加密算法DES的安全信道建立策略．该安全信道能实现通讯双方的认证和加密密钥的协商，并分析了该算法存在的不足。提出了一种改进的安全信道建立算法，新的算法能够承受已知明文攻击，同时还提高了加、解密运算的效率。     

MACPABE: Multi-Authority-based CP-ABE with efficient attribute revocation for IoT-enabled healthcare infrastructure

The Internet of Things (IoT) technology along with cloud computing has gained much attention in recent years for its potential to upgrade conventional healthcare systems. Outsourcing healthcare data to a cloud environment from IoT devices is very essential as IoT devices are lightweight. To maintain confidentiality and to achieve fine-grained access control, the ciphertext policy attribute-based encryption (CP-ABE) technique is utilized very often in an IoT-based healthcare system for encrypting patients' healthcare data. However, an attribute revocation may affect the other users with the same attribute set, as well as the entire system due to its security concerns. This paper proposes a novel CP-ABE-based fine-grained access control scheme to solve the attribute revocation problem. The proposed technique includes multiple attribute authorities to reduce the work overhead of having a single authority in the traditional CP-ABE systems. In addition, the proposed scheme outsources the decryption process to a decryption assistant entity to reduce the decryption overhead of the end-users. To prove the efficiency of the proposed scheme, both formal security analysis and performance comparisons are presented in this paper. Results and discussion prove the effectiveness of the proposed scheme over some well-known schemes.     

可验证外包解密的离线/在线属性基加密方案

属性基加密可以为雾-云计算中的数据提供机密性保护和细粒度访问控制,但雾-云计算系统中的移动设备难以承担属性基加密的繁重计算负担。为解决该问题,该文提出一种可验证外包解密的离线/在线属性基加密方案。该方案能够实现离线/在线的密钥生成和数据加密,同时支持可验证外包解密。然后,给出方案的选择明文攻击的安全证明和可验证性的安全证明。之后,该文将转换阶段所需双线性对的计算量降为恒定常数。最后,从理论和实验两方面对所提方案进行性能分析,实验结果表明该方案是有效且实用的。     

非对称光学图像加密系统的已知公钥攻击

为了破解基于相位截断傅里叶变换的非对称光学图像加密系统,提出一种已知公钥的攻击方法,并通过理论分析和实验仿真进行了研究。结果表明,在已知公钥的攻击下,攻击者可通过获取通用解密密钥恢复基于相位截断傅里叶变换的非对称光学图像加密系统的明文,并取得了较好的破解效果。在整个攻击的实施过程中,除了公开的加密密钥,无需额外的资源,同时攻击难度大大降低,因此更具实际意义。     

REESSE1加密方案中杠杆函数的充分必要性分析

文章介绍了REESSE1公钥体制的加密方案,包括密钥生成、加密和解密3个算法.通过对密钥变换公式中杠杆函数(.)为常数或不存在的假设,讨论了连分式攻击,因而从逆否命题的角度证明了(.)对REESSE1体制私钥安全的必要性.作者通过不确定推理、反例列举和参数归约的方法论述了(.)存在时,REESSE1的私钥安全性等价于多变量排列难题、明文安全性大于离散对数难题,从而证明了(.)对REESSE1体制私钥与明文安全的充分性.最后,指出了私钥中包含三个独立参数的REESSE1体制与私钥中仅包含一个或两个参数的MH、RSA和ElGamal体制相比,复杂性得到了显著提高.     

A group key exchange and secure data sharing based on privacy protection for federated learning in edge-cloud collaborative computing environment

Federated learning (FL) is widely used in internet of things (IoT) scenarios such as health research, automotive autopilot, and smart home systems. In the process of model training of FL, each round of model training requires rigorous decryption training and encryption uploading steps. The efficiency of FL is seriously affected by frequent encryption and decryption operations. A scheme of key computation and key management with high efficiency is urgently needed. Therefore, we propose a group key agreement technique to keep private information and confidential data from being leaked, which is used to encrypt and decrypt the transmitted data among IoT terminals. The key agreement scheme includes hidden attribute authentication, multipolicy access, and ciphertext storage. Key agreement is designed with edge-cloud collaborative network architecture. Firstly, the terminal generates its own public and private keys through the key algorithm then confirms the authenticity and mapping relationship of its private and public keys to the cloud server. Secondly, IoT terminals can confirm their cryptographic attributes to the cloud and obtain the permissions corresponding to each attribute by encrypting the attributes. The terminal uses these permissions to encrypt the FL model parameters and uploads the secret parameters to the edge server. Through the storage of the edge server, these ciphertext decryption parameters are shared with the other terminal models of FL. Finally, other terminal models are trained by downloading and decrypting the shared model parameters for the purpose of FL. The performance analysis shows that this model has a better performance in computational complexity and computational time compared with the cited literature.     

基于Logistic映射的压缩图像加密算法

大多数的图像加密算法是针对整幅图像的,加密、解密和传输效率较低.利用局部图像的特点,采用自适应的分块方法以及多种块分类技术相结合对图像进行块分解,借助Logis-tic映射产生的混沌序列分别对分解后的图像序列块进行不同密钥的加密.经实验验证,该方法不仅增加了输出密钥序列的周期性和安全性,而且提高了加密、解密速度及传输效率,加密、解密效果良好.