RC4流密码算法的分析与改进

RC4流密码算法易受弱密钥攻击、区分攻击和错误引入攻击。针对上述攻击,提出了一种基于随机置换的改进算法,该算法采用动态的状态表进行非线性运算,扩展状态表中的元素的取值空间,密钥序列的输出由状态表的前一状态和后一状态共同决定,提高了算法的安全性。分析了改进算法的正确性、安全性以及抗攻击性。实验验证了改进算法的密钥流随机性和效率优于RC4算法。     

Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard

HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent zero-correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify zero-correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key.     

New results on the genetic cryptanalysis of TEA and reduced-round versions of XTEA

Recently, a quick and simple way of creating very efficient distinguishers for cryptographic primitives such as block ciphers or hash functions, was presented and proved useful by the authors. In this paper, this cryptanalytic attack (named genetic cryptanalysis after its use of genetic algorithms) is shown to be successful when applied over reduced-round versions of the block cipher XTEA. Efficient distinguishers for XTEA are proposed for up to 4 cycles (8 rounds). Additionally, a variant of this genetic attack is also introduced, and their results over the block cipher TEA presented, which are the most powerful published to date.     

An efficient cryptosystem Delta for stream cipher applications

The need for wireless communication systems has increased rapidly in the past few years and wireless communication has become more convenient in business and society. However, the air interface is vulnerable to eavesdropping, hence encryption in wireless communication systems is a necessity to keep sensitive information confidential and to prevent fraud. Furthermore, wireless devices such as Bluetooth devices and mobile phones require an encryption algorithm that is secure, fast and simple to implement. There are several cryptosystems for stream cipher applications such as A5/x used in GSM mobile communications. However, A5/x are vulnerable to cryptanalytic attacks. In this paper, a new clock-controlled cryptosystem intended for hardware implementation is proposed. The design has attractive properties such as simplicity and scalability. The cryptographical properties including period, balancedness, linear complexity and probability distribution are analyzed. The design provides the basic security requirements, and is resistant to known cryptanalytic attacks. It is shown that the irregular clocking introduced provides a certain level of strengthened security against several cryptanalytic attacks. These properties enhance its use as a suitable cryptosystem for stream cipher applications.     

对DLWX混沌密码算法的分割攻击

分析基于混沌的视频加密算法的安全性,该算法是由混沌映射构造的移位密码,给出对该移位密码的攻击方法并且恢复出混沌映射产生的量化序列。混沌映射产生的量化序列具有前几个量化值对混沌初始值的低位比特变化不够敏感的性质,提出由量化序列恢复混沌初始值的分割攻击方法。在密钥长度为56bit并且参数k=4和r=4的条件下,分割攻击算法的成功率为0．9171,计算复杂性约为2^28,存储复杂性约为2^20。     

Differential Fault Analysis on SMS4 using a single fault

Differential Fault Analysis (DFA) attack is a powerful cryptanalytic technique that could be used to retrieve the secret key by exploiting computational errors in the encryption (decryption) procedure. In this paper, we propose a new DFA attack on SMS4 using a single fault. We show that if a random byte fault is induced into either the second, third, or fourth word register at the input of the 28-th round, the 128-bit key could be recovered with an exhaustive search of 22.11 bits on average. The proposed attack makes use of the characteristic of the cipher's structure and its round function. Furthermore, it can be tailored to any block cipher employing a similar structure and an SPN-style round function as that of SMS4.     

一个混沌分组密码算法的分析*

研究了一个基于混沌设计的分组密码算法的安全性,发现该算法所产生的混沌序列具有前几个值对混沌初态和参数的低位比特变化不够敏感的性质,在选择明文攻击条件下,提出了攻击加密算法等效密钥的分割攻击方法。分组密码算法的密钥长度为106 bit,分割攻击方法的计算复杂性约为260,存储复杂性约为250,成功率为0.928 4。     

一种基于演化计算的序列密码分析方法

序列密码是一类重要的密码,演化计算是一种重要的智能计算。在研究利用演化计算进行序列密码分析方法的基础上,具体给出了一种利用演化计算对非线性滤波型序列密码体制进行分析的方法。分别在移位器初态未知和抽头位置未知两种情况下,对滤波流密码体制进行了密码分析。实验结果表明,该算法的攻击复杂度远远小于穷举攻击的复杂度。     

基于碰撞模型的PRESENT密码代数旁路攻击

提出了一种新的分组密码通用的基于碰撞模型的分组密码代数旁路分析方法—代数功耗碰撞攻击,将代数攻击与功耗碰撞攻击结合,首先利用代数分析方法建立密码算法等效布尔代数方程组;然后通过功耗攻击手段获取密码加密过程运行时泄露的功耗信息,经分析转化为加密过程碰撞信息,并表示为关于加密中间状态变元的代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。应用该方法对在8位微控制器上实现的PRESENT密码进行了实际攻击,实验结果表明,代数攻击基础上引入额外的代数方程组,可有效降低方程组求解的复杂度;PRESENT易遭受此类代数功耗攻击的威胁,明密文已知,以4个样本全轮碰撞或8个样本部分轮碰撞信息成功获取PRESENT 80bit完整密钥。此外,文中分析方法也可为其它分组密码功耗碰撞分析提供一定思路。     

A computer package for measuring the strength of encryption algorithms

Designers and users of encryption algorithms used in cipher systems need a systematic approach in examining their ciphers prior to use, to ensure that they are safe from cryptanalytic attack. This paper describes a computer package used for assessing the security of newly-developed encryption algorithms.     

Differential attack on nine rounds of the SEED block cipher

The SEED block cipher has a 128-bit block length, a 128-bit user key and a total number of 16 rounds. It is an ISO international standard. In this letter, we describe two 7-round differentials with a trivially larger probability than the best previously known one on SEED, and present a differential cryptanalysis attack on a 9-round reduced version of SEED. The attack requires a memory of 2^69.71 bytes, and has a time complexity of 2^126.36 encryptions with a success probability of 99.9% when using 2¹²⁵ chosen plaintexts, or a time complexity of 2^125.36 encryptions with a success probability of 97.8% when using 2¹²⁴ chosen plaintexts. Our result is better than any previously published cryptanalytic results on SEED in terms of the numbers of attacked rounds, and it suggests for the first time that the safety margin of SEED decreases below half of the number of rounds.     

针对SOSEMANUK的猜测-确定攻击

通过分析流密码算法SOSEMANUK的一个设计弱点,提出一种针对SOSEMANUK密钥流生成器的猜测-确定攻击。该攻击只需要猜测7个32 bit内部状态变量,就可以确定唯一的12个状态变量,攻击算法只需要6个密钥字且计算复杂度为O(2196)。攻击结果表明,该设计存在安全漏洞,SOSEMANUK抗猜测-确定攻击的计算复杂度远低于O(2256)。     

对流密码RC4的区分攻击

在流密码体制下,RC4算法经过密钥初始化部分后所得的内部状态不是均匀分布的。为此,证明了算法密钥流第1个输出字分布的不均匀性,其等于186的概率为0.003 892 5。利用该输出字分布的不均匀性,给出改进的RC4区分攻击,攻击所需的数据为224 Byte,区分优势为0.84。通过实验验证了该区分攻击的有效性。     

Encryption System with Variable Number of Registers

Encryption in wireless communication systems is an extremely important factor to protect information and prevent fraud. In this paper, we propose a new encryption system for use in stream cipher applications. The design proposed is intended for hardware implementation and based on (n+1) feedback shift registers interconnected in such a way that one register controls the clocking of the other n registers. The aim of this construction is to allow the production of a large family of distinct keystreams when the initial states and feedback functions of the feedback shift registers are unchanged. The produced keystreams are shown to possess the basic security requirements for cryptographic sequences such as long period, high linear complexity and good statistical properties, provided that suitable parameters are chosen. Furthermore, the design is shown to resist various types of cryptanalytic attacks. These characteristics and properties enhance its use as a suitable encryption system for stream cipher applications.     

RC4密码的改进方法及其性能分析

针对RC4密码技术在工程应用中存在的弱密钥和相关密钥攻击、不变性弱点、数据流偏向性弱点等安全问题,提出一种将ECC技术与RC4技术相结合的方法。对改进后的RC4的数据处理效率、密钥管理、安全性能进行研究和分析。改进后的RC4技术在保证与RC4数据处理效率相近的同时,对当前针对RC4流密码的密码分析方法具有一定的抗攻击性。该技术较好地解决了密钥的共享和更新问题,具有重要的工程应用意义。     

二阶可逆耦合触发细胞自动机的加密技术研究

为了有效改进细胞自动机加密系统的实现复杂度和加解密效率,提出了一种二阶可逆耦合触发细胞自动机的图像加密方法.通过对简单的可逆细胞自动机进行扩展,构造二阶可逆细胞自动机,并以耦合触发规则对明文图像实行分块加密.二阶可逆细胞自动机的转移状态由其当前状态以及前一状态决定,有效增大了邻域范围,并且因为采用耦合触发规则,因此能明显增大加密系统的密钥空间,保证了系统的计算安全性.与一般触发自动机反向迭代的串行加密方式相比,该方法对于每个细胞的加密具有本质并行性,因此具有极高的加解密效率.通过实验验证其性能,结果表明与其它算法相比,该算法具有较大的密钥空间,能够有效抵抗蛮力攻击和差分分析攻击,且较小的邻域半径即可得到良好的加密效果,因此非常便于硬件实现.     

Robin算法改进的6轮不可能差分攻击

Robin算法是Grosso等人在2014年提出的一个分组密码算法。研究该算法抵抗不可能差分攻击的能力。利用中间相错技术构造一条新的4轮不可能差分区分器,该区分器在密钥恢复阶段涉及到的轮密钥之间存在线性关系,在构造的区分器首尾各加一轮,对6轮Robin算法进行不可能差分攻击。攻击的数据复杂度为2118.8个选择明文,时间复杂度为293.97次6轮算法加密。与已有最好结果相比,在攻击轮数相同的情况下,通过挖掘轮密钥的信息,减少轮密钥的猜测量,进而降低攻击所需的时间复杂度,该攻击的时间复杂度约为原来的2?8。     

LEX算法的相关密钥攻击

LEX算法是入选欧洲序列密码工程eSTREAM第三阶段的候选流密码算法之一,在分组密码算法AES的基础上进行设计。为此,针对LEX算法进行基于猜测决定方法的相关密钥攻击,在已知一对相关密钥各产生239.5个字节密钥流序列的条件下,借助差分分析的思想和分组密码算法AES轮变换的性质,通过穷举2个字节密钥值和中间状态的8个字节差分恢复出所有候选密钥,利用加密检验筛选出正确的密钥。分析结果表明,该密钥攻击的计算复杂度为2100.3轮AES加密、成功率为1。     

7轮ARIA-256的不可能差分新攻击

如何针对分组密码标准ARIA给出新的安全性分析是当前的研究热点。基于ARIA的算法结构,利用中间相遇的思想设计了一个新的4轮不可能差分区分器。基于该区分器,结合ARIA算法特点,在前面加2轮,后面加1轮,构成7轮ARIA-256的新攻击。研究结果表明：攻击7轮ARIA-256所需的数据复杂度约为2120选择明文数据量,所需的时间复杂度约为2219次7轮ARIA-256加密。与已有的7轮ARIA-256不可能差分攻击结果相比较,新攻击进一步地降低了所需的数据复杂度和时间复杂度。     

REPORT ON THE DECIPHERMENT OF THE AMERICAN STRIP CIPHER 0–2 BY THE GERMAN FOREIGN OFFICE

This paper presents a new attack on a block cipher, which is stronger than all previously considered attacks. This “chosen-key attack” is a generalization of the well accepted chosen-text attack. We give an example of a block cipher which is strong under a chosen-text attack, but immediately vulnerable to a chosen-key attack. A general chosen-key attack breaks an n bit key cipher in 2 ^n/2 operations. A black-box argument shows that this is the best possible for general attacks.