共查询到18条相似文献,搜索用时 203 毫秒
1.
MORUS算法是Wu等人设计的认证加密算法,现已进入CAESAR竞赛的第三轮.动态立方攻击是Dinur等人2011年提出的针对迭代型序列密码的分析方法.提出了一种改进的动态立方攻击方法,优化了动态立方攻击的立方集合的选取规则,提出了优先猜测关键值并恢复相应的关键秘密信息的方法,据此给出了成功率更高的秘密信息恢复方法.利用该方法分析了初始化5步的简化版MORUS算法,最终以O(295.05)的复杂度恢复所有128比特密钥,攻击的成功率大于92%. 相似文献
2.
3.
现有的对于Piccolo算法的安全性分析结果中,除Biclique分析外,以低于穷举搜索的复杂度最长仅攻击至14轮Piccolo-80和18轮Piccolo-128算法.通过分析Piccolo算法密钥扩展的信息泄漏规律,结合算法等效结构,利用相关密钥-不可能差分分析方法,基于分割攻击思想,分别给出了15轮Piccolo-80和21轮Piccolo-128含前向白化密钥的攻击结果.当选择相关密钥量为28时,攻击所需的数据复杂度分别为258.6和262.3,存储复杂度分别为260.6和264.3,计算复杂度分别为278和282.5;在选择相关密钥量为24时,攻击所需的数据复杂度均为262.6和262.3,存储复杂度分别为264.6和264.3,计算复杂度分别为277.93和2124.45.分析结果表明,仅含前向白化密钥的15轮Piccolo-80算法和21轮Piccolo-128算法在相关密钥-不可能差分攻击下是不安全的. 相似文献
4.
5.
通过分析MD5中非线性函数的性质以及模232减差分和异或差分的性质,证明了Liang Jie和Lai Xuejia 给出的产生MD5碰撞的充分条件集中的条件是保证第23~62步的差分路径满足的充要条件,给出了保证第63、64步的输出差分满足的充要条件集.利用得到的充要条件集,提出了对MD5的改进的碰撞攻击算法,该算法的平均计算复杂度约为已有碰撞攻击算法的0.718 7倍,并通过实验对该算法的改进效果进行了验证. 相似文献
6.
Salsa20 流密码算法是Estream 最终胜出的7 个算法之一.结合非线性方程的求解及Salsa20 的两个3 轮高概率差分传递链,对5 轮Salsa20 算法进行了代数-截断差分攻击.计算复杂度不大于O(2105),数据复杂度为O(211),存储复杂度为O(211),成功率为97.72%.到目前为止,该攻击结果是对5 轮Salsa20 算法攻击最好的结果. 相似文献
7.
8.
Crypton密码算法是韩国学者提出的一种AES候选算法。通过研究Crypton算法的结构特征和一类截断差分路径的性质,利用差分枚举技术权衡存储复杂度和数据复杂度,提出了4轮和4.5轮中间相遇区分器。新的区分器减少了预计算表中的多重集数量,降低了存储复杂度。基于4轮区分器首次给出对7轮Crypton-128的中间相遇攻击,时间复杂度为2113,数据复杂度为2113,存储复杂度为290.72。基于4.5轮区分器首次给出对8轮Crypton-192的中间相遇攻击,时间复杂度为2172,数据复杂度为2113,存储复杂度为2138。 相似文献
9.
10.
为研究分组加密算法SMS4抵抗不可能差分攻击的能力,使用了14轮不可能差分路径,给出了相关攻击结果。基于1条14轮不可能差分路径,对16轮和18轮的SMS4算法进行了攻击,改进了关于17轮的SMS4的不可能差分攻击的结果,将数据复杂度降低到O(269.47)。计算结果表明:攻击16轮SMS4算法所需的数据复杂度为O(2103),时间复杂度为O(292);攻击18轮的SMS4算法所需的数据复杂度为O(2104),时间复杂度为O(2123.84)。 相似文献
11.
Wei Li Author Vitae Dawu Gu Author Vitae Author Vitae Zhiqiang Liu Author Vitae Author Vitae 《Journal of Systems and Software》2010,83(5):844-851
Camellia is a 128-bit block cipher published by NTT and Mitsubishi in 2000. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the Camellia algorithm. Mathematical analysis and simulating experiments show that our attack can recover its 128-bit, 192-bit or 256-bit secret key by introducing 30 faulty ciphertexts. Thus our result in this study describes that Camellia is vulnerable to differential fault analysis. This work provides a new reference to the fault analysis of other block ciphers. 相似文献
12.
Yoo-Jin Baek 《International Journal of Information Security》2010,9(5):363-370
With the growing demand of efficient cryptosystems, their secure implementations against various side-channel attacks and
the fault attack are also requested from the practice. Several countermeasures are proposed so far, and this paper proposes
a new regular 2
w
-ary right-to-left exponentiation algorithm, which can be equipped with very efficient DPA (differential power attack) and
FA (fault attack) countermeasures. Since its regular behavior clearly prevents the simple power analysis attack, the new algorithm
gives a strong resistance to all the well-known major implementation attacks. This paper also gives a variant of the new algorithm
for securely implementing the RSA cryptosystem with CRT (Chinese Remainder Theorem). 相似文献
13.
PRESENT is a hardware-optimized 64-bit lightweight block cipher which supports 80- and 128-bit secret keys. In this paper, we propose a differential fault analysis (DFA) on PRESENT-80/128. The proposed attack is based on a 2-byte random fault model. In detail, by inducing several 2-byte random faults in input registers after 28 rounds, our attack recovers the secret key of the target algorithm. From simulation results, our attacks on PRESENT-80/128 can recover the secret key by inducing only two and three 2-byte random faults, respectively. These are superior to known DFA results on them. 相似文献
14.
对LILI-128算法对差分故障攻击的安全性进行了研究。攻击采用面向比特的故障模型, 并结合差分分析和代数分析技术, 在 LILI-128 算法LFSRd中注入随机的单比特故障, 得到关于LILI-128算法内部状态的代数方程组, 并使用Crypto MiniSAT解析器求解恢复128位初始密钥。实验结果表明, 280个单比特故障注入就可以在1 min内完全恢复LILI-128全部128位密钥。因此, LILI-128密码实现安全性易遭差分故障攻击威胁, 需要对加密设备进行故障攻击防御, 以提高LILI-128密码实现安全性。 相似文献
15.
吕继强 《计算机科学技术学报》2011,26(4):722-731
The SC2000 block cipher has a 128-bit block size and a user key of 128,192 or 256 bits,which employs a total of 6.5 rounds if a 128-bit user key is used.It is a CRYPTREC recommended e-government cipher in Japan.In this paper we address how to recover the user key from a few subkey bits of SC2000,and describe two 4.75-round differential characteristics with probability 2-126 of SC2000 and seventy-six 4.75-round differential characteristics with probability 2-127.Finally,we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key;the attack requires 2-125.68 chosen plaintexts and has a time complexity of 2 125.75 5-round SC2000 encryptions.The attack does not threat the security of the full SC2000 cipher,but it suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds. 相似文献
16.
Differential fault analysis on the ARIA algorithm 总被引:1,自引:0,他引:1
The ARIA algorithm is a Korean Standard block cipher, which is optimized for lightweight environments. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the ARIA algorithm. Mathematical analysis and simulating experiment show that our attack can recover its 128-bit secret key by introducing 45 faulty ciphertexts. Simultaneously, we also present a fault detection technique for protecting ARIA against this proposed analysis. We believe that our results in this study will also be beneficial to the analysis and protection of the same type of other iterated block ciphers. 相似文献
17.
Jongsung Kim 《Personal and Ubiquitous Computing》2013,17(7):1429-1435
The paper revisits the security of the block cipher GOST, which is suitable for the protection in U-business services due to its simple design. Inspired from the reflection-meet-in-the-middle attack on GOST, we firstly find a large portion of weak keys on the full GOST: GOST has 2128 weak keys in which key recovery attack is mounted with a data complexity of 232 known plaintexts and a time complexity of 2125.5. Secondly, we present a differential fault attack on the full GOST, which required 64 fault injections to recover the entire key. This is the first known side-channel attack on GOST. 相似文献
18.
For an n-bit random permutation, there are three types of boomerang distinguishers, denoted as Type I, II and III, with generic complexities 2n, 2n/3 and 2n/2 respectively. In this paper, we try to evaluate the security margins of three hash functions namely SHA-512, SHA-256 and DHA-256 against the boomerang attack. Firstly, we give a boomerang attack on 48-step SHA-512 with a practical complexity of 251. The correctness of this attack is verified by providing a Type III boomerang quartet. Then, we extend the existing differential characteristics of the three hash functions to more rounds. We deduce the sufficient conditions and give thorough evaluations to the security margins as follows: Type I boomerang method can attack 54-step SHA-512, 51-step SHA-256 and 46-step DHA-256 with complexities 2480, 2218 and 2236 respectively. Type II boomerang method can attack 51-step SHA-512, 49-step SHA-256 and 43-step DHA-256 with complexities 2158.50, 272.91 and 274.50 respectively. Type III boomerang method can attack 52-step SHA-512, 50-step SHA-256 and 44-step DHA-256 with complexities 2223.80, 2123.63 and 299.85 respectively. 相似文献