改进的44轮SHACAL-2的相关密钥攻击

采用相关密钥的三明治矩形攻击,改进了44轮SHACAL-2的相关密钥攻击,利用模减差分和异或差分的混合表示方式以及采用差分集合代替单个差分提高差分路线的概率,构造的35轮相关密钥三明治矩形区分器的概率为2-430。利用该区分器给出了相关密钥情况下44轮SHACAL-2的密钥恢复攻击,复杂度为2217个选择明文,2476.92次44轮SHACAL-2加密,2222字节存储。     

一种AES S 盒改进方案的设计

S盒作为AES算法惟一的非线性运算,直接决定算法的性能。针对S盒的仿射变换对周期为4,迭代输出周期不大于88,而且代数表达式只有9项的缺陷提出了改进方案,并构造新的S盒。该改进S盒具有周期16仿射变换对,迭代输出周期为256,而且S盒和逆S盒代数表达式项数分别达到252项和254项。将改进的S盒与AES的S盒在平衡性、严格雪崩准则、非线性度等10种代数性质方面进行比较,结果表明改进S盒具有更好的代数性质,抗代数攻击的能力更强。     

Improved differential attack on 30-round SIMON64

In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 2⁸⁶ lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 2^86.2 (2^118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 2^63.3 and 2⁹⁰ bytes, respectively.     

Linear-Differential Cryptanalysis for SPN Cipher Structure and AES

0 Introduction Substitution and permutation network (SPN) structure is one of the most widely used structures in block ciphers. The SPN structure is based on Shannon’s principles of confusion and diffusion[1] and these principles are implemented through …     

AES的插值攻击方法

由Jakobsen和Knudsen提出的插值攻击, 是对具有简单代数函数作为S盒的分组密码十分有效的一种密码分析方法. 本文分析了AES(Advanced Encryption Standard)算法中的代数表达式, 得出三轮AES加密后的明密文代数表达式具有次数较低(低于255次）的特点. 由于此特点, 通过拉格郎日插值公式, 利用255个函数值可唯一地求出254次多项式的表示, 把插值攻击应用到了低轮AES的密码分析中, 并给出了相应的结论及证明. 利用此攻击方法, 通过选取256对明密文, 即可还原4轮AES的密钥, 利用2048对明密文, 可成功地破译5轮AES密码, 并可把此攻击扩展到6轮的AES密码.     

一类S盒生成矩阵的共轭等价

由于S盒具有严格的代数结构成为了对RIJNDAEL算法进行代数攻击的突破口,对RIJNDAEL算法中的S盒的性质做了深入研究,发现在30个GF(2^8)剩余类域中,采用不同的仿射变换矩阵,RIJNDAEL的S盒(按共轭等价划分)共有240种生成方法．文中给出了一种易于实现的仿射变换矩阵求取方法．这些能产生等价S盒的矩阵的发现,很可能有助于代数攻击法的实施．     

S盒的二次方程及一个新的设计准则

S盒是许多分组密码算法中唯一的非线性部件, 因此它的密码强度决定了整个密码算法的安全强度. 本文从理论上分析S盒中二次方程的存在条件, 证明了AES(Advanced Encryption Standard)密码的S盒在有限域GF(256)上存在55个线性无关的二次方程, 并第一次给出了GF(256)上的这些二次方程. 这些方程可能被用于一些代数攻击中, 如XSL(eXtended Sparse Linearization)攻击. 为了防止利用这些二次方程进行的代数攻击, 本文提出一个新的S盒设计准则.     

A New Method for Impossible Differential Cryptanalysis of 8-Round Advanced Encryption Standard

This paper first presents an impossible differential property for 5-round Advanced Encryption Standard （AES） with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2^121 words of memory, and performs 2^148 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2^153 words of memory, and performs 2^180 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 2^98 chosen plaintexts for this attack, and have the same probability that is only 2^-3 to fail to recover the secret key.     

针对LBlock的代数攻击的研究

本文主要介绍了运用代数分析方法分析LBlock。采用MiniSAT作为攻击过程中的求解工具，对LBlock加密进行实际攻击，可以在90 min内恢复7轮加密的所有密钥。     

A related-key boomerang distinguishing attack of Threefish-256

The block cipher Threefish is the main component of Skein, which is based on ARX. Based on the efficient algorithms for calculating the differential of modular addition, we extend local collisions of Threefish-256 to more round by using related-key differential of addition in this paper. A related-key boomerang distinguish attack is proposed on 31-round Threefish-256 with a time complexity of 2²³⁴.     

约减轮的MIBS算法的差分分析

密码算法MIBS是Maryam Izadi等人在CANS2009上提出的一个轻量级分组算法。它适用于RFID等对计算资源有严格限制的环境。给出了4轮差分特征最大概率为2-12,并给出其r(8≤r≤12)轮的差分特征。攻击13轮的MIBS算法,成功的概率是0.99,选择262对明文对,时间复杂度为225次加密运算,建立216字节的计数器表。     

22-轮SMS4的差分分析

SMS4是中国官方公布的第一个商用分组密码标准,使用差分方法分析了18轮的SMS4差分特征,并在此基础上攻击了22-轮的SMS4,攻击过程需要2117个选择明文,2112字节的存储空间,而时间复杂度为2123次22-轮加密。此结果是目前对SMS4差分分析的最好结果。     

AES、RSA算法优化及其混合算法

研究目前对称及不对称加密算法AES和RSA,并通过增加一轮仿射变换对AES的S盒进行改进,将改进S盒与原S盒进行比较,实验结果表明改进S盒具有更好的性质。RSA方面,改进Rabin-Miller测试加速素数的生成,然后利用SMM和中国剩余定理对解密过程进行优化。在此基础上,结合AES和RSA的优点,提出了既方便管理密钥又确保加解密效率的混合加密策略,以满足对安全的需求。     

Sandwich-Boomerang attack on reduced round CLEFIA

CLEFIA （ named after the French word ＂Clef＂ meaning ＂Key＂ ） is an efficient, highly secure block cipher proposed by SONY Corporation in the 14th International Workshop on Fast Software En- cryption （ FSE-2007 ） and many cryptanalyses have been used to analyze it. According to the proper- ty of CLEFIA, a new technique Sandwich-Boomerang cryptanalysis is used on it. An 8-round Sand- wich-Boomerang distinguisher of CLEFIA is constructed using the best differential characteristic of CLEFIA. And then, based on the distinguisher, an attack against 10-round CLEFIA is proposed. The number of chosen plaintexts required is 2^119（or 2^120） and the time complexity is 2^120（or 2^121）. Compared with a 7-round impossible Boomerang distinguisher presented by Choy in the 4th Interna- tional Workshop on Security （IWSEC-2009） , the differential characteristics used in the attack are all the best ones, so it is believed that the attack is the best result that the Boomerang attacks can get on CLEFIA at present.     

对5轮IDEA算法的两种攻击

利用IDEA密钥扩展算法的线性特点,结合IDEA算法的性质提出了两种对5轮IDEA算法的攻击。第 1 种攻击采用相关密钥的思想,计算复杂度约为2^70.5 次加密5 轮IDEA 算法;第2⁷种攻击利用密钥特点, 攻击5轮仅需要27个选择明文, 计算复杂度约为2¹²⁰ 次加密 5 轮 IDEA 算法。     

对10轮AES-128的中间相遇攻击

给出了AES-128相邻两轮的轮密钥之间的一个线性关系。通过将这一关系与Hüseyin Demirci和Ali Aydın Selçuk在2008年提出的一个5轮AES区分器相结合,构造了一个8轮AES区分器。在这个8轮AES区分器的基础上,设计了一个对10轮AES-128的中间相遇攻击方案。这一方案在预计算阶段可以节省相当大的存储空间。     

An algorithm for the spectral immunity of binary sequence with period 2<Superscript><Emphasis Type="Italic">n</Emphasis></Superscript>

To resist the fast algebraic attack and fast selective discrete Fourier transform attacks, spectral immunity of a sequence or a Boolean function was proposed. At the same time, an algorithm to compute the spectral immunity of the binary sequence with odd period N was presented, here N is a factor of 2 ⁿ ? 1, where n is an integer. The case is more complicated when the period is even. In this paper, we compute linear complexity of every orthogonal sequence of a given sequence using Chan-Games algorithm and k - error linear complexity algorithm. Then, an algorithm for spectral immunity of binary sequence with period N = 2 ⁿ is obtained. Furthermore, the time complexity of this algorithm is proved to be O(n).     

一种检测S盒能量信息泄漏的t检验方法

提升t检验对分组密码能量信息泄漏的检测效率.介绍了t检验检测能量信息泄漏的基本步骤,通过布尔函数Walsh谱对S盒的非线性性质进行了研究,引入透明阶的概念并推导了其与非线性度的关系式,进而明确了S盒输出位的非线性度与能量信息泄漏情况之间的关系.提出了一种对S盒输出位实施t检验的顺序进行确定的方法:按照S盒输出位非线性度由大到小的顺序依次进行检验.以DES加密算法第一轮S盒为例进行了验证,结果表明该方法能有效提升t检验对能量信息泄漏的检测效率.      

Integral Points on a Class of Elliptic Curve

0 IntroductionZasegairerc[h1]fodre sbcirgibientde gsreavle rpaolin tmse tohnocdsert waihnicehlli ppetircm citur ovnese btyogiving the upper bound of solution. Unfortunately,this upperbound was verylarge andsometi mes beyondthe range of com-puter searching.For a particular elliptic curvey2=x3-30x+133(1)he mentioned he can find all integral points and the largestpoint is (x,y) =(5 143 326 ,±11 664 498 677) by using Mas-ser and W櫣stholz bounds on elliptic logarithms .Although recent results on…     

高维空间中代数流形上多项式空间的维数与Lagrange插值适定结点组的构造

研究高维空间中代数流形上多项式空间的Lagrange插值问题. 给出了n维空间中s(1≤s≤n)个代数超曲面充分相交的概念, 证明了n元m次多项式空间P⁽ⁿ⁾_m在充分相交的代数流形S=s(f₁,…, f_s)（f₁(X)=0,…, fs(X)=0表示s个代数超曲面）上的维数, 并利用倒差分算子给出一个方便计算的表达式; 构造了沿代数流形上插值适定结点组的叠加插值法; 证明了在充分相交的代数流形上任意次插值适定结点组的存在性; 给出代数流形上插值适定结点组的性质和判定条件.