A related-key boomerang distinguishing attack of Threefish-256

The block cipher Threefish is the main component of Skein, which is based on ARX. Based on the efficient algorithms for calculating the differential of modular addition, we extend local collisions of Threefish-256 to more round by using related-key differential of addition in this paper. A related-key boomerang distinguish attack is proposed on 31-round Threefish-256 with a time complexity of 2²³⁴.     

约减轮的MIBS算法的差分分析

密码算法MIBS是Maryam Izadi等人在CANS2009上提出的一个轻量级分组算法。它适用于RFID等对计算资源有严格限制的环境。给出了4轮差分特征最大概率为2-12,并给出其r(8≤r≤12)轮的差分特征。攻击13轮的MIBS算法,成功的概率是0.99,选择262对明文对,时间复杂度为225次加密运算,建立216字节的计数器表。     

改进的44轮SHACAL-2的相关密钥攻击

采用相关密钥的三明治矩形攻击,改进了44轮SHACAL-2的相关密钥攻击,利用模减差分和异或差分的混合表示方式以及采用差分集合代替单个差分提高差分路线的概率,构造的35轮相关密钥三明治矩形区分器的概率为2-430。利用该区分器给出了相关密钥情况下44轮SHACAL-2的密钥恢复攻击,复杂度为2217个选择明文,2476.92次44轮SHACAL-2加密,2222字节存储。     

11-Round impossible differential algebraic attack for serpent encryption algorithm

This paper explored algebraic features of nonlinear parts in Serpent encryption algorithm and offered an 11-round Serpent-128 impossible differential algebraic attack through utilizing the method in constructing S-box algebraic equations. The new method analyzed block 11-round Serpent with 2¹²⁷ selected plaintexts and 2¹²⁹ bytes memory space at the same time of giving a new design principle of S-box anti-algebraic attack.     

SHA-0-MAC的部分密钥恢复攻击

提出了SHA-0-MAC的部分密钥恢复攻击,这是首个对SHA-0-MAC的密钥恢复攻击。SHA-0-MAC是基于SHA-0的MDx-MAC,由Preneel等人于1995年在美密会提出,其包含3个160比特子密钥K0,K1,K2。基于Bi-ham等给出的伪碰撞路线,结合王小云等提出的MD5-MAC部分密钥恢复的思想,对SHA-0-MAC恢复子密钥K1的128比特,推出该路线成立的充分条件.在此基础上利用Contini的部分密钥恢复技术恢复160比特的子密钥K0,总的复杂度约为2125.58次MAC询问。     

Linear-Differential Cryptanalysis for SPN Cipher Structure and AES

0 Introduction Substitution and permutation network (SPN) structure is one of the most widely used structures in block ciphers. The SPN structure is based on Shannon’s principles of confusion and diffusion[1] and these principles are implemented through …     

Sandwich-Boomerang attack on reduced round CLEFIA

CLEFIA （ named after the French word ＂Clef＂ meaning ＂Key＂ ） is an efficient, highly secure block cipher proposed by SONY Corporation in the 14th International Workshop on Fast Software En- cryption （ FSE-2007 ） and many cryptanalyses have been used to analyze it. According to the proper- ty of CLEFIA, a new technique Sandwich-Boomerang cryptanalysis is used on it. An 8-round Sand- wich-Boomerang distinguisher of CLEFIA is constructed using the best differential characteristic of CLEFIA. And then, based on the distinguisher, an attack against 10-round CLEFIA is proposed. The number of chosen plaintexts required is 2^119（or 2^120） and the time complexity is 2^120（or 2^121）. Compared with a 7-round impossible Boomerang distinguisher presented by Choy in the 4th Interna- tional Workshop on Security （IWSEC-2009） , the differential characteristics used in the attack are all the best ones, so it is believed that the attack is the best result that the Boomerang attacks can get on CLEFIA at present.     

A New Method for Impossible Differential Cryptanalysis of 8-Round Advanced Encryption Standard

This paper first presents an impossible differential property for 5-round Advanced Encryption Standard （AES） with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2^121 words of memory, and performs 2^148 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2^153 words of memory, and performs 2^180 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 2^98 chosen plaintexts for this attack, and have the same probability that is only 2^-3 to fail to recover the secret key.     

对5轮IDEA算法的两种攻击

利用IDEA密钥扩展算法的线性特点,结合IDEA算法的性质提出了两种对5轮IDEA算法的攻击。第 1 种攻击采用相关密钥的思想,计算复杂度约为2^70.5 次加密5 轮IDEA 算法;第2⁷种攻击利用密钥特点, 攻击5轮仅需要27个选择明文, 计算复杂度约为2¹²⁰ 次加密 5 轮 IDEA 算法。     

对10轮AES-128的中间相遇攻击

给出了AES-128相邻两轮的轮密钥之间的一个线性关系。通过将这一关系与Hüseyin Demirci和Ali Aydın Selçuk在2008年提出的一个5轮AES区分器相结合,构造了一个8轮AES区分器。在这个8轮AES区分器的基础上,设计了一个对10轮AES-128的中间相遇攻击方案。这一方案在预计算阶段可以节省相当大的存储空间。     

22-轮SMS4的差分分析

SMS4是中国官方公布的第一个商用分组密码标准,使用差分方法分析了18轮的SMS4差分特征,并在此基础上攻击了22-轮的SMS4,攻击过程需要2117个选择明文,2112字节的存储空间,而时间复杂度为2123次22-轮加密。此结果是目前对SMS4差分分析的最好结果。     

Key-Recovery Attacks on LED-Like Block Ciphers

Asymmetric cryptographic schemes, represented by RSA, have been shown to be insecure under quantum computing conditions. Correspondingly, there is a need to study whether the symmetric cryptosystem can still guarantee high security with the advent of quantum computers. In this paper, based on the basic principles of classical slide attacks and Simon's algorithm, we take LED-like lightweight block ciphers as research objects to present a security analysis under both classical and quantum attacks, fully considering the influence on the security of the ciphers of adding the round constants. By analyzing the information leakage of round constants, we can introduce the differential of the round constants to propose a classical slide attack on full-round LED-64 with a probability of 1. The analysis result shows that LED-64 is unable to resist this kind of classical slide attack, but that attack method is not applicable to LED-128. As for quantum attacks, by improving on existing quantum attack methods we demonstrate a quantum single-key slide attack on LED-64 and a quantum related-key attack on LED-128, and indicators of the two attack algorithms are analyzed in detail. The attack results show that adding round constants does not completely improve the security of the ciphers, and quantum attacks can provide an exponential speed-up over the same attacks in the classical model. It further illustrates that the block cipher that is proved to be safe under classical settings is not necessarily secure under quantum conditions.     

AES的插值攻击方法

由Jakobsen和Knudsen提出的插值攻击, 是对具有简单代数函数作为S盒的分组密码十分有效的一种密码分析方法. 本文分析了AES(Advanced Encryption Standard)算法中的代数表达式, 得出三轮AES加密后的明密文代数表达式具有次数较低(低于255次）的特点. 由于此特点, 通过拉格郎日插值公式, 利用255个函数值可唯一地求出254次多项式的表示, 把插值攻击应用到了低轮AES的密码分析中, 并给出了相应的结论及证明. 利用此攻击方法, 通过选取256对明密文, 即可还原4轮AES的密钥, 利用2048对明密文, 可成功地破译5轮AES密码, 并可把此攻击扩展到6轮的AES密码.     

基于安全多播的大规模VSS协议优化

 可验证秘密共享(verifiable secret sharing,VSS)是一类重要的广义安全多方计算协议,轮复杂性和通信复杂性是其重要的复杂性度量.一些标准模型下的常数轮VSS协议在理论上具有较高的效率,但标准模型对秘密信道和广播信道的要求使得这些协议在现实网络中不具有实用性.安全群组通信对安全多方计算协议的安全性和性能有着重要影响,因此提出了安全多播与安全多方计算结合的体系结构——SMPC over SM.设计了两层分散式大规模安全多播组密钥管理方案,新方案所有组成员共享组密钥,在密钥更新过程中使用多播技术,使其达到了常数级的通信复杂性,并具有较好的可扩展性和容错性.基于上述体系结构SMPC over SM和组密钥管理方案,对Katz所提出的标准模型下常数轮VSS协议予以优化,继承了原协议最优轮复杂性优点,同时将其通信复杂性由O(n³)降低为O(n²),节点的处理延迟降低为原来的1/n.     

六轮DES截断差分攻击算法的改进与实现

对分组密码进行截断差分攻击时,部分S盒会产生很多组子密码候选值,导致暴力攻击剩余密钥位时消耗大量时间.本文详细分析了截断差分算法中出现多组密钥候选值的原因,并分析了其出现的概率.提出两种改进截断差分攻击方案,减少候选子密码的数量并提高了攻击效率.第1种方法基于各轮S盒子密钥的非独立性,利用轮密钥在初始密钥中的重复位得到最终的候选值,最终筛选出只有一组候选值的概率达到40%左右.第2种方法将计算得到的8个S盒的所有6比特候选子密钥进行计数,选取出现频率最高的密钥,最终使48比特的候选密码个数缩减为一个.通过对六轮DES密码算法攻击的实验数据分析得知:第2种方法能够恢复出唯一的48比特子密码.     

先进的教育理念是全科型小学教师素质培养的关键

本文从马克思对人的自由本质的尊重和人的全面发展的期望出发,确立起全科型小学教师的教育理念,并从复杂性、相对稳定性、实践性等方面概括了全科型小学教师教育理念的特征.在此基础上,重点探讨了教育理念的结构——教育的观念系统：教育本质观、教育价值观、教育实践观和教育质量观.指出了先进的教育理念是全科型小学教师专业素质培养的关键.     

基于Feistel结构的分组密码算法Eslice

一族安全性较高的分组密码算法Eslice,包含3个版本:Eslice-64-64,分组长度和密钥长度均为64比特;Eslice-64-128,分组长度为64比特,密钥长度为128比特;Eslice-128-128,分组长度和密钥长度均为128比特。Eslice的设计灵感源于LBlock。整体采用Feistel结构,轮函数采用SP结构,所选取的S盒其各项密码性质均达到最优。线性变换仅有循环移位和异或两种操作,且密钥生成算法与加密算法使用相同的S盒。进一步,分析Eslice针对差分、线性、积分等密码分析方法的安全性,利用基于混合整数线性规划(MILP)的搜索模型,得到20轮的最小活跃S盒的个数为41个,比LBlock 20轮的最小活跃S盒的个数少3个,通过活跃S盒的个数估算差分概率和线性偏差,对算法进行安全性评估。结果表明,Eslice算法可以有效的抵抗差分攻击和线性攻击。     

An algorithm for the spectral immunity of binary sequence with period 2<Superscript><Emphasis Type="Italic">n</Emphasis></Superscript>

To resist the fast algebraic attack and fast selective discrete Fourier transform attacks, spectral immunity of a sequence or a Boolean function was proposed. At the same time, an algorithm to compute the spectral immunity of the binary sequence with odd period N was presented, here N is a factor of 2 ⁿ ? 1, where n is an integer. The case is more complicated when the period is even. In this paper, we compute linear complexity of every orthogonal sequence of a given sequence using Chan-Games algorithm and k - error linear complexity algorithm. Then, an algorithm for spectral immunity of binary sequence with period N = 2 ⁿ is obtained. Furthermore, the time complexity of this algorithm is proved to be O(n).     

Fault-propagate pattern based DFA on PRESENT and PRINTcipher

This article proposes an enhanced differential fault analysis(DFA) method named as fault-propagation pattern-based DFA(FPP-DFA).The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path.It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation,which is applied to two block ciphers.The first is PRESENT with the substitution permutation sequence.With the fault model of injecting one nibble fault into the r-2nd round,on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 214.7 and 221.1,respectively.The second is PRINTcipher with the permutation substitution sequence.For the first time,it shows that although the permutation of PRINTcipher is secret key dependent,FPP-DFA still works well on it.With the fault model of injecting one nibble fault into the r-2nd round,12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 213.7 and 222.8,respectively.     

基于可逆Hash函数的DES型超伪随机置换的新构造

为优化Luby和Rackoff给出的DES型置换的构造,给出4-轮DES型超伪随机置换的构造ψ（h,f,f,h^-1）,指出首末两轮双对称ε-△-通用可逆Hash函数和中间两轮DES-型随机置换的组合构造是超伪随机置换．构造降低了对首末轮函数的要求,提高了DES型超伪随机置换在运算和密钥使用方面的效率．