linear cryptanalysis of nush block cipher

IEEE Computer Society

Practical Evaluation of Security against Generalized Interpolation Attack

Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.

Linearization Method and Linear Complexity

We focus on the relationship between the linearization method and linear complexity and show that the linearization method is another effective technique for calculating linear complexity. We analyze its effectiveness by comparing with the logic circuit method. We compare the relevant conditions and necessary computational cost with those of the Berlekamp-Massey algorithm and the Games-Chan algorithm. The significant property of a linearization method is that it needs no output sequence from a pseudo-random number generator (PRNG) because it calculates linear complexity using the algebraic expression of its algorithm. When a PRNG has n [bit] stages (registers or internal states), the necessary computational cost is smaller than O(2n). On the other hand, the Berlekamp-Massey algorithm needs O(N2) where N ( 2n) denotes period. Since existing methods calculate using the output sequence, an initial value of PRNG influences a resultant value of linear complexity. Therefore, a linear complexity is generally given as an estimate value. On the other hand, a linearization method calculates from an algorithm of PRNG, it can determine the lower bound of linear complexity.

On a Certain Algebraic Property of Block Ciphers

This is a study on a certain group theoretic property of the set of encryption functions of a block cipher. We have shown how to construct a subset which has this property in a given symmetric group by a computer algebra software GAP4.2 (Groups, Algorithms, and Programming, Version 4.2). These observations on group structures of block ciphers suggest us that we may be able to set a trapdoor based on meet-in-the-middle attack on block ciphers.

分组密码检测方法与评估模型研究

分组密码在信息安全领域有着广泛的应用。密码算法标准化掀起了算法设计分析的新高潮，也使得密码算法的检测和评估成为新的研究热点。如何对分组密码进行科学合理的检测评估是一个复杂的系统工程，涉及到很多理论和技术问题。 本文对其中存在的关键问题：随机性检测项目相关性和参数选择、针对分组密码设计新的检测方法、快速检测技术以及合理实用的量化评估模型等内容进行了研究，取得了一系列的成果。这些研究成果将会促进密码算法检测分析自动化及密码评估实用化的发展，也会为密码算法标准化和密码检测标准化提供理论和技术支持。 具体而言，本文的研究成果可以总结为以下5个方面： 1) 对随机性检测项目相关性进行了研究:推导出了二元推导检测与自相关检测在参数为2k时的等价关系；提出了检测项目相关度的概念,并利用熵值法对检测项目相关度进行量化度量。该研究结果为随机性检测的项目选择提供了理论依据。 2) 对随机性检测参数选择进行了研究：首先推导出独立参数应满足的条件，以此为基础设计了一个用于检测两个参数之间依赖关系的假设检验算法。该研究结果为随机性检测的参数选择提供了一种可操作的手段。 3) 针对分组密码的特点，设计了一个新的统计检测方法。该方法以分组长度为基本单位，充分利用统计检测模型通用、自动化程度高的优势，可以一定程度上反映出分组密码抵抗积分攻击的能力。 4) 对分组密码组件检测方法的快速实现进行了研究，提出一个基于阈值过滤的S盒透明阶检测方法。该方法通过引入阈值去掉大量无效的运算，从而大幅提高了S盒透明阶的计算速度。该研究结果为大规模S盒的实用化提供了技术支持。 5) 对分组密码量化评估进行了研究，给出了一个基于模糊多准则决策的综合评估模型。其中采用隶属度函数对检测结果进行模糊化处理,能够反映出指标的连续、渐变特点,有效解决了单纯的阈值方法造成的评估信息丢失问题，也为量化评估提供了基础。该评估模型为分组密码的综合评估提供了新思路。

impossible differential cryptanalysis of reduced-round aria and camellia

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.

分组密码工作模式的研究现状

分组密码工作模式是利用分组密码解决实际问题的密码方案．好的工作模式可以弥补分组密码的某些缺憾；相反，不好的工作模式可能带来安全隐患．工作模式的研究始终伴随着分组密码的研究历史，新的分组密码标准的推出，都会伴随着相应工作模式的研究．从针对DES的ECB、CBC、CFB和OFB，到针对AES的CTR、CCM、CMAC、GCM和AESKW，作者以各种模式标准为主线，介绍分组密码工作模式的设计理念、安全模型、二十多年的研究成果以及发展现状．

基于复合离散混沌动力系统的序列密码算法

利用复合离散混沌系统的特性,提出了两个基于复合离散混沌系统的序列密码算法.算法的加密和解密过程都是同一个复合离散混沌系统的迭代过程,取迭代的初始状态作为密钥,以明文序列作为复合系统的复合序列,它决定了迭代过程中迭代函数的选择(或明文与密钥),然后将迭代轨迹粗粒化后作为密文.由于迭代对初始条件的敏感性和迭代函数选择的随机性,密钥、明文与密文之间形成了复杂而敏感的非线性关系,而且密文和明文的相关度也很小,从而可以有效地防止密文对密钥和明文信息的泄露.复合离散混沌系统均匀的不变分布还使密文具有很好的随机特性.经分析表明,系统具有很高的安全性.

基于模糊评价的分组密码随机性评估模型

检测评估是研究密码算法安全性的重要技术手段.随机特性是其中重要而实用的测评内容.针对密码算法的随机性,已有多种不同的检测方法,但是对繁杂的随机性检测结果,尚不存在一个完整实用的量化评估体系和模型.选择分组密码为实例,研究了对密码算法随机性的量化评估.根据分组密码的设计准则,提出一个分组密码随机性的评估指标体系,以模糊多准则决策为基础给出了一个实用的分组密码随机性评估模型.该模型采用模糊数学中的隶属度函数方法,对随机性检测结果进行模糊化处理,能够反映出随机性的连续和渐变特点,有效解决了单纯的阈值方法造成的评估信息丢失问题.该模型的优点是实现了对分组密码随机性的量化评估,为密码算法的综合评估提供基础.同时,给出了对单个指标和属性的通用的评估流程,因此,该模型也可稍加修改和扩展,应用于其他类型密码算法的随机性评估中.

SERPENT和SAFER密码算法的能量攻击

SERPENT和SAFER是AES的两个候选算法 ,本文使用能量攻击方法对它们进行了深入分析 ,结果表明 :对于 2 5 6、192和 12 8比特密钥的SERPENT算法 ,能量攻击平均需分别进行 2 159、2 119和 2 79次试验 .虽然所需的试验次数实际没法达到 ,但是此攻击方法大大地降低了SERPENT的密钥规模 ,并且发现对于能量攻击 ,SERPENT有许多弱密钥 .经过深入分析和穷尽搜索可知 :能量攻击可以获取SAFER的种子密钥 .文中还给出了两种抵抗能量攻击的SER PENT的改进密钥方案以及设计密钥方案时需注意的问题 .