124 resultados para block ciphers
em Chinese Academy of Sciences Institutional Repositories Grid Portal
Resumo:
This is a study on a certain group theoretic property of the set of encryption functions of a block cipher. We have shown how to construct a subset which has this property in a given symmetric group by a computer algebra software GAP4.2 (Groups, Algorithms, and Programming, Version 4.2). These observations on group structures of block ciphers suggest us that we may be able to set a trapdoor based on meet-in-the-middle attack on block ciphers.
Resumo:
分组密码作为现代密码学的一个重要组成部分,是目前最重要和流行的一种数据加密技术,有着非常广泛的应用。此外,近年来分组密码或其组件还经常作为基础模块用于构造Hash函数,MAC算法等。因此对分组密码安全性的分析以及设计安全高效的分组密码算法,在理论研究及实际应用中都有着非常重要的意义。本文的研究内容主要包括两个方面:对现有常用分组密码的安全性分析,以及分组密码及其组件的设计。这两个方面是密不可分,相互融合的。通常都是利用算法存在的弱点或算法设计特点,提出新的密码分析算法。而在算法设计过程中,正是从密码分析获取经验,掌握设计算法的技巧和避免可能存在的缺陷。 本文首先对分组密码分析方法作了大量的调查和研究,在此基础上分析了一些国内外常用和有影响的分组密码,得到了一系列有价值的分析结果。并在密码分析工作的经验基础上,结合现有密码设计理论,在分组密码及其组件的设计方面做了比较深入的研究。本文的主要成果包括: (1) DES算法的分析。DES算法是迄今最重要的分组密码算法之一,目前在一些金融领域,DES和Triple-DES仍被广泛使用着。本文考察了DES算法针对Boomerang攻击和Rectangle攻击的安全性。通过利用DES算法各轮的最优差分路径及其概率,分别给出了这两种攻击方法对DES的攻击算法。 (2) Rijndael算法的分析。Rijndael算法是高级加密标准AES的原型。本文针对大分组Rijndael算法的各个不同版本,利用算法行移位和列混淆变换的一些密码特性,改进了原有的不可能差分攻击结果,极大的降低了攻击的数据和时间复杂度。同时还分别构造了一些新的更长轮的不可能差分路径,利用这些路径给出了一系列对大分组Rijndael算法的改进的不可能差分攻击,这些结果是目前已知的对该算法的最好攻击结果。 (3) SMS4算法的分析。SMS4算法是中国公布的用于无线局域网产品保护的算法。本文首先构造了SMS4算法的一类5轮循环差分特征,利用该特征分别给出了对16轮SMS4算法的矩阵攻击和对21轮SMS4算法的差分分析。随后考察了SMS4算法抵抗差分故障攻击的能力,基于字节故障模型,结合实验指出需要32次故障诱导来恢复全部密钥。后续的工作又进一步将结果改进为只需要进行一次故障诱导再结合2^{44}次密钥搜索即可恢复全部密钥。 (4) CLEFIA密码算法的分析。CLEFIA算法是索尼公司于2007年提出的用于产品版权保护和认证的分组密码算法。针对CLEFIA算法,本文构造了一条概率为1的5轮截断差分特征,再结合其扩散矩阵的密码特性构造了一条3轮线性逼近。随后利用这两条路径组成的8轮差分-线性区分器,给出了对10轮CLEFIA算法的有效的差分-线性攻击。 (5) 分组密码结构的设计及其应用。本文提出了两种新的分组密码结构,并指出了其与原有结构相比的优势,同时分别评估了这两种结构针对差分分析和线性分析等常用密码分析方法的安全性。基于这两个密码结构,结合部分密码组件的设计和测试工作,本文还完成了两个分组密码算法的概要设计,并简要评估了它们的实现效率及针对现有的几种主要密码分析方法的安全性。
Resumo:
This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.
Resumo:
自相关检测是一种用以检测一个长度为n的二元序列与其左移d位后序列的关联程度的随机性检测算法.d的选择范围很大,对所有参数逐一进行检测不现实,需要研究检测参数之间的关系.定义了检测参数之间可能存在的3种关系,以分组长度为m的分组密码随机性检测为对象,综合考虑分组密码和自相关检测的特点,利用统计实验研究了自相关检测参数子集D={1,2,m/4,m/2,3m/4,m,2m}中参数的关系.研究结果表明,对分组密码进行自相关检测时,检测参数应该首选d=m.该方法和结果为研究其他类型密码算法的随机性检测参数选择提供了新思路.
Resumo:
统计检测在分组密码安全性评估的过程中发挥着重要的作用,许多密码标准组织纷纷把对分组密码的统计检测作为评估过程中的重要环节来实施.文中提出了一种有效、实用的统计检测方法,该统计检测方法以分组长度为统计单位,将一个分组的某一字节取遍所有的值而其它字节固定不变,经过密码变换后,将256个输出值进行异或,通过检测输出异或值每一位为0(或1)的概率是否为1/2来判断分组密码是否随机.该检测方法可以一定程度地反映出分组密码抵抗积分攻击的能力.与此同时,基于推广的积分攻击方法,文中在已有方法的基础上提出了更一般的统计检测方法.另外,文中分别对Rijndael算法、Camellia算法和SMS4算法进行了统计检测,这3种算法分别从第4轮、第5轮和第7轮开始呈现出良好的统计性能.
Resumo:
消息认证码(Message Authentication Codes,MACs)是保证消息完整性的重要工具.Bellare等人提出了称为XOR-MAC的消息认证码,界定了攻击者成功伪造的概率,从而证明了其安全性,但是他们给出的证明方法较为复杂.本文使用Game-Playing技术采用新的安全性定义证明了XOR-MAC的安全性,证明方法简单明了;在底层所使用的分组密码是伪随机置换的假设下,量化了该消息认证码与随机函数之间区分的概率.
Resumo:
提出了一个基于分组密码的hash函数体制,它的rate小于1但却具有更高的效率,同时,这个hash函数可以使用不安全的压缩函数进行构造,降低了对压缩函数安全性的要求.首先,在黑盒子模型下对这个新的体制的安全性进行了证明,然后给出了能够用于构造该体制的使用分组密码构造的压缩函数,最后通过实验对比发现,新hash函数的速度比rate为1的hash函数快得多.实验结果表明,除了rate以外,密钥编排也是影响基于分组密码hash函数效率的重要因素,甚至比rate影响更大.该体制只有两个密钥,不需要进行大量的密钥扩展运算,大大提高了基于分组密码hash函数的效率,而且该体制可以使用现有的分组密码来构造.
Resumo:
评估了一类基于混沌函数的分组密码(generalized Feistel structure,简称GFS)抵抗差分密码分析和线性密码分析的能力,如果轮函数是双射且它的最大差分特征概率和线性逼近概率分别是p和q,则r轮GFS的最大差分特征和线性逼近的概率分别以p^r-1和q^r-1为其上界。
Resumo:
This paper studies the stability of jointed rock slopes by using our improved three-dimensional discrete element methods (DEM) and physical modeling. Results show that the DEM can simulate all failure modes of rock slopes with different joint configurations. The stress in each rock block is not homogeneous and blocks rotate in failure development. Failure modes depend on the configuration of joints. Toppling failure is observed for the slope with straight joints and sliding failure is observed for the slope with staged joints. The DEM results are also compared with those of limit equilibrium method (LEM). Without considering the joints in rock masses, the LEM predicts much higher factor of safety than physical modeling and DEM. The failure mode and factor of safety predicted by the DEM are in good agreement with laboratory tests for any jointed rock slope.
Resumo:
The influence of two secondary effects, rotatory inertia and presence of a crack, on the dynamic plastic shear failure of a cantilever with an attached mass block at its tip subjected to impulsive loading is investigated. It is illustrated that the consideration of the rotatory inertia of the cantilever and the presence of a crack at the upper root of the beam both increase the initial kinetic energy of the block required to cause shear failure at the interface between the beam tip and the tip mass, where the initial velocity has discontinuity Therefore, the influence of these two secondary effects on the dynamic shear failure is not negligible.
Resumo:
A parallel strategy for solving multidimensional tridiagonal equations is investigated in this paper. We present in detail an improved version of single parallel partition (SPP) algorithm in conjunction with message vectorization, which aggregates several communication messages into one to reduce the communication cost. We show the resulting block SPP can achieve good speedup for a wide range of message vector length (MVL), especially when the number of grid points in the divided direction is large. Instead of only using the largest possible MVL, we adopt numerical tests and modeling analysis to determine an optimal MVL so that significant improvement in speedup can be obtained.
Resumo:
It has long been recognized that many direct parallel tridiagonal solvers are only efficient for solving a single tridiagonal equation of large sizes, and they become inefficient when naively used in a three-dimensional ADI solver. In order to improve the parallel efficiency of an ADI solver using a direct parallel solver, we implement the single parallel partition (SPP) algorithm in conjunction with message vectorization, which aggregates several communication messages into one to reduce the communication costs. The measured performances show that the longest allowable message vector length (MVL) is not necessarily the best choice. To understand this observation and optimize the performance, we propose an improved model that takes the cache effect into consideration. The optimal MVL for achieving the best performance is shown to depend on number of processors and grid sizes. Similar dependence of the optimal MVL is also found for the popular block pipelined method.
Resumo:
Identification of conserved genomic regions within and between different genomes is crucial when studying genome evolution. Here, we described regions of strong synteny conservation between vertebrate deuterostomes (tetrapods and teleosts) and invertebrat
Resumo:
It is known that the diagonal-Schur complements of strictly diagonally dominant matrices are strictly diagonally dominant matrices [J.Z. Liu, Y.Q. Huang, Some properties on Schur complements of H-matrices and diagonally dominant matrices, Linear Algebra Appl. 389 (2004) 365-380], and the same is true for nonsingular H-matrices [J.Z. Liu, J.C. Li, Z.T. Huang, X. Kong, Some properties of Schur complements and diagonal-Schur complements of diagonally dominant matrices, Linear Algebra Appl. 428 (2008) 1009-1030]. In this paper, we research the properties on diagonal-Schur complements of block diagonally dominant matrices and prove that the diagonal-Schur complements of block strictly diagonally dominant matrices are block strictly diagonally dominant matrices, and the same holds for generalized block strictly diagonally dominant matrices. (C) 2010 Elsevier Inc. All rights reserved.
