SMS4密码算法的差分故障攻击

SMS4是用于WAPI的分组密码算法,是国内官方公布的第一个商用密码算法.由于公布时间不长,关于它的安全性研究尚没有公开结果发表.该文研究SMS4密码算法对差分故障攻击的安全性.攻击采用面向字节的随机故障模型,并且结合了差分分析技术.该攻击方法理论上仅需要32个错误密文就可以完全恢复出SMS4的128比特种子密钥.因为实际中故障发生的字节位置是不可能完全平均的,所以实际攻击所需错误密文数将略大于理论值;文中的实验结果也验证了这一事实,恢复SMS4的128bit种子密钥平均大约需要47个错误密文.文章结果显示SMS4对差分故障攻击是脆弱的.为了避免这类攻击,建议用户对加密设备进行保护,阻止攻击者对其进行故障诱导.

面向Feistel密码的基于故障传播模式的差分故障分析

密码算法是信息安全研究的核心内容之一，其实际安全性不仅依赖于密码自身的数学特性，也依赖于具体的实现特性。基于实现的密码分析是一种有别于传统密码分析的新型密码分析方法，它利用算法实现时的信息泄露来恢复秘密信息。差分故障分析(Differential Fault Analysis，简称DFA)就是这样一类重要的密码分析方法。 现代密码学中，密码设计通常基于混淆和扩散这两大基本原则。对于一个分组密码而言，选择一个合适的轮函数并进行若干次迭代可以提供必要的混淆和扩散。因此，目前流行的分组密码均为迭代型密码，所采用的典型结构包括Feistel结构、SPN结构和广义Feistel结构等。这些密码结构及其所采用的基础密码组件(例如，S盒和P置换等)的性质，完全决定了故障在传播过程中所呈现的一些模式。直观上，这种内在特征可以用于挖掘DFA攻击和密码结构之间的关系。因此，完全可能利用这种特征来建立一种面向密码结构的系统化DFA攻击方法。 本文主要研究面向Feistel密码的差分故障分析方法，并探讨这类分析方法与已有可证明安全性理论分析结论之间的关系。为此，引入了故障传播路径(Fault Propagation Path，简称FPPath)和故障传播模式(Fault Propagation Pattern，简称FPPattern)的概念，给出了适用于Feistel结构的 FPPath 和 FPPattern 计算方法，建立了与已有可证明安全性理论结果之间的关系。在此基础上，提出了一种面向Feistel密码的基于故障传播模式的 系统化差分故障分析方法。使用该方法，可编程实现FPPath和FPPattern的自动计算，这将有助于针对Feistel密码的自动化DFA攻击的实施。这种情形下，可将FPPath的长度视作评估DFA攻击有效性的一种度量指标。此外，该系统化方法的必然结果是攻击性能的显著提高：不但攻击轮数有所减少，而且故障植入点数量也会减少，这将迅速降低实施一次成功攻击所需的故障密文数。最后，为验证该方法的正确性和有效性，以Camellia密码算法为具体实例，进行了相关模拟攻击实验研究，并给出了相应的数据复杂度分析和时间复杂度分析。通过充分利用Camellia算法中P置换的性质，在不需要穷举搜索的情况下，新攻击方法仅需要6个故障密文即可完全恢复出128位密钥，而成功恢复出192位或256位密钥所需要的故障密文数则为22个。结果表明，基于FPPattern的DFA方法要优于所有已有同类方法。

SHACAL-2算法的差分故障攻击

该文采用面向字的随机故障模型,结合差分分析技术,评估了SHACAL-2算法对差分故障攻击的安全性。结果显示:SHACAL-2算法对差分故障攻击是不免疫的。恢复出32 bit子密钥的平均复杂度为8个错误密文,完全恢复出512 bit密钥的复杂度为128个错误密文。

33轮SHACAL-2的差分非线性攻击

利用SHACAL-2的一个17轮差分非线性区分器,结合被猜测子密钥空间分割的方法和快速傅立叶变换,提出了一种攻击33轮SHACAL-2的新方法.该方法攻击33轮SHACAL-2需要244的选择明文、2496.6的33轮SHACAL-2加密和2502次算术运算,攻击成功概率为99%.与已有的结果相比较,新攻击有效地提高了单密钥下SHACAL-2的攻击轮数.

Practical Evaluation of Security against Generalized Interpolation Attack

Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.

impossible differential cryptanalysis of reduced-round aria and camellia

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.

Twinning and Stacking Fault Formation during Tensile Deformation of Nanocrystalline Ni

Deformation twins and stacking faults have been observed in nanocrystal line Ni, for the first time under uniaxial tensile test conditions. These partial dislocation mediated deformation mechanisms are enhanced at cryogenic test temperatures. Our observations highlight the effects of deformation conditions, temperature in particular, on deformation mechanisms in nanograins.

Predictions for Partial-Dislocation-Mediated Processes in Nanocrystalline Ni by Generalized Planar Fault Energy Curves: An Experimental Evaluation

Generalized planar fault energy (GPFE) curves have been used to predict partial-dislocation-mediated processes in nanocrystalline materials, but their validity has not been evaluated experimentally. We report experimental observations of a large quantity of both stacking faults and twins in nc Ni deformed at relatively low stresses in a tensile test. The experimental findings indicate that the GPFE curves can reasonably explain the formation of stacking faults, but they alone were not able to adequately predict the propensity of deformation twinning.

Statistical analysis of synthetic earthquake catalogs generated by models with various levels of fault zone disorder

The stress release model, a stochastic version of the elastic rebound theory, is applied to the large events from four synthetic earthquake catalogs generated by models with various levels of disorder in distribution of fault zone strength (Ben-Zion, 1996) They include models with uniform properties (U), a Parkfield-type asperity (A), fractal brittle properties (F), and multi-size-scale heterogeneities (M). The results show that the degree of regularity or predictability in the assumed fault properties, based on both the Akaike information criterion and simulations, follows the order U, F, A, and M, which is in good agreement with that obtained by pattern recognition techniques applied to the full set of synthetic data. Data simulated from the best fitting stress release models reproduce, both visually and in distributional terms, the main features of the original catalogs. The differences in character and the quality of prediction between the four cases are shown to be dependent on two main aspects: the parameter controlling the sensitivity to departures from the mean stress level and the frequency-magnitude distribution, which differs substantially between the four cases. In particular, it is shown that the predictability of the data is strongly affected by the form of frequency-magnitude distribution, being greatly reduced if a pure Gutenburg-Richter form is assumed to hold out to high magnitudes.

Direct numerical simulation of hypersonic boundary layer transition over a blunt cone with a small angle of attack

The direct numerical simulation of boundary layer transition over a 5° half-cone-angle blunt cone is performed. The free-stream Mach number is 6 and the angle of attack is 1°. Random wall blow-and-suction perturbations are used to trigger the transition. Different from the authors’ previous work [Li et al., AIAA J. 46, 2899(2008)], the whole boundary layer flow over the cone is simulated (while in the author’s previous work, only two 45° regions around the leeward and the windward sections are simulated). The transition location on the cone surface is determined through the rapid increase in skin fraction coefficient (Cf). The transition line on the cone surface shows a nonmonotonic curve and the transition is delayed in the range of 0° ≤ θ ≤ 30° (θ = 0° is the leeward section). The mechanism of the delayed transition is studied by using joint frequency spectrum analysis and linear stability theory (LST). It is shown that the growth rates of unstable waves of the second mode are suppressed in the range of 20° ≤ θ ≤ 30°, which leads to the delayed transition location. Very low frequency waves VLFWs� are found in the time series recorded just before the transition location, and the periodic times of VLFWs are about one order larger than those of ordinary Mack second mode waves. Band-pass filter is used to analyze the low frequency waves, and they are deemed as the effect of large scale nonlinear perturbations triggered by LST waves when they are strong enough.The direct numerical simulation of boundary layer transition over a 5° half-cone-angle blunt cone is performed. The free-stream Mach number is 6 and the angle of attack is 1°. Random wall blow-and-suction perturbations are used to trigger the transition. Different from the authors’ previous work [ Li et al., AIAA J. 46, 2899 (2008) ], the whole boundary layer flow over the cone is simulated (while in the author’s previous work, only two 45° regions around the leeward and the windward sections are simulated). The transition location on the cone surface is determined through the rapid increase in skin fraction coefficient (Cf). The transition line on the cone surface shows a nonmonotonic curve and the transition is delayed in the range of 20° ≤ θ ≤ 30° (θ = 0° is the leeward section). The mechanism of the delayed transition is studied by using joint frequency spectrum analysis and linear stability theory (LST). It is shown that the growth rates of unstable waves of the second mode are suppressed in the range of 20° ≤ θ ≤ 30°, which leads to the delayed transition location. Very low frequency waves (VLFWs) are found in the time series recorded just before the transition location, and the periodic times of VLFWs are about one order larger than those of ordinary Mack second mode waves. Band-pass filter is used to analyze the low frequency waves, and they are deemed as the effect of large scale nonlinear perturbations triggered by LST waves when they are strong enough.

Effect of an annular pupil filter on differential confocal microscopy

Combining differential confocal microscopy and an annular pupil filter, we obtained the normalized axial intensity distribution curve of an optical system. We used the sharp slopes of the axial response curve of the optical system to measure the surface profile of a reflection grating. Experimental results prove that this method can extend the axial dynamic range and improve the transverse resolution of three-dimensional profilometry by sacrificing axial resolution. (C) 2000 Optical Society of America.

DIFFERENTIAL GEOMETRICAL METHODS IN THE STUDY OF OPTICAL-TRANSMISSION (SCALAR THEORY) .1. STATIC TRANSMISSION CASE

Static optical transmission is restudied by postulation of the optical path as the proper element in a three-dimensional Riemannian manifold (no torsion); this postulation can be applied to describe the light-medium interactive system. On the basis of the postulation, the behaviors of light transmitting through the medium with refractive index n are investigated, the investigation covering the realms of both geometrical optics and wave optics. The wave equation of light in static transmission is studied modally, the postulation being employed to derive the exact form of the optical field equation in a medium (in which the light is viewed as a single-component field). Correspondingly, the relationships concerning the conservation of optical fluid and the dynamic properties are given, and some simple applications of the theories mentioned are presented.

DIFFERENTIAL GEOMETRICAL METHODS IN THE STUDY OF OPTICAL-TRANSMISSION (SCALAR THEORY) .2. TIME-DEPENDENT TRANSMISSION THEORY

By generalization of the methods presented in Part I of the study [J. Opt. Soc. Am. A 12, 600 (1994)] to the four-dimensional (4D) Riemannian manifold case, the time-dependent behavior of light transmitting in a medium is investigated theoretically by the geodesic equation and curvature in a 4D manifold. In addition, the field equation is restudied, and the 4D conserved current of the optical fluid and its conservation equation are derived and applied to deduce the time-dependent general refractive index. On this basis the forces acting on the fluid are dynamically analyzed and the self-consistency analysis is given.