108 resultados para CIPHERS
Resumo:
Cryptographic hash functions are an important tool of cryptography and play a fundamental role in efficient and secure information processing. A hash function processes an arbitrary finite length input message to a fixed length output referred to as the hash value. As a security requirement, a hash value should not serve as an image for two distinct input messages and it should be difficult to find the input message from a given hash value. Secure hash functions serve data integrity, non-repudiation and authenticity of the source in conjunction with the digital signature schemes. Keyed hash functions, also called message authentication codes (MACs) serve data integrity and data origin authentication in the secret key setting. The building blocks of hash functions can be designed using block ciphers, modular arithmetic or from scratch. The design principles of the popular Merkle–Damgård construction are followed in almost all widely used standard hash functions such as MD5 and SHA-1.
Resumo:
SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K -bit key and N -bit block is called SIMON N/K . We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123 . We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.
Resumo:
So far, low probability differentials for the key schedule of block ciphers have been used as a straightforward proof of security against related-key differential analysis. To achieve resistance, it is believed that for cipher with k-bit key it suffices the upper bound on the probability to be 2− k . Surprisingly, we show that this reasonable assumption is incorrect, and the probability should be (much) lower than 2− k . Our counter example is a related-key differential analysis of the well established block cipher CLEFIA-128. We show that although the key schedule of CLEFIA-128 prevents differentials with a probability higher than 2− 128, the linear part of the key schedule that produces the round keys, and the Feistel structure of the cipher, allow to exploit particularly chosen differentials with a probability as low as 2− 128. CLEFIA-128 has 214 such differentials, which translate to 214 pairs of weak keys. The probability of each differential is too low, but the weak keys have a special structure which allows with a divide-and-conquer approach to gain an advantage of 27 over generic analysis. We exploit the advantage and give a membership test for the weak-key class and provide analysis of the hashing modes. The proposed analysis has been tested with computer experiments on small-scale variants of CLEFIA-128. Our results do not threaten the practical use of CLEFIA.
Resumo:
This project analyses and evaluates the integrity assurance mechanisms used in four Authenticated Encryption schemes based on symmetric block ciphers. These schemes are all cross chaining block cipher modes that claim to provide both confidentiality and integrity assurance simultaneously, in one pass over the data. The investigations include assessing the validity of an existing forgery attack on certain schemes, applying the attack approach to other schemes and implementing the attacks to verify claimed probabilities of successful forgeries. For these schemes, the theoretical basis of the attack was developed, the attack algorithm implemented and computer simulations performed for experimental verification.
Resumo:
In this paper we analyse two variants of SIMON family of light-weight block ciphers against variants of linear cryptanalysis and present the best linear cryptanalytic results on these variants of reduced-round SIMON to date. We propose a time-memory trade-off method that finds differential/linear trails for any permutation allowing low Hamming weight differential/linear trails. Our method combines low Hamming weight trails found by the correlation matrix representing the target permutation with heavy Hamming weight trails found using a Mixed Integer Programming model representing the target differential/linear trail. Our method enables us to find a 17-round linear approximation for SIMON-48 which is the best current linear approximation for SIMON-48. Using only the correlation matrix method, we are able to find a 14-round linear approximation for SIMON-32 which is also the current best linear approximation for SIMON-32. The presented linear approximations allow us to mount a 23-round key recovery attack on SIMON-32 and a 24-round Key recovery attack on SIMON-48/96 which are the current best results on SIMON-32 and SIMON-48. In addition we have an attack on 24 rounds of SIMON-32 with marginal complexity.
Resumo:
A5-GMR-1 is a synchronous stream cipher used to provide confidentiality for communications between satellite phones and satellites. The keystream generator may be considered as a finite state machine, with an internal state of 81 bits. The design is based on four linear feedback shift registers, three of which are irregularly clocked. The keystream generator takes a 64-bit secret key and 19-bit frame number as inputs, and produces an output keystream of length between $2^8$ and $2^{10}$ bits. Analysis of the initialisation process for the keystream generator reveals serious flaws which significantly reduce the number of distinct keystreams that the generator can produce. Multiple (key, frame number) pairs produce the same keystream, and the relationship between the various pairs is easy to determine. Additionally, many of the keystream sequences produced are phase shifted versions of each other, for very small phase shifts. These features increase the effectiveness of generic time-memory tradeoff attacks on the cipher, making such attacks feasible.
Resumo:
We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.
Resumo:
Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas
Resumo:
Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.
Resumo:
分组密码作为现代密码学的一个重要组成部分,是目前最重要和流行的一种数据加密技术,有着非常广泛的应用。此外,近年来分组密码或其组件还经常作为基础模块用于构造Hash函数,MAC算法等。因此对分组密码安全性的分析以及设计安全高效的分组密码算法,在理论研究及实际应用中都有着非常重要的意义。本文的研究内容主要包括两个方面:对现有常用分组密码的安全性分析,以及分组密码及其组件的设计。这两个方面是密不可分,相互融合的。通常都是利用算法存在的弱点或算法设计特点,提出新的密码分析算法。而在算法设计过程中,正是从密码分析获取经验,掌握设计算法的技巧和避免可能存在的缺陷。 本文首先对分组密码分析方法作了大量的调查和研究,在此基础上分析了一些国内外常用和有影响的分组密码,得到了一系列有价值的分析结果。并在密码分析工作的经验基础上,结合现有密码设计理论,在分组密码及其组件的设计方面做了比较深入的研究。本文的主要成果包括: (1) DES算法的分析。DES算法是迄今最重要的分组密码算法之一,目前在一些金融领域,DES和Triple-DES仍被广泛使用着。本文考察了DES算法针对Boomerang攻击和Rectangle攻击的安全性。通过利用DES算法各轮的最优差分路径及其概率,分别给出了这两种攻击方法对DES的攻击算法。 (2) Rijndael算法的分析。Rijndael算法是高级加密标准AES的原型。本文针对大分组Rijndael算法的各个不同版本,利用算法行移位和列混淆变换的一些密码特性,改进了原有的不可能差分攻击结果,极大的降低了攻击的数据和时间复杂度。同时还分别构造了一些新的更长轮的不可能差分路径,利用这些路径给出了一系列对大分组Rijndael算法的改进的不可能差分攻击,这些结果是目前已知的对该算法的最好攻击结果。 (3) SMS4算法的分析。SMS4算法是中国公布的用于无线局域网产品保护的算法。本文首先构造了SMS4算法的一类5轮循环差分特征,利用该特征分别给出了对16轮SMS4算法的矩阵攻击和对21轮SMS4算法的差分分析。随后考察了SMS4算法抵抗差分故障攻击的能力,基于字节故障模型,结合实验指出需要32次故障诱导来恢复全部密钥。后续的工作又进一步将结果改进为只需要进行一次故障诱导再结合2^{44}次密钥搜索即可恢复全部密钥。 (4) CLEFIA密码算法的分析。CLEFIA算法是索尼公司于2007年提出的用于产品版权保护和认证的分组密码算法。针对CLEFIA算法,本文构造了一条概率为1的5轮截断差分特征,再结合其扩散矩阵的密码特性构造了一条3轮线性逼近。随后利用这两条路径组成的8轮差分-线性区分器,给出了对10轮CLEFIA算法的有效的差分-线性攻击。 (5) 分组密码结构的设计及其应用。本文提出了两种新的分组密码结构,并指出了其与原有结构相比的优势,同时分别评估了这两种结构针对差分分析和线性分析等常用密码分析方法的安全性。基于这两个密码结构,结合部分密码组件的设计和测试工作,本文还完成了两个分组密码算法的概要设计,并简要评估了它们的实现效率及针对现有的几种主要密码分析方法的安全性。
Resumo:
This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.
Resumo:
自相关检测是一种用以检测一个长度为n的二元序列与其左移d位后序列的关联程度的随机性检测算法.d的选择范围很大,对所有参数逐一进行检测不现实,需要研究检测参数之间的关系.定义了检测参数之间可能存在的3种关系,以分组长度为m的分组密码随机性检测为对象,综合考虑分组密码和自相关检测的特点,利用统计实验研究了自相关检测参数子集D={1,2,m/4,m/2,3m/4,m,2m}中参数的关系.研究结果表明,对分组密码进行自相关检测时,检测参数应该首选d=m.该方法和结果为研究其他类型密码算法的随机性检测参数选择提供了新思路.
Resumo:
统计检测在分组密码安全性评估的过程中发挥着重要的作用,许多密码标准组织纷纷把对分组密码的统计检测作为评估过程中的重要环节来实施.文中提出了一种有效、实用的统计检测方法,该统计检测方法以分组长度为统计单位,将一个分组的某一字节取遍所有的值而其它字节固定不变,经过密码变换后,将256个输出值进行异或,通过检测输出异或值每一位为0(或1)的概率是否为1/2来判断分组密码是否随机.该检测方法可以一定程度地反映出分组密码抵抗积分攻击的能力.与此同时,基于推广的积分攻击方法,文中在已有方法的基础上提出了更一般的统计检测方法.另外,文中分别对Rijndael算法、Camellia算法和SMS4算法进行了统计检测,这3种算法分别从第4轮、第5轮和第7轮开始呈现出良好的统计性能.
Resumo:
对最近提出的用于GSM通信网络加密的流密码S1、S2、S3及其组件进行了全面深入的随机性检测分析。实际的随机性检测表明:只有s3能够满足所有被测项目的随机性要求,S1和工作在模式1下的S2则存在严重的随机性缺陷;此外,工作在模式2下的S2的随机性要优于工作在模式1下的S2的随机性。对这3个流密码的组件的随机性检测表明:LFSR-3的随机性最好,LFSR-1和LFSR-2都存在随机性缺陷。
Resumo:
消息认证码(Message Authentication Codes,MACs)是保证消息完整性的重要工具.Bellare等人提出了称为XOR-MAC的消息认证码,界定了攻击者成功伪造的概率,从而证明了其安全性,但是他们给出的证明方法较为复杂.本文使用Game-Playing技术采用新的安全性定义证明了XOR-MAC的安全性,证明方法简单明了;在底层所使用的分组密码是伪随机置换的假设下,量化了该消息认证码与随机函数之间区分的概率.
