Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on ...Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.展开更多
A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential pro...A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2^-19, which extends the known results for the 2-round SPN. Furthermore, when using a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2^-73.展开更多
The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate ...The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate security about most current white-box cryptographic schemes,WAS,an improved white-box cryptographic algorithm over AS iteration is proposed.This scheme utilizes the AS iterative structure to construct a lookup table with a fvelayer ASASA structure,and the maximum distance separable matrix is used as a linear layer to achieve complete difusion in a small number of rounds.Attackers can be prevented from recovering the key under black-box model.The length of nonlinear layer S and afne layer A in lookup table is 16 bits,which efectively avoids decomposition attack against the ASASA structure and makes the algorithm possess anti-key extraction security under the whitebox model,while WAS possesses weak white-box(32 KB,112)-space hardness to satisfy anti-code lifting security.WAS has provable security and better storage cost than existing schemes,with the same anti-key extraction security and anti-code lifting security,only 128 KB of memory space is required in WAS,which is only 14%of SPACE-16 algorithm and 33%of Yoroi-16 algorithm.展开更多
基金National Natural Science Foundation ofChina(No.60573031)Foundation of Na-tional Laboratory for Modern Communica-tions(No.51436060205JW0305)Founda-tion of Senior Visiting Scholarship of Fu-dan University
文摘Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.
基金Supported by the National Natural Science Foun-dation of China(60503010) and the Foundation of National Laboratory for Modern communications(51436030105DZ0105)
文摘A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2^-19, which extends the known results for the 2-round SPN. Furthermore, when using a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2^-73.
基金supported by Beijing Natural Science Foundation(No:4232034)the Fundamental Research Funds for the Central Universities(No:328202222).
文摘The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate security about most current white-box cryptographic schemes,WAS,an improved white-box cryptographic algorithm over AS iteration is proposed.This scheme utilizes the AS iterative structure to construct a lookup table with a fvelayer ASASA structure,and the maximum distance separable matrix is used as a linear layer to achieve complete difusion in a small number of rounds.Attackers can be prevented from recovering the key under black-box model.The length of nonlinear layer S and afne layer A in lookup table is 16 bits,which efectively avoids decomposition attack against the ASASA structure and makes the algorithm possess anti-key extraction security under the whitebox model,while WAS possesses weak white-box(32 KB,112)-space hardness to satisfy anti-code lifting security.WAS has provable security and better storage cost than existing schemes,with the same anti-key extraction security and anti-code lifting security,only 128 KB of memory space is required in WAS,which is only 14%of SPACE-16 algorithm and 33%of Yoroi-16 algorithm.
