In lightweight cryptographic primitives, round functions with only simple operations XOR, modular addition and rotation are widely used nowadays. This kind of ciphers is called ARX ciphers. For ARX ciphers, impossible...In lightweight cryptographic primitives, round functions with only simple operations XOR, modular addition and rotation are widely used nowadays. This kind of ciphers is called ARX ciphers. For ARX ciphers, impossible differential cryptanalysis and zero-correlation linear cryptanalysis are among the most powerful attacks, and the key problems for these two attacks are discovering more and longer impossible differentials(IDs) and zero-correlation linear hulls(ZCLHs). However, finding new IDs and ZCLHs for ARX ciphers has been a manual work for a long time, which has been an obstacle in improving these two attacks. This paper proposes an automatic search method to improve the efficiency of finding new IDs and ZCLHs for ARX ciphers. In order to prove the efficiency of this new tool, we take HIGHT, LEA, SPECK three typical ARX algorithms as examples to explore their longer and new impossible differentials and zero-correlation linear hulls. To the best of our knowledge, this is the first application of automatic search method for ARX ciphers on finding new IDs and ZCLHs. For HIGHT, we find more 17 round IDs and multiple 17 round ZCLHs. This is the first discovery of 17 round ZCLHs for HIGHT. For LEA, we find extra four 10 round IDs and several 9 round ZCLHs. In the specification of LEA, the designers just identified three 10 round IDs and one 7round ZCLH. For SPECK, we find thousands of 6 round IDs and forty-four 6 round ZCLHs. Neither IDs nor ZCLHs of SPECK has been proposed before. The successful application of our new tool shows great potential in improving the impossible differential cryptanalysis and zero-correlation linear cryptanalysis on ARX ciphers..展开更多
Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accor...Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accordingly, leading to a similar rise in methods of resistance. Limitations in computational and battery power in sensor nodes are constraints on the diversity of security mechanisms. We must apply only suitable mechanisms to WSN where our approach was motivated by the application of an improved Feistel scheme. The modified accelerated-cipher design uses data-dependent permutations, and can be used for fast hardware, firmware, software and WSN encryption systems. The approach presented showed that ciphers using this approach are less likely to suffer intrusion of differential cryptanalysis than currently used popular WSN ciphers like DES, Camellia and so on.展开更多
The compatibility of different quantum algorithms should be considered when these algorithms are combined.In this paper,the method of combining Grover and Simon is studied for the first time,under some preconditions o...The compatibility of different quantum algorithms should be considered when these algorithms are combined.In this paper,the method of combining Grover and Simon is studied for the first time,under some preconditions or assumptions.First,we give two preconditions of applying Grover’s algorithm,which ensure that the success probability of finding the marked element is close to 1.Then,based on these two preconditions,it is found out that the success probability of the quantum algorithm for FXconstruction is far less than 1.Furthermore,we give the design method of the Oracle function,and then present the general method of combining Grover and Simon algorithm for attacking block ciphers,with success probability close to 1.展开更多
Based on the different representations of the finite field GF(256), there are different Advanced Encryption Standard(AES) implementations, which is called dual ciphers. They have the same encryption process as AES, bu...Based on the different representations of the finite field GF(256), there are different Advanced Encryption Standard(AES) implementations, which is called dual ciphers. They have the same encryption process as AES, but with parameters modified. The research of dual ciphers initially aims to find more efficient AES implementations, and later it is found that they can be used to resist side-channel attacks and for white box ciphers. In this paper, based on the rotation of columns, we propose new AES dual ciphers, which use AES directly, but with the input matrices(plaintexts and keys) and output matrix rotated. The key expansion algorithm only needs some change on the computation sequence. Because of these features, there is almost no extra cost in implementing dual ciphers and it is easy for new dual ciphers to work with other side-channel protection methods to protect AES in more dimensions.展开更多
A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently...A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.展开更多
Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks an...Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.展开更多
This paper presents state-of-art cryptanalysis studies on attacks of the substitution and transposition ciphers using various metaheuristic algorithms.Traditional cryptanalysis methods employ an exhaustive search,whic...This paper presents state-of-art cryptanalysis studies on attacks of the substitution and transposition ciphers using various metaheuristic algorithms.Traditional cryptanalysis methods employ an exhaustive search,which is computationally expensive.Therefore,metaheuristics have attracted the interest of researchers in the cryptanalysis field.Metaheuristic algorithms are known for improving the search for the optimum solution and include Genetic Algorithm,Simulated Annealing,Tabu Search,Particle Swarm Optimization,Differential Evolution,Ant Colony,the Artificial Bee Colony,Cuckoo Search,and Firefly algorithms.The most important part of these various applications is deciding the fitness function to guide the search.This review presents how these algorithms have been implemented for cryptanalysis purposes.The paper highlights the results and findings of the studies and determines the gaps in the literature.展开更多
For the 64 most basic ways to construct a hash function H:{0,1} → {0,1}n from a block cipher E:{0,1}n × {0,1}n → {0,1}n, Black et al.provided a formal and quantitative treatment of the 64 constructions, and pro...For the 64 most basic ways to construct a hash function H:{0,1} → {0,1}n from a block cipher E:{0,1}n × {0,1}n → {0,1}n, Black et al.provided a formal and quantitative treatment of the 64 constructions, and proved that 20 schemes are collision resistant.This paper improves the upper and lower bounds and make contrast with a hash constructed from a random oracle.These 20 schemes have only one kind of collision resistance upper and lower bounds.In addition, we present new advantages for finding second preimages.展开更多
Several kinds of stream ciphers—complementary sequences of period sequences,partial sum of period sequences,inverse order sequences and finitely generated sequences,arestudied by using techniques of generating functi...Several kinds of stream ciphers—complementary sequences of period sequences,partial sum of period sequences,inverse order sequences and finitely generated sequences,arestudied by using techniques of generating functions.Their minimal polynomials,periods,as wellas generating functions are given.As to finitely generated sequences,the change of their linearcomplexity profiles as well as the relationship between the two generated sequences usder thecase in which the degree of connected polynomials are fixed,are discussed.展开更多
We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We inves...We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We investigate the computational security of the proposed ciphers against chosen-plaintext-chosen-initialization-vector attacks and show that it is based on the hardness of solving some systems of random nonlinear Boolean equations. We also provide guidelines for choosing components to design randomizers for specified ciphers.展开更多
The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for thre...The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for three versions of the Ballet family block ciphers.The Ballet‑p/k includes a modular-addition operation uncommon in lightweight block ciphers.Quantum ripple-carry adder is implemented for both“32+32”and“64+64”scale to support this operation.Subsequently,qubits,quantum gates count,and quantum circuit depth of three versions of Ballet algorithm are systematically evaluated under quantum computing model,and key recovery attack circuits are constructed based on Grover’s algorithm against each version.The comprehensive analysis shows:Ballet-128/128 fails to NIST Level 1 security,while when the resource accounting is restricted to the Clifford gates and T gates set for the Ballet-128/256 and Ballet-256/256 quantum circuits,the design attains Level 3.展开更多
Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has...This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has a precomputation phase, but it can be obtained before attack and computed once for all. This attack on the reduced to 4-round FOX64 requires only 7 chosen plaintexts, and performs 242.8 4-round FOX64 encryptions. It could be extended to 5 (6, 7)-round FOX64 by a key exhaustive search behind the fourth round.展开更多
As an important branch of information security algorithms,the efficient and flexible implementation of stream ciphers is vital.Existing implementation methods,such as FPGA,GPP and ASIC,provide a good support,but they ...As an important branch of information security algorithms,the efficient and flexible implementation of stream ciphers is vital.Existing implementation methods,such as FPGA,GPP and ASIC,provide a good support,but they could not achieve a better tradeoff between high speed processing and high flexibility.ASIC has fast processing speed,but its flexibility is poor,GPP has high flexibility,but the processing speed is slow,FPGA has high flexibility and processing speed,but the resource utilization is very low.This paper studies a stream cryptographic processor which can efficiently and flexibly implement a variety of stream cipher algorithms.By analyzing the structure model,processing characteristics and storage characteristics of stream ciphers,a reconfigurable stream cryptographic processor with special instructions based on VLIW is presented,which has separate/cluster storage structure and is oriented to stream cipher operations.The proposed instruction structure can effectively support stream cipher processing with multiple data bit widths,parallelism among stream cipher processing with different data bit widths,and parallelism among branch control and stream cipher processing with high instruction level parallelism;the designed separate/clustered special bit registers and general register heaps,key register heaps can satisfy cryptographic requirements.So the proposed processor not only flexibly accomplishes the combination of multiple basic stream cipher operations to finish stream cipher algorithms.It has been implemented with 0.18μm CMOS technology,the test results show that the frequency can reach 200 MHz,and power consumption is 310 mw.Ten kinds of stream ciphers were realized in the processor.The key stream generation throughput of Grain-80,W7,MICKEY,ACHTERBAHN and Shrink algorithm is 100 Mbps,66.67 Mbps,66.67 Mbps,50 Mbps and 800 Mbps,respectively.The test result shows that the processor presented can achieve good tradeoff between high performance and flexibility of stream ciphers.展开更多
Smart City Healthcare(SHC2)system is applied in monitoring the patient at home while it is also expected to react to their needs in a timely manner.The system also concedes the freedom of a patient.IoT is a part of th...Smart City Healthcare(SHC2)system is applied in monitoring the patient at home while it is also expected to react to their needs in a timely manner.The system also concedes the freedom of a patient.IoT is a part of this system and it helps in providing care to the patients.IoTbased healthcare devices are trustworthy since it almost certainly recognizes the potential intensifications at very early stage and alerts the patients and medical experts to such an extent that they are provided with immediate care.Existing methodologies exhibit few shortcomings in terms of computational complexity,cost and data security.Hence,the current research article examines SHC2 security through LightWeight Cipher(LWC)with Optimal S-Box model in PRESENT cipher.This procedure aims at changing the sub bytes in which a single function is connected with several bytes’information to upgrade the security level through Swam optimization.The key contribution of this research article is the development of a secure healthcare model for smart city using SHC2 security via LWC and Optimal S-Box models.The study used a nonlinear layer and single 4-bit S box for round configuration after verifying SHC2 information,constrained by Mutual Authentication(MA).The security challenges,in healthcare information systems,emphasize the need for a methodology that immovably concretes the establishments.The methodology should act practically,be an effective healthcare framework that depends on solidarity and adapts to the developing threats.Healthcare service providers integrated the IoT applications and medical services to offer individuals,a seamless technology-supported healthcare service.The proposed SHC^(2) was implemented to demonstrate its security levels in terms of time and access policies.The model was tested under different parameters such as encryption time,decryption time,access time and response time inminimum range.Then,the level of the model and throughput were analyzed by maximum value i.e.,50Mbps/sec and 95.56%for PRESENT-Authorization cipher to achieve smart city security.The proposed model achieved better results than the existing methodologies.展开更多
The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanal...The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanalysis attack after 5 rounds while IDEA(8) needs 7 rounds for the same level of security. The transition matrix for IDEA(16) and its eigenvalue of second largest magnitude are computed. The storage method for the transition matrix has been optimized to speed up file I/O. The emphasis of the work lies in finding out an effective way of computing the eigenvalue of the matrix. To lower time complexity, three mature algorithms in finding eigenvalues are compared from one another and subspace iteration algorithm is employed to compute the eigenvalue of second largest module, with a precision of 0.001.展开更多
An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system d...An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system data authentication based on the elliptic curve cipher (ECC) and X.509 certificate is proposed. It can avoid the key distribution problem by using the symmetric key algorithm and prevent the ADS-B data from being spoofed thoroughly. Experimental test results show that the solution is valid and appropriate in ADS-B universal access transceiver (UAT) mode.展开更多
基金supported by the National Natural Science Foundation of China under Grant No. 61572516, 61402523, 61202491, 61272041 and 61272488
文摘In lightweight cryptographic primitives, round functions with only simple operations XOR, modular addition and rotation are widely used nowadays. This kind of ciphers is called ARX ciphers. For ARX ciphers, impossible differential cryptanalysis and zero-correlation linear cryptanalysis are among the most powerful attacks, and the key problems for these two attacks are discovering more and longer impossible differentials(IDs) and zero-correlation linear hulls(ZCLHs). However, finding new IDs and ZCLHs for ARX ciphers has been a manual work for a long time, which has been an obstacle in improving these two attacks. This paper proposes an automatic search method to improve the efficiency of finding new IDs and ZCLHs for ARX ciphers. In order to prove the efficiency of this new tool, we take HIGHT, LEA, SPECK three typical ARX algorithms as examples to explore their longer and new impossible differentials and zero-correlation linear hulls. To the best of our knowledge, this is the first application of automatic search method for ARX ciphers on finding new IDs and ZCLHs. For HIGHT, we find more 17 round IDs and multiple 17 round ZCLHs. This is the first discovery of 17 round ZCLHs for HIGHT. For LEA, we find extra four 10 round IDs and several 9 round ZCLHs. In the specification of LEA, the designers just identified three 10 round IDs and one 7round ZCLH. For SPECK, we find thousands of 6 round IDs and forty-four 6 round ZCLHs. Neither IDs nor ZCLHs of SPECK has been proposed before. The successful application of our new tool shows great potential in improving the impossible differential cryptanalysis and zero-correlation linear cryptanalysis on ARX ciphers..
文摘Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accordingly, leading to a similar rise in methods of resistance. Limitations in computational and battery power in sensor nodes are constraints on the diversity of security mechanisms. We must apply only suitable mechanisms to WSN where our approach was motivated by the application of an improved Feistel scheme. The modified accelerated-cipher design uses data-dependent permutations, and can be used for fast hardware, firmware, software and WSN encryption systems. The approach presented showed that ciphers using this approach are less likely to suffer intrusion of differential cryptanalysis than currently used popular WSN ciphers like DES, Camellia and so on.
基金supported by National Natural Science Foundation of China(Grant No.61502526)。
文摘The compatibility of different quantum algorithms should be considered when these algorithms are combined.In this paper,the method of combining Grover and Simon is studied for the first time,under some preconditions or assumptions.First,we give two preconditions of applying Grover’s algorithm,which ensure that the success probability of finding the marked element is close to 1.Then,based on these two preconditions,it is found out that the success probability of the quantum algorithm for FXconstruction is far less than 1.Furthermore,we give the design method of the Oracle function,and then present the general method of combining Grover and Simon algorithm for attacking block ciphers,with success probability close to 1.
基金Supported by the Natural Science Foundation of Hubei Province(2016CFB454,2017CFB663)the National Key Research and Development Program of China(2016YFB0800405)
文摘Based on the different representations of the finite field GF(256), there are different Advanced Encryption Standard(AES) implementations, which is called dual ciphers. They have the same encryption process as AES, but with parameters modified. The research of dual ciphers initially aims to find more efficient AES implementations, and later it is found that they can be used to resist side-channel attacks and for white box ciphers. In this paper, based on the rotation of columns, we propose new AES dual ciphers, which use AES directly, but with the input matrices(plaintexts and keys) and output matrix rotated. The key expansion algorithm only needs some change on the computation sequence. Because of these features, there is almost no extra cost in implementing dual ciphers and it is easy for new dual ciphers to work with other side-channel protection methods to protect AES in more dimensions.
基金National Natural Science Foundation of China(62372464)。
文摘A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.
基金Supported by the National Natural Science Foun-dation of China(60573031) the Foundation of National Laboratoryfor Modern Communications(51436060205J W0305) the Founda-tion of Senior Visiting Scholarship of Fudan University
文摘Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.
基金This study is supported by Erciyes University Research Projects Unit with grant number FDK-2016-7085the initials of authors who received the grant are A and B and the URL to sponsors’websites is http://bap.erciyes.edu.tr/。
文摘This paper presents state-of-art cryptanalysis studies on attacks of the substitution and transposition ciphers using various metaheuristic algorithms.Traditional cryptanalysis methods employ an exhaustive search,which is computationally expensive.Therefore,metaheuristics have attracted the interest of researchers in the cryptanalysis field.Metaheuristic algorithms are known for improving the search for the optimum solution and include Genetic Algorithm,Simulated Annealing,Tabu Search,Particle Swarm Optimization,Differential Evolution,Ant Colony,the Artificial Bee Colony,Cuckoo Search,and Firefly algorithms.The most important part of these various applications is deciding the fitness function to guide the search.This review presents how these algorithms have been implemented for cryptanalysis purposes.The paper highlights the results and findings of the studies and determines the gaps in the literature.
基金the National Natural Science Foundation of China (No. 60573028)
文摘For the 64 most basic ways to construct a hash function H:{0,1} → {0,1}n from a block cipher E:{0,1}n × {0,1}n → {0,1}n, Black et al.provided a formal and quantitative treatment of the 64 constructions, and proved that 20 schemes are collision resistant.This paper improves the upper and lower bounds and make contrast with a hash constructed from a random oracle.These 20 schemes have only one kind of collision resistance upper and lower bounds.In addition, we present new advantages for finding second preimages.
文摘Several kinds of stream ciphers—complementary sequences of period sequences,partial sum of period sequences,inverse order sequences and finitely generated sequences,arestudied by using techniques of generating functions.Their minimal polynomials,periods,as wellas generating functions are given.As to finitely generated sequences,the change of their linearcomplexity profiles as well as the relationship between the two generated sequences usder thecase in which the degree of connected polynomials are fixed,are discussed.
文摘We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We investigate the computational security of the proposed ciphers against chosen-plaintext-chosen-initialization-vector attacks and show that it is based on the hardness of solving some systems of random nonlinear Boolean equations. We also provide guidelines for choosing components to design randomizers for specified ciphers.
基金State Key Lab of Processors,Institute of Computing Technology,Chinese Academy of Sciences(CLQ202516)the Fundamental Research Funds for the Central Universities of China(3282025047,3282024051,3282024009)。
文摘The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for three versions of the Ballet family block ciphers.The Ballet‑p/k includes a modular-addition operation uncommon in lightweight block ciphers.Quantum ripple-carry adder is implemented for both“32+32”and“64+64”scale to support this operation.Subsequently,qubits,quantum gates count,and quantum circuit depth of three versions of Ballet algorithm are systematically evaluated under quantum computing model,and key recovery attack circuits are constructed based on Grover’s algorithm against each version.The comprehensive analysis shows:Ballet-128/128 fails to NIST Level 1 security,while when the resource accounting is restricted to the Clifford gates and T gates set for the Ballet-128/256 and Ballet-256/256 quantum circuits,the design attains Level 3.
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
基金This work has been performed in the Project "The Research on the New Analysis in Block Ciphers" supported by the Fundamental Research Funds for the Central Universities of China,the National Natural Science Foundation of China,the 111 Project of China,the Scientific Research Foundation of Education Department of Shaanxi Provincial Government of China
文摘This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has a precomputation phase, but it can be obtained before attack and computed once for all. This attack on the reduced to 4-round FOX64 requires only 7 chosen plaintexts, and performs 242.8 4-round FOX64 encryptions. It could be extended to 5 (6, 7)-round FOX64 by a key exhaustive search behind the fourth round.
基金supported by National Natural Science Foundation of China with granted No.61404175
文摘As an important branch of information security algorithms,the efficient and flexible implementation of stream ciphers is vital.Existing implementation methods,such as FPGA,GPP and ASIC,provide a good support,but they could not achieve a better tradeoff between high speed processing and high flexibility.ASIC has fast processing speed,but its flexibility is poor,GPP has high flexibility,but the processing speed is slow,FPGA has high flexibility and processing speed,but the resource utilization is very low.This paper studies a stream cryptographic processor which can efficiently and flexibly implement a variety of stream cipher algorithms.By analyzing the structure model,processing characteristics and storage characteristics of stream ciphers,a reconfigurable stream cryptographic processor with special instructions based on VLIW is presented,which has separate/cluster storage structure and is oriented to stream cipher operations.The proposed instruction structure can effectively support stream cipher processing with multiple data bit widths,parallelism among stream cipher processing with different data bit widths,and parallelism among branch control and stream cipher processing with high instruction level parallelism;the designed separate/clustered special bit registers and general register heaps,key register heaps can satisfy cryptographic requirements.So the proposed processor not only flexibly accomplishes the combination of multiple basic stream cipher operations to finish stream cipher algorithms.It has been implemented with 0.18μm CMOS technology,the test results show that the frequency can reach 200 MHz,and power consumption is 310 mw.Ten kinds of stream ciphers were realized in the processor.The key stream generation throughput of Grain-80,W7,MICKEY,ACHTERBAHN and Shrink algorithm is 100 Mbps,66.67 Mbps,66.67 Mbps,50 Mbps and 800 Mbps,respectively.The test result shows that the processor presented can achieve good tradeoff between high performance and flexibility of stream ciphers.
文摘Smart City Healthcare(SHC2)system is applied in monitoring the patient at home while it is also expected to react to their needs in a timely manner.The system also concedes the freedom of a patient.IoT is a part of this system and it helps in providing care to the patients.IoTbased healthcare devices are trustworthy since it almost certainly recognizes the potential intensifications at very early stage and alerts the patients and medical experts to such an extent that they are provided with immediate care.Existing methodologies exhibit few shortcomings in terms of computational complexity,cost and data security.Hence,the current research article examines SHC2 security through LightWeight Cipher(LWC)with Optimal S-Box model in PRESENT cipher.This procedure aims at changing the sub bytes in which a single function is connected with several bytes’information to upgrade the security level through Swam optimization.The key contribution of this research article is the development of a secure healthcare model for smart city using SHC2 security via LWC and Optimal S-Box models.The study used a nonlinear layer and single 4-bit S box for round configuration after verifying SHC2 information,constrained by Mutual Authentication(MA).The security challenges,in healthcare information systems,emphasize the need for a methodology that immovably concretes the establishments.The methodology should act practically,be an effective healthcare framework that depends on solidarity and adapts to the developing threats.Healthcare service providers integrated the IoT applications and medical services to offer individuals,a seamless technology-supported healthcare service.The proposed SHC^(2) was implemented to demonstrate its security levels in terms of time and access policies.The model was tested under different parameters such as encryption time,decryption time,access time and response time inminimum range.Then,the level of the model and throughput were analyzed by maximum value i.e.,50Mbps/sec and 95.56%for PRESENT-Authorization cipher to achieve smart city security.The proposed model achieved better results than the existing methodologies.
基金Supported by the National Natural Science Foundation of China (60573032, 90604036)Participation in Research Project of Shanghai Jiao Tong University
文摘The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanalysis attack after 5 rounds while IDEA(8) needs 7 rounds for the same level of security. The transition matrix for IDEA(16) and its eigenvalue of second largest magnitude are computed. The storage method for the transition matrix has been optimized to speed up file I/O. The emphasis of the work lies in finding out an effective way of computing the eigenvalue of the matrix. To lower time complexity, three mature algorithms in finding eigenvalues are compared from one another and subspace iteration algorithm is employed to compute the eigenvalue of second largest module, with a precision of 0.001.
基金supported by the National Natural Science Foundation of China under Grant No. 61179072the Civil Aviation Science Foundation of China
文摘An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system data authentication based on the elliptic curve cipher (ECC) and X.509 certificate is proposed. It can avoid the key distribution problem by using the symmetric key algorithm and prevent the ADS-B data from being spoofed thoroughly. Experimental test results show that the solution is valid and appropriate in ADS-B universal access transceiver (UAT) mode.
