A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover...A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.展开更多
ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introd...ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.展开更多
The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding metho...The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.展开更多
This paper constructs the probability model of Gunther generator at first, and the finite dimension union distribution of the output sequence is presented. The result shows that the output sequence is an independent a...This paper constructs the probability model of Gunther generator at first, and the finite dimension union distribution of the output sequence is presented. The result shows that the output sequence is an independent and uniformly distributed 0,1 random variable sequence. It gives the theoretical foundation about why Gunther generator can avoid the statistic weakness of the output sequence of stop-and-go generator, and analyzes the coincidence between output sequence and input sequences of Gunther generator. The conclusions of this paper would offer theoretical references for designers and analyzers of clock-controlled generators.展开更多
Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel sec...Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.展开更多
Carlet et al. recently introduced generalized nonlinearity to measure the ability to resist the improved correlation attack of a vector output Boolean function. This article presents a construction of vector output Bo...Carlet et al. recently introduced generalized nonlinearity to measure the ability to resist the improved correlation attack of a vector output Boolean function. This article presents a construction of vector output Boolean fimctions with high generalized nonlinearity using the e-biased sample space. The relation between the resilient order and generalized nonlinearity is also discussed.展开更多
基金Supported by the National Key Foundation Research "973" project (No.G1999035802) and the National Natural Science Foundation of China (No.60273027).
文摘A simple fast correlation attack is used to analysis the security of Bluetooth combiner in this paper. This attack solves the tradeoff between the length of the keystream and the computing complexity needed to recover the secret key. We give the computing complexities of the attack algorithm according to different lengths of the known keystream. The result is less time-consuming than before. It is also shown that the secu-rity of the modified Bluetooth combiner by Hermelin and Nyberg is not significantly enhanced.
基金the National Natural Science Foundation of China (Grant Nos.90604036 and 60525201)the 973 Project (Grant No.2007CB807902)
文摘ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.
基金supported in part by National Natural Science Foundation of China Project(Grant No.60873216) Scientific and Technological Research Priority Projects of Sichuan Province(Grant No. 2012GZ0017)
文摘The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA).Although cross correlation attacks(CCAs) were given for defeating message blinding methods,however searching for correlation points is difficult for noise,misalignment in practical environment.In this paper,we propose an optimized cross correlation power attack for message blinding exponentiation algorithms.The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients.Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card.In addition to the proposed CCA method can recovery all 1024 bits secret key and recognition rate increases to 100%even when the recorded signals are noisy.
基金Supported by the Open Subject for Computer Network and Information Security Key Laboratory of Ministry of Education of China(20040108)
文摘This paper constructs the probability model of Gunther generator at first, and the finite dimension union distribution of the output sequence is presented. The result shows that the output sequence is an independent and uniformly distributed 0,1 random variable sequence. It gives the theoretical foundation about why Gunther generator can avoid the statistic weakness of the output sequence of stop-and-go generator, and analyzes the coincidence between output sequence and input sequences of Gunther generator. The conclusions of this paper would offer theoretical references for designers and analyzers of clock-controlled generators.
基金Project supported by the Major Program of the Ministry of Industry and Information Technology of China(No.2017ZX01030301)the Beijing Natural Science Foundation of China(No.4162053)
文摘Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
基金the National Natural Science Foundation of China (90604023)Fujian Province Young Talent Program (2006F3044)+2 种基金Natural Science Foundation of Fujian Province (2006J0189)the Open Funds of Key Laboratory of Fujian Province University Network Security and Cryptology (07B002)Fujian Education Department Technology Program (JA07050)
文摘Carlet et al. recently introduced generalized nonlinearity to measure the ability to resist the improved correlation attack of a vector output Boolean function. This article presents a construction of vector output Boolean fimctions with high generalized nonlinearity using the e-biased sample space. The relation between the resilient order and generalized nonlinearity is also discussed.
