Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
A digital image encryption scheme using chaotic map lattices has been proposed recently. In this paper, two fatal flaws of the cryptosystem are pointed out. According to these two drawbacks, cryptanalysts could recove...A digital image encryption scheme using chaotic map lattices has been proposed recently. In this paper, two fatal flaws of the cryptosystem are pointed out. According to these two drawbacks, cryptanalysts could recover the plaintext by applying the chosen plaintext attack. Therefore, the proposed cryptosystem is not secure enough to be used in the image transmission system. Experimental results show the feasibility of the attack. As a result, we make some improvements to the encryption scheme, which can completely resist our chosen plaintext attack.展开更多
The security of quantum broadcast communication(QBC) and authentication protocol based on Greenberger–Horne–Zeilinger(GHZ) state and quantum one-time pad is analyzed. It is shown that there are some security iss...The security of quantum broadcast communication(QBC) and authentication protocol based on Greenberger–Horne–Zeilinger(GHZ) state and quantum one-time pad is analyzed. It is shown that there are some security issues in this protocol.Firstly, an external eavesdropper can take the intercept–measure–resend attack strategy to eavesdrop on 0.369 bit of every bit of the identity string of each receiver without being detected. Meanwhile, 0.524 bit of every bit of the secret message can be eavesdropped on without being detected. Secondly, an inner receiver can take the intercept–measure–resend attack strategy to eavesdrop on half of the identity string of the other's definitely without being checked. In addition, an alternative attack called the CNOT-operation attack is discussed. As for the multi-party QBC protocol, the attack efficiency increases with the increase of the number of users. Finally, the QBC protocol is improved to a secure one.展开更多
The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanal...The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanalysis attack after 5 rounds while IDEA(8) needs 7 rounds for the same level of security. The transition matrix for IDEA(16) and its eigenvalue of second largest magnitude are computed. The storage method for the transition matrix has been optimized to speed up file I/O. The emphasis of the work lies in finding out an effective way of computing the eigenvalue of the matrix. To lower time complexity, three mature algorithms in finding eigenvalues are compared from one another and subspace iteration algorithm is employed to compute the eigenvalue of second largest module, with a precision of 0.001.展开更多
In this paper, we present the results for the security and the possible attacks on a new symmetric key encryption algorithm based on the ergodicity property of a logistic map. After analysis, we use mathematical induc...In this paper, we present the results for the security and the possible attacks on a new symmetric key encryption algorithm based on the ergodicity property of a logistic map. After analysis, we use mathematical induction to prove that the algorithm can be attacked by a chosen plaintext attack successfully and give an example to show how to attack it. According to the cryptanalysis of the originM Mgorithm, we improve the originM Mgorithm, and make a brief cryptanalysis. Compared with the original algorithm, the improved algorithm is able to resist a chosen plaintext attack and retain a considerable number of advantages of the original algorithm such as eneryption speed, sensitive dependence on the key, strong anti-attack capability, and so on.展开更多
We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy sig...We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy signature by impersonating the stiver Furthermore, he canrequest the server with responsibility for the forged bidding information.展开更多
In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose...In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.展开更多
Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then onl...Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signature.In this scheme,they claimed that original signers cannot forge the proxy signature and the proxy signers cannot forge signature on behalf of the original signers.However,in this paper,we will give a attack to show that their scheme can not resist impersonation attacks.展开更多
A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryp...A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.展开更多
The Tiny Encryption Algorithm (TEA) is a Feistel block cipher well known for its simple implementation, small memory footprint, and fast execution speed. In two previous studies, genetic algorithms (GAs) were employed...The Tiny Encryption Algorithm (TEA) is a Feistel block cipher well known for its simple implementation, small memory footprint, and fast execution speed. In two previous studies, genetic algorithms (GAs) were employed to investigate the randomness of TEA output, based on which distinguishers for TEA could be designed. In this study, we used quan-tum-inspired genetic algorithms (QGAs) in the cryptanalysis of TEA. Quantum chromosomes in QGAs have the advan-tage of containing more information than the binary counterpart of the same length in GAs, and therefore generate a more diverse solution pool. We showed that QGAs could discover distinguishers for reduced cycle TEA that are more efficient than those found by classical GAs in two earlier studies. Furthermore, we applied QGAs to break four-cycle and five-cycle TEAs, a considerably harder problem, which the prior GA approach failed to solve.展开更多
In a recent work [Quantum Inf. Process 12 (2013) 1077], a multi-user protocol of quantum private comparison of equality (QPCE) is presented. Here we point out that if we relax the constraint of a semi-honest third...In a recent work [Quantum Inf. Process 12 (2013) 1077], a multi-user protocol of quantum private comparison of equality (QPCE) is presented. Here we point out that if we relax the constraint of a semi-honest third party, the private information of the users will be totally leaked out to the third party. A special attack is demonstrated in detail. Furthermore, a possible improvement is proposed, which makes the protocol secure against this kind of attack.展开更多
Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certai...Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.展开更多
Advances in quantum computation threaten to break public key eryptosystems that are based on the difficulty of fac- torization or the difficulty of discrete logariths, although , no quantum algorithms have been found ...Advances in quantum computation threaten to break public key eryptosystems that are based on the difficulty of fac- torization or the difficulty of discrete logariths, although , no quantum algorithms have been found to be able to solve certain mathematical problems on non-commutative algebraic structures up to now. The proposed new quasi-inverse based cryptography scheme is vulnerable to a linear algebra attack based on the probable occurrence of weak keys in the generation process. In this paper, we illustrate that two of the quasi-inverse based cryptography are vulnerable to a structural attack and that it only requires polynomial time to obtain the equivalent keys for some given public keys. In addition, we conduct a detailed analysis on attack methods and provide some improved suggestions on these two schemes.展开更多
This paper first presents an impossible differential property for 5-round Advanced Encryption Standard (AES) with high probability. Based on the property and the impossible differential cryptanalytic method for the ...This paper first presents an impossible differential property for 5-round Advanced Encryption Standard (AES) with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2^121 words of memory, and performs 2^148 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2^153 words of memory, and performs 2^180 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 2^98 chosen plaintexts for this attack, and have the same probability that is only 2^-3 to fail to recover the secret key.展开更多
4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations h...4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations have been counted for all of 16 input and 16 output 4-bit bit patterns of 4-bit Crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these two cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new analysis techniques, one to search for the existing linear approximations among the input vectors (IPVs) and output Boolean functions (BFs) of a particular S-box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number of existent linear relations among all 16, 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.展开更多
A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential pro...A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2^-19, which extends the known results for the 2-round SPN. Furthermore, when using a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2^-73.展开更多
Zhang et al. proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low computation and communication costs, and so on. However, we find a problem in their scheme that the verifier can ...Zhang et al. proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low computation and communication costs, and so on. However, we find a problem in their scheme that the verifier can not distinguish whether the multisignature is signed by all the signers of the group or only by the last signer. Thus, any single signature created by the last signer can be used as a multisignaturr created by the whole group members. This paper proposes an improved scheme that can overcome the defect. In the new scheme, the identity messages of all the signers are added in the multisignature and used in verification phase, so that the verifier can know the signature is generated by which signers. Performance analysis shows that the proposed scheme costs less computation than the original scheme in both signature and verification phases. Furthermore, each partial signature is based on the signer's identity certificate, which makes the scheme more secure.展开更多
In this paper we provide a novel approach for breaking a significant class of block ciphers, the so-called SPN ciphers, using the process of gene assembly in ciliates. Our proposed scheme utilizes, for the first time,...In this paper we provide a novel approach for breaking a significant class of block ciphers, the so-called SPN ciphers, using the process of gene assembly in ciliates. Our proposed scheme utilizes, for the first time, the Turing-powerful potential of gene assembly procedure of ciliated protozoa into the real world computations and has a fewer number of steps than the other proposed schemes to break a cipher. We elaborate notions of formal language theory based on AIR systems, which can be thought of as a modified version of intramolecular scheme to model the ciliate bio-operations, for construction of building blocks necessary for breaking the cipher, and based on these nature-inspired constructions which are as powerful as Turing machines, we propose a theoretical approach for breaking SPN ciphers. Then, we simulate our proposed plan for breaking these ciphers on a sample block cipher based on this structure. Our results show that the proposed scheme has 51.5 percent improvement over the best previously proposed nature-inspired scheme for breaking a cipher.展开更多
This paper studies the security of an image encryption scheme based on the Hill cipher (Ismail et al., 2006) and reports its following problems: (1) There is a simple necessary and sufficient condition that makes a nu...This paper studies the security of an image encryption scheme based on the Hill cipher (Ismail et al., 2006) and reports its following problems: (1) There is a simple necessary and sufficient condition that makes a number of secret keys invalid; (2) It is insensitive to the change of the secret key; (3) It is insensitive to the change of the plain-image; (4) It can be broken with only one known/chosen plaintext; (5) It has some other minor defects. The proposed cryptanalysis discourages any use of the scheme in practice.展开更多
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
基金Project supported by the National Natural Science Foundation of China (Grant Nos. 61173183, 60973152, and 60573172)the Doctoral Program Foundation of Institution of Higher Education of China (Grant No. 20070141014)+2 种基金the Program for Excellent Talents in Universities of Liaoning Province, China (Grant No. LR2012003)the Natural Science Foundation of Liaoning Province, China (Grant No. 20082165)the Fundamental Research Funds for the Central Universities of China (Grant No. DUT12JB06)
文摘A digital image encryption scheme using chaotic map lattices has been proposed recently. In this paper, two fatal flaws of the cryptosystem are pointed out. According to these two drawbacks, cryptanalysts could recover the plaintext by applying the chosen plaintext attack. Therefore, the proposed cryptosystem is not secure enough to be used in the image transmission system. Experimental results show the feasibility of the attack. As a result, we make some improvements to the encryption scheme, which can completely resist our chosen plaintext attack.
基金supported by the National Natural Science Foundation of China(Grant Nos.61502101 and 61170321)the Natural Science Foundation of Jiangsu Province,China(Grant No.BK20140651)+2 种基金the Research Fund for the Doctoral Program of Higher Education,China(Grant No.20110092110024)Funded by PAPDCICAEET
文摘The security of quantum broadcast communication(QBC) and authentication protocol based on Greenberger–Horne–Zeilinger(GHZ) state and quantum one-time pad is analyzed. It is shown that there are some security issues in this protocol.Firstly, an external eavesdropper can take the intercept–measure–resend attack strategy to eavesdrop on 0.369 bit of every bit of the identity string of each receiver without being detected. Meanwhile, 0.524 bit of every bit of the secret message can be eavesdropped on without being detected. Secondly, an inner receiver can take the intercept–measure–resend attack strategy to eavesdrop on half of the identity string of the other's definitely without being checked. In addition, an alternative attack called the CNOT-operation attack is discussed. As for the multi-party QBC protocol, the attack efficiency increases with the increase of the number of users. Finally, the QBC protocol is improved to a secure one.
基金Supported by the National Natural Science Foundation of China (60573032, 90604036)Participation in Research Project of Shanghai Jiao Tong University
文摘The security of international date encryption algorithm (IDEA(16)), a mini IDEA cipher, against differential cryptanalysis is investigated. The results show that [DEA(16) is secure against differential cryptanalysis attack after 5 rounds while IDEA(8) needs 7 rounds for the same level of security. The transition matrix for IDEA(16) and its eigenvalue of second largest magnitude are computed. The storage method for the transition matrix has been optimized to speed up file I/O. The emphasis of the work lies in finding out an effective way of computing the eigenvalue of the matrix. To lower time complexity, three mature algorithms in finding eigenvalues are compared from one another and subspace iteration algorithm is employed to compute the eigenvalue of second largest module, with a precision of 0.001.
基金supported by the National Natural Science Foundation of China (Grant Nos. 61173183, 60573172, and 60973152)the Doctoral Program Foundation of Institution of Higher Education of China (Grant No. 20070141014)the Natural Science Foundation of Liaoning Province, China (Grant No. 20082165)
文摘In this paper, we present the results for the security and the possible attacks on a new symmetric key encryption algorithm based on the ergodicity property of a logistic map. After analysis, we use mathematical induction to prove that the algorithm can be attacked by a chosen plaintext attack successfully and give an example to show how to attack it. According to the cryptanalysis of the originM Mgorithm, we improve the originM Mgorithm, and make a brief cryptanalysis. Compared with the original algorithm, the improved algorithm is able to resist a chosen plaintext attack and retain a considerable number of advantages of the original algorithm such as eneryption speed, sensitive dependence on the key, strong anti-attack capability, and so on.
文摘We ayptanalyze Kim et. al's one-time proxy signature scheme used in mobileagents, and then a successful forgery is introduced It is showed that a dishonest customer cansuccessfully forge a valid one-time proxy signature by impersonating the stiver Furthermore, he canrequest the server with responsibility for the forged bidding information.
文摘In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.
基金Supported by the National Natural Science Foundation of China(10871205)
文摘Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signature.In this scheme,they claimed that original signers cannot forge the proxy signature and the proxy signers cannot forge signature on behalf of the original signers.However,in this paper,we will give a attack to show that their scheme can not resist impersonation attacks.
基金supported by the State Key Program of National Natural Science of China(Grant Nos. 61332019)the National Natural Science Foundation of China (61572303)+7 种基金National Key Research and Development Program of China ( 2017YFB0802003 , 2017YFB0802004)National Cryptography Development Fund during the 13th Five-year Plan Period (MMJJ20170216)the Foundation of State Key Laboratory of Information Security (2017-MS-03)the Fundamental Research Funds for the Central Universities(GK201702004,GK201603084)Major State Basic Research Development Program of China (973 Program) (No.2014CB340600)National High-tech R&D Program of China(2015AA016002, 2015AA016004)Natural Science Foundation of He Bei Province (No. F2017201199)Science and technology research project of Hebei higher education (No. QN2017020)
文摘A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.
文摘The Tiny Encryption Algorithm (TEA) is a Feistel block cipher well known for its simple implementation, small memory footprint, and fast execution speed. In two previous studies, genetic algorithms (GAs) were employed to investigate the randomness of TEA output, based on which distinguishers for TEA could be designed. In this study, we used quan-tum-inspired genetic algorithms (QGAs) in the cryptanalysis of TEA. Quantum chromosomes in QGAs have the advan-tage of containing more information than the binary counterpart of the same length in GAs, and therefore generate a more diverse solution pool. We showed that QGAs could discover distinguishers for reduced cycle TEA that are more efficient than those found by classical GAs in two earlier studies. Furthermore, we applied QGAs to break four-cycle and five-cycle TEAs, a considerably harder problem, which the prior GA approach failed to solve.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61402058,61572086 and 61370203the Fund for Middle and Young Academic Leaders of Chengdu University of Information Technology under Grant No J201511+2 种基金the Science and Technology Support Project of Sichuan Province under Grant No 2013GZX0137the Fund for Young Persons Project of Sichuan Province under Grant No 12ZB017the Foundation of Cyberspace Security Key Laboratory of Sichuan Higher Education Institutions under Grant No szjj2014-074
文摘In a recent work [Quantum Inf. Process 12 (2013) 1077], a multi-user protocol of quantum private comparison of equality (QPCE) is presented. Here we point out that if we relax the constraint of a semi-honest third party, the private information of the users will be totally leaked out to the third party. A special attack is demonstrated in detail. Furthermore, a possible improvement is proposed, which makes the protocol secure against this kind of attack.
基金supported in part by the National Natural Science Foundation of China(Grant Nos.61303212,61170080,61202386)the State Key Program of National Natural Science of China(Grant Nos.61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(Grant No.91018008)Major State Basic Research Development Program of China(973 Program)(No.2014CB340600)the Hubei Natural Science Foundation of China(Grant Nos.2011CDB453,2014CFB440)
文摘Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.
基金Supported by the National Natural Science Foundation of China(61303212,61170080,61202386)the State Key Program of National Natural Science of China(61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(91018008)Major State Basic Research Development Program of China(973 Program)(2014CB340600)the Natural Science Foundation of Hubei Province(2011CDB453,2014CFB440)
文摘Advances in quantum computation threaten to break public key eryptosystems that are based on the difficulty of fac- torization or the difficulty of discrete logariths, although , no quantum algorithms have been found to be able to solve certain mathematical problems on non-commutative algebraic structures up to now. The proposed new quasi-inverse based cryptography scheme is vulnerable to a linear algebra attack based on the probable occurrence of weak keys in the generation process. In this paper, we illustrate that two of the quasi-inverse based cryptography are vulnerable to a structural attack and that it only requires polynomial time to obtain the equivalent keys for some given public keys. In addition, we conduct a detailed analysis on attack methods and provide some improved suggestions on these two schemes.
基金Supported by the Foundation of National Labora-tory for Modern Communications (51436030105DZ0105)
文摘This paper first presents an impossible differential property for 5-round Advanced Encryption Standard (AES) with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2^121 words of memory, and performs 2^148 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2^153 words of memory, and performs 2^180 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 2^98 chosen plaintexts for this attack, and have the same probability that is only 2^-3 to fail to recover the secret key.
文摘4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations have been counted for all of 16 input and 16 output 4-bit bit patterns of 4-bit Crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these two cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new analysis techniques, one to search for the existing linear approximations among the input vectors (IPVs) and output Boolean functions (BFs) of a particular S-box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number of existent linear relations among all 16, 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.
基金Supported by the National Natural Science Foun-dation of China(60503010) and the Foundation of National Laboratory for Modern communications(51436030105DZ0105)
文摘A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2^-19, which extends the known results for the 2-round SPN. Furthermore, when using a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2^-73.
基金The National Natural Science Foundation of China (No.60403027)
文摘Zhang et al. proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low computation and communication costs, and so on. However, we find a problem in their scheme that the verifier can not distinguish whether the multisignature is signed by all the signers of the group or only by the last signer. Thus, any single signature created by the last signer can be used as a multisignaturr created by the whole group members. This paper proposes an improved scheme that can overcome the defect. In the new scheme, the identity messages of all the signers are added in the multisignature and used in verification phase, so that the verifier can know the signature is generated by which signers. Performance analysis shows that the proposed scheme costs less computation than the original scheme in both signature and verification phases. Furthermore, each partial signature is based on the signer's identity certificate, which makes the scheme more secure.
文摘In this paper we provide a novel approach for breaking a significant class of block ciphers, the so-called SPN ciphers, using the process of gene assembly in ciliates. Our proposed scheme utilizes, for the first time, the Turing-powerful potential of gene assembly procedure of ciliated protozoa into the real world computations and has a fewer number of steps than the other proposed schemes to break a cipher. We elaborate notions of formal language theory based on AIR systems, which can be thought of as a modified version of intramolecular scheme to model the ciliate bio-operations, for construction of building blocks necessary for breaking the cipher, and based on these nature-inspired constructions which are as powerful as Turing machines, we propose a theoretical approach for breaking SPN ciphers. Then, we simulate our proposed plan for breaking these ciphers on a sample block cipher based on this structure. Our results show that the proposed scheme has 51.5 percent improvement over the best previously proposed nature-inspired scheme for breaking a cipher.
基金the National Basic Research Program of China(No. 2006CB303104)the City University of Hong Kong under theSRG Project, China (No. 7002134)
文摘This paper studies the security of an image encryption scheme based on the Hill cipher (Ismail et al., 2006) and reports its following problems: (1) There is a simple necessary and sufficient condition that makes a number of secret keys invalid; (2) It is insensitive to the change of the secret key; (3) It is insensitive to the change of the plain-image; (4) It can be broken with only one known/chosen plaintext; (5) It has some other minor defects. The proposed cryptanalysis discourages any use of the scheme in practice.
