摘要
检测评估是研究密码算法安全性的重要技术手段.随机特性是其中重要而实用的测评内容.针对密码算法的随机性,已有多种不同的检测方法,但是对繁杂的随机性检测结果,尚不存在一个完整实用的量化评估体系和模型.选择分组密码为实例,研究了对密码算法随机性的量化评估.根据分组密码的设计准则,提出一个分组密码随机性的评估指标体系,以模糊多准则决策为基础给出了一个实用的分组密码随机性评估模型.该模型采用模糊数学中的隶属度函数方法,对随机性检测结果进行模糊化处理,能够反映出随机性的连续和渐变特点,有效解决了单纯的阈值方法造成的评估信息丢失问题.该模型的优点是实现了对分组密码随机性的量化评估,为密码算法的综合评估提供基础.同时,给出了对单个指标和属性的通用的评估流程,因此,该模型也可稍加修改和扩展,应用于其他类型密码算法的随机性评估中.
Evaluation plays an important role in security of cryptology, among which randomness is one of the most practical contents. There exist several test methods and software packages for randomness test now. But there isn't an integrated and applied quantitative evaluation model for manipulating the vast results at present. In this paper, randomness evaluation of cryptography is studied and block cipher is selected as a research instance. A tree-type index system for randomness is proposed by analyzing design principles of block cipher, and an evaluation model is built based on fuzzy multi-criteria decision-making. In this model, membership function is used to process randomness result, which can express the continuous and gradual character of randomness and can overcome the problem of information loss introduced by threshold method. This model has some advantages such as offering an effective method to quantitatively evaluate the randomness of block cipher, and providing a foundation of comprehensive evaluation of cryptography. The analysis also shows that the model is practical because its consumption of space and time is very low. Furthermore the model provides a general evaluation process for single index and attribute, and it can be easily modified to deal with the case of other fundamental types of cryptographic primitives, such as stream cipher.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2008年第12期2095-2101,共7页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60503014,60603013)
国家“八六三”高技术研究发展计划基金项目(2007AA01Z470,2008AA01Z417)
京市自然科学基金项目(4072026)~~
关键词
密码算法
随机性检测
评估模型
模糊评价
隶属度函数
cryptography
randomness test
evaluation model
fuzzy evaluation
membership function
