对比特搜索生成器的猜测确定攻击

Guess-and-determine Attack on the Bit-search Generator

下载PDF

导出

摘要针对具有低重量反馈多项式的比特搜索生成器(BSG),利用猜测确定攻击的思想提出了一种快速密钥恢复攻击。该算法基于BSG序列的差分构造特点,首先由截获的密钥流恢复出候选差分序列,然后用反馈多项式对候选差分序列进行校验,以此减少需要求解的L维线性方程系统的数量,从而大大减少了算法所需的复杂度。理论分析和仿真结果表明,对于反馈多项式的重量小于10的BSG,该算法明显优于现有的攻击方法。特别地当反馈多项式的重量为3时,该算法能够将最好的攻击结果O(L320.5L)降低到O(L20.5L)。 For the Bit-Search-Generators （BSG） with a low weight feedback polynomial, a fast key recovery algorithm is presented using the ideas of the guess-and-determine attack. A candidate differential sequence is recovered firstly from the intercepted keystream sequence based on the differential construction of the BSG sequence. Then the feedback polynomial is used to check the candidate differential sequence, which will reduce the number of the linear equation systems of L dimensions thus to reduce significantly the complexity of the algorithm. Theoretical analysis and simulation experiment results show that, when the weight of the feedback polynomial is less than 10, the complexity of the attack is noticeably better than that of the existing methods. Specially, the attack complexity can be significantly reduced from the best known attack complexity O（L320.5L） to O（L20.5L） when the weight is 3.

作者贾艳艳胡予濮高军涛

机构地区西安电子科技大学计算机网络与信息安全教育部重点实验室

出处《电子与信息学报》 EI CSCD 北大核心 2010年第12期2925-2929,共5页 Journal of Electronics & Information Technology

基金国家自然科学基金(60833008) 国家973计划项目(2007CB311201) 广西信息与通讯技术重点实验室基金(20902)资助课题

关键词流密码密码分析学比特搜索生成器猜测确定攻击复杂度分析 Stream cipher Cryptanalysis Bit-Search Generator （BSG） Guess-and-determine attacks Complexity analysis

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献12

1Coppersmith D,Krawczyk D,and Mansour Y.The shrinking generator[C].CRYPTO'93.Santa Barbara,USA,SpringerVerlag,1993:22-39.
2Meier W and Staffelbach O.The self-shrinking generator[C].EUROCRYPT'94.Santa Barbara,USA,Springer-Verlag,1994:205-214.
3Gouget A and Sibert H.The bit-search generator[C].In The State of the Art of Stream Ciphers:Workshop Record,Brugge,Belgium,2004:60-68.
4Debraize B and Goubin L.Guess-and-determine algebraic attack on the self-shrinking generator[C].FSE 2008.Lausanne,Switzerland,Spinger-Verlag,2008:235-252.
5Kanso A A.Modified clock-controlled alternating step generators[J].Computer Communications,2009,32(5):787-799.
6Hell M and Johansson T.Some attacks on the bit-search generator[C].FSE 2005.Berlin,Germany,Springer-Verlag,2005:215-227.
7Hell M and Johansson T.Two new attacks on the self-shrinking generator[J].IEEE Transactions on Information Theory,2006,52(8):3837-3843.
8Gouget A,Sibert H,Berbain C,and Coutois N,et al..Analysis of the bit-search generator and sequence compression techniques[C].FSE 2005.Berlin,Germany,Spinger-Verlag,2005:196-214.
9臧玉亮,韩文报.线性反馈移位寄存器的差分能量攻击[J].电子与信息学报,2009,31(10):2406-2410. 被引量：8
10Altug Y,Ayerden N P,Mihcak M K,and Anarim E.A note on the periodicity and the output rate of bit search type generators[J].IEEE Transactions on Information Theory,2008,54(2):666-679.

二级参考文献11

1Jean-Jacques Quisquater and Math RiZK. Side channel attacks, http://www.ipa.go.jp/security/enc/CRYPTREC/ fy15/doc/1047_Side_Channel_report.pdf, 2008.9.
2Zhou Yong-bin and Feng Deng-guo, et al.. Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing, http://eprint.iacr. org/2005 / 388.pdf, 2008.4.
3Courtois N T and Meier W, et al.. Algebraic attacks on stream ciphers with linear feedback [C]. Advances in Eurocrypt 2003, Warsaw Poland, Lecture Notes in Computer Science, May 4-8, 2003, Vol. 2656: 345-359.
4Kocher P C, Jae J, and Jun B, et al.. Differential power analysis [C]. CRYPTOv 99, Santa Barbara, CA, USA, Lecture Notes in Computer Science, Aug 15-19, 1999, Vol. 1666: 388-397.
5Gierlichs B, Batina L, and Clavier C, et al.. Susceptibility of eSTREAM candidates towards side channel analysis. http://www.ecrypt.eu.org/stream, 2008.3.
6ECRYPT. eSTREAM, http://www.ecrypt.eu.org/stream/, 2008.9.
7Lano J, Mentens N, and Preneel B, et al.. Power analysis of synchronous stream ciphers with resynchronization mechanism [C]. SASC Workshop, Novotel Brugge Centrum, Belgium, Workshop Record, Oct 14-15, 2004: 327-333.
8Burman S, Mukhopadhyay D, and Veezhinathan K, et al.. LFSR based stream ciphers are vulnerable to power attacks [C]. INDOCRYPT 2007, Chennai, INDIA, Lecture Notes in Computer Science, Dec 9-13, 2007, Vol. 4859: 384-392.
9Fischer W, Gammel B M, and Kniffier O, et al.. Differential power analysis of stream ciphers [C]. CT-RSA 2007, San Francisco, CA, USA, Lecture Notes in Computer Science, Feb 5-9, 2007, Vol. 4377: 257-270.
10Berbain C, Billet O, and Canteaut A, et al.. DECIMv2. http: / /www.ecrypt.eu.org/stream/ decim/ decim_p3.pdf, 2007.5.

共引文献7

1JIA Yan-yan,HU Yu-pu,ZHAO Yong-bin,GAO Jun-tao.Correlation power analysis of DECIM～v2[J].The Journal of China Universities of Posts and Telecommunications,2011,18(5):118-123. 被引量：3
2汪鹏君,郝李鹏.基于MSMV的抗差分能量攻击电路设计及其应用[J].电路与系统学报,2012,17(5):98-103. 被引量：1
3汪鹏君,张跃军,张学龙.防御差分功耗分析攻击技术研究[J].电子与信息学报,2012,34(11):2774-2784. 被引量：10
4汪鹏君,郝李鹏,张跃军.防御零值功耗攻击的AES SubByte模块设计及其VLSI实现[J].电子学报,2012,40(11):2183-2187. 被引量：14
5郝李鹏,汪鹏君,张跃军.具有抗差分能量攻击性能的JK触发器设计[J].电路与系统学报,2012,17(6):117-123. 被引量：2
6梁海华,盘丽娜.快速CRC逆序校验方法[J].计算机应用,2013,33(7):1833-1835. 被引量：4
7杨昌盛,于敬超,严迎建.Grain-128同步流密码的选择初始向量相关性能量攻击[J].计算机应用,2014,34(5):1318-1321. 被引量：3

1贾艳艳,胡予濮,高军涛.比特搜索生成器的快速密钥恢复攻击[J].电子科技大学学报,2011,40(5):783-786.
2孙延君,邓林,李海玉.插值法在密码学中的应用[J].电脑编程技巧与维护,2011(12):129-129.
3陈浩,王韬,张帆,赵新杰.基于故障信息的SOSEMANUK猜测确定攻击[J].华中科技大学学报（自然科学版）,2017,45(2):72-77. 被引量：1
4王锦玲.一类钟控序列线性复杂度的界[J].信息安全与通信保密,1994,16(4):44-48.
5张坤.广播电视发射天线技术及应用[J].黑龙江科技信息,2015(30).
6Vasilios E. Tourloupis Lei Wang.《现代Hash函数综述》[J].中国电子商情（通信市场）,2009(6):114-126.
7辛艳,粟欣.我国及全球B3G/4G研究及标准化进展[J].移动通信,2006,30(10):13-17. 被引量：5
8温巧燕,杨义先.满足K次扩散准则的平衡相关免疫函数的构造[J].北京邮电大学学报,1998,21(3):38-40. 被引量：5
9BSG推出Reveel耳机信号还原器[J].高保真音响,2014(4):105-105.
10甘靖,彭庆军,张红.前馈密钥流生成器的高阶差分攻击[J].湖南理工学院学报（自然科学版）,2007,20(2):21-24.

电子与信息学报

2010年第12期

浏览历史

内容加载中请稍等...

对比特搜索生成器的猜测确定攻击

参考文献12

二级参考文献11

共引文献7

相关作者

相关机构

相关主题

浏览历史