对Bivium流密码的变元猜测代数攻击被引量：4

Guessing Specific Variables in Algebraic Attacks on Bivium

下载PDF

导出

摘要非线性方程组的求解是代数攻击的关键一环.对于一个具体的密码系统,在转化为方程组后,由于其计算上的复杂性,一般采用先猜测部分变元,再进行求解分析的方法.本文首先给出了对于猜测部分变元后子系统平均求解时间的估计模型,提出了基于动态权值以及静态权值的猜测变元选则方法和面向寄存器的猜测方法.在计算Gr bner基的过程中,对变元序的定义采用了AB,S,S-rev,SM,DM等十种新的序.同时,提出了矛盾等式的概念,这对正确分析求解结果以及缩小猜测空间有重要作用.最后,我们对Bivium流密码算法的攻击时间进行了估计.结果表明,在最坏情况下,使用DM-rev序及Evy3的猜测位置,猜测60个变元有最优的攻击结果,约2 exp(39.16)秒. Solving an equation system is a very important step in algebraic attack.For a cryptosystem,after being transformed to equations,we often need to employ guess-and-determine algorithm to estimate computational complexity of this attack.In this paper,we introduce a model to estimate average time in solving subsystems more accurately,and propose some criteria on selecting specific guessed variables to speed up the solving efficiency,which based on static weight and dynamic weight etc.For comupting Grbner bases,we use serveral varible order which are AB,S,S-rev etc.Meanwhile,we introduce the concept of conflicting equations,and show the importance for correct analysis and narrow guessing space.In the end,we estimate the time of attacking Bivium.Experiments showed that,in the worst cases,guessing 60 varibles in the Evy3 position and with DM-rev varible order will have the optimal result,that is about 2 exp（39.16） seconds.

作者李昕林东岱

机构地区中国科学院软件研究所信息安全国家重点实验室中国科学院研究生院

出处《电子学报》 EI CAS CSCD 北大核心 2011年第8期1727-1732,共6页 Acta Electronica Sinica

基金国家863高技术研究发展计划(No.2011CB302400) 国家自然科学基金(No.60970152)

关键词方程组求解 Grbner基 Bivium流密码算法猜测决策算法矛盾等式 equations solving Grbner bases Bivium guess-and-determine algorithm conflicting equations

分类号 TP301 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献17

1Nicolas T Courtois. Higher order correlation attacks,XL algo- rithm and cryptanalysis of toyocrypt [ A ]. ICISI 2002 [ C ], Berlin: Springer-Verlag, 2002. 182 - 199.
2Nicolas T Courtois, Wirdli Meier. Algebraic attacks on slream ci- phers with linear feedback [ A 1. EUR(-I1YFF 2003 [ C 1. Berlin: Springer-Verlag, 2003.345 - 359.
3C McDonald, C Chames, J Pieprzyk. Attacking bivium with minisat[A]. SAT'08 Proceedings of the llth International Conference on Theory and Applications of Safisfiability Testing [C]. Berlin: Springer-Verlag, 2008.63 - 76.
4谢佳,王天择.寻找布尔函数的零化子[J].电子学报,2010,38(11):2686-2690. 被引量：6
5Nicolas Courtois, Adi Shamir, et al. Efficient algorithms for solving overdefined systems of multivariate polynomial equa- tions[ A]. EUROCRYPT'00 Proceedings of the 19th Interna- tional Conference on Theory and Application of Cryptographic Techniques [ C ]. Berlin: Springer- Verlag, 2000.392 - 407.
6Fengjuan CHAI Xiao-Shan GAO Chunming YUAN.A CHARACTERISTIC SET METHOD FOR SOLVING BOOLEAN EQUATIONS AND APPLICATIONS IN CRYPTANALYSIS OF STREAM CIPHERS[J].Journal of Systems Science & Complexity,2008,21(2):191-208. 被引量：17
7Faug&e J C. A new effcient algorithm for computing Gr6bner bases (F4) [ J ]. Pure Appl Algebra, 1999,139: 61 - 88.
8Faugere J-C.A new efficient algorithm for computing Gr6bner bases without reduction to zero (F5) [A ]. ISSAC' 02: Proceed- ings from the International Sympositun on Symbolic and Alge- braic Computation[ C]. Berlin: Springer-Verlag, 2002.75 - 83.
9Jean-Charles Faugere, Antoine Joux. Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using groebner basesE J] .Advances in Cryptology,2003,2729:44- 60.
10Tobias Eibach, Gunnar Volkel, Enrico Pilz. OpOmising Grebner bases on bivium[ J] .Mathematics in Computer Sci- ence, 2010,3 : 159 - 172 .

二级参考文献15

1李邦河.分解多项式升列为不可约升列的算法(英文)[J].应用泛函分析学报,2005,7(2):97-105. 被引量：4
2张文英,武传坤,于静之.密码学中布尔函数的零化子[J].电子学报,2006,34(1):51-54. 被引量：16
3Nicolas T Courtois,Wili.Meier.Algebraic attacks on stream ciphers with linear feedback.Adcances in Cryptology-EUROCRYPT 2003,LNCS 2656.Springer-Verlag,2003.346-359.
4M Mihaljevie,H Imai.Cryptanalysis of Toyocrypt-HIS stream cipher[J].IEICE Transactions on Fundamentals,2002,E85-A:66-73.
5Steven Babbage,Cryptanalysis of LILI-128.2001.http://www.cosic.esat.kuleuven.ac.be/nessie/reports/.
6C E Shannon.Communication theory of secrecy system[J].Bell System Technical Journal,1949,28(4):656-715.http://netlab.cs.ucla.edu/wiki/files /shannon1949.pdf.
7D K Dalai,S Maitra,S Sarkar.Basic theory in construction of boolean functions with maximum possible annihilator immunity[J].Designs,Codes and Cryptography 2006,40(1):41-58.
8Na Li,Wen-Feng,Qi.Construction and analysis of boolean functions of 2t+1 variables with maximum algebraic immunity.Asiacrypt 2006,LNCS 4284.Springer-Verlag,2006.84-98.
9W Meier,E Pasalic,C Carlet.Algebraic attacks and decomposition of boolean functions.In Advances in Cryptology-EUROCRYPT 2004,LNCS 3027.Springer-Verlag,2004.474-491.
10Anne Canteaut.Open problems related to algebraic attacks on stream ciphers.In International Workshop on Coding and Cryptography 2005,LNCS 3969.Springer Verlag,2006.120-134.

共引文献20

1高小山,袁春明,张桂林.RITT-WU'S CHARACTERISTIC SET METHOD FOR ORDINARY DIFFERENCE POLYNOMIAL SYSTEMS WITH ARBITRARY ORDERING[J].Acta Mathematica Scientia,2009,29(4):1063-1080. 被引量：5
2Chunming YUAN Xiao-Shan GAO Key Laboratory of Mathematics Mechanization,Institute of Systems Science,Academy of Mathematics and Systems Science,Chinese Academy of Sciences,Beijing 100190,China..A CRITERION FOR TESTING WHETHER A DIFFERENCE IDEAL IS PRIME[J].Journal of Systems Science & Complexity,2009,22(4):627-635.
3Liyong SHEN,Chunming YUAN.IMPLICITIZATION USING UNIVARIATE RESULTANTS[J].Journal of Systems Science & Complexity,2010,23(4):804-814. 被引量：2
4李晓亮,王东明.有限域上多项式集的简单分解[J].系统科学与数学,2012,32(1):15-26.
5祁传达,俞迎达.一类布尔函数零化子的代数次数[J].电子学报,2012,40(6):1177-1179. 被引量：3
6Zhenyu HUANG.PARAMETRIC EQUATION SOLVING AND QUANTIFIER ELIMINATION IN FINITE FIELDS WITH THE CHARACTERISTIC SET METHOD[J].Journal of Systems Science & Complexity,2012,25(4):778-791. 被引量：3
7李昕,林东岱,徐琳.一种布尔多项式的高效计算机表示[J].计算机研究与发展,2012,49(12):2568-2574. 被引量：3
8欧智慧,赵亚群,李旭.一类密码函数的构造与分析[J].通信学报,2013,34(4):106-113. 被引量：2
9裴东林,李旭.关于RSA算法中代数结构的进一步研究[J].计算机应用,2013,33(11):3244-3246.
10柴凤娟.步进的特征列算法及其在流密码分析中的应用[J].系统科学与数学,2014,34(3):273-283.

同被引文献59

1M E Hellman,R.Merkle,R.Schroppel,L Washington,W Diffe,S Pohlig,P Schweitzer.Results of an Initial Attempt to cryptanalyze the NBS Data Encryption Standard[R].Stanford Univercity:Technical Report,SEL 76-042,1976.3-10.
2Ingrid Schaumuller-Bichl.Zur Analyse DES Data Encryption Standard UndSynthese Verwandter Chiffriersysteme[D].Linz University,1981.17-27.
3I Schaumuller-Bichl.Cryptanalysis of the data encryption standard by the method of formal coding[A].David Chaum.Advances in Cryptology,Proceedings of CRYPTO 1983[C].USA:Springer-Verlag,LNCS 149,1983.235-255.
4Wenling Wu,Lei Zhang.LBlock:A lightweight block cipher[A].2011 9th International Conference on Applied Cryptography and Network Security[C].Spain:Springer-Verlag,LNCS 6715,2011.327-344.
5Izadi,M Sadeghiyan,B Sadeghian,S Khanooki.MIBS:A new lightweight block cipher[A],Otsuka,Akira.2009 8th International Conference on Cryptology and Network Security[C].Japan:Springer-Verlag,LNCS 5888,2009.334-348.
6Guo J,Peyrin T,Poschmann A,Robshaw M.The LED block cipher[A].2011 Workshop on Cryptographic Hardware and Embedded Systems[C].Japan:Springer-Verlag,LNCS 6917,2011.326-341.
7Nicolas T Courtois,Pouyan Sepehrdad,Petr Susil,Serge Vaudenay.ElimLin algorithm revisited[A].Fast Software Encryption 2012[C].Washington,DC:Springer-Verlag,LNCS 7549,2012.306-325.
8Ya Liu,Dawu Gu,Zhiqiang Liu,Wei Li.Impossible differential attacks on reduced-round LBlock[A].The 8th International Conference on Information Security Practice and Experience 2012[C].Hangzhou:Springer-Verlag,LNCS 7232,2012.97-108.
9Marine Minier,Maria Naya-Plasencia.A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock[J].Information Processing Letters,2012(112):624-629.
10Diffie,W,Hellman,M.Special feature exhaustive cryptanalysis of the NBS data encryption standard[J].Computer,10,1977:74-84.

引证文献4

1裴东林,李旭.关于RSA算法中代数结构的进一步研究[J].计算机应用,2013,33(11):3244-3246.
2彭昌勇,朱创营,黄莉,祝跃飞,王靳辉.对分组密码的形式化函数分析及其应用[J].电子学报,2013,41(11):2314-2316. 被引量：1
3丁林,关杰.Trivium流密码的基于自动推导的差分分析[J].电子学报,2014,42(8):1647-1652. 被引量：5
4张焕国,刘金会,贾建卫,毛少武,吴万青.矩阵分解在密码中应用研究[J].密码学报,2014,1(4):341-357. 被引量：6

二级引证文献12

1王健,戚文峰,郑群雄.模m加法的一类线性逼近关系研究[J].电子学报,2015,43(11):2194-2199.
2ZHAO Guosheng,WANG Jian.Security Analysis and Enhanced Design of a Dynamic Block Cipher[J].China Communications,2016,13(1):150-160. 被引量：3
3刘金会,张焕国,贾建卫,王后珍,毛少武,吴万青.HKKS密钥交换协议分析[J].计算机学报,2016,39(3):516-528. 被引量：7
4张红芹,赵一峥,徐孜立,邹雪妍,岳华.基于旋转矩阵的加密解密算法[J].吉林大学学报（理学版）,2016,54(2):229-233.
5LIU Jinhui,ZHANG Huanguo,JIA Jianwei.Cryptanalysis of Schemes Based on Pseudoinverse Matrix[J].Wuhan University Journal of Natural Sciences,2016,21(3):209-213.
6Jinhui Liu,Aiwan Fan,Jianwei Jia,Huanguo Zhang,Houzhen Wang,Shaowu Mao.Cryptanalysis of Public Key Cryptosystems Based on Non-Abelian Factorization Problems[J].Tsinghua Science and Technology,2016,21(3):344-351. 被引量：3
7Jianwei Jia,Jinhui Liu,Huanguo Zhang.Cryptanalysis of Cryptosystems Based on General Linear Group[J].China Communications,2016,13(6):217-224. 被引量：1
8贾建卫,刘金会,吴朔媚,张焕国,康遥.破解R.S.Bhalerao公钥加密方案[J].武汉大学学报（理学版）,2016,62(5):425-428.
9贾平,徐洪,来学嘉.LBlock-s算法的不可能差分分析[J].电子学报,2017,45(4):966-973. 被引量：2
10施泰荣,关杰,李俊志,王森鹏.故障模型下MORUS算法的差分扩散性质研究[J].软件学报,2018,29(9):2861-2873. 被引量：2

1王蕊.卡巴斯基揭示DDoS攻击新趋势[J].计算机与网络,2015,41(23):57-57.
2吴文怡,吴一全.基于Contourlet变换的红外弱小目标检测方法[J].红外与激光工程,2008,37(1):136-138. 被引量：13
3蹇继贵.非线性神经网络模型部分变元稳定性研究[J].武汉水利电力大学（宜昌）学报,1997,19(3):25-30. 被引量：1
4关治洪,刘永清.非线性时滞大系统的分解及其部分变元的稳定性(英文)[J].控制理论与应用,1993,10(4):392-398.
5徐志斌,郑大钟.基于分解子网的Petri网不变量的分析[J].控制与决策,1997,12(2):103-108. 被引量：3
6董艳,成和平.层次分析法在合理选择网络攻击时间中的应用[J].四川师范大学学报（自然科学版）,2006,29(6):756-758. 被引量：3
7蹇继贵.Hopfield连续神经网络部分变元的稳定性[J].葛洲坝水电工程学院学报,1996,18(2):24-32.
8张毅,冯晓林,罗元.基于改进小波包与样本熵的表面肌电信号特征提取[J].计算机应用研究,2015,32(3):701-704. 被引量：5
9孙含欣,佟冬,袁鹏,程旭.基于簇的寄存器堆功耗管理方法[J].电子学报,2008,36(2):278-284. 被引量：2
10廖恒,李三立.虚拟寄存器结构[J].计算机学报,1996,19(11):801-809. 被引量：4

电子学报

2011年第8期

浏览历史

内容加载中请稍等...

对Bivium流密码的变元猜测代数攻击被引量：4

参考文献17

二级参考文献15

共引文献20

同被引文献59

引证文献4

二级引证文献12

相关作者

相关机构

相关主题

浏览历史

对Bivium流密码的变元猜测代数攻击 被引量：4

参考文献17

二级参考文献15

共引文献20

同被引文献59

引证文献4

二级引证文献12

相关作者

相关机构

相关主题

浏览历史

对Bivium流密码的变元猜测代数攻击被引量：4