A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be...A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be recovered by a linearization attack with O(2^60.52) operations by solving a System of Linear Equations (SLE) with at most 2^20.538 unknowns. Frederik Armknecht [Cryptology ePrint Archive, 2002/191] proposed a linearization attack on the KSG olEo algorithm with O(2^70.341) operations by solving an SLE with at most 2^24.056 unknowns, so the modification proposed by Hermelin reduces the ability or E0 to resist the linearization attack by comparing with the results ofFrederik Armknecht.展开更多
This article aims at designing a new Multivariate Quadratic (MQ) public-key scheme to avoid the linearization attack and differential attack against the Matsumoto-Imai (MI) scheme. Based on the original scheme, our ne...This article aims at designing a new Multivariate Quadratic (MQ) public-key scheme to avoid the linearization attack and differential attack against the Matsumoto-Imai (MI) scheme. Based on the original scheme, our new scheme, named the Multi-layer MI (MMI) scheme, has a structure of multi-layer central map. Firstly, this article introduces the MI scheme and describes linearization attack and differential attack; then prescribes the designation of MMI in detail, and proves that MMI can resist both linearization attack and differential attack. Besides, this article also proves that MMI can resist recent eXtended Linearization (XL)-like methods. In the end, this article concludes that MMI also maintains the efficiency of MI.展开更多
A structure iterated by the unbalanced Feistel networks is introduced. It is showed that this structure is provable resistant against linear attack. The main result of this paper is that the upper bound of r-round (r...A structure iterated by the unbalanced Feistel networks is introduced. It is showed that this structure is provable resistant against linear attack. The main result of this paper is that the upper bound of r-round (r≥2m) linear hull probabilities are bounded by q^2 when around function F is bijective and the maximal linear hull probabilities of round function F is q. Application of this structure to block cipher designs brings out the provable security against linear attack with the upper bounds of probabilities.展开更多
ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an a...ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an additional two rounds of encryptions. These improvements are designed to prevent the dedicated linear attack on ARIA version 0.8 by the four different kinds of S-boxes. This paper presents 12 linear approximations of a single round function that succeeds in attacking ARIA version 1.0 on 7, 9, or 9 rounds for key sizes of 128, 192, or 256 bits using any of these approximations. The corresponding data complexities are 2^87, 2^119, and 2^119, the counting complexities are 1.5×2^88, 2^119, and 2^119, the memory required for each attack on all three key versions is 2^64 bits and there are 12 weak key classes. These results are similar to the dedicated linear attack on ARIA version 0.8 and show that the improved version can also not effectively resist this type of attack.展开更多
文摘A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be recovered by a linearization attack with O(2^60.52) operations by solving a System of Linear Equations (SLE) with at most 2^20.538 unknowns. Frederik Armknecht [Cryptology ePrint Archive, 2002/191] proposed a linearization attack on the KSG olEo algorithm with O(2^70.341) operations by solving an SLE with at most 2^24.056 unknowns, so the modification proposed by Hermelin reduces the ability or E0 to resist the linearization attack by comparing with the results ofFrederik Armknecht.
基金Supported by the National High Technology Research and Development Program of China(863Program)(No.2009-aa012201)Key Library of Communication Technology(No.9140C1103040902)
文摘This article aims at designing a new Multivariate Quadratic (MQ) public-key scheme to avoid the linearization attack and differential attack against the Matsumoto-Imai (MI) scheme. Based on the original scheme, our new scheme, named the Multi-layer MI (MMI) scheme, has a structure of multi-layer central map. Firstly, this article introduces the MI scheme and describes linearization attack and differential attack; then prescribes the designation of MMI in detail, and proves that MMI can resist both linearization attack and differential attack. Besides, this article also proves that MMI can resist recent eXtended Linearization (XL)-like methods. In the end, this article concludes that MMI also maintains the efficiency of MI.
基金Supported by the fund of National Laboratory for Modern Communications (5143603ZDS0601),the outstanding youth science foundation of Henan (0312001800).
文摘A structure iterated by the unbalanced Feistel networks is introduced. It is showed that this structure is provable resistant against linear attack. The main result of this paper is that the upper bound of r-round (r≥2m) linear hull probabilities are bounded by q^2 when around function F is bijective and the maximal linear hull probabilities of round function F is q. Application of this structure to block cipher designs brings out the provable security against linear attack with the upper bounds of probabilities.
基金Supported by the National Key Basic Research and Development(973) Program of China(No.2007CB807902)the National NaturalScience Foundation of China(Nos.90604036 and 60525201)
文摘ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an additional two rounds of encryptions. These improvements are designed to prevent the dedicated linear attack on ARIA version 0.8 by the four different kinds of S-boxes. This paper presents 12 linear approximations of a single round function that succeeds in attacking ARIA version 1.0 on 7, 9, or 9 rounds for key sizes of 128, 192, or 256 bits using any of these approximations. The corresponding data complexities are 2^87, 2^119, and 2^119, the counting complexities are 1.5×2^88, 2^119, and 2^119, the memory required for each attack on all three key versions is 2^64 bits and there are 12 weak key classes. These results are similar to the dedicated linear attack on ARIA version 0.8 and show that the improved version can also not effectively resist this type of attack.
