In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introd...In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs.This attack method is that the key parameters dp and dq are segmented by byte,and the modular multiplication collisions are identified by k-means clustering.The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs,and the exponent d was obtained.We also propose a second order clustering collision power analysis attack against RSA implementation with CRT,which applies double blinding exponentiation.To reduce noise and artificial participation,we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions.Thus,we recovered approximately 91%of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.展开更多
This paper presents an algebraic method to attack the projected C*? cryptographic scheme.The attack applies the affine parts of the private keys and the weakness caused by the structures of the private keys to find a ...This paper presents an algebraic method to attack the projected C*? cryptographic scheme.The attack applies the affine parts of the private keys and the weakness caused by the structures of the private keys to find a large number of linear equations.The attack can recover the private keys efficiently when the parameters are small enough.Meanwhile,the weak keys of the scheme are found and the private keys can be recovered efficiently once the weak keys are used.The paper also proposes a new modification of C*? cryptographic scheme,which is not only as efficient as original projected C*? scheme,but also resistant to the differential attack and the attack proposed in this paper.展开更多
<Abstract>We introduce a continuous weight attack strategy and numerically investigate the effect of continuous weight attack strategy on the Barabási-Albert (BA) scale-free network and the Erds-Rény...<Abstract>We introduce a continuous weight attack strategy and numerically investigate the effect of continuous weight attack strategy on the Barabási-Albert (BA) scale-free network and the Erds-Rényi (ER) random network.We use a weight coefficient ω to define the attack intensity.The weight coefficient ω increases continuously from 1 to infinity, where 1 represents no attack and infinity represents complete destructive attack.Our results show that the continuous weight attack on two selected nodes with small ω (ω≈ 3) could achieve the same damage of complete elimination of a single selected node on both BA and ER networks.It is found that the continuous weight attack on a single selected edge with small ω(ω≈2) can reach the same effect of complete elimination of a single edge on BA network,but on ER network the damage of the continuous weight attack on a single edge is close to but always smaller than that of complete elimination of edge even if ω is very large.展开更多
AEGIS算法是进入CAESAR竞赛(Competition for Authenticated Encryption:Security,Applicability,and Robustness)第三轮评选的认证加密算法.根据内部状态和密钥长度的不同,设计者推荐了三个AEGIS系列算法:AEGIS-128、AEGIS-256和AEGIS-...AEGIS算法是进入CAESAR竞赛(Competition for Authenticated Encryption:Security,Applicability,and Robustness)第三轮评选的认证加密算法.根据内部状态和密钥长度的不同,设计者推荐了三个AEGIS系列算法:AEGIS-128、AEGIS-256和AEGIS-128L.本文分别给出AEGIS-256和AEGIS-128L算法一组新的弱状态,对应出现的概率远优于现有分析结果.在此基础上,针对AEGIS-256算法,本文实现了对算法的伪造攻击,并给出内部状态与各自的明文对应,使得产生的认证标签为全0;针对AEGIS-128L算法,本文得到了算法在弱状态下的信息泄漏规律.最后对AEGIS系列算法弱状态的成因进行分析,给出了具体的设计及使用建议.目前,除设计报告外尚无对AEGIS算法的弱状态的分析,因此该文对CAESAR竞选有重要意义.展开更多
基金supported by the National Key R&D Program of China(No.2017YFB0802300)the Key Research and Development Project of Sichuan Province(No.2020YFG0307,No.2018TJPT0012)the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX).
文摘In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs.This attack method is that the key parameters dp and dq are segmented by byte,and the modular multiplication collisions are identified by k-means clustering.The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs,and the exponent d was obtained.We also propose a second order clustering collision power analysis attack against RSA implementation with CRT,which applies double blinding exponentiation.To reduce noise and artificial participation,we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions.Thus,we recovered approximately 91%of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.
基金This work is supported by the National Natural Science Foundation of China under Grants No.60970119 and No.60803149, the Youth Science and Technology Foundation of Xi'an University of Architecture and Technology (QN0831), and the National Basic Research Program (973 Program) of China under Grants No.2007CB311201.
文摘This paper presents an algebraic method to attack the projected C*? cryptographic scheme.The attack applies the affine parts of the private keys and the weakness caused by the structures of the private keys to find a large number of linear equations.The attack can recover the private keys efficiently when the parameters are small enough.Meanwhile,the weak keys of the scheme are found and the private keys can be recovered efficiently once the weak keys are used.The paper also proposes a new modification of C*? cryptographic scheme,which is not only as efficient as original projected C*? scheme,but also resistant to the differential attack and the attack proposed in this paper.
基金supported by National Natural Science Foundation of China under Grant Nos.10675048 and 10604017
文摘<Abstract>We introduce a continuous weight attack strategy and numerically investigate the effect of continuous weight attack strategy on the Barabási-Albert (BA) scale-free network and the Erds-Rényi (ER) random network.We use a weight coefficient ω to define the attack intensity.The weight coefficient ω increases continuously from 1 to infinity, where 1 represents no attack and infinity represents complete destructive attack.Our results show that the continuous weight attack on two selected nodes with small ω (ω≈ 3) could achieve the same damage of complete elimination of a single selected node on both BA and ER networks.It is found that the continuous weight attack on a single selected edge with small ω(ω≈2) can reach the same effect of complete elimination of a single edge on BA network,but on ER network the damage of the continuous weight attack on a single edge is close to but always smaller than that of complete elimination of edge even if ω is very large.
文摘针对战术移动自组网协议的安全性、脆弱性等问题,分析并仿真出适用于战术移动自组网的攻击方案,增强对敌方战场通信电台的控制能力,造成敌方战场通信指挥系统性能衰减甚至瘫痪。该方案从战术移动自组网的介质访问控制(media access control,MAC)层、内联网层、传输层的协议特征分析,解析战术网络电台在MAC层信道竞争接入、内联网层拓扑更新和传输层传输控制协议(transmission control protocol,TCP)的3次握手机制下存在的协议漏洞,并在NS3网络仿真平台中分层构建不同的攻击模型。该模型在内联网层解决了传统移动自组网中路由黑洞攻击不适用于战术移动自组网的问题,同时在传输层重构了TCP半连接队列机制。对比了攻击前网络性能的变化,仿真结果表明,各层实施的攻击技术都能有效降低战术移动自组网的网络性能,验证了所建攻击模型的合理性。
文摘AEGIS算法是进入CAESAR竞赛(Competition for Authenticated Encryption:Security,Applicability,and Robustness)第三轮评选的认证加密算法.根据内部状态和密钥长度的不同,设计者推荐了三个AEGIS系列算法:AEGIS-128、AEGIS-256和AEGIS-128L.本文分别给出AEGIS-256和AEGIS-128L算法一组新的弱状态,对应出现的概率远优于现有分析结果.在此基础上,针对AEGIS-256算法,本文实现了对算法的伪造攻击,并给出内部状态与各自的明文对应,使得产生的认证标签为全0;针对AEGIS-128L算法,本文得到了算法在弱状态下的信息泄漏规律.最后对AEGIS系列算法弱状态的成因进行分析,给出了具体的设计及使用建议.目前,除设计报告外尚无对AEGIS算法的弱状态的分析,因此该文对CAESAR竞选有重要意义.