This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has...This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has a precomputation phase, but it can be obtained before attack and computed once for all. This attack on the reduced to 4-round FOX64 requires only 7 chosen plaintexts, and performs 242.8 4-round FOX64 encryptions. It could be extended to 5 (6, 7)-round FOX64 by a key exhaustive search behind the fourth round.展开更多
Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certai...Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.展开更多
Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then onl...Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signature.In this scheme,they claimed that original signers cannot forge the proxy signature and the proxy signers cannot forge signature on behalf of the original signers.However,in this paper,we will give a attack to show that their scheme can not resist impersonation attacks.展开更多
A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryp...A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.展开更多
A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be...A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be recovered by a linearization attack with O(2^60.52) operations by solving a System of Linear Equations (SLE) with at most 2^20.538 unknowns. Frederik Armknecht [Cryptology ePrint Archive, 2002/191] proposed a linearization attack on the KSG olEo algorithm with O(2^70.341) operations by solving an SLE with at most 2^24.056 unknowns, so the modification proposed by Hermelin reduces the ability or E0 to resist the linearization attack by comparing with the results ofFrederik Armknecht.展开更多
基金This work has been performed in the Project "The Research on the New Analysis in Block Ciphers" supported by the Fundamental Research Funds for the Central Universities of China,the National Natural Science Foundation of China,the 111 Project of China,the Scientific Research Foundation of Education Department of Shaanxi Provincial Government of China
文摘This paper presents a method for differen- tial collision attack of reduced FOX block cipher based on 4-round distinguishing property. It can be used to attack 5, 6 and 7-round FOX64 and 5-round FOX128. Our attack has a precomputation phase, but it can be obtained before attack and computed once for all. This attack on the reduced to 4-round FOX64 requires only 7 chosen plaintexts, and performs 242.8 4-round FOX64 encryptions. It could be extended to 5 (6, 7)-round FOX64 by a key exhaustive search behind the fourth round.
基金supported in part by the National Natural Science Foundation of China(Grant Nos.61303212,61170080,61202386)the State Key Program of National Natural Science of China(Grant Nos.61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(Grant No.91018008)Major State Basic Research Development Program of China(973 Program)(No.2014CB340600)the Hubei Natural Science Foundation of China(Grant Nos.2011CDB453,2014CFB440)
文摘Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.
基金Supported by the National Natural Science Foundation of China(10871205)
文摘Recently,Hwang et al.proposed a (t,n) threshold-proxy (c,m) thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signature.In this scheme,they claimed that original signers cannot forge the proxy signature and the proxy signers cannot forge signature on behalf of the original signers.However,in this paper,we will give a attack to show that their scheme can not resist impersonation attacks.
基金supported by the State Key Program of National Natural Science of China(Grant Nos. 61332019)the National Natural Science Foundation of China (61572303)+7 种基金National Key Research and Development Program of China ( 2017YFB0802003 , 2017YFB0802004)National Cryptography Development Fund during the 13th Five-year Plan Period (MMJJ20170216)the Foundation of State Key Laboratory of Information Security (2017-MS-03)the Fundamental Research Funds for the Central Universities(GK201702004,GK201603084)Major State Basic Research Development Program of China (973 Program) (No.2014CB340600)National High-tech R&D Program of China(2015AA016002, 2015AA016004)Natural Science Foundation of He Bei Province (No. F2017201199)Science and technology research project of Hebei higher education (No. QN2017020)
文摘A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.
文摘A linearization attack on the Key Stream Generator (KSG) of the modified Eo algorithm proposed by Hermelin [Proceedings of ICISC'99, Springer LNCS 1787, 2000, 17-29] is given in this paper. The initial value can be recovered by a linearization attack with O(2^60.52) operations by solving a System of Linear Equations (SLE) with at most 2^20.538 unknowns. Frederik Armknecht [Cryptology ePrint Archive, 2002/191] proposed a linearization attack on the KSG olEo algorithm with O(2^70.341) operations by solving an SLE with at most 2^24.056 unknowns, so the modification proposed by Hermelin reduces the ability or E0 to resist the linearization attack by comparing with the results ofFrederik Armknecht.
