In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality lo...In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.展开更多
The Grain v1 stream cipher is one of the seven finalists in the final e STREAM portfolio. Though many attacks have been published,no recovery attack better than exhaustive key search on full Grain v1 in the single key...The Grain v1 stream cipher is one of the seven finalists in the final e STREAM portfolio. Though many attacks have been published,no recovery attack better than exhaustive key search on full Grain v1 in the single key setting has been found yet. In this paper,new state recovery attacks on Grain v1 utilizing the weak normality order of the employed keystream output function in the cipher are proposed. These attacks have remarkable advantages in the offline time,online time and memory complexities,which are all better than exhaustive key search. The success probability of each new attack is 0.632. The proposed attack primarily depends on the order of weak normality of the employed keystream output function. This shows that the weak normality order should be carefully considered when designing the keystream output functions of Grain-like stream ciphers.展开更多
基金supported by the National Natural Science Foundation of China under Grants No.61172085,No.61272536,No.11061130539,No.61103221,No.61271118,No.61021004
文摘In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.
基金supported in part by the National Natural Science Foundation of China (Grant No.61202491,61272041,61272488,61402523,61602514)the Science and Technology on Communication Security Laboratory Foundation of China under Grant No.9140C110303140C11051
文摘The Grain v1 stream cipher is one of the seven finalists in the final e STREAM portfolio. Though many attacks have been published,no recovery attack better than exhaustive key search on full Grain v1 in the single key setting has been found yet. In this paper,new state recovery attacks on Grain v1 utilizing the weak normality order of the employed keystream output function in the cipher are proposed. These attacks have remarkable advantages in the offline time,online time and memory complexities,which are all better than exhaustive key search. The success probability of each new attack is 0.632. The proposed attack primarily depends on the order of weak normality of the employed keystream output function. This shows that the weak normality order should be carefully considered when designing the keystream output functions of Grain-like stream ciphers.