Physical Layer Encryption of OFDM-PON Based on Quantum Noise Stream Cipher with Polar Code

Orthogonal frequency division multiplexing passive optical network(OFDM-PON) has superior anti-dispersion property to operate in the C-band of fiber for increased optical power budget. However,the downlink broadcast exposes the physical layer vulnerable to the threat of illegal eavesdropping. Quantum noise stream cipher(QNSC) is a classic physical layer encryption method and well compatible with the OFDM-PON. Meanwhile, it is indispensable to exploit forward error correction(FEC) to control errors in data transmission. However, when QNSC and FEC are jointly coded, the redundant information becomes heavier and thus the code rate of the transmitted signal will be largely reduced. In this work, we propose a physical layer encryption scheme based on polar-code-assisted QNSC. In order to improve the code rate and security of the transmitted signal, we exploit chaotic sequences to yield the redundant bits and utilize the redundant information of the polar code to generate the higher-order encrypted signal in the QNSC scheme with the operation of the interleaver.We experimentally demonstrate the encrypted 16/64-QAM, 16/256-QAM, 16/1024-QAM, 16/4096-QAM QNSC signals transmitted over 30-km standard single mode fiber. For the transmitted 16/4096-QAM QNSC signal, compared with the conventional QNSC method, the proposed method increases the code rate from 0.1 to 0.32 with enhanced security.

An Improved Framework of Massive Superpoly Recovery in Cube Attacks Against NFSR-Based Stream Ciphers

A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.

Enhanced Parallelized DNA-Coded Stream Cipher Based on Multiplayer Prisoners’Dilemma

Data encryption is essential in securing exchanged data between connected parties.Encryption is the process of transforming readable text into scrambled,unreadable text using secure keys.Stream ciphers are one type of an encryption algorithm that relies on only one key for decryption and as well as encryption.Many existing encryption algorithms are developed based on either a mathematical foundation or on other biological,social or physical behaviours.One technique is to utilise the behavioural aspects of game theory in a stream cipher.In this paper,we introduce an enhanced Deoxyribonucleic acid(DNA)-coded stream cipher based on an iterated n-player prisoner’s dilemma paradigm.Our main goal is to contribute to adding more layers of randomness to the behaviour of the keystream generation process;these layers are inspired by the behaviour of multiple players playing a prisoner’s dilemma game.We implement parallelism to compensate for the additional processing time that may result fromadding these extra layers of randomness.The results show that our enhanced design passes the statistical tests and achieves an encryption throughput of about 1,877 Mbit/s,which makes it a feasible secure stream cipher.

CeTrivium:A Stream Cipher Based on Cellular Automata for Securing Real-Time Multimedia Transmission

Due to their significant correlation and redundancy,conventional block cipher cryptosystems are not efficient in encryptingmultimedia data.Streamciphers based onCellularAutomata(CA)can provide amore effective solution.The CA have recently gained recognition as a robust cryptographic primitive,being used as pseudorandom number generators in hash functions,block ciphers and stream ciphers.CA have the ability to perform parallel transformations,resulting in high throughput performance.Additionally,they exhibit a natural tendency to resist fault attacks.Few stream cipher schemes based on CA have been proposed in the literature.Though,their encryption/decryption throughput is relatively low,which makes them unsuitable formultimedia communication.Trivium and Grain are efficient stream ciphers that were selected as finalists in the eSTREAM project,but they have proven to be vulnerable to differential fault attacks.This work introduces a novel and scalable stream cipher named CeTrivium,whose design is based on CA.CeTrivium is a 5-neighborhood CA-based streamcipher inspired by the designs of Trivium and Grain.It is constructed using three building blocks:the Trivium(Tr)block,the Nonlinear-CA(NCA)block,and the Nonlinear Mixing(NM)block.The NCA block is a 64-bit nonlinear hybrid 5-neighborhood CA,while the Tr block has the same structure as the Trivium stream cipher.The NM block is a nonlinear,balanced,and reversible Boolean function that mixes the outputs of the Tr and NCA blocks to produce a keystream.Cryptanalysis of CeTrivium has indicated that it can resist various attacks,including correlation,algebraic,fault,cube,Meier and Staffelbach,and side channel attacks.Moreover,the scheme is evaluated using histogramand spectrogramanalysis,aswell as several differentmeasurements,including the correlation coefficient,number of samples change rate,signal-to-noise ratio,entropy,and peak signal-to-noise ratio.The performance of CeTrivium is evaluated and compared with other state-of-the-art techniques.CeTrivium outperforms them in terms of encryption throughput while maintaining high security.CeTrivium has high encryption and decryption speeds,is scalable,and resists various attacks,making it suitable for multimedia communication.

A novel chaotic stream cipher and its application to palmprint template protection

Based on a coupled nonlinear dynamic filter （NDF）, a novel chaotic stream cipher is presented in this paper and employed to protect palmprint templates. The chaotic pseudorandom bit generator （PRBG） based on a coupled NDF, which is constructed in an inverse flow, can generate multiple bits at one iteration and satisfy the security requirement of cipher design. Then, the stream cipher is employed to generate cancelable competitive code palmprint biometrics for template protection. The proposed cancelable palmprint authentication system depends on two factors： the palmprint biometric and the password/token. Therefore, the system provides high-confidence and also protects the user＇s privacy. The experimental results of verification on the Hong Kong PolyU Palmprint Database show that the proposed approach has a large template re-issuance ability and the equal error rate can achieve 0.02%. The performance of the palmprint template protection scheme proves the good practicability and security of the proposed stream cipher.

New State Recovery Attacks on the Grain v1 Stream Cipher

The Grain v1 stream cipher is one of the seven finalists in the final e STREAM portfolio. Though many attacks have been published,no recovery attack better than exhaustive key search on full Grain v1 in the single key setting has been found yet. In this paper,new state recovery attacks on Grain v1 utilizing the weak normality order of the employed keystream output function in the cipher are proposed. These attacks have remarkable advantages in the offline time,online time and memory complexities,which are all better than exhaustive key search. The success probability of each new attack is 0.632. The proposed attack primarily depends on the order of weak normality of the employed keystream output function. This shows that the weak normality order should be carefully considered when designing the keystream output functions of Grain-like stream ciphers.

Theoretical design for a class of chaotic stream cipher based on nonlinear coupled feedback

A class of chaotic map called piecewise-quadratic-equation map to design feedback stream cipher is proposed. Such map can generate chaotic signals that have uniform distribution function, δ-like autocorrelation function. Compared with the piecewise-linear map, this map provides enhanced security in that they can maintain the original perfect statistical properties, as well as overcome the defect of piecewise-linearity and expand the key space. This paper presents a scheme to improve the local complexity of the chaotic stream cipher based on the piecewise-quadratic-equationmap. Both the theoretic analysis and the results of simulation show that this scheme improves the microstructure of the phase-space graph on condition that the good properties of the original scheme are remained.

STUDY ON STREAM CIPHERS USING GENERATING FUNCTIONS

Several kinds of stream ciphers—complementary sequences of period sequences,partial sum of period sequences,inverse order sequences and finitely generated sequences,arestudied by using techniques of generating functions.Their minimal polynomials,periods,as wellas generating functions are given.As to finitely generated sequences,the change of their linearcomplexity profiles as well as the relationship between the two generated sequences usder thecase in which the degree of connected polynomials are fixed,are discussed.

The Nonlinear Filter Boolean Function of LILI-128 Stream Cipher Generator Is Successfully Broken Based on the Complexity of Nonlinear 0 1 Symbol Sequence

The nonlinear filter Boolean function of LILI-128 stream cipher generator is studied in this paper. First we measure the complexity of the stream ciphers sequence of LILI-128 stream cipher generator and obtain the shortest bit stream sequence reconstructed Boolean function of nonlinear filter in LILI-128 stream cipher generator. Then the least nonlinear Boolean function of generating stream cipher sequence is reconstructed by clusterig, nonlinear predictive and nonlinear synchronization from shortest bit stream sequence. We have verified the correctness of our reconstruction result by simulating the block diagram of Lili-128 keystream generator using our getting Boolean function and implement designers’ reference module of Lili-128 stream cipher public online, and two methods produce the same synchronous keystream sequence under same initial state, so that our research work proves that the nonlinear Boolean function of LILI-128 stream cipher generator is successfully broken.

Research on Stream Cipher Model Based on Chaos Theory

Chaos is a similar and random process which is very sensitive to initial value in deterministic system. It is a performance of nonlinear dynamical system with built-in randomness. Combined with the advantages and disadvantages of the present chaos encryption model, the paper proposes a chaotic stream cipher model based on chaos theory, which not only overcomes finite precision effect, but also improves the randomness of chaotic system and output sequence. The Sequence cycle theory generated by the algorithm can reach more than 10600 at least, which completely satisfies the actual application requirements of stream cipher system.

Randomized Stream Ciphers with Enhanced Security Based on Nonlinear Random Coding

We propose a framework for designing randomized stream ciphers with enhanced security. The key attribute of this framework is using of nonlinear bijective mappings or keyless hash functions for random coding. We investigate the computational security of the proposed ciphers against chosen-plaintext-chosen-initialization-vector attacks and show that it is based on the hardness of solving some systems of random nonlinear Boolean equations. We also provide guidelines for choosing components to design randomizers for specified ciphers.

序列密码立方攻击研究进展综述

立方攻击由Dinur和Shamir在2009年欧密会上首次提出,是一种高阶差分攻击和代数攻击.经过近十余年的研究,传统立方攻击不断发展,动态立方攻击、基于可分性的立方攻击、相关立方攻击相继提出,攻击思想不断丰富,攻击技术不断改进,逐渐成为针对基于非线性反馈移位寄存器的序列密码算法的重要攻击方法.特别地,立方攻击自2009年提出以来一直是国际轻量级序列密码标准Trivium最有效的密钥恢复攻击,动态立方攻击攻破了全轮Grain-128算法,Kreyvium、Grain-128AEAD、ACORN这些基于非线性反馈移位寄存器的序列密码算法都可以用立方攻击进行有效分析.本文介绍了立方攻击的基本原理和攻击方法,综述了实验立方攻击、基于可分性立方攻击、立方集构造、动态立方攻击、相关立方攻击等方面的研究进展.

新形态对称密码算法研究

安全多方计算、全同态加密和零知识证明是解决数据安全问题的重要密码技术,其快速发展和应用需求驱动,引发了新形态对称密码的设计与安全性分析.本文系统介绍适宜安全多方计算、全同态加密和零知识证明的新形态对称密码算法.首先梳理新形态对称密码算法的应用需求和设计目标;然后归类介绍新形态对称密码算法的设计理念和最新的安全性评估结果;最后总结探讨新形态对称密码算法的设计特点以及面临的问题.

几类具有交织级联结构的伪随机序列的线性复杂度

为构造用于流密码的新的密钥流生成器,本文研究了结合交织和级联技术的伪随机序列的生成.通过计算多项式零点的个数,在特征为2的有限域上,获得了由Legendre序列和Hall序列构造的二元交织序列的线性复杂度.结果表明这些序列的线性复杂度大于其周期的一半,可抵抗Berlekamp-Massey(B-M)算法的攻击.

基于时变互耦合双混沌系统的轻量级序列密码

文章针对资源受限的物联网环境下的数据加密传输问题,设计了一种基于时变互耦合双混沌系统的轻量级序列密码。以Tent和Arnold混沌映射为基础,通过引入累加器和耦合项,构造一种用于序列密码内部状态更新的时变双混沌系统,基于位操作,对密钥流输出部分进行设计。文章对算法的基本运算、参数、精度、实现方式和策略进行设计并在FPGA上实现,硬件资源消耗为2370个等效门,密钥流输出速率为1.68 bit/clk。分析表明,该密码具有良好的安全性和抗攻击能力,与ISO/IEC标准的轻量级序列密码相比,安全性、资源消耗和吞吐量均有显著优势。

流密码框架下的SM4专用认证加密算法

认证加密算法是能同时满足数据机密性与完整性的对称密码算法,在数据安全领域具有广泛应用。针对基于分组密码的认证加密算法的安全性以及效率需求,提出一种基于SM4轮函数的专用认证加密算法SMRAE。算法采用流密码思想,从SM4底层部件出发,结合Feistel结构设计状态更新函数用于轮变换,处理256 bit消息只需调用4个SM4轮函数指令。在初始化阶段将初始向量和密钥经过16轮迭代,使差分充分随机化;利用SM4加密消息,将生成的密文参与轮变换,实现状态更新和加密并行;解密时先进行消息认证,降低时间消耗,提高算法安全性。安全性分析与实验结果表明SMRAE能够抵抗伪造攻击、差分攻击和猜测攻击等主流攻击,效率高于AES-GCM,与SM4效率相当,具备一定的实用性。

RC4加密算法改进研究及电路设计

针对软件实现RC4算法易遭受攻击且效率不高的问题,基于硬件电路实现算法的思想,引入快速伪随机数发生器提出一种改进RC4并设计电路实现。结合种子密钥和伪随机数进行字节内部与字节间的置乱改进初始化算法,提高算法安全性;设计消耗更少时钟周期的电路生成密钥流,提升加密效率。NIST检测显示改进RC4的密钥流序列随机性优于现存基于硬件的RC4产生的密钥流,仿真结果表明,电路能够完成正确加解密。

Generic attacks on small-state stream cipher constructions in the multi-user setting

Small-state stream ciphers(SSCs),which violate the principle that the state size should exceed the key size by a factor of two,still demonstrate robust security properties while maintaining a lightweight design.These ciphers can be clas-sifed into several constructions and their basic security requirement is to resist generic attacks,ie.,the time-mem-ory-data tradeoff(TMDTO)attack.In this paper,we investigate the security of small-state constructions in the multi-user setting.Based on it,the TMDTO distinguishing attack and the TMDTO key recovery attack are developed for such a setting.It is shown that SSCs which continuously use the key can not resist the TMDTO distinguishing attack.Moreover,SSCs based on the continuous-IV-key-use construction cannot withstand the TMDTO key recovery attack when the key length is shorter than the IV length,no matter whether the keystream length is limited or not.Finally,We apply these two generic attacks to TinyJAMBU and DRACO in the multi-user setting.The TMDTO distinguish-ing attack on TinyJAMBU with a 128-bit key can be mounted with time,memory,and data complexities of 264,248,and 232,respectively.This attack is comparable with a recent work on ToSC 2022,where partial key bits of TinyJAMBU are recovered with more than 250 users(or keys).As DRACO's IV length is smaller than its key length,itis vulnerable to the TMDTO key recovery attack.The resulting attack has a time and memory complexity of both 2112,which means DRACO does not provide 128-bit security in the multi-user setting.

A VLIW Architecture Stream Cryptographic Processor for Information Security

As an important branch of information security algorithms,the efficient and flexible implementation of stream ciphers is vital.Existing implementation methods,such as FPGA,GPP and ASIC,provide a good support,but they could not achieve a better tradeoff between high speed processing and high flexibility.ASIC has fast processing speed,but its flexibility is poor,GPP has high flexibility,but the processing speed is slow,FPGA has high flexibility and processing speed,but the resource utilization is very low.This paper studies a stream cryptographic processor which can efficiently and flexibly implement a variety of stream cipher algorithms.By analyzing the structure model,processing characteristics and storage characteristics of stream ciphers,a reconfigurable stream cryptographic processor with special instructions based on VLIW is presented,which has separate/cluster storage structure and is oriented to stream cipher operations.The proposed instruction structure can effectively support stream cipher processing with multiple data bit widths,parallelism among stream cipher processing with different data bit widths,and parallelism among branch control and stream cipher processing with high instruction level parallelism;the designed separate/clustered special bit registers and general register heaps,key register heaps can satisfy cryptographic requirements.So the proposed processor not only flexibly accomplishes the combination of multiple basic stream cipher operations to finish stream cipher algorithms.It has been implemented with 0.18μm CMOS technology,the test results show that the frequency can reach 200 MHz,and power consumption is 310 mw.Ten kinds of stream ciphers were realized in the processor.The key stream generation throughput of Grain-80,W7,MICKEY,ACHTERBAHN and Shrink algorithm is 100 Mbps,66.67 Mbps,66.67 Mbps,50 Mbps and 800 Mbps,respectively.The test result shows that the processor presented can achieve good tradeoff between high performance and flexibility of stream ciphers.

Algebraic Attack on Filter-Combiner Model Keystream Generators

Algebraic attack was applied to attack Filter-Combintr model keystreamgenerators. We proposed the technique of function composition to improve the model, and the improvedmodel can resist the algebraic attack. A new criterion for designing Filter-Combiner model was alsoproposed: the total length I. of Linear Finite State Machines used in the model should be largeenough and the degree d of Filter-Combiner function should be approximate [L/2].