The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme...The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.展开更多
The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extra...The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extraction are studied in the terms of unicity distance ofstego-key, and the theoretic conclusion is used to analyze the actual extracting attack on LeastSignificant Bit(LSB) steganographic algorithms.展开更多
We present a novel quantization-based digital audio walermarking scheme inwavelet domain. By quantizing a host audio's wavelet coefficients (Integer Lifting WaveletTransform) and utilizing the characteristics of h...We present a novel quantization-based digital audio walermarking scheme inwavelet domain. By quantizing a host audio's wavelet coefficients (Integer Lifting WaveletTransform) and utilizing the characteristics of human auditory system (HAS), the grayimage isembedded using our watermarking method. Experimental results show that the proposed watermarkingscheme is inaudible and robust against various signal processing such as noising adding, lossycompression, low pass filtering, re-sampling, and re-quantifying.展开更多
In December of 2010 NIST selected five SHA-3 finalists-BLAKE,Grstl,JH,Keccak,and Skein to advance to the third (and final) round of the SHA-3 competition.At present most specialists and scholars focus on the design ...In December of 2010 NIST selected five SHA-3 finalists-BLAKE,Grstl,JH,Keccak,and Skein to advance to the third (and final) round of the SHA-3 competition.At present most specialists and scholars focus on the design and the attacks on these hash functions.However,it is very significant to study some properties of their primitives and underlying permutations.Because some properties reflect the pseudo-randomness of the structures.Moreover,they help us to find new cryptanalysis for some block cipher structures.In this paper,we analyze the resistance of JH and Grstl-512 against structural properties built on integral distinguishers.And then 31.5 (out of 42) rounds integral distinguishers for JH compression function and 11.5 (out of 14) rounds for Grstl-512 compression function are presented.展开更多
Algebraic attack was applied to attack Filter-Combintr model keystreamgenerators. We proposed the technique of function composition to improve the model, and the improvedmodel can resist the algebraic attack. A new cr...Algebraic attack was applied to attack Filter-Combintr model keystreamgenerators. We proposed the technique of function composition to improve the model, and the improvedmodel can resist the algebraic attack. A new criterion for designing Filter-Combiner model was alsoproposed: the total length I. of Linear Finite State Machines used in the model should be largeenough and the degree d of Filter-Combiner function should be approximate [L/2].展开更多
In the paper, we use trace representations of Boolean functions to obtain that a class mappings including functionsF(x)=x d over field GF(2 n ), withW(d)=n?1, have desirable cryptographic properties. Therefore we gene...In the paper, we use trace representations of Boolean functions to obtain that a class mappings including functionsF(x)=x d over field GF(2 n ), withW(d)=n?1, have desirable cryptographic properties. Therefore we generalize an important result of Nyberg. As application, we use these conclusions to analyze cryptographic property of the S-box of AES (the Advanced Encryption Standard) and give its several equivalent representations, proving that the composition of inversion function of AES and any invertible affine transformations is impossible to satisfy strict avalanche criterion, any order propagation criteria and any order correlation immunity. Key words trace function - nonlinearity - differentially uniform - strict avalanche criterion CLC number TP 309 Foundation item: Supported by the National Natural Science Foundation of China (60373089, 60373041), Natural Science Foundation of Hubei Province (2002AB0037) and Chen-guang Plan of Wuhan City (20025001007).Biography: Zeng Xiang-yong (1973-), male, A postdoctoral fellow, research direction: cryptology and the representation theory of algebra.展开更多
Bastd on the relationship between nonlinearity and resiliency of amulti-output function, we present a method for constructing noninterseeling linear codes frompacking design. Through these linear codes, we obtain n-va...Bastd on the relationship between nonlinearity and resiliency of amulti-output function, we present a method for constructing noninterseeling linear codes frompacking design. Through these linear codes, we obtain n-variable, m-output, t-resilient functionswith very high nonlinearity. Their nonlinearities are currently the best results for most of cases.展开更多
To enhance the performance of image authentication, a new fragile watermarking scheme, which exploits the perturbation in reverse processing, is proposed. In verifying the integrity of image contents, the method perfo...To enhance the performance of image authentication, a new fragile watermarking scheme, which exploits the perturbation in reverse processing, is proposed. In verifying the integrity of image contents, the method performs the reverse processing of watermarking. Typically, it de-filters the distributed version or solves an embedding equation instead of really extracting the watermark. If any tampering happened, the output should be perturbed violently because such processing enlarges the observation error, which can be regarded as the consequence of illegal manipulation. The drastically perturbed values imply the existence of tampering, and their positions directly draw the shapes of the manipulated areas. Compared with the mostly used block-based watermarking, the method localizes the tampering almost pixel-wise. It also supports the adaptive embedding, which keeps the perceptual quality better, and avoids the vulnerabilities resulting from the block-based approaches.展开更多
Tate pairings over elliptic curves are important in cryptography since they can be. used to construct efficient identity-based cryptosystems, and their implementation dominantly determines the efficiencies of the cryp...Tate pairings over elliptic curves are important in cryptography since they can be. used to construct efficient identity-based cryptosystems, and their implementation dominantly determines the efficiencies of the cryptosystems. In this paper, the implementation of a cryptosystem is provided based on the Tate. pairing over a supersingular elliptic curve of MOV degree 3. The implementation is primarily designed to re-use low-level codes developed in implementation of usual elliptic curve cryptosystems. The paper studies how to construct the underlying ground field and its extension to accelerate the finite field arithmetic, and presents a technique to speedup the time-consuming powering in the Tate pairing algorithm.展开更多
A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for...A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.展开更多
The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are ...The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are confronted with network systems and existing works inintrusion detection. And then an intrusion detection system model based on Immune Principle (IPIDS)is presented. Meanwhile, it expatiates detailed implementation of the methods how to reduce the highfalse positive and negative alarms of the traditional Intrusion Detection System (IDS). At last asimple simulation is performed on this model just using string match algorithm as binding mechanism.The simulation results indicate that the model can detect malicious activity effectively, andconsequently the security and steadiness of the whole network system are improved also.展开更多
Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searc...Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions.展开更多
With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of ...With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of these important measures. The authentication methods oftraditional symmetric cryptogram systems and asymmetric cryptogram systems have both advantages anddefects. This paper brings forward a Mixed Encryption Model for Authentication ( MEMA), which hasobvious advantages compared to the two traditional methods. MEMA model can be used widely in openingnetwork environment such as mobile agent systems, multi-agents security safeguard systems and othersituations in which identity authentication of users are needed. At last, the paper also presentsthe MEMA model's structure and implementation of an experimental system.展开更多
By means of F[x]-lattice basis reduction algorithm, a new algorithm is presented for synthesizing minimum length linear feedback shift registers (or minimal polynomials) for the given mul-tiple sequences over a field ...By means of F[x]-lattice basis reduction algorithm, a new algorithm is presented for synthesizing minimum length linear feedback shift registers (or minimal polynomials) for the given mul-tiple sequences over a field F. Its computational complexity is O(N2) operations in F where N is the length of each sequence. A necessary and sufficient condition for the uniqueness of minimal polynomi-als is given. The set and exact number of all minimal polynomials are also described when F is a finite field.展开更多
Cheating immune secret sharing in the unconditionally secure case are investigated in this paper.Constructionsof defining functions of cheating immune secret sharing on V_n are given,where n is any integer greater tha...Cheating immune secret sharing in the unconditionally secure case are investigated in this paper.Constructionsof defining functions of cheating immune secret sharing on V_n are given,where n is any integer greater than 5.Further-more,the obtained defining functions have good cryptographic properties.The nonlinearity of them is 2^(n-1)-2^(n/2+1) whenn≡0(mod 4)and 2^(n-1)-2^((?)n/2」+2) otherwise.And thedegree is「n/4(?).展开更多
NUSH is a block cipher as a candidate for NESSIE. NUSH is analyzed by linear crypt-analysis . The complexity δ = (ε , η) of the attack consists of data complexity ε and time complexity η. Three linear approximati...NUSH is a block cipher as a candidate for NESSIE. NUSH is analyzed by linear crypt-analysis . The complexity δ = (ε , η) of the attack consists of data complexity ε and time complexity η. Three linear approximations are used to analyze NUSH with 64-bit block. When |K| = 128 bits, the complexities of three attacks are (258, 2124), (260, 278) and (262, 255) respectively. When |K| = 192 bits, the complexities of three attacks are (258, 2157) (260, 2%) and (262, 258) respectively. When |K| = 256 bits, the complexities of three attacks are (258, 2125), (260, 278) and (262, 253) respectively. Three linear approximations are used to analyze NUSH with 128-bit block. When |K|= 128 bits, the complexities of three attacks are (2122, 295), (2124, 257) and (2126, 252) respectively. When |K| = 192 bits, the complexities of three attacks are (2122, 2142), (2124, 275) and (2126, 258) respectively. When |K|= 256 bits, the complexities of three attacks are (2122, 2168), (2124, 281) and (2126, 264) respectively. Two linear approximations are used to analyze NUSH with 256-bit block. When |K|= 128 bits, the complexities of two attacks are (2252, 2122) and (2254, 2119) respectively. When |K|= 192 bits, the complexities of two attacks are (2252, 2181) and (2254, 2177) respectively. When |K|=256 bits, the complexities of two attacks are (2252, 2240) and (2254, 2219) respectively. These results show that NUSH is not immune to linear cryptanalysis, and longer key cannot enhance the security of NUSH.展开更多
Ideal class groups H(K) of algebraic quadratic function fields K are studied. Necessaryand sufficient condition is given for the class group H(K) to contain a cyclic subgroup of anyorder n, which holds true for both r...Ideal class groups H(K) of algebraic quadratic function fields K are studied. Necessaryand sufficient condition is given for the class group H(K) to contain a cyclic subgroup of anyorder n, which holds true for both real and imaginary fields K. Then several series of functionfields K, including real, inertia imaginary, and ramified imaginary quadratic function fields, aregiven, for which the class groups H(K) are proved to contain cyclic subgroups of order n.展开更多
In this paper, we extend a classical result of Hua to arithmetic progressionswith large moduli. The result implies the Linnik Theorem on the least prime in an arithmeticprogression.
The Internet Accessible Mathematical Computation (IAMC) framework aims to make it easy to supply mathematical computing powers over the Internet/Web. The protocol-based IAMC framework enables developers to create inte...The Internet Accessible Mathematical Computation (IAMC) framework aims to make it easy to supply mathematical computing powers over the Internet/Web. The protocol-based IAMC framework enables developers to create interoperable clients and servers easily and independently. Presented are conceptual and experimental work on the IAMC framework architecture and major components: the Mathematical Computation Protocol (MCP), a client prototype (Dragonfly), a server prototype (Starfish), a mathematical encoding converter (XMEC), and an open mathematical compute engine interface (OMEI).展开更多
文摘The deficiencies of the first threshold Guilbu-Quisquater signature schemepresented by Li-San Liu, Cheng-Kang Chu and Wen-Guey Tzeng arc analysiscd at first, and then a newthreshold Guillou-Quisquater signature scheme is presented. The new scheme isunforgeable and robustagainst any adaptive adversary if the base Guillou-Quisquater signature scheme is unforgeable underthe chosen message attack and computing the discrete logarithm modulo a prime is hard This schemecan also achieve optimal resilience. However, the new scheme does not need the assumption that N isthe product of two safe primes. The basie signature scheme underlying the new scheme is exactlyGuillou-Quisqualtr signature scheme, and the additional strong computation assumption introduced bythe first threshold Guillou-Quisquater scheme is weaken.
文摘The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extraction are studied in the terms of unicity distance ofstego-key, and the theoretic conclusion is used to analyze the actual extracting attack on LeastSignificant Bit(LSB) steganographic algorithms.
文摘We present a novel quantization-based digital audio walermarking scheme inwavelet domain. By quantizing a host audio's wavelet coefficients (Integer Lifting WaveletTransform) and utilizing the characteristics of human auditory system (HAS), the grayimage isembedded using our watermarking method. Experimental results show that the proposed watermarkingscheme is inaudible and robust against various signal processing such as noising adding, lossycompression, low pass filtering, re-sampling, and re-quantifying.
基金Supported by the National Natural Science Foundation of China (No. 60873259 and No. 60903212)Knowledge Innovation Project of the Chinese Academy of Sciences
文摘In December of 2010 NIST selected five SHA-3 finalists-BLAKE,Grstl,JH,Keccak,and Skein to advance to the third (and final) round of the SHA-3 competition.At present most specialists and scholars focus on the design and the attacks on these hash functions.However,it is very significant to study some properties of their primitives and underlying permutations.Because some properties reflect the pseudo-randomness of the structures.Moreover,they help us to find new cryptanalysis for some block cipher structures.In this paper,we analyze the resistance of JH and Grstl-512 against structural properties built on integral distinguishers.And then 31.5 (out of 42) rounds integral distinguishers for JH compression function and 11.5 (out of 14) rounds for Grstl-512 compression function are presented.
文摘Algebraic attack was applied to attack Filter-Combintr model keystreamgenerators. We proposed the technique of function composition to improve the model, and the improvedmodel can resist the algebraic attack. A new criterion for designing Filter-Combiner model was alsoproposed: the total length I. of Linear Finite State Machines used in the model should be largeenough and the degree d of Filter-Combiner function should be approximate [L/2].
文摘In the paper, we use trace representations of Boolean functions to obtain that a class mappings including functionsF(x)=x d over field GF(2 n ), withW(d)=n?1, have desirable cryptographic properties. Therefore we generalize an important result of Nyberg. As application, we use these conclusions to analyze cryptographic property of the S-box of AES (the Advanced Encryption Standard) and give its several equivalent representations, proving that the composition of inversion function of AES and any invertible affine transformations is impossible to satisfy strict avalanche criterion, any order propagation criteria and any order correlation immunity. Key words trace function - nonlinearity - differentially uniform - strict avalanche criterion CLC number TP 309 Foundation item: Supported by the National Natural Science Foundation of China (60373089, 60373041), Natural Science Foundation of Hubei Province (2002AB0037) and Chen-guang Plan of Wuhan City (20025001007).Biography: Zeng Xiang-yong (1973-), male, A postdoctoral fellow, research direction: cryptology and the representation theory of algebra.
文摘Bastd on the relationship between nonlinearity and resiliency of amulti-output function, we present a method for constructing noninterseeling linear codes frompacking design. Through these linear codes, we obtain n-variable, m-output, t-resilient functionswith very high nonlinearity. Their nonlinearities are currently the best results for most of cases.
文摘To enhance the performance of image authentication, a new fragile watermarking scheme, which exploits the perturbation in reverse processing, is proposed. In verifying the integrity of image contents, the method performs the reverse processing of watermarking. Typically, it de-filters the distributed version or solves an embedding equation instead of really extracting the watermark. If any tampering happened, the output should be perturbed violently because such processing enlarges the observation error, which can be regarded as the consequence of illegal manipulation. The drastically perturbed values imply the existence of tampering, and their positions directly draw the shapes of the manipulated areas. Compared with the mostly used block-based watermarking, the method localizes the tampering almost pixel-wise. It also supports the adaptive embedding, which keeps the perceptual quality better, and avoids the vulnerabilities resulting from the block-based approaches.
文摘Tate pairings over elliptic curves are important in cryptography since they can be. used to construct efficient identity-based cryptosystems, and their implementation dominantly determines the efficiencies of the cryptosystems. In this paper, the implementation of a cryptosystem is provided based on the Tate. pairing over a supersingular elliptic curve of MOV degree 3. The implementation is primarily designed to re-use low-level codes developed in implementation of usual elliptic curve cryptosystems. The paper studies how to construct the underlying ground field and its extension to accelerate the finite field arithmetic, and presents a technique to speedup the time-consuming powering in the Tate pairing algorithm.
基金国家自然科学基金,国家高技术研究发展计划(863计划),国家重点基础研究发展计划(973计划),the Foundation for Extraordinary Young Researchers under
文摘A new semantic model in Abstract State Model (ASM) for authentication protocols is presented. It highlights the Woo-Lam's ideas for authentication, which is the strongest one in Lowe's definition hierarchy for entity authentication. Apart from the flexible and natural features in forming and analyzing protocols inherited from ASM, the model defines both authentication and secrecy properties explicitly in first order sentences as invariants. The process of proving security properties with respect to an authentication protocol blends the correctness and secrecy properties together to avoid the potential flaws which may happen when treated separately. The security of revised Helsinki protocol is shown as a case study. The new model is different from the previous ones in ASMs.
基金This work is sponsored by the National Natural Science Foundation of P. R. China (No.60173037 &70271050) National 863 High Technology Research Program ofP. R. China (No.2004AA775053) the Natural Science Foundation of Jiangsu Province (No.BK20031
文摘The study of security in computer networks is a key issue, which is a rapidlygrowing area of interest because of its importance. Main network security problems are analyzed inthis paper above all, which currently are confronted with network systems and existing works inintrusion detection. And then an intrusion detection system model based on Immune Principle (IPIDS)is presented. Meanwhile, it expatiates detailed implementation of the methods how to reduce the highfalse positive and negative alarms of the traditional Intrusion Detection System (IDS). At last asimple simulation is performed on this model just using string match algorithm as binding mechanism.The simulation results indicate that the model can detect malicious activity effectively, andconsequently the security and steadiness of the whole network system are improved also.
基金supported by the National Natural Science Foundation of China(Grant No.60373047)the State 863 Project(Grant No.2003AA144030)973 Project(Grant No.2004CB318004)
文摘Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions.
文摘With the development of network techniques, the problem of network securityis also arising as we enjoy its open convenience. There are many developed methods to overcome thisproblem. Identity authentication is one of these important measures. The authentication methods oftraditional symmetric cryptogram systems and asymmetric cryptogram systems have both advantages anddefects. This paper brings forward a Mixed Encryption Model for Authentication ( MEMA), which hasobvious advantages compared to the two traditional methods. MEMA model can be used widely in openingnetwork environment such as mobile agent systems, multi-agents security safeguard systems and othersituations in which identity authentication of users are needed. At last, the paper also presentsthe MEMA model's structure and implementation of an experimental system.
基金This work was supported by the National Natural Science Foundation of China (Grant Nos. 19931010, G1999035804).
文摘By means of F[x]-lattice basis reduction algorithm, a new algorithm is presented for synthesizing minimum length linear feedback shift registers (or minimal polynomials) for the given mul-tiple sequences over a field F. Its computational complexity is O(N2) operations in F where N is the length of each sequence. A necessary and sufficient condition for the uniqueness of minimal polynomi-als is given. The set and exact number of all minimal polynomials are also described when F is a finite field.
文摘Cheating immune secret sharing in the unconditionally secure case are investigated in this paper.Constructionsof defining functions of cheating immune secret sharing on V_n are given,where n is any integer greater than 5.Further-more,the obtained defining functions have good cryptographic properties.The nonlinearity of them is 2^(n-1)-2^(n/2+1) whenn≡0(mod 4)and 2^(n-1)-2^((?)n/2」+2) otherwise.And thedegree is「n/4(?).
基金This work was supported by 973 Project (Grant No. G1999035802) and the National Natural Science Foundation of China (Grant No. 19931010) .
文摘NUSH is a block cipher as a candidate for NESSIE. NUSH is analyzed by linear crypt-analysis . The complexity δ = (ε , η) of the attack consists of data complexity ε and time complexity η. Three linear approximations are used to analyze NUSH with 64-bit block. When |K| = 128 bits, the complexities of three attacks are (258, 2124), (260, 278) and (262, 255) respectively. When |K| = 192 bits, the complexities of three attacks are (258, 2157) (260, 2%) and (262, 258) respectively. When |K| = 256 bits, the complexities of three attacks are (258, 2125), (260, 278) and (262, 253) respectively. Three linear approximations are used to analyze NUSH with 128-bit block. When |K|= 128 bits, the complexities of three attacks are (2122, 295), (2124, 257) and (2126, 252) respectively. When |K| = 192 bits, the complexities of three attacks are (2122, 2142), (2124, 275) and (2126, 258) respectively. When |K|= 256 bits, the complexities of three attacks are (2122, 2168), (2124, 281) and (2126, 264) respectively. Two linear approximations are used to analyze NUSH with 256-bit block. When |K|= 128 bits, the complexities of two attacks are (2252, 2122) and (2254, 2119) respectively. When |K|= 192 bits, the complexities of two attacks are (2252, 2181) and (2254, 2177) respectively. When |K|=256 bits, the complexities of two attacks are (2252, 2240) and (2254, 2219) respectively. These results show that NUSH is not immune to linear cryptanalysis, and longer key cannot enhance the security of NUSH.
文摘Ideal class groups H(K) of algebraic quadratic function fields K are studied. Necessaryand sufficient condition is given for the class group H(K) to contain a cyclic subgroup of anyorder n, which holds true for both real and imaginary fields K. Then several series of functionfields K, including real, inertia imaginary, and ramified imaginary quadratic function fields, aregiven, for which the class groups H(K) are proved to contain cyclic subgroups of order n.
基金Project supported by National Natural Science Foundation(No.10171027,60373039)of ChinaResearch Foundation(No.XK01071)of Henan University
文摘In this paper, we extend a classical result of Hua to arithmetic progressionswith large moduli. The result implies the Linnik Theorem on the least prime in an arithmeticprogression.
文摘The Internet Accessible Mathematical Computation (IAMC) framework aims to make it easy to supply mathematical computing powers over the Internet/Web. The protocol-based IAMC framework enables developers to create interoperable clients and servers easily and independently. Presented are conceptual and experimental work on the IAMC framework architecture and major components: the Mathematical Computation Protocol (MCP), a client prototype (Dragonfly), a server prototype (Starfish), a mathematical encoding converter (XMEC), and an open mathematical compute engine interface (OMEI).
