In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-netw...In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-network. The substitution layer consists of 16 4 × 4 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which provides enough flexibility for different application scenario. The following are3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardware-friendly. For the 80-bit key version, a one-cycle-per-round parallel implementation only needs 1600 gates for a throughput of 246 Kbits/s at100 k Hz clock and an energy efficiency of 3.0 p J/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instructions,a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 3.9 cycles/byte for messages around 3000 bytes. Last but not least, we propose new design criteria for the RECTANGLE S-box.Due to our careful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis shows that the highest number of rounds that we can attack, is 18(out of 25).展开更多
This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far....This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL^-1 layers.展开更多
SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theo...SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Next, by these relationships, we clarify the minimum number of active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about 2^14 differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with 2^118 chosen plaintexts and 2^126.7 encryptions.展开更多
In this paper, we introduce a new type of feedback shift register based on words, called G-linear feedback shift register (σ-LFSR) which can make full use of the instructions of modern CPUs so that we can find good...In this paper, we introduce a new type of feedback shift register based on words, called G-linear feedback shift register (σ-LFSR) which can make full use of the instructions of modern CPUs so that we can find good σ-LFSR with simple structure and fast software implementation. After analysis, we find a class of simple σ-LFSR with maximal period and give an algorithm of searching for those σ-LFSRs. As a result, we provide a new optional fast component in the design of modern wordbased stream ciphers.展开更多
An Efficient and flexible implementation of block ciphers is critical to achieve information security processing.Existing implementation methods such as GPP,FPGA and cryptographic application-specific ASIC provide the...An Efficient and flexible implementation of block ciphers is critical to achieve information security processing.Existing implementation methods such as GPP,FPGA and cryptographic application-specific ASIC provide the broad range of support.However,these methods could not achieve a good tradeoff between high-speed processing and flexibility.In this paper,we present a reconfigurable VLIW processor architecture targeted at block cipher processing,analyze basic operations and storage characteristics,and propose the multi-cluster register-file structure for block ciphers.As for the same operation element of block ciphers,we adopt reconfigurable technology for multiple cryptographic processing units and interconnection scheme.The proposed processor not only flexibly accomplishes the combination of multiple basic cryptographic operations,but also realizes dynamic configuration for cryptographic processing units.It has been implemented with0.18μm CMOS technology,the test results show that the frequency can reach 350 MHz.and power consumption is 420 mw.Ten kinds of block and hash ciphers were realized in the processor.The encryption throughput of AES,DES,IDEA,and SHA-1 algorithm is1554 Mbps,448Mbps,785 Mbps,and 424 Mbps respectively,the test result shows that our processor's encryption performance is significantly higher than other designs.展开更多
Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searc...Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions.展开更多
ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introd...ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.展开更多
A special property of the S box of the block cipher Rijndael is found, which states that for any x 1, x 2, and Δ∈ SBYTE,if S(x 1)S(x 1Δ)=S(x 2)S(x 2Δ),then either x 1=x 2,or x 1=x 2Δ, where SBYTE de...A special property of the S box of the block cipher Rijndael is found, which states that for any x 1, x 2, and Δ∈ SBYTE,if S(x 1)S(x 1Δ)=S(x 2)S(x 2Δ),then either x 1=x 2,or x 1=x 2Δ, where SBYTE denotes the set of all bytes. This property is helpful for mounting an efficient attack on Rijndael, that is illustrated by a simple example in this paper.展开更多
The Internet of Everything(IoE)based cloud computing is one of the most prominent areas in the digital big data world.This approach allows efficient infrastructure to store and access big real-time data and smart IoE ...The Internet of Everything(IoE)based cloud computing is one of the most prominent areas in the digital big data world.This approach allows efficient infrastructure to store and access big real-time data and smart IoE services from the cloud.The IoE-based cloud computing services are located at remote locations without the control of the data owner.The data owners mostly depend on the untrusted Cloud Service Provider(CSP)and do not know the implemented security capabilities.The lack of knowledge about security capabilities and control over data raises several security issues.Deoxyribonucleic Acid(DNA)computing is a biological concept that can improve the security of IoE big data.The IoE big data security scheme consists of the Station-to-Station Key Agreement Protocol(StS KAP)and Feistel cipher algorithms.This paper proposed a DNA-based cryptographic scheme and access control model(DNACDS)to solve IoE big data security and access issues.The experimental results illustrated that DNACDS performs better than other DNA-based security schemes.The theoretical security analysis of the DNACDS shows better resistance capabilities.展开更多
基金supported by National Natural Science Foundation of China(Grant No.61379138)Research Fund KU Leuven(OT/13/071)+1 种基金"Strategic Priority Research Program"of the Chinese Academy of Sciences(Grant No.XDA06010701)National High-tech R&D Program of China(863 Program)(Grant No.2013AA014002)
文摘In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-network. The substitution layer consists of 16 4 × 4 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which provides enough flexibility for different application scenario. The following are3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardware-friendly. For the 80-bit key version, a one-cycle-per-round parallel implementation only needs 1600 gates for a throughput of 246 Kbits/s at100 k Hz clock and an energy efficiency of 3.0 p J/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instructions,a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 3.9 cycles/byte for messages around 3000 bytes. Last but not least, we propose new design criteria for the RECTANGLE S-box.Due to our careful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis shows that the highest number of rounds that we can attack, is 18(out of 25).
基金This work is supported by the National Natural Science Foundation of China under Grant No.90604036the National Grand Fundamental Research 973 Program of China under Grant No.2004CB318004.
文摘This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL^-1 layers.
基金supported by the National Natural Science Foundation of China under Grant Nos.60873259 and 60903212the Knowledge Innovation Project of the Chinese Academy of Sciences
文摘SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Next, by these relationships, we clarify the minimum number of active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about 2^14 differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with 2^118 chosen plaintexts and 2^126.7 encryptions.
基金the National Natural Science Foundation of China (Grant No. 60503011)the National High-Tech Research and Development Program of China (863 Program) (Grant No. 2006AA01Z425)the National Basic Research Program of China (973 Program) (Grant No. 2007CB807902)
文摘In this paper, we introduce a new type of feedback shift register based on words, called G-linear feedback shift register (σ-LFSR) which can make full use of the instructions of modern CPUs so that we can find good σ-LFSR with simple structure and fast software implementation. After analysis, we find a class of simple σ-LFSR with maximal period and give an algorithm of searching for those σ-LFSRs. As a result, we provide a new optional fast component in the design of modern wordbased stream ciphers.
基金supported by National Natural Science Foundation of China with granted No.61404175
文摘An Efficient and flexible implementation of block ciphers is critical to achieve information security processing.Existing implementation methods such as GPP,FPGA and cryptographic application-specific ASIC provide the broad range of support.However,these methods could not achieve a good tradeoff between high-speed processing and flexibility.In this paper,we present a reconfigurable VLIW processor architecture targeted at block cipher processing,analyze basic operations and storage characteristics,and propose the multi-cluster register-file structure for block ciphers.As for the same operation element of block ciphers,we adopt reconfigurable technology for multiple cryptographic processing units and interconnection scheme.The proposed processor not only flexibly accomplishes the combination of multiple basic cryptographic operations,but also realizes dynamic configuration for cryptographic processing units.It has been implemented with0.18μm CMOS technology,the test results show that the frequency can reach 350 MHz.and power consumption is 420 mw.Ten kinds of block and hash ciphers were realized in the processor.The encryption throughput of AES,DES,IDEA,and SHA-1 algorithm is1554 Mbps,448Mbps,785 Mbps,and 424 Mbps respectively,the test result shows that our processor's encryption performance is significantly higher than other designs.
基金supported by the National Natural Science Foundation of China(Grant No.60373047)the State 863 Project(Grant No.2003AA144030)973 Project(Grant No.2004CB318004)
文摘Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions.
基金the National Natural Science Foundation of China (Grant Nos.90604036 and 60525201)the 973 Project (Grant No.2007CB807902)
文摘ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2^103.71 new weak keys in ABC v3. Recovering the internal state of a weak key requires 236.05 keystream words and 2^50.56 operations. The attack can be applied to ABC vl and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC vl as well as ABC v2 decreases to 2^97 + 20^95.19,It reveals that ABC v3 incurs more weak keys than that of ABC vl and v2.
文摘A special property of the S box of the block cipher Rijndael is found, which states that for any x 1, x 2, and Δ∈ SBYTE,if S(x 1)S(x 1Δ)=S(x 2)S(x 2Δ),then either x 1=x 2,or x 1=x 2Δ, where SBYTE denotes the set of all bytes. This property is helpful for mounting an efficient attack on Rijndael, that is illustrated by a simple example in this paper.
文摘The Internet of Everything(IoE)based cloud computing is one of the most prominent areas in the digital big data world.This approach allows efficient infrastructure to store and access big real-time data and smart IoE services from the cloud.The IoE-based cloud computing services are located at remote locations without the control of the data owner.The data owners mostly depend on the untrusted Cloud Service Provider(CSP)and do not know the implemented security capabilities.The lack of knowledge about security capabilities and control over data raises several security issues.Deoxyribonucleic Acid(DNA)computing is a biological concept that can improve the security of IoE big data.The IoE big data security scheme consists of the Station-to-Station Key Agreement Protocol(StS KAP)and Feistel cipher algorithms.This paper proposed a DNA-based cryptographic scheme and access control model(DNACDS)to solve IoE big data security and access issues.The experimental results illustrated that DNACDS performs better than other DNA-based security schemes.The theoretical security analysis of the DNACDS shows better resistance capabilities.
