A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently...A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.展开更多
The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for thre...The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for three versions of the Ballet family block ciphers.The Ballet‑p/k includes a modular-addition operation uncommon in lightweight block ciphers.Quantum ripple-carry adder is implemented for both“32+32”and“64+64”scale to support this operation.Subsequently,qubits,quantum gates count,and quantum circuit depth of three versions of Ballet algorithm are systematically evaluated under quantum computing model,and key recovery attack circuits are constructed based on Grover’s algorithm against each version.The comprehensive analysis shows:Ballet-128/128 fails to NIST Level 1 security,while when the resource accounting is restricted to the Clifford gates and T gates set for the Ballet-128/256 and Ballet-256/256 quantum circuits,the design attains Level 3.展开更多
Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
Constant weight code is an important error-correcting control code in communications. Basic structure of constant weight codes for some arriving at Johnson bound, A(n, 2u, w), is presented. Some correlative property...Constant weight code is an important error-correcting control code in communications. Basic structure of constant weight codes for some arriving at Johnson bound, A(n, 2u, w), is presented. Some correlative propertys of the codes, the solution of arriving at Johnson bound, and the results on the couple constant code and some constant weight codes are discussed. The conclusion is verified through four examples.展开更多
For nonlinear feedback shift registers (NFSRs), their greatest common subfamily may be not unique. Given two NFSRs, the authors only consider the case that their greatest common subfamily exists and is unique. If th...For nonlinear feedback shift registers (NFSRs), their greatest common subfamily may be not unique. Given two NFSRs, the authors only consider the case that their greatest common subfamily exists and is unique. If the greatest common subfamily is exactly the set of all sequences which can be generated by both of them, the authors can determine it by Grobner basis theory. Otherwise, the authors can determine it under some conditions and partly solve the problem.展开更多
A reconfigurable cipher chip for accelerating DES is described, 3DES and AES computations that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients. To ...A reconfigurable cipher chip for accelerating DES is described, 3DES and AES computations that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients. To obtain high throughput, we analyze the feasibility of high-speed reconfigurable design and find the key parameters affecting throughput. Then, the corresponding design, which includes the reconfignration analysis of algorithms, the design of reconfignrable processing units and a new reconfignrable architecture based on pipeline and parallel structure, are proposed. The implementation results show that the opcrating fiequency is 110 MHz and the throughput rate is 7 Gbps for DES, 2.3 Gbps for 3 DES and 1.4 Gbps for AES. Compared with the similar existing implementations, our design can achieve a higher performance.展开更多
A class of chaotic map called piecewise-quadratic-equation map to design feedback stream cipher is proposed. Such map can generate chaotic signals that have uniform distribution function, δ-like autocorrelation funct...A class of chaotic map called piecewise-quadratic-equation map to design feedback stream cipher is proposed. Such map can generate chaotic signals that have uniform distribution function, δ-like autocorrelation function. Compared with the piecewise-linear map, this map provides enhanced security in that they can maintain the original perfect statistical properties, as well as overcome the defect of piecewise-linearity and expand the key space. This paper presents a scheme to improve the local complexity of the chaotic stream cipher based on the piecewise-quadratic-equationmap. Both the theoretic analysis and the results of simulation show that this scheme improves the microstructure of the phase-space graph on condition that the good properties of the original scheme are remained.展开更多
The chaotic frequency hopping (FH) communication systems have been presented so far. The chaotic sequences possesses good randomness and sensitive dependence on initial conditions, which is quite advantageous to run t...The chaotic frequency hopping (FH) communication systems have been presented so far. The chaotic sequences possesses good randomness and sensitive dependence on initial conditions, which is quite advantageous to run the FH codes in code-division multiple access (CDMA) systems. But the finite precision of computation and the fact of the low-dimensional chaos predicted easily cause difficulty in chaotic application. In this paper, some disadvantages associated with the conventional FH codes and the chaotic code scrambled by m-sequences are reviewed briefly. In order to overcome these drawbacks to some extents, a new higher performance FH code called cipher quasi-chaotic (CQC) code is proposed, which is generated by combining the clock-controlled stream cipher technique and chaotic dynamics. Performance analysis applying in FH communication systems of this kind of code is given. The privacy of the CQC sequence is also analyzed.展开更多
The security of certain classes of the generalized self-shrinking sequence (GSS) generators is analyzed. Firstly, it is shown that the security of these GSS generators is equivalent to the security of the GSS genera...The security of certain classes of the generalized self-shrinking sequence (GSS) generators is analyzed. Firstly, it is shown that the security of these GSS generators is equivalent to the security of the GSS generators of the class-1, after which two effective key recovery attacks on the GSS generators of the class-1 are developed to evaluate their security.展开更多
基金National Natural Science Foundation of China(62372464)。
文摘A critical problem in the cube attack is how to recover superpolies efficiently.As the targeting number of rounds of an iterative stream cipher increases,the scale of its superpolies becomes larger and larger.Recently,to recover massive superpolies,the nested monomial prediction technique,the algorithm based on the divide-and-conquer strategy,and stretching cube attacks were proposed,which have been used to recover a superpoly with over ten million monomials for the NFSR-based stream ciphers such as Trivium and Grain-128AEAD.Nevertheless,when these methods are used to recover superpolies,many invalid calculations are performed,which makes recovering superpolies more difficult.This study finds an interesting observation that can be used to improve the above methods.Based on the observation,a new method is proposed to avoid a part of invalid calculations during the process of recovering superpolies.Then,the new method is applied to the nested monomial prediction technique and an improved superpoly recovery framework is presented.To verify the effectiveness of the proposed scheme,the improved framework is applied to 844-and 846-round Trivium and the exact ANFs of the superpolies is obtained with over one hundred million monomials,showing the improved superpoly recovery technique is powerful.Besides,extensive experiments on other scaled-down variants of NFSR-based stream ciphers show that the proposed scheme indeed could be more efficient on the superpoly recovery against NFSR-based stream ciphers.
基金State Key Lab of Processors,Institute of Computing Technology,Chinese Academy of Sciences(CLQ202516)the Fundamental Research Funds for the Central Universities of China(3282025047,3282024051,3282024009)。
文摘The advent of Grover’s algorithm presents a significant threat to classical block cipher security,spurring research into post-quantum secure cipher design.This study engineers quantum circuit implementations for three versions of the Ballet family block ciphers.The Ballet‑p/k includes a modular-addition operation uncommon in lightweight block ciphers.Quantum ripple-carry adder is implemented for both“32+32”and“64+64”scale to support this operation.Subsequently,qubits,quantum gates count,and quantum circuit depth of three versions of Ballet algorithm are systematically evaluated under quantum computing model,and key recovery attack circuits are constructed based on Grover’s algorithm against each version.The comprehensive analysis shows:Ballet-128/128 fails to NIST Level 1 security,while when the resource accounting is restricted to the Clifford gates and T gates set for the Ballet-128/256 and Ballet-256/256 quantum circuits,the design attains Level 3.
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
文摘Constant weight code is an important error-correcting control code in communications. Basic structure of constant weight codes for some arriving at Johnson bound, A(n, 2u, w), is presented. Some correlative propertys of the codes, the solution of arriving at Johnson bound, and the results on the couple constant code and some constant weight codes are discussed. The conclusion is verified through four examples.
基金supported by the Natural Science Foundation of China under Grant Nos.61272042,61100202and 61170235
文摘For nonlinear feedback shift registers (NFSRs), their greatest common subfamily may be not unique. Given two NFSRs, the authors only consider the case that their greatest common subfamily exists and is unique. If the greatest common subfamily is exactly the set of all sequences which can be generated by both of them, the authors can determine it by Grobner basis theory. Otherwise, the authors can determine it under some conditions and partly solve the problem.
文摘A reconfigurable cipher chip for accelerating DES is described, 3DES and AES computations that demand high performance and flexibility to accommodate large numbers of secure connections with heterogeneous clients. To obtain high throughput, we analyze the feasibility of high-speed reconfigurable design and find the key parameters affecting throughput. Then, the corresponding design, which includes the reconfignration analysis of algorithms, the design of reconfignrable processing units and a new reconfignrable architecture based on pipeline and parallel structure, are proposed. The implementation results show that the opcrating fiequency is 110 MHz and the throughput rate is 7 Gbps for DES, 2.3 Gbps for 3 DES and 1.4 Gbps for AES. Compared with the similar existing implementations, our design can achieve a higher performance.
文摘A class of chaotic map called piecewise-quadratic-equation map to design feedback stream cipher is proposed. Such map can generate chaotic signals that have uniform distribution function, δ-like autocorrelation function. Compared with the piecewise-linear map, this map provides enhanced security in that they can maintain the original perfect statistical properties, as well as overcome the defect of piecewise-linearity and expand the key space. This paper presents a scheme to improve the local complexity of the chaotic stream cipher based on the piecewise-quadratic-equationmap. Both the theoretic analysis and the results of simulation show that this scheme improves the microstructure of the phase-space graph on condition that the good properties of the original scheme are remained.
基金This project was supported by the National High Technology Research and Development Program of China (2002AA144110)the National Natural Science Foundation of China (60272082) the Postdoctoral Science Foundation of China(2003033304).
文摘The chaotic frequency hopping (FH) communication systems have been presented so far. The chaotic sequences possesses good randomness and sensitive dependence on initial conditions, which is quite advantageous to run the FH codes in code-division multiple access (CDMA) systems. But the finite precision of computation and the fact of the low-dimensional chaos predicted easily cause difficulty in chaotic application. In this paper, some disadvantages associated with the conventional FH codes and the chaotic code scrambled by m-sequences are reviewed briefly. In order to overcome these drawbacks to some extents, a new higher performance FH code called cipher quasi-chaotic (CQC) code is proposed, which is generated by combining the clock-controlled stream cipher technique and chaotic dynamics. Performance analysis applying in FH communication systems of this kind of code is given. The privacy of the CQC sequence is also analyzed.
基金the National Natural Science Foundation of China (60273084).
文摘The security of certain classes of the generalized self-shrinking sequence (GSS) generators is analyzed. Firstly, it is shown that the security of these GSS generators is equivalent to the security of the GSS generators of the class-1, after which two effective key recovery attacks on the GSS generators of the class-1 are developed to evaluate their security.
