9 research outputs found
ΠΠΎΠ²ΡΡΠ΅Π½ΠΈΠ΅ ΡΡΠΎΠΉΠΊΠΎΡΡΠΈ Ρ Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΠΉ Π² ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΡΡ ΡΠΈΡΡΠ΅ΠΌΠ°Ρ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΌΠ½ΠΎΠ³ΠΎΠΈΡΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ³ΠΎ Ρ Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΠΌΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ°ΠΌΠΈ
In this paper influence of multi-iterative hashing with several modifiers algorithm's parameters on its cryptographic persistence is considered. Relevance of multi-iterative hashing with several modifiers algorithmβs application and need of research of its parameters are justified, the description of algorithm is provided. Cryptographic persistence of hash function to attacks which are not depends on algorithm is caused by its bitness, i.e. actually on the amount of unique hash values that hash function is able to generate. For an estimation of algorithmβs persistence to dictionary attacks and attacks by methods of "brute force" and "birthdays" the algorithm of multi-iterative hashing with several modifiers is considered as independent hash function. Estimation of the algorithmβs persistence for a given number of iterations is offered to produce by calculating the average bitness of equivalently persistent hash function for the algorithm. The description of estimation method of algorithmβs persistence is provided. The experiments are performed using a truncated cryptographically persistent hash function. The results of experiments allow to compare the algorithmβs persistence metrics of under different values of its parameters. Besides, the results of the experiments allow to understand how the values of certain parameters, and combinations of values for these parameters affect for the algorithmβs cryptographic persistence to dictionary attacks and attacks by methods of "brute force" and "birthdays". On the basis of the received results it is possible to draw conclusions about the values of the parameters recommended for practical application of this algorithm. In conclusion, the paper presents the main results of the work. Authors of the article believe that the algorithm can find application in authentication subsystems of information systems, and also in systems where the most important requirement is persistence for a long time.Π Π΄Π°Π½Π½ΠΎΠΉ ΡΠ°Π±ΠΎΡΠ΅ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΡΡΡ Π²Π»ΠΈΡΠ½ΠΈΠ΅ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ² Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΌΠ½ΠΎΠ³ΠΎΠΈΡΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ³ΠΎ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΠΌΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ°ΠΌΠΈ Π½Π° Π΅Π³ΠΎ ΠΊΡΠΈΠΏΡΠΎΡΡΠΎΠΉΠΊΠΎΡΡΡ. ΠΠ±ΠΎΡΠ½ΠΎΠ²Π°Π½Π° Π°ΠΊΡΡΠ°Π»ΡΠ½ΠΎΡΡΡ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΌΠ½ΠΎΠ³ΠΎΠΈΡΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ³ΠΎ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΠΌΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ°ΠΌΠΈ ΠΈ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΡΡΡ ΠΈΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΡ Π΅Π³ΠΎ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ², ΠΏΡΠΈΠ²ΠΎΠ΄ΠΈΡΡΡ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ°. Π‘ΡΠΎΠΉΠΊΠΎΡΡΡ Ρ
Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΠΈ ΠΊ Π°ΡΠ°ΠΊΠ°ΠΌ, Π½Π΅ Π·Π°Π²ΠΈΡΡΡΠΈΠΌ ΠΎΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ°, ΠΎΠ±ΡΡΠ»ΠΎΠ²Π»ΠΈΠ²Π°Π΅ΡΡΡ Π΅Π΅ ΡΠ°Π·ΡΡΠ΄Π½ΠΎΡΡΡΡ, Ρ.Π΅. ΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈ β ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎΠΌ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΡΡ
Π·Π½Π°ΡΠ΅Π½ΠΈΠΉ, ΠΊΠΎΡΠΎΡΠΎΠ΅ ΡΠΏΠΎΡΠΎΠ±Π½Π° Π³Π΅Π½Π΅ΡΠΈΡΠΎΠ²Π°ΡΡ Π΄Π°Π½Π½Π°Ρ Ρ
Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΡ. ΠΠ»Ρ ΠΎΡΠ΅Π½ΠΊΠΈ ΡΡΠΎΠΉΠΊΠΎΡΡΠΈ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΊ Π°ΡΠ°ΠΊΠ°ΠΌ ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ Β«Π³ΡΡΠ±ΠΎΠΉ ΡΠΈΠ»ΡΒ», Β«Π΄Π½Π΅ΠΉ ΡΠΎΠΆΠ΄Π΅Π½ΠΈΡΒ» ΠΈ ΡΠ»ΠΎΠ²Π°ΡΠ½ΡΠΌ Π°ΡΠ°ΠΊΠ°ΠΌ Π°Π»Π³ΠΎΡΠΈΡΠΌ ΠΌΠ½ΠΎΠ³ΠΎΠΈΡΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠ³ΠΎ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΠΌΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ°ΠΌΠΈ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΡΡΡ ΠΊΠ°ΠΊ ΡΠ°ΠΌΠΎΡΡΠΎΡΡΠ΅Π»ΡΠ½Π°Ρ Ρ
Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΡ. ΠΡΠ΅Π½ΠΊΡ ΡΡΠΎΠΉΠΊΠΎΡΡΠΈ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΏΡΠΈ Π·Π°Π΄Π°Π½Π½ΠΎΠΌ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π΅ ΠΈΡΠ΅ΡΠ°ΡΠΈΠΉ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡΡ ΠΏΡΡΠ΅ΠΌ Π²ΡΡΠΈΡΠ»Π΅Π½ΠΈΡ ΡΡΠ΅Π΄Π½Π΅ΠΉ ΡΠ°Π·ΡΡΠ΄Π½ΠΎΡΡΠΈ ΡΠΊΠ²ΠΈΠ²Π°Π»Π΅Π½ΡΠ½ΠΎ ΡΡΠΎΠΉΠΊΠΎΠΉ Ρ
Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΠΈ Π΄Π»Ρ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ°. ΠΡΠΈΠ²ΠΎΠ΄ΠΈΡΡΡ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΠΌΠ΅ΡΠΎΠ΄Π° ΠΎΡΠ΅Π½ΠΊΠΈ ΡΡΠΎΠΉΠΊΠΎΡΡΠΈ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ°. ΠΠΊΡΠΏΠ΅ΡΠΈΠΌΠ΅Π½ΡΡ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΡΡΡΡ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΡΡΠ΅ΡΠ΅Π½Π½ΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΡΡΠΎΠΉΠΊΠΎΠΉ Ρ
Π΅Ρ-ΡΡΠ½ΠΊΡΠΈΠΈ.Β ΠΡΠΈΠ²ΠΎΠ΄ΡΡΡΡ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΡΠΊΡΠΏΠ΅ΡΠΈΠΌΠ΅Π½ΡΠΎΠ², ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠΈΠ΅ ΡΡΠ°Π²Π½ΠΈΡΡ ΠΌΠ΅ΠΆΠ΄Ρ ΡΠΎΠ±ΠΎΠΉ ΠΏΠΎΠΊΠ°Π·Π°ΡΠ΅Π»ΠΈ ΡΡΠΎΠΉΠΊΠΎΡΡΠΈ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΏΡΠΈ ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
Π·Π½Π°ΡΠ΅Π½ΠΈΡΡ
Π΅Π³ΠΎ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ². ΠΡΠΎΠΌΠ΅ ΡΠΎΠ³ΠΎ, ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΡΠΊΡΠΏΠ΅ΡΠΈΠΌΠ΅Π½ΡΠΎΠ² ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡ ΠΏΠΎΠ½ΡΡΡ, ΠΊΠ°ΠΊ Π·Π½Π°ΡΠ΅Π½ΠΈΡ ΡΠ΅Ρ
ΠΈΠ»ΠΈ ΠΈΠ½ΡΡ
ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ², Π° ΡΠ°ΠΊΠΆΠ΅ ΡΠΎΡΠ΅ΡΠ°Π½ΠΈΡ Π·Π½Π°ΡΠ΅Π½ΠΈΠΉ ΡΡΠΈΡ
ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ² Π²Π»ΠΈΡΡΡ Π½Π° ΠΊΡΠΈΠΏΡΠΎΡΡΠΎΠΉΠΊΠΎΡΡΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΊ Π°ΡΠ°ΠΊΠ°ΠΌ ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ Β«Π³ΡΡΠ±ΠΎΠΉ ΡΠΈΠ»ΡΒ», Β«Π΄Π½Π΅ΠΉ ΡΠΎΠΆΠ΄Π΅Π½ΠΈΡΒ» ΠΈ ΡΠ»ΠΎΠ²Π°ΡΠ½ΡΠΌ Π°ΡΠ°ΠΊΠ°ΠΌ. ΠΠ° ΠΎΡΠ½ΠΎΠ²Π°Π½ΠΈΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΡ
ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠΎΠ² ΠΌΠΎΠΆΠ½ΠΎ ΡΠ΄Π΅Π»Π°ΡΡ Π²ΡΠ²ΠΎΠ΄Ρ ΠΎ Π·Π½Π°ΡΠ΅Π½ΠΈΡΡ
ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ², ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΠΌΡΡ
Π΄Π»Ρ ΠΏΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ Π΄Π°Π½Π½ΠΎΠ³ΠΎ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ°. Π Π·Π°ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½Ρ ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΡΠ°Π±ΠΎΡΡ. ΠΠ²ΡΠΎΡΡ ΡΡΠ°ΡΡΠΈ ΠΏΠΎΠ»Π°Π³Π°ΡΡ, ΡΡΠΎ Π°Π»Π³ΠΎΡΠΈΡΠΌ ΠΌΠΎΠΆΠ΅Ρ Π½Π°ΠΉΡΠΈ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ Π² ΠΏΠΎΠ΄ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΡΡ
ΡΠΈΡΡΠ΅ΠΌ, Π° ΡΠ°ΠΊΠΆΠ΅ Π² ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
, Π² ΠΊΠΎΡΠΎΡΡΡ
Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π²Π°ΠΆΠ½ΡΠΌ ΡΡΠ΅Π±ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΡΠ²Π»ΡΠ΅ΡΡΡ ΡΡΠΎΠΉΠΊΠΎΡΡΡ Π² ΡΠ΅ΡΠ΅Π½ΠΈΠ΅ Π΄Π»ΠΈΡΠ΅Π»ΡΠ½ΠΎΠ³ΠΎ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ
An Efficient Collision Detection Method for Computing Discrete Logarithms with Pollard's Rho
Pollard's rho method and its parallelized variant are at present known as the best generic algorithms for computing discrete logarithms. However, when we compute discrete logarithms in cyclic groups of large orders using Pollard's rho method, collision detection is always a high time and space consumer. In this paper, we present a new efficient collision detection algorithm for Pollard's rho method. The new algorithm is more efficient than the previous
distinguished point method and can be easily adapted to other applications. However, the new algorithm does not work with the parallelized rho method, but it can be parallelized with Pollard's lambda method. Besides the theoretical analysis, we also compare the performances of the new algorithm with the distinguished point method in experiments with elliptic curve groups. The experiments show that the new algorithm can reduce the expected number of iterations before reaching a match from 1.309G to 1.295G under the same space requirements for the single rho method
Security Evaluation of Russian GOST Cipher
Survey of All Known Attacks on Russian Government Encryption Standard. In this talk we will survey some 30 recent attacks on the Russian GOST block cipher. Background: GOST cipher is the official encryption standard of the Russian federation, and also has special versions for the most important Russian banks. Until 2012 there was no attack on GOST when it is used in encryption with random keys. I have developed more than 30 different academic attacks on GOST the fastest has complexity of 2^118 to recover some but not all 256-bit keys generated at random, which will be presented for the first time at CCC conference. It happens only once per decade that a government standard is broken while it is still an official government standard (happened for DES and AES, no other cases known). All these are broken only in academic sense, for GOST most recent attacks are sliding into maybe arguably practical in 30 years from now instead of 200 years... Our earlier results were instrumental at ISO for rejecting GOST as an international encryption standard last year. Not more than 5+ block cihers have ever achieved this level of ISO standardisation in 25 years and it NEVER happended in history of ISO that a cipher got broken during the standardization process. Two main papers with 70+30 pages respectively which are http://eprint.iacr.org/2011/626 and http://eprint.iacr.org/2012/138. Two other papers have been already published in Cryptologia journal which specializes in serious military and government crypto. The talk will cover three main families of attacks on GOST: high-level transformations, low- level inversion/MITM/guess-then-software/algebraic attacks and advanced truncated differential cryptanalysis of GOST. Plan for the talk: First I cover the history of GOST with major Cold War history events as the necessary background. Then I describe in details three main families of attacks: 1) self-smilarity attacks which generalize slide fixed point and reflection attacks, and provide a large variety of ways in which the security of the full GOST cipher with 32 rounds can be reduced to the security of GOST with 8 rounds in a black box reduction and thus the task of the cryptanalys is split into two well-defined tasks. 2) detailed software/algebraic and MITM attacks on 8 rounds and how weak diffusion in GOST helps. 3) advanced truncated differential attacks on GOS
Block Ciphers: Analysis, Design and Applications
In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of Feistel ciphers is studied, which has a number of rounds, where in each round one applies a cryptographically weak function
The design of a secure data communication system
The recent results of using a new type of chosen-plaintext attack, which is called differential cryptanalysis, makes most published conventional secret-key block cipher systems vulnerable. The need for a new conventional cipher which resists all known attacks was the main inspiration of this work.
The design of a secret-key block cipher algorithm called DCU-Cipher, that resists all known cryptanalysis methods is proposed in this dissertation. The proposed method is workable for either 64-bit plaintext/64-bit ciphertext blocks, or 128-bit plaintext/128-bit ciphertext blocks. The secret key in both styles is 128-bit long. This method has only four rounds and the main transformation function in this cipher algorithm is based on four mixed operations. The proposed method is suitable for both hardware and software implementation. It is also suitable for cryptographic hash function implementations.
Two techniques for file and/or data communication encryption are also proposed here. These modes are modified versions of the Cipher-Block Chaining mode, by which the threat of the known-plaintext differential cyptanalytical attack is averted.
An intensive investigation of the best known Identity-based key exchange schemes is also presented. The idea behind using such protocols, is providing an authenticated secret-key by using the users identification tockens. These kind of protocols appeared recently and are not standardized as yet. None of these protocols have been compared with previous proposals. Therefore one can not realize the efficiency and the advantages of a new proposed protocol without comparing it with other existing schemes of the same type. The aim of this investigation is to clarify the advantages and the disadvantages of each of the best known schemes and compare these schemes from the complixity and the speed viewpoint
On the Cryptanalysis of Public-Key Cryptography
Nowadays, the most popular public-key cryptosystems are based on either the integer factorization or the discrete logarithm problem. The feasibility of solving these mathematical problems in practice is studied and techniques are presented to speed-up the underlying arithmetic on parallel architectures. The fastest known approach to solve the discrete logarithm problem in groups of elliptic curves over finite fields is the Pollard rho method. The negation map can be used to speed up this calculation by a factor β2. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. Furthermore, fast modular arithmetic is introduced which can take advantage of prime moduli of a special form using efficient "sloppy reduction." The effectiveness of these techniques is demonstrated by solving a 112-bit elliptic curve discrete logarithm problem using a cluster of PlayStation 3 game consoles: breaking a public-key standard and setting a new world record. The elliptic curve method (ECM) for integer factorization is the asymptotically fastest method to find relatively small factors of large integers. From a cryptanalytic point of view the performance of ECM gives information about secure parameter choices of some cryptographic protocols. We optimize ECM by proposing carry-free arithmetic modulo Mersenne numbers (numbers of the form 2M β 1) especially suitable for parallel architectures. Our implementation of these techniques on a cluster of PlayStation 3 game consoles set a new record by finding a 241-bit prime factor of 21181 β 1. A normal form for elliptic curves introduced by Edwards results in the fastest elliptic curve arithmetic in practice. Techniques to reduce the temporary storage and enhance the performance even further in the setting of ECM are presented. Our results enable one to run ECM efficiently on resource-constrained platforms such as graphics processing units