Системи лінійних заборон над скінченним полем

Кваліфікаційна робота містить: 86 стор., 1 рисунок, 2 таблиці, 35 джерел. Метою роботи є розвиток та уточнення алгебраїчних моделей та методів криптоаналізу. Об’єктом дослідження є інформаційні процеси в системах криптографічного захисту. Предметом дослідження є система лінійних заборон та її властивості. У даній роботі проведено огляд наявних методів алгебраїчного криптоаналізу та сформульовано задачу відновлення невідомого вектора за частковою інформацією, представленою у формі певних лінійних залежностей. Запропоновано формалізацію цієї задачі шляхом введення нотації системи лінійних заборон над скінченним полем. Побудовано критерій існування розв’язку систем лінійних заборон. Доведено ряд тверджень про кількість розв’язків системи лінійних заборон у випадку коли система лінійних заборон породжена фіксованим невідомим вектором. Отримано нетривіальну оцінку на точку насичення у випадку ненульових правих частин системи. Визначено задачі перевірки існування та пошуку розв’язку системи лінійних заборон, та доведено їх еквівалентність за Тюрінгом. Сформульовано ряд суміжних задач та доведено приналежність цих задач відповідним класам складності. Побудовано поліноміальні імовірнісні алгоритми перевірки існування та пошуку розв’язку для деяких часткових випадків. Також побудовано імовірнісний евристичний алгоритм пошуку декількох розв’язків системи лінійних заборон для деяких часткових випадків.Diploma work includes: 86 pages, 1 drawing, 2 tables, 35 references. The goal of work is improving and clarifying models and methods of algebraic cryptanalysis. The research object are information processes in systems of cryptographic security. The research subject is system of linear restrictions and its properties. In this work we overviewed existing methods of algebraic cryptanalysis and formulated problem of recovering unknown vector by partial information in the form of linear dependencies. We proposed formalization of this problem by introducing a notation of the system of linear restrictions over finite field. We constructed criterion of solution existence for the system of linear restrictions. We proved several claims about number of solutions for the system of linear restrictions generated by an unknown fixed vector. We get non-trivial upper bound on a saturation point for the system with non-zero right-hand side. We formulated decision and search problems for the system of linear restrictions and proved that these problems are Turing equivalent. We formulated several related problems and identified their complexity classes. We constructed polynomial probabilistic algorithms for decision and search problems in some partial cases. Also we constructed probabilistic heuristic algorithm for finding several solutions in some partial cases

Cryptanalysis on stream ciphers for GSM networks

[[abstract]]Stream cipher is an important device of the GSM system. A secure stream cipher is based on the secure key generator. Lo and Chen proposed a new key generator for the GSM network. Based on the basic architecture of their key generator, they designed three stream ciphers for different security levels of the GSM network. They claimed that the output of their key generator has a long period and satisfies randomness. Consequently, they claimed that the stream ciphers are secure. This paper shows that their key generator and stream ciphers have some weakness. Their stream cipher architectures are not secure.[[notice]]補正完

[[alternative]]行動通訊網路鑑別技術之研究

博士[[abstract]]在現今的行動通訊中，個人的隱私與安全是使用者最關心的議題。密碼系統是保障機密與敏感性資料的一種重要技術，然而，主流的行動通訊設備製造商採用的處理器計算能力有限，以致於無法採用先進的安全技術。本論文將設計開發一些鑑別技術實現方法與有效率的鑑別技術。目前有許許多多的行動通訊安全協定是架構在RSA方法上，所以，我們首先設計一個架構於德州儀器公司的TMS320C55x系列數位訊號處理器的RSA實現方法，使得先進的安全協定可以運用於行動通訊設備上。然而，在許多的RSA應用中，常常選用較小的公開金鑰來縮短加密時間，解密部分依舊要耗費許多時間。為解決此一問題，我們提出一個利用強質數特性的RSA解密方法，此方法可以有效的提昇RSA的解密效率。最後，我們設計一個適用於行動通訊網路的鑑別機制。此機制植基於對稱式密碼系統、詢問-回覆與雜湊鍊節等密碼技術，而且提供了相互鑑別的特性。除此之外，本方法將產生使用者與服務供應商之間的通訊會談金鑰，以保護通訊內容，而且金鑰分配中心可利用金鑰轉換函數來避免使用者秘密金鑰的維護工作。[[abstract]]In mobile communications nowadays, personal privacy and security are of top concern to mobile phone subscribers. In protecting the confidential and sensitive data in mobile networks, cryptosystem can be considered as an important technique. Yet, mainstream mobile manufacturers can hardly adopt advanced security protocol to mobile devices, due to the limited computational ability of the processor they employ. Against the backdrop that many good authentication protocols of mobile network are based on RSA operations, the author of this dissertation shall design and propose some implementation methods and authentication protocols. First, the author designs an efficient and practical method to implement RSA algorithm originated from Texas Instruments TMS320C55x family, in order to make it possible to add an advanced security protocol to mobile networks. The TMS320C55x family is widely adopted in many wireless and mobile devices. While most of these RSA applications use a small public key to speed up the encryption operation, the decryption operation inevitably takes more computational time performing an operation of modular exponentiation. To solve this problem, the author proposes a RSA decryption method based on the strong prime criterion. The proposed method can greatly enhance the performance of the RSA decryption. The author proposes some implementation methods of public key cryptosystem to enhance the performance; however, the public key cryptosystem is still slower than the symmetric key cryptosystem. Finally, the author proposes a new efficient authentication protocol for mobile networks. The proposed protocol is based on the symmetric cryptosystem, challenge-response, and hash chaining, in which the user, the service provider, and the key distribution center authenticate mutually. In addition, the user and the service provider will generate a secret session key for their communication in this protocol. With the key derivation function, the key distribution center of mobile networks does not need to maintain the secret key database of users. The proposed protocol can be properly applied to the mobile networks.[[tableofcontents]]CONTENTS Abstract -i- List of Figures -vi- List of Tables -vii- Chapter 1 Introduction -1- 1.1 Research motivation -1- 1.2 Objectives of the research -3- 1.3 Organization -4- Chapter 2 Cryptanalysis on stream ciphers for GSM networks -6- 2.1 Lo and Chens''stream cipher architecture -6- 2.1.1 Key generator (KG) -7- 2.1.2 Stream ciphers -8- 2.1.2.1 Stream cipher 1 (S1) -8- 2.1.2.2 Stream cipher 2 (S2) -9- 2.1.2.3 Stream cipher 3 (S3) -10- 2.2 Cryptanalysis on Lo and Chen''s key generator -11- 2.2.1 First cryptanalysis -12- 2.2.2 Second cryptanalysis -13- 2.3 Cryptanalysis on Lo and Chen''s stream cipher -15- 2.3.1 Cryptanalysis on stream cipher 1 (S1) -15- 2.3.2 Cryptanalysis on stream cipher 2 (S2) -15- 2.3.3 Cryptanalysis on stream cipher 3 (S3) -16- Chapter 3 Fast firmware implementation of RSA for mobile devices -17- 3.1 RSA algorithm -18- 3.2 TI TMS320C55x family of DSP -18- 3.3 Implementation -19- 3.3.1 Multiplication -20- 3.3.2 Modular reduction -22- 3.3.3 RSA implementation (Modular exponentiation)-23- 3.3.4 Decryption based on CRT -25- 3.4 Experiment results -27- 3.5 Discussion -30- Chapter 4 An efficient RSA decryption method based on strong prime criterion -32- 4.1 Strong prime -33- 4.2 An efficient RSA decryption method -34- 4.3 Computational complexity -43- Chapter 5 An efficient authentication protocol for mobile networks -48- 5.1 Related works -49- 5.2 Intra-domain authentication protocol -50- 5.2.1 The initial phase -51- 5.2.2 The subsequent phase -55- 5.3 Inter-domain authentication protocol -56- 5.3.1 The initial phase -57- 5.3.2 The subsequent phase -61- 5.4 Security analysis -63- 5.4.1 Authentication proof based on BAN logic -63- 5.4.2 Withstanding possible attacks-66- 5.5 Discussions -68- Chapter 6 Conclusions and future researches -73- 6.1 Summary of contributions -73- 6.2 Future researches -76- References -78- List of Figures Figure 2.1 The security architecture of GSM -7- Figure 2.2 The stream cipher S1 -9- Figure 2.3 The stream cipher S2……………………………………………………….9 Figure 2.4 The stream cipher S3……………………………………………………...10 Figure 3.1 Our enhanced multiplication algorithm on TMS320C55x………………..21 Figure 3.2 Barrett reduction algorithm……………………………………………….22 Figure 3.3 Modular exponentiation algorithm………………………………………..23 Figure 3.4 Times of multiplication operations for different k in our modular exponentiation method…………………………………………………...25 Figure 4.1 The structure of RSA parameter n…………………….…………………..33 Figure 4.2 The diagram of the proposed RSA decryption method…………………...37 Figure 5.1 The initial phase of intra-domain protocol……………...………………...54 Figure 5.2 The subsequent phase of intra-domain protocol………………………….55 Figure 5.3 The initial phase of inter-domain protocol……………………………......61 Figure 5.4 The subsequent phase of inter-domain protocol………………………….62 List of Tables Table 3.1 Numbers of CPU cycles and lengths of time taken to realize RSA ..……...28 Table 3.2 Numbers of CPU cycles and lengths of time taken by modular exponentiations with exponent e being a 160-bit string…….……………...28 Table 3.3 Numbers of CPU cycles in the realization of RSA ….…………………….29 Table 3.4 Lengths of CPU time taken to realize the RSA decryption process……….30 Table 4.1 Numbers of CPU clock cycles for realizing the RSA decryptions based on three different methods…….……………………………………………….45 Table 4.2 Numbers of CPU clock cycles for realizing the modular multiplication…..46 Table 5.1 Summaries of comparisons………………………………………………...70 Table 5.2 The comparisons of the computational and communicational cost of initial authentication phase……………………………………………………......71 Table 5.3 The comparisons of the computational and communicational cost of subsequent phase…………………………………………………………...72 Table 5.4 The summaries of the computation speed of cryptographic functions…….72[[note]]學號: 890190050, 學年度: 9