178,186 research outputs found

    Multidimensional Zero-Correlation Linear Cryptanalysis of the Block Cipher KASUMI

    Full text link
    The block cipher KASUMI is widely used for security in many synchronous wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd Generation Partnership Project) ciphering algorthms in 2001. There are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking so far. In this paper, we select some special input masks to refine the general 5-round zero-correlation linear approximations combining with some observations on the FLFL functions and then propose the 6-round zero-correlation linear attack on KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI are also introduced under some weak keys conditions. These weak keys take 2142^{-14} of the whole key space. The new zero-correlation linear attack on the 6-round needs about 2852^{85} encryptions with 262.82^{62.8} known plaintexts. For the attack under weak keys conditions on the last 7 round, the data complexity is about 262.12^{62.1} known plaintexts and the time complexity 2110.52^{110.5} encryptions

    Unconditionally secure quantum key distribution over 50km of standard telecom fibre

    Full text link
    We demonstrate a weak pulse quantum key distribution system using the BB84 protocol which is secure against all individual attacks, including photon number splitting. By carefully controlling the weak pulse intensity we demonstrate the maximum secure bit rate as a function of the fibre length. Unconditionally secure keys can be formed for standard telecom fibres exceeding 50 km in length.Comment: 9 pages 2 figure

    Cryptanalysis of an Image Encryption Scheme Based on a Compound Chaotic Sequence

    Get PDF
    Recently, an image encryption scheme based on a compound chaotic sequence was proposed. In this paper, the security of the scheme is studied and the following problems are found: (1) a differential chosen-plaintext attack can break the scheme with only three chosen plain-images; (2) there is a number of weak keys and some equivalent keys for encryption; (3) the scheme is not sensitive to the changes of plain-images; and (4) the compound chaotic sequence does not work as a good random number resource.Comment: 11 pages, 2 figure

    Removable Weak Keys for Discrete Logarithm Based Cryptography

    Get PDF
    We describe a novel type of weak cryptographic private key that can exist in any discrete logarithm based public-key cryptosystem set in a group of prime order pp where p1p-1 has small divisors. Unlike the weak private keys based on \textit{numerical size} (such as smaller private keys, or private keys lying in an interval) that will \textit{always} exist in any DLP cryptosystems, our type of weak private keys occurs purely due to parameter choice of pp, and hence, can be removed with appropriate value of pp. Using the theory of implicit group representations, we present algorithms that can determine whether a key is weak, and if so, recover the private key from the corresponding public key. We analyze several elliptic curves proposed in the literature and in various standards, giving counts of the number of keys that can be broken with relatively small amounts of computation. Our results show that many of these curves, including some from standards, have a considerable number of such weak private keys. We also use our methods to show that none of the 14 outstanding Certicom Challenge problem instances are weak in our sense, up to a certain weakness bound

    Keys and Armstrong databases in trees with restructuring

    Get PDF
    The definition of keys, antikeys, Armstrong-instances are extended to complex values in the presence of several constructors. These include tuple, list, set and a union constructor. Nested data structures are built using the various constructors in a tree-like fashion. The union constructor complicates all results and proofs significantly. The reason for this is that it comes along with non-trivial restructuring rules. Also, so-called counter attributes need to be introduced. It is shown that keys can be identified with closed sets of subattributes under a certain closure operator. Minimal keys correspond to closed sets minimal under set-wise containment. The existence of Armstrong databases for given minimal key systems is investigated. A sufficient condition is given and some necessary conditions are also exhibited. Weak keys can be obtained if functional dependency is replaced by weak functional dependency in the definition. It is shown, that this leads to the same concept. Strong keys are defined as principal ideals in the subattribute lattice. Characterization of antikeys for strong keys is given. Some numerical necessary conditions for the existence of Armstrong databases in case of degenerate keys are shown. This leads to the theory of bounded domain attributes. The complexity of the problem is shown through several examples

    Understanding LEDA crypt and the weak keys attack

    Get PDF

    Experimental demonstration of counterfactual quantum key distribution

    Full text link
    Counterfactual quantum key distribution provides natural advantage against the eavesdropping on the actual signal particles. It can prevent the photon-number-splitting attack when a weak coherent light source is used for the practical implementation. We realized the counterfactual quantum key distribution in an unbalanced Mach-Zehnder interferometer of 12.5-km-long quantum channel with a high-fringe visibility of 96:4%. As a result, we obtained secure keys against the noise-induced attack (eg. the vacuum attack) and passive photon-number-splitting attack.Comment: 5 pages, 3 figure
    corecore