On the Security of NMAC and Its Variants

Based on the three earlier MAC (Message Authentication Code) construction approaches, we propose and analyze some variants of NMAC. We propose  some key recovery attacks to  these  NMAC  variants, for  example, we can  recover  the  equivalent  inner  key  of NMAC  in  about O(2n/2) MAC  operations, in  a related key  setting. We  propose  NMAC-E, a  variant of NMAC  with  secret  envelop,  to  achieve  more  process  efficiency  and  no  loss  of security, which needs only one call to the  underlying hash  function, instead of two invocations in HMAC

DISTRIBUTION OF R-PATTERNS IN THE KERDOCK-CODE BINARY SEQUENCES AND THE HIGHEST LEVEL SEQUENCES OF PRIMITIVE SEQUENCES OVER Z2lZ_{2^l}

The distribution of r-patterns is an important aspect of pseudorandomness for periodic sequences over finite field.The aim of this work is to study the distribution of r-patterns in the Kerdock-code binary sequences and the highest level sequences of primitive sequences over $Z_{2^l}$.By combining the local Weil bound with spectral analysis,we derive the upper bound of the deviation to uniform distribution.As a consequence,the recent result on the quantity is improved

Construct MD5 Collisions Using Just A Single Block Of Message

So far, all the differential attacks on MD5 were constructed through multi-block collision method. Can collisions for MD5 be found using just a single block of message (i.e. 512-bit)? This has been an open problem since the first 2-block collision attack was given. Today, in the last month (Dec,) of 2010, we have to make public a result of our 1-block collision attacks on MD5 in Table 1 as below, which was actually obtained at the beginning of 2010, but for security reasons, the techniques are not allowed to be disclosed at the moment. Here, we are calling for a challenge to the cryptology community that, any one who first gives a new different 1-block collision attack on MD5 will win 10,000 US dollars (about 50,000 RMB in Chinese Yuan) as a reward for his (her) excellent work. This call for challenge will be ended on Jan 1st, 2013. This announcement’s first affiliated unit will be responsible for this amount of reward when a new different 1-block collision attack is received and verified

Secure Direct Communication Using Quantum Calderbank-Shor-Steane Codes

The notion of quantum secure direct communication (QSDC) has been introduced recently in quantum cryptography as a replacement for quantum key distribution, in which two communication entities exchange secure classical messages without establishing any shared keys previously. In this paper, a quantum secure direct communication scheme using quantum Calderbank-Shor-Steane (CCS) error correction codes is proposed. In the scheme, a secure message is first transformed into a binary error vector and then encrypted(decrypted) via quantum coding(decoding) procedures. An adversary Eve, who has controlled the communication channel, can\u27t recover the secrete messages because she doesn\u27t know the deciphering keys. Security of this scheme is based on the assumption that decoding general linear codes is intractable even on quantum computers

Cryptanalysis of the MEM Mode of Operation

The MEM mode is a nonce-based enciphering mode of operation proposed by Chakraborty and Sarkar, which was claimed to be secure against symmetric nonce respecting adversaries. We show that this is not correct by using two very simple attcks. One attack need one decryption and one decryption queries, and the other only need one encryption query

Could The 1-MSB Input Difference Be The Fastest Collision Attack For MD5 ?

So far, two different 2-block collision differentials, both with 3-bit input differences for MD5, have been found by Wang etc in 2005 and Xie etc in 2008 respectively, and those differentials have been improved later on to generate a collision respectively within around one minute and half an hour on a desktop PC. Are there more collision differentials for MD5? Can a more efficient algorithm be developed to find MD5 collisions? In this paper, we list the whole set of 1-bit to 3-bit input difference patterns that are possibly qualified to construct a feasible collision differential, and from which a new collision differential with only 1-MSB input difference is then analyzed in detail, finally the performances are compared with the prior two 3-bit collision attacks according to seven criteria proposed in this paper. In our approach, a two-block message is still needed to produce a collision, the first block being only one MSB different while the second block remains the same. Although the differential path appears to be computationally infeasible, most of the conditions that a collision differential path must satisfy can be fulfilled by multi-step modifications, and the collision searching efficiency can be much improved further by a specific divide-and-conquer technique, which transforms a multiplicative accumulation of the computational complexities into an addition by properly grouping of the conditional bits. In particular, a tunneling-like technique is applied to enhance the attack algorithm by introducing some additional conditions. As a result, the fastest attack algorithm is obtained with an averaged computational complexity of 2^20.96 MD5 compressions, which implies that it is able to search a collision within a second on a common PC for arbitrary random initial values. With a reasonable probability a collision can be found within milliseconds, allowing for instancing an attack during the execution of a practical protocol. The collision searching algorithm, however, is very complex, but the algorithm has been implemented which is available from the website http://www.is.iscas.ac.cn/gnomon, and we suggest you download the implementation program from the website for a personal experience if you are interested in it

Improved Integral Cryptanalysis of FOX Block Cipher

FOX is a new family of block ciphers presented recently, which is based upon some results on proven security and has high performances on various platforms. In this paper, we construct some distinguishers between 3-round FOX and a random permutation of the blocks space. By using integral attack and collision-searching techniques, the distinguishers are used to attack on 4, 5, 6 and 7-round of FOX64, 4 and 5-round FOX128. The attack is more efficient than previous integral attack on FOX. The complexity of improved integral attack is $2^{77.6}$ on 4-round FOX128, $2^{205.6}$ against 5-round FOX128 respectively. For FOX64, the complexity of improved integral attack is $2^{45.4}$ on 4-round FOX64, $2^{109.4}$ against 5-round FOX64, $2^{173.4}$ against 6-round FOX64, $2^{237.4}$ against 7-round FOX64 respectively. Therefore, 4-round FOX64/64, 5-round FOX64/128, 6-round FOX64/192, 7-round FOX64/256 and 5-round FOX128/256 are not immune to the attack in this paper

Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions

Spatial encryption was first proposed by Boneh and Hamburg in 2008. It is one implementation of the generalized identity-based encryption schemes and many systems with a variety of properties can be derived from it. Recently, Hamburg improved the notion by presenting a variant called doubly-spatial encryption. The doubly spatial encryption is more powerful and expressive. More useful cryptography systems can be builded from it, such as attribute-based encryption, etc. However, most presented spatial encryption schemes are proven to be selectively secure. Only a few spatial encryption schemes achieve adaptive security, but not under standard assumptions. And no fully secure doubly-spatial encryption scheme has been presented before. In this paper, we primarily focus on the adaptive security of (doubly-)spatial encryption. A spatial encryption scheme and a doubly-spatial encryption scheme have been proposed. Then we apply the dual system methodology proposed by Waters in the security proof. Both of the schemes can be proven adaptively secure under standard assumptions, the decisional linear (DLIN) assumption and the decisional bilinear Diffie-Hellman (DBDH) assumption, over prime order groups in the standard model. To the best of our knowledge, our second scheme is the first fully secure construction of doubly-spatial encryption

Cryptanalysis of the Hash Function LUX-256

LUX is a new hash function submitted to NIST\u27s SHA-3 competition. In this paper, we found some non-random properties of LUX due to the weakness of origin shift vector. We also give reduced blank round collision attack, free-start collision attack and free-start preimage attack on LUX-256. The two collision attacks are trivial. The free-start preimage attack has complexity of about 2^80 and requires negligible memory