227 research outputs found
On the Security of NMAC and Its Variants
Based on the three earlier MAC (Message Authentication Code) construction approaches, we propose and analyze some variants of NMAC. We propose some key recovery attacks to these NMAC variants, for example, we can recover the equivalent inner key of NMAC in about O(2n/2) MAC operations, in a related key setting. We propose NMAC-E, a variant of NMAC with secret envelop, to achieve more process efficiency and no loss of security, which needs only one call to the underlying hash function, instead of two invocations in HMAC
DISTRIBUTION OF R-PATTERNS IN THE KERDOCK-CODE BINARY SEQUENCES AND THE HIGHEST LEVEL SEQUENCES OF PRIMITIVE SEQUENCES OVER
The distribution of r-patterns is an important aspect of pseudorandomness for periodic sequences over finite field.The aim
of this work is to study the distribution of r-patterns in the
Kerdock-code binary sequences and the highest level sequences of
primitive sequences over .By combining the local Weil
bound with spectral analysis,we derive the upper bound of the
deviation to uniform distribution.As a consequence,the recent
result on the quantity is improved
Construct MD5 Collisions Using Just A Single Block Of Message
So far, all the differential attacks on MD5 were constructed through multi-block collision method. Can collisions for MD5 be found using just a single block of message (i.e. 512-bit)? This has been an open problem since the first 2-block collision attack was given. Today, in the last month (Dec,) of 2010, we have to make public a result of our 1-block collision attacks on MD5 in Table 1 as below, which was actually obtained at the beginning of 2010, but for security reasons, the techniques are not allowed to be disclosed at the moment. Here, we are calling for a challenge to the cryptology community that, any one who first gives a new different 1-block collision attack on MD5 will win 10,000 US dollars (about 50,000 RMB in Chinese Yuan) as a reward for his (her) excellent work. This call for challenge will be ended on Jan 1st, 2013. This announcement’s first affiliated unit will be responsible for this amount of reward when a new different 1-block collision attack is received and verified
Cryptanalysis of the MEM Mode of Operation
The MEM mode is a nonce-based enciphering mode of operation proposed by Chakraborty and Sarkar, which was claimed to be secure against symmetric nonce respecting adversaries. We show that this is not correct by using two very simple attcks. One attack need one decryption and one decryption queries, and the other only need one encryption query
Could The 1-MSB Input Difference Be The Fastest Collision Attack For MD5 ?
So far, two different 2-block collision differentials, both with 3-bit input differences for MD5, have been found by Wang etc in 2005 and Xie etc in 2008 respectively, and those differentials have been improved later on to generate a collision respectively within around one minute and half an hour on a desktop PC. Are there more collision differentials for MD5? Can a more efficient algorithm be developed to find MD5 collisions? In this paper, we list the whole set of 1-bit to 3-bit input difference patterns that are possibly qualified to construct a feasible collision differential, and from which a new collision differential with only 1-MSB input difference is then analyzed in detail, finally the performances are compared with the prior two 3-bit collision attacks according to seven criteria proposed in this paper. In our approach, a two-block message is still needed to produce a collision, the first block being only one MSB different while the second block remains the same. Although the differential path appears to be computationally infeasible, most of the conditions that a collision differential path must satisfy can be fulfilled by multi-step modifications, and the collision searching efficiency can be much improved further by a specific divide-and-conquer technique, which transforms a multiplicative accumulation of the computational complexities into an addition by properly grouping of the conditional bits. In particular, a tunneling-like technique is applied to enhance the attack algorithm by introducing some additional conditions. As a result, the fastest attack algorithm is obtained with an averaged computational complexity of 2^20.96 MD5 compressions, which implies that it is able to search a collision within a second on a common PC for arbitrary random initial values. With a reasonable probability a collision can be found within milliseconds, allowing for instancing an attack during the execution of a practical protocol. The collision searching algorithm, however, is very complex, but the algorithm has been implemented which is available from the website http://www.is.iscas.ac.cn/gnomon, and we suggest you download the implementation program from the website for a personal experience if you are interested in it
Secure Direct Communication Using Quantum Calderbank-Shor-Steane Codes
The notion of quantum secure direct communication (QSDC) has been introduced recently in quantum cryptography as a replacement for quantum key distribution, in which two communication entities exchange secure classical messages without establishing any shared keys previously. In this paper, a quantum secure direct communication
scheme using quantum Calderbank-Shor-Steane (CCS) error correction
codes is proposed. In the scheme, a secure message is first
transformed into a binary error vector and then encrypted(decrypted) via quantum coding(decoding) procedures. An adversary Eve, who has controlled the communication channel, can\u27t recover the secrete messages because she doesn\u27t know the deciphering keys. Security of this scheme is based on the assumption that decoding general linear codes is intractable even on quantum computers
Type-Based Analysis of Protected Storage in the TPM (full version)
The Trusted Platform Module (TPM) is designed to enable trustworthy computation and communication over open networks. The TPM provides a way to store cryptographic keys and other sensitive values in its shielded memory and act as \emph{Root of Trust for Storage} (RTS). The TPM interacts with applications via a predefined set of commands (an API). In this paper, we give an abstraction model for the TPM 2.0 specification concentrating on Protected Storage part. With identification and formalization of their secrecy properties, we devise a type system with asymmetric cryptographic primitives to statically enforce and prove their security
Improved Integral Cryptanalysis of FOX Block Cipher
FOX is a new family of block ciphers presented recently, which is
based upon some results on proven security and has high
performances on various platforms. In this paper, we construct
some distinguishers between 3-round FOX and a random permutation
of the blocks space. By using integral attack and
collision-searching techniques, the distinguishers are used to
attack on 4, 5, 6 and 7-round of FOX64, 4 and 5-round FOX128. The
attack is more efficient than previous integral attack on FOX. The
complexity of improved integral attack is on 4-round
FOX128, against 5-round FOX128 respectively. For
FOX64, the complexity of improved integral attack is on
4-round FOX64, against 5-round FOX64,
against 6-round FOX64, against 7-round FOX64
respectively. Therefore, 4-round FOX64/64, 5-round FOX64/128,
6-round FOX64/192, 7-round FOX64/256 and 5-round FOX128/256 are
not immune to the attack in this paper
Fully Secure (Doubly-)Spatial Encryption under Simpler Assumptions
Spatial encryption was first proposed by Boneh and Hamburg in 2008. It is one implementation of the generalized identity-based encryption schemes and many systems with a variety of properties can be derived from it. Recently, Hamburg improved the notion by presenting a variant called doubly-spatial encryption. The doubly spatial encryption is more powerful and expressive. More useful cryptography systems can be builded from it, such as attribute-based encryption, etc. However, most presented spatial encryption schemes are proven to be selectively secure. Only a few spatial encryption schemes achieve adaptive security, but not under standard assumptions. And no fully secure doubly-spatial encryption scheme has been presented before.
In this paper, we primarily focus on the adaptive security of (doubly-)spatial encryption. A spatial encryption scheme and a doubly-spatial encryption scheme have been proposed. Then we apply the dual system methodology proposed by Waters in the security proof. Both of the schemes can be proven adaptively secure under standard assumptions, the decisional linear (DLIN) assumption and the decisional bilinear Diffie-Hellman (DBDH) assumption, over prime order groups in the standard model. To the best of our knowledge, our second scheme is the first fully secure construction of doubly-spatial encryption
- …