The diffusion layers in substitution-permutation network(SPN) block ciphers are almost invertible linear transformations, which is optimal if the branch number reaches the maximum value. The method of constructing i...The diffusion layers in substitution-permutation network(SPN) block ciphers are almost invertible linear transformations, which is optimal if the branch number reaches the maximum value. The method of constructing involutory optimal diffusion layers is proposed based on the Cauchy matrix, which can decrease the cost of implementation. The analysis to experimental results indicates that the diffusion layer ensures the security of the SPN block cipher against differential cryptanalysis(DC) and linear cryptanalysis(LC), and decreases half the cost of implementation.展开更多
Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on ...Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.展开更多
The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate ...The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate security about most current white-box cryptographic schemes,WAS,an improved white-box cryptographic algorithm over AS iteration is proposed.This scheme utilizes the AS iterative structure to construct a lookup table with a fvelayer ASASA structure,and the maximum distance separable matrix is used as a linear layer to achieve complete difusion in a small number of rounds.Attackers can be prevented from recovering the key under black-box model.The length of nonlinear layer S and afne layer A in lookup table is 16 bits,which efectively avoids decomposition attack against the ASASA structure and makes the algorithm possess anti-key extraction security under the whitebox model,while WAS possesses weak white-box(32 KB,112)-space hardness to satisfy anti-code lifting security.WAS has provable security and better storage cost than existing schemes,with the same anti-key extraction security and anti-code lifting security,only 128 KB of memory space is required in WAS,which is only 14%of SPACE-16 algorithm and 33%of Yoroi-16 algorithm.展开更多
文摘The diffusion layers in substitution-permutation network(SPN) block ciphers are almost invertible linear transformations, which is optimal if the branch number reaches the maximum value. The method of constructing involutory optimal diffusion layers is proposed based on the Cauchy matrix, which can decrease the cost of implementation. The analysis to experimental results indicates that the diffusion layer ensures the security of the SPN block cipher against differential cryptanalysis(DC) and linear cryptanalysis(LC), and decreases half the cost of implementation.
基金National Natural Science Foundation ofChina(No.60573031)Foundation of Na-tional Laboratory for Modern Communica-tions(No.51436060205JW0305)Founda-tion of Senior Visiting Scholarship of Fu-dan University
文摘Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.
基金supported by Beijing Natural Science Foundation(No:4232034)the Fundamental Research Funds for the Central Universities(No:328202222).
文摘The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment.In order to solve the issues of high storage cost and inadequate security about most current white-box cryptographic schemes,WAS,an improved white-box cryptographic algorithm over AS iteration is proposed.This scheme utilizes the AS iterative structure to construct a lookup table with a fvelayer ASASA structure,and the maximum distance separable matrix is used as a linear layer to achieve complete difusion in a small number of rounds.Attackers can be prevented from recovering the key under black-box model.The length of nonlinear layer S and afne layer A in lookup table is 16 bits,which efectively avoids decomposition attack against the ASASA structure and makes the algorithm possess anti-key extraction security under the whitebox model,while WAS possesses weak white-box(32 KB,112)-space hardness to satisfy anti-code lifting security.WAS has provable security and better storage cost than existing schemes,with the same anti-key extraction security and anti-code lifting security,only 128 KB of memory space is required in WAS,which is only 14%of SPACE-16 algorithm and 33%of Yoroi-16 algorithm.
