组合生成器的多线性相关攻击

本文对组合生成器提出了一种相关攻击方法,这种方法同时利用组合生成器输入与输出之间多个线性关系的信息来恢复密钥,我们从理论上证明了该方法可有效的减少攻击所需的数据量.特别地,我们将这种方法用于攻击"蓝牙组合生成器",使攻击复杂度得到显著降低.     

带记忆多值组合生成器的相关免疫性

考察带l位记忆多值组合生成器输入序列和输出序列的相关免疫性以及k阶相关免疫组合函数的构造。     

一类钟控组合生成器的符合率

给出3个停走生成器在模2加组合方式下符合率的有关结论。此类生成器的输出序列与相应停走生成器的控制序列相互独立;输出序列与相应停走生成器的目标LFSR输出序列不独立,本文对输出序列与目标LFSR序列的符合率进行了讨论,给出有限维联合分布的计算公式。     

全动态密钥流生成器DF-FCSR-8

研究了基于带进位的反馈移位寄存器(FCSR)滤波的密钥流生成器族(F-FCSR),在分析F-FCSR线性弱点和F-FCSR-Hv2被攻破原因的基础之上,提出了全动态滤波密钥流生成器DF-FCSR-8。避免了利用该种情况而进行的Hell-Johansson攻击。其生成序列通过了美国技术与标准局(NIST)STS软件包的16项随机性测试,有良好的随机性。同时生成器也能抵抗其他攻击。     

基于FCSR的双滤波密钥流生成器

当前,由于还没有一个适于一般目的的流密码国际加密标准,流密码的设计与分析引起了广泛关注。在以前的流密码的设计中多采用线性反馈移位寄存器（LFSR）作为基本的部件。然而由于LFSR本身的线性性,基于LFSR的流密码备受攻击,进而相继出现了一些替换部件,例如T函数,带进位的反馈移位寄存器（FCSR）等等。文中给出了一个新的基于FCSR的密钥流生成器。理论分析表明该密钥流生成器具有高度的安全性。NIST统计测试表明该密钥流生成器的伪随机特性是理想的。     

多值“加法型”组合生成器分析

文中运用信息论原理对多值“加法型”组合生成器序列进行分析，得到钟控序列与输出序列的互信息为零的结论，证明了钟控输入与输出序列之间互信息是输出序列长度的严格递增函数，进而对控选逻辑序列设计进行分析。     

一类具有可控线性复杂度和双重密钥的非线性生成器

本文讨论一类非线性生成器的分析与综合。这类非线性生成器由三部份组成:nm级的带有本原联结多项式的线性移位寄存器,随机选择器;m端的非线性前馈函数。本文证明了该系统的线性复杂度是可控制的;易于实现(其软件实现的计算复杂度为O(m~3+nm));安全性远远高于原始的前馈网络,即在已知前馈函数和线性移位寄存器时,破译该系统穷举法成功的概率几乎为零。     

一类密钥流生成器的相关分析

多输出逻辑函数是构造密码系统的重要工具,相关免疫性是设计安全逻辑函数的重要准则。该文利用一种较为简单的方法证明了多输出逻辑函数相关免疫性两种刻划的等价性。还对一类利用多输出逻辑函数相关免疫函数构造的密钥流生成器进行了相关性分析,证明了这种构造方法是不成立的,并不能达到构造者期望的相关免疫性,并且分别利用Walsh变换技术和线性序列电路逼近方法找出了这类密钥流生成器的漏洞,从而说明这类生成器在相关攻击下是脆弱的。     

带记忆组合生成器的代数攻击

文章描述了代数攻击的一般原理和可攻击的流密码类型,针对带记忆非线性组合流密码的代数攻击,基于Courtios等人的工作,给出了一种新的寻找可用于代数攻击的低阶多元方程的方法。     

对比特搜索生成器的猜测确定攻击

针对具有低重量反馈多项式的比特搜索生成器(BSG),利用猜测确定攻击的思想提出了一种快速密钥恢复攻击。该算法基于BSG序列的差分构造特点,首先由截获的密钥流恢复出候选差分序列,然后用反馈多项式对候选差分序列进行校验,以此减少需要求解的L维线性方程系统的数量,从而大大减少了算法所需的复杂度。理论分析和仿真结果表明,对于反馈多项式的重量小于10的BSG,该算法明显优于现有的攻击方法。特别地当反馈多项式的重量为3时,该算法能够将最好的攻击结果O(L320.5L)降低到O(L20.5L)。     

Fast correlation attacks on Bluetooth combiner

I. Introduction BluetoothTM is a standard for wireless short-range connectivity specified by the BluetoothTMspecial interest group in Ref.[1]. The specificationdefines a stream cipher algorithm E0 to be used forpoint-to-point encryption within the Bluetooth net-work. The main component of the Bluetooth streamcipher algorithm is the keystream generator (Blue-tooth combiner) which is derived from the well-known summation generator with four input LinearFeedback Shift Registers (LFSRs). A…     

Cryptanalysis of an E0-like Combiner with Memory

In this paper, we study an E0-like combiner with memory as the keystream generator. First, we formulate a systematic and simple method to compute correlations of the FSM output sequences (up to certain bits). An upper bound of the correlations is given, which is useful to the designer. Second, we show how to build either a uni-bias-based or multi-bias-based distinguisher to distinguish the keystream produced by the combiner from a truly random sequence, once correlations are found. The data complexity of both distinguishers is carefully analyzed for performance comparison. We show that the multi-bias-based distinguisher outperforms the uni-bias-based distinguisher only when the patterns of the largest biases are linearly dependent. The keystream distinguisher is then upgraded for use in the key-recovery attack. The latter actually reduces to the well-known Maximum Likelihood Decoding (MLD) problem given the keystream long enough. We devise an algorithm based on Fast Walsh Transform (FWT) to solve the MLD problem for any linear code with dimension L and length n within time O(n+L⋅2 ^L ). Meanwhile, we summarize a design criterion for our E0-like combiner with memory to resist the proposed attacks.     

Correlation properties of a general binary combiner with memory

Correlation properties of a general binary combiner with an arbitrary number M of memory bits are derived and novel design criteria proposed. For any positive integer m, the sum of the squares of the correlation coefficients between all nonzero linear functions of m successive output bits and all linear functions of the corresponding m successive inputs is shown to be dependent upon a particular combiner, unlike the memoryless combiners. The minimum and maximum values of the correlation sum as well as the necessary and sufficient conditions for them to be achieved are determined. It turns out that the security of combiners with memory can be considerably improved if M is not small.An efficient linear sequential circuit approximation (LSCA) method is developed for obtaining output and input linear functions with comparatively large correlation coefficients which is feasible for large M and works for any practical scheme. The method consists in deriving and solving a linear sequential circuit with additional nonbalanced inputs that is based on linear approximations of the output and the component next-state functions. The corresponding correlation attack on combiners with linear feedback shift registers is analyzed and it is shown that every such combiner with or without memory is essentially zero-order correlation immune.A preliminary version of this paper was presented at Eurocrypt '92 and was published in the proceedings. This research was supported in part by the Science Fund of Serbia, Grant #0403, through the Institute of Mathematics, Serbian Academy of Arts and Sciences.     

无记忆组合函数的非线性与相关免疫性

本文探讨了无记忆组合函数的非线性与相关免疫性之间的关系，利用Ｗａｌｓｈ交换，研究了广义相关免疫函数的频谱特征，并且讨论了Ｂｅｎｔ函数的广义相关免疫阶数。     

Correlation properties of combiners with memory in stream ciphers

For pseudo-random generators where one or several LFSRs are combined by a memoryless function, it is known that the output sequences are correlated to certain LFSR-sequences whose correlation coefficients c _t satisfy the equation _i c ₂ ⁱ = 1. In this paper it is proved that a corresponding result also holds for generators whose LFSRs are connected to a combiner with memory.If correlation probabilities are conditioned on side information, e.g., on known output digits, it is shown that new or stronger correlations may occur. This is exemplified for the summation cipher with only two LFSRs where such correlations can be exploited in a known plaintext attack. A cryptanalytic algorithm is given which is shown to be successful for LFSRs of considerable length and with arbitrary feedback connection.A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp. 204–213.     

Maximum Correlation Analysis of Nonlinear Combining Functions in Stream Ciphers

The maximum correlation of a Boolean function to all Boolean functions of a subset of its input variables is investigated. A relationship is derived between the maximum correlation and the mutual information between the output of a balanced Boolean function and a subset of its random input variables. For bent functions (which are never balanced), both the mutual information and the maximum correlation are bounded and shown to be small in a strong sense. Received 14 February 1996 and revised 15 January 2000 Online publication 19 May 2000     

一种3路径向高功率合成器的设计

介绍了一种3路径向高功率合成器的设计,该3路功率合成器采用50Ω负载作为两路之间的隔离电阻,且通过50Ω阻抗线与电路主体连接,负载尺寸以及安装位置不影响合成器的电性能,实现了高功率隔离的目的。文中对该功分器各传输线的阻抗进行了分析计算,并给出了HFSS软件的仿真结果和实测结果。仿真和实测结果显示:该合成器在16%带宽内隔离度小于-25 dB,满足一般功率合成器的使用要求。该3路径向高功率合成器具有幅相一致性高,耐功率高的特点,可用于固态发射机的功率合成以及雷达天线阵面大功率输出和定标系统中。     

适用于MMIC的功率合成器设计

设计了一种适用于对MMIC功率放大器进行合成的新型功率合成器。采用多端口网络理论对功率合成结构进行分析, 结合MMIC功放单片的工作特点总结出该功率合成器最重要的设计指标, 设计出工作在5GHz~6GHz的16路辐射线型功率合成器。通过测试发现该功率合成器的驻波〈1.5dB, 各端口幅度不平衡度〈±0.4dB, 相位不平衡度〈±2°, 并具有较好的隔离度, 整个功率合成器的直径小于56mm, 非常适合用于C波段大功率的合成。最终采用该功率合成器在5GHz~6GHz的工作频率内成功获得160W的合成功率。     

蓝牙认证解读

只有经过蓝牙认证测试的产品才是真正的蓝牙产品。通过介绍蓝牙认证相关的蓝牙技术知识,蓝牙认证涉及的测试内容、认证流程以及蓝牙认证费用等内容。希望对蓝牙产品开发和认证测试的人员、以及需要做蓝牙认证的公司有所帮助。