双随机相位加密系统的已知明文攻击

运用密码分析学的方法对双随机相位加密系统进行了初步的安全性分析.研究结果表明，该系统属于线性的对称分组密码系统，线性性质为其安全性留下隐患.在已知明文攻击下，攻击者可通过常规的相位恢复算法获得4-f系统输入平面的随机相位函数密钥，继而可轻易推出频谱平面的随机相位函数密钥，从而攻破此密码系统. 关键词： 光学信息安全 双随机相位加密 密码分析学 已知明文攻击     

On the Cryptanalysis of a Latin Cubes-Based Image Cryptosystem

Based on orthogonal Latin cubes, an image cryptosystem with confusion–diffusion–confusion cipher architecture has been proposed recently (Inf. Sci. 2019, 478, 1–14). However, we find that there are four fatal vulnerabilities in this image cryptosystem, which leave open doors for cryptanalysis. In this paper, we propose a reference-validation inference algorithm and design screening-based rules to efficiently break the image cryptosystem. Compared with an existing cryptanalysis algorithm, the proposed method requires fewer pairs of chosen plain-cipher images, and behaves stably since different keys, positions of chosen bits and contents of plain images will not affect the cryptanalysis performance. Experimental results show that our cryptanalysis algorithm only requires 8×H×W3+3pairs of chosen plain-cipher images, where H×W represents the image’s resolution. Comparative studies demonstrate effectiveness and superiority of the proposed cryptanalysis algorithm.     

Impossible differential cryptanalysis using matrix method

The general strategy of impossible differential cryptanalysis is to first find impossible differentials and then exploit them for retrieving subkey material from the outer rounds of block ciphers. Thus, impossible differentials are one of the crucial factors to see how much the underlying block ciphers are resistant to impossible differential cryptanalysis. In this article, we introduce a widely applicable matrix method to find impossible differentials of block cipher structures whose round functions are bijective. Using this method, we find various impossible differentials of known block cipher structures: Nyberg’s generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, Rijndael structures and generalized Skipjack-like structures. We expect that the matrix method developed in this article will be useful for evaluating the security of block ciphers against impossible differential cryptanalysis, especially when one tries to design a block cipher with a secure structure.     

Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'98

In 1 Matsumoto and Imai developed a new public key scheme, called C*, for enciphering or signing. (This scheme is completely different from and should not be mistaken with another scheme of Matsumoto and Imai developed in 1983 in 7 and broken in 1984 in 8). No attacks have been published as yet for this scheme. However, in this paper, we will see that—for almost all keys—almost every cleartext can be found from its ciphertext after only approximately m ² n ⁴ log n computations, where m is the degree of the chosen field K and mn is the number of bits of text. Moreover, for absolutely all keys that give a practical size for the messages, it will be possible to find almost all cleartexts from the corresponding ciphertexts after a feasible computation. Thus the algorithm of 1 is insecure.     

逆同余发生器的密码分析

使用格中的最短向量对未知向量进行逼近的方法,证明了在已知乘子a和模数p的条件下,若连续的wi满足｜ui-wi｜是一个很小的数时,在多项式时间内可以恢复出逆同余发生器的移位B. 本文的结论表明将逆同余发生器直接应用于密码学必须十分慎重.     

Two schemes of multiparty quantum direct secret sharing via a six-particle GHZ state

In this paper, two new efficient multiparty quantum direct secret sharing schemes are proposed via a six-particle GHZ state and Bell measurements. In the first scheme, based on the theory of security cryptanalysis, the secret message of the sender is directly encoded into the transmitted particles, and all the agents can obtain their information by performing bell measurement on the received particles, and then cooperate to recover the information of the sender. In the second scheme, we define a new secret shared coding method by performing local unitary operations on the transmitted particles, then agents perform Bell measurements on their own particles respectively, and feedback the measurement to the dealer. If the agent's results are matched with the previous coding method, the protocol will work out.In addition, the proposed two schemes have the following common advantages: the sender can send all prepared particles to the receiver, and can send an arbitrary key to the receiver, rather than a random secret key; the proposed schemes do not need to insert any detection sets to detect eavesdropping and can resist both existing attacks and spoofing attacks by dishonest agents. The sender need not to retain any photons, so the sender's quantum memory could be omitted here.     

一个新的智能卡远程用户认证方案

LAMPORT第一次提出了一个带有智能卡的远程用户认证方案，随后HWANG和LI指出了该方案存在的问题，并提出了一个新的方案．然而HWANG-LI方案中仍有不少安全漏洞，CHAN-CHANG、SHEN-LIN-HWANG和CHANG-HWANG先后对该方案进行了不同方式的攻击，并提出了一系列改进方案．最近KUMAR和AWASTIHI-LAL又分别提出了两个新的方案．然而，这些方案都存在一个共同的弱点，那就是由系统中心掌握用户的口令，这给用户带来了安全隐患．为了解决这个问题，文章在这些方案的模式下，利用二元一次不定方程解的不定性和离散对数问题的难解性，提出了一个新的远程用户认证方案．该方案主要在注册阶段和登录阶段加强了安全性，不仅可以抵御以往类似CHAN-CHENG和CHANG-HWANG的攻击，而且口令由用户掌握，并可随时更改，保证了用户的安全．     

On the security of stepwise triangular systems

In 2003 and 2004, Kasahara and Sakai suggested the two schemes RSE(2)PKC and RSSE(2)PKC, respectively. Both are examples of public key schemes based on ultivariate uadratic equations. In this article, we first introduce Step-wise Triangular Schemes (STS) as a new class of ultivariate uadratic public key schemes. These schemes have m equations, n variables, L steps or layers, r the number of equations and new variables per step and q the size of the underlying finite field . Then, we derive two very efficient cryptanalytic attacks. The first attack is an inversion attack which computes the message/signature for given ciphertext/message in O(mn ³ Lq ^r + n ² Lrq ^r ), the second is a structural attack which recovers an equivalent version of the secret key in O(mn ³ Lq ^r + mn ⁴) operations. As the legitimate user also has a workload growing with q ^r to recover a message/compute a signature, q ^r has to be small for efficient schemes and the attacks presented in this article are therefore efficient. After developing our theory, we demonstrate that both RSE(2)PKC and RSSE(2)PKC are special instances of STS and hence, fall to the attacks developed in our article. In particular, we give the solution for the crypto challenge proposed by Kasahara and Sakai. Finally, we demonstrate that STS cannot be the basis for a secure ultivariate uadratic public key scheme by discussing all possible variations and pointing out their vulnerabilities.     

一种多混沌系统公钥密码算法的安全性分析

最近，Ranjan利用m组混沌系统及线性变换组合方法提出一种混沌公钥密码.安全分析表明攻击该公钥密码难度为(NP)^m，其中N，P分别为密钥空间大小及线性变换复杂度.由于向量任意的线性变换都能映射为向量2-范数简单的幅度变化，据此提出一种仅依赖公钥、初始向量及算法结构的私钥攻击算法.分析与实验结果均表明该多混沌公钥密码无法抵抗此类攻击，并且该分析方法可以有效攻击各种多混沌公钥密码算法. 关键词： 公钥密码 多混沌系统 密码分析     

Resistance of a CAST-Like Encryption Algorithm to Linear and Differential Cryptanalysis

Linear cryptanalysis and differential cryptanalysis are two recently introduced, powerful methodologies for attacking private-key block ciphers. In this paper, we examine the application of these two cryptanalysis techniques to a CAST-like encryption algorithm. It is shown that, when randomly generated substitution boxes (s-boxes) are used in a CAST-like encryption algorithm, the resulting cipher is resistant to both the linear attack and the differential attack.