WANG Yun-feng,SHEN Hai-bin,YAN Xiao-lang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.11.028

2006-01-01

Abstract:The chaotic output-cipher feedback mode(OCFM) stream cipher was developed to resist attacks based on chaotic orbits.The chaotic signals were generated based on iterating the piecewise linear chaotic map(PLCM) with a segment number parameter(SNP).Odd bits were used to produce the key streams.After being incorporated,the even bits and ciphers were fed back as the next state of the key stream generator.When the chaotic systems were realized with finite precision,the perturbation approach was applied to remedy the finite precision effect,and the perturbation signal was m-sequence.Theoretical analysis and experimental results show that the OCFM cipher is secure and easy to be realized by hardware or software,and that the encryption speed can be adjusted to meet the application requirement at the algorithm level.

Jiajie Liu,Bing Sun,Guoqiang Liu,Xinfeng Dong,Li Liu,Hua Zhang,Chao Li

DOI: https://doi.org/10.1109/tit.2022.3223139

IF: 2.5

2023-01-01

IEEE Transactions on Information Theory

Abstract:This paper mainly investigates the iterative structures whose decryption is similar to the encryption. Firstly, we unify many well-known structures which share similar procedures between the decryption and the encryption, and give a sufficient and necessary condition for this structure to be bijective, which reveals many new insights into the Feistel structure as well as the Lai-Massey structure. Secondly, we analyze the security of the unified structure against the known cryptanalysis. By extending the dual structure from a Feistel structure to the unified structure, we prove that a differential of the unified structure is impossible if and only if it is a zero-correlation linear hull of its dual structure, which presents a generalized link between the impossible differential and zero-correlation linear cryptanalysis shown in CRYPTO 2015. Significantly, several constraints on the linear components of the cipher and the permutation on the branches of the cipher are specified to make the structure resilient to differential and linear cryptanalysis. Furthermore, in the case that the order of the permutation equals the number of the branches $n$ , we prove that there always exist a $(3n-1)$ -round impossible differential and a $(3n-1)$ -round zero-correlation linear hull of the structure, and also present an algorithm to construct these distinguishers. Finally, we propose some novel structures which might be used in future block cipher designs.

Bing Sun,Zejun Xiang,Zhengyi Dai,Guoqiang Liu,Xuan Shen,Longjiang Qu,Shaojing Fu

DOI: https://doi.org/10.1007/978-3-031-68385-5_9

2024-01-01

Abstract:In 2023, Liu et al. summarized the Feistel-like structures which use a single round function, and proposed a unified form of these structures which is named the unified structure. This paper focuses on the classification and cryptanalysis of a particular kind of unified structures which covers the vast majority of known situations and is named regular unified structure. The main results are as follows: First of all, we give the definition of Affine Equivalence between different structures, present a condition for two regular structures being affine equivalent, and give two normalized forms of a regular unified structure. Surprisingly, we find that a target-heavy generalised Feistel cipher is always affine equivalent to a source-heavy generalised Feistel cipher with the same round function, which shows these two structures always have almost the same cryptographic properties. Secondly, we give the definition of a Self-Equivalent structure, whose dual structure is affine equivalent to the structure itself. We prove that there is a large portion of the unified structures such as the SM4 and the Mars structures that are among the self-equivalent ones. For these structures, there is a one-to-one correspondence between the impossible differentials and the zero correlation linear hulls, which illustrates that the longest integral of a self-equivalent structure covers at least the rounds of the longest zero correlation linear hull/impossible differential. At last, we give the definition of the Refined Full-Diffusion Round of a structure, and exploit the epsilon-delta technique to compute this value, which can be further used to give provable security evaluations of unified structures against impossible differential and zero correlation linear cryptanalysis. For example, we prove that both the longest impossible differential and zero correlation linear hull of the d-branch SM4-like structures cover exactly 3d - 1 rounds. Our results could give new guidelines for both the cryptanalysis and the design of Feistel-like ciphers.

Jiajie Liu,Bing Sun,Chao Li

DOI: https://doi.org/10.1049/ise2.12098

2022-01-01

IET Information Security

Abstract:This study proposes a new iterative structure called the L‐Feistel structure, which shares similar procedures between encryption and decryption and could unify the Feistel structure and the Lai‐Massey structure. This paper evaluates the security of the L‐Feistel structure from the perspective of provable security and classical analysis, respectively. Firstly, it is proved that the 4‐round Key‐Alternating L‐Feistel cipher with independent round keys and independent round functions is secure against 2 n /2 queries that is, birthday‐bound security. Then by presenting the dual structure of the L‐Feistel structure with SP‐type round functions, it is proven that a differential of the L‐Feistel structure is impossible when and only when it is a zero‐correlation linear hull of its dual structure. Finally, the paper constructs impossible differentials, zero‐correlation linear hulls and integral distinguishers of the L‐Feistel structure with SP‐type round functions which cover six and seven rounds, respectively, under different conditions.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Min-Hui Zou,Kun Ma,Kai-Jie Wu,Edwin Hsing-Mean Sha

DOI: https://doi.org/10.1007/s11390-014-1456-3

2014-01-01

Abstract:Scan-based design for test (DFT) is a powerful and the most popular testing technique. However, while scan-based DFT improves test efficiency, it also leaves a side channel to the privacy information stored in the chip. This paper investigates the side channel and proposes a simple but powerful scan-based attack that can reveal the key and/or state stored in the chips that implement the state-of-the-art stream ciphers with less than 85 scan-out vectors.

Zhen Ju,Peiyuan Liu,Weijia Xue,Daoguang Mu,Xuejia Lai

DOI: https://doi.org/10.1109/chinacom.2015.7497953

2015-01-01

Abstract:Feistel structure is widely used in the design of block ciphers. With many Feistel-type ciphers being designed, it is likely for some of them to have some similarity which can be shown in their differential characteristics or linear characteristics. Noticing two Feistel-type ciphers, LBlock and TWINE, have the same number of impossible differential chains using U-method without considering the details of S-boxes. In this paper, we first introduce a graph model to describe the topological structures of block ciphers, and then we prove the equivalence of LBlock and TWINE in structure using this model. Moreover, we present a matrix model for analyzing the similarity of two Feistel-type block ciphers.

Guanghui Feng,Chunfu Zhang,Yujuan Si,Liuqi Lang

DOI: https://doi.org/10.1088/1742-6596/1617/1/012072

2020-01-01

Journal of Physics Conference Series

Abstract:Abstract This paper studies the theoretical problems and implementation methods of stream ciphers, discusses some deficiencies of conventional stream cipher algorithms, designs methods and rules for random Dynamic Hash Mapping and Bits Scrambling, applies nonlinear feedback shift register (NLFSR) technology, and a new stream cipher method with higher security strength and suitable for encryption of short information is proposed. The purpose is to apply the proposed new method of stream cipher to obtain higher encryption strength and code uniformity, and make some theories and algorithms in the research results have beneficial effects on information security in the era of big data.

陈一阳,陈恭亮

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.06.041

2010-01-01

Abstract:The design and analysis of stream cipher plays an important role in modern cryptology.This paper briefly reviews the basic principle and model of stream cipher analysis,mainly including TMD tradeoff attack,guess-and-determine attack,correlation attack,BAA attack,algebraic attack and side-channel attack.Then simulations of TMD tradeoff attack,guess-and-determine attack and correlation attack are performed by using Mathematical kit software,with results and a part of codes appended.The tests reveal an important design principle:it is critical to avoid the linear evolvement of internal state and eliminate the biased statistical properties of keystream.Finally some conclusions and prospects of stream cipher analysis are provided.

Chunfu Jia,Zheli Liu,Jingwei Li,Zongqing Dong,Xiaoying You

DOI: https://doi.org/10.1007/978-3-642-28744-2_83

2012-01-01

Abstract:Format-preserving encryption implies a block cipher which encrypts a plaintext of some specified format into a ciphertext of identical format. In the paper, we make an overview of various types of Feistel networks used in FPE schemes and show that all Feistel networks divide the input into two sub-blocks. Then we present an integer FPE scheme based on type-2 Feistel network which divides the input into k sub-blocks (here k=4) to provide better diffusion and be better immunity to differential cryptanalysis.

Yun TIAN,Gongliang CHEN,Jianhua LI

2010-01-01

Abstract:eSTREAM called for new stream ciphers designed for niche areas such as exceptional performance in software and hardware where resources are restricted. This project provides an open platform to discuss these ciphers. Trivium is one of the promis- ing new ciphers submitted to it. Until now, no attack has been successfully applied to it. This paper illustrates new design principles of stream ciphers based on the structure of Trivium and introduces the definition of k-order primitive polynomials. New designs of Trivium are also given according to the principles in this paper.

Bo Qu,Dawu Gu,Zheng Guo,Junrong Liu

DOI: https://doi.org/10.1016/j.camwa.2012.02.024

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:Side-channel attacks on block ciphers and public key algorithms have been discussed extensively, but only a few systematic studies on the applicability of side-channel attacks to stream ciphers could be found. The objective of the present study is to develop general differential power analysis techniques which can be employed to attack the stream ciphers with linear feedback shift registers. To illustrate the new approach, a common structure of a stream cipher with the basic components is given. Then the approach is employed to analyze the given structure. The results show that the linear feedback shift registers may leak the information of the secret key. The approach is also applied to Crypto-1 and the experimental results show that it is very effective. 28-bit information of the 48-bit secret key can be obtained just by analyzing some power traces. Furthermore, the present work may be helpful in analyzing a variety of stream ciphers with LFSRs.

邱跃洪,何晨,诸鸿文

DOI: https://doi.org/10.3321/j.issn:1006-2467.2001.11.025

2001-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:This paper presented a scheme to improve the real-time performance and local complexity of the chaotic stream cipher based on piecewise linear maps. Both the theoretic analysis and the results of simulation show that this scheme greatly decreases the time consumed by multi-iteration and improve the microstructure of the phase-space graph on condition that the good properties of the original scheme are remained.

Jiajie Liu,Bing Sun,Chao Li

DOI: https://doi.org/10.1155/2021/2751797

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:This paper proposes a new approach to generalizing Feistel networks, which unifies the classical (balanced) Feistel network and the Lai–Massey structure. We call the new structure extended Feistel (E-Feistel) network. To justify its soundness, we investigate its indistinguishability using Patarin’s H-coefficient technique. As a result, it is proved that the 4-round key-alternating E-Feistel (KAEF) cipher with adequately derived keys and identical round functions is secure up to 2 n / 2 queries, i.e., birthday-bound security. In addition, when adjacent round keys are independent and independent round functions are used, the 6-round KAEF is secure up to beyond-birthday-bound 2 2 n / 3 queries. Our results indicate that the E-Feistel structure is secure and reliable and can be adopted in designing practical block ciphers.

Xiaojing Hu,Lizhao Liu,Ying Wang,Maoqing Li,Tianhua Zhang

DOI: https://doi.org/10.4304/jsw.6.10.1961-1968

2011-01-01

Abstract:To solve the problem of traditional stream ciphers can not transmit through the public channel and the construction of high-strength cipher key generator, the paper presents the minimum power clock function driven by a parallel clock-control sequence and chaotic cascade function made of multiple Logistic function, which are used to built the self-reference model and chaotic module; it designs an adapt controller independent of the key generator and encrypt module, achieve controlling encryption and transmission process by multi-threaded code; it makes a high-strength key generator with sure differential transformation and pseudo-random horizontal level disturbance wheel key method of AES and S-box of Camellia, which makes the sub-key and the key generator's internal station become vogue and uncertain within controlled area that does not depend on the secret channel, the model achieves an exponential growth in the key space and the same application scope of traditional stream cipher model. The new protocol model features can be seen under the actual operation of modifying RC4 and real-time RC5 algorithm.

Xiaoyang Dong,Xiaoyun Wang

DOI: https://doi.org/10.1007/s11432-017-9468-y

2018-08-31

Science China Information Sciences

Abstract:Post-quantum cryptography has drawn considerable attention from cryptologists on a global scale. At Asiacrypt 2017, Leander and May combined Grover’s and Simon’s quantum algorithms to break the FX-based block ciphers, which were introduced by Kilian and Rogaway to strengthen DES. In this study, we investigate the Feistel constructions using Grover’s and Simon’s algorithms to generate new quantum key-recovery attacks on different rounds of Feistel constructions. Our attacks require 20.25nr−0.75n quantum queries to break an r-round Feistel construction. The time complexity of our attacks is less than that observed for quantum brute-force search by a factor of 20.75n. When compared with the best classical attacks, i.e., Dinur et al.’s attacks at CRYPTO 2015, the time complexity is reduced by a factor of 20.5n without incurring any memory cost.

computer science, information systems,engineering, electrical & electronic

李昌刚,韩正之

DOI: https://doi.org/10.3969/j.issn.1002-0411.2002.05.005

2002-01-01

Information and Control

Abstract:In this paper, we present a secret key stream generating algorithm based on discrete chaotic systems. Using a simple chaotic system and another chaotic system based on linear system with a piecewise linear state feedback, we put the two sequences through threshold function and XOR operation. The result we get is an unpredictable pseudo-random sequence. The analysis and simulation results indicate that the algorithm can effectively resist the predictive attack and statistic analysis. This algorithm can meet the request for secret key stream in cryptography. So, it can be used for generating secret key stream in stream cipher.

Ruilin Li,Bing Sun,Chao Li,Longjiang Qu

2009-01-01

Abstract:This paper reevaluates the security of GF-NLFSR, a new kind of generalized unbalanced Feistel network structure that was proposed at ACISP 2009. We show that GF-NLFSR itself reveals a very slow diffusion rate, which could lead to several distinguishing attacks. For GF-NLFSR containing n sub-blocks, we find an n2-round integral distinguisher by algebraic methods and further use this integral to construct an (n2 + n - 2)-round impossible differential distinguisher. Compared with the original (3n - 1)-round integral and (2n - 1)-round impossible differential, ours are significantly better. Another contribution of this paper is to introduce a kind of nonsurjective attack by analyzing a variant structure of GF-NLFSR, whose provable security against differential and linear cryptanalysis can also be provided. The advantage of the proposed non-surjective attack is that traditional non-surjective attack is only applicable to Feistel ciphers with non-surjective (non-uniform) round functions, while ours could be applied to block ciphers with bijective ones. Moreover, its data complexity is O(l) with l the block length.

Ge Yao,Udaya Parampalli

DOI: https://doi.org/10.48550/arXiv.1911.01002

2019-11-04

Abstract:Lightweight stream ciphers are highly demanded in IoT applications. In order to optimize the hardware performance, a new class of stream cipher has been proposed. The basic idea is to employ a single Galois NLFSR with maximum period to construct the cipher. As a representative design of this kind of stream ciphers, Espresso is based on a 256-bit Galois NLFSR initialized by a 128-bit key. The $2^{256}-1$ maximum period is assured because the Galois NLFSR is transformed from a maximum length LFSR. However, we propose a Galois-to-Fibonacci transformation algorithm and successfully transform the Galois NLFSR into a Fibonacci LFSR with a nonlinear output function. The transformed cipher is broken by the standard algebraic attack and the Rønjom-Helleseth attack with complexity $\mathcal{O}(2^{68.44})$ and $\mathcal{O}(2^{66.86})$ respectively. The transformation algorithm is derived from a new Fibonacci-to-Galois transformation algorithm we propose in this paper. Compare to existing algorithms, proposed algorithms are more efficient and cover more general use cases. Moreover, the transformation result shows that the Galois NLFSR used in any Espresso-like stream ciphers can be easily transformed back into the original Fibonacci LFSR. Therefore, this kind of design should be avoided in the future.

Cryptography and Security

Yingjie Zhang,Lijun Lyu,Kexin Qiao,Zhiyu Zhang,Siwei Sun,Lei Hu

DOI: https://doi.org/10.1007/978-3-030-93206-0_10

2021-01-01

Abstract:Linear cryptanalysis is one of the most effective statistical analysis methods on symmetric-key ciphers. It has benefited from many improvements since being proposed. Among these works, Antonio et al. proposed a fast arbitrary-round key recovery method based on Fast Walsh-Hadamard Transform (FWHT) in EUROCRYPT 2020. However, they did not promote their method on the Feistel structure, which is used widely. In addition, there are very few automatic methods for the key recovery phase. This paper extends Antonio et al.'s method to the Feistel structure and builds a Mixed-Integer Linear Programming (MILP) model to determine the guessed subkeys automatically. Due to this, we can automatically optimize the time complexity of linear cryptanalysis. Afterward, we apply our method to SIMON and SIMECK and increase the attackable rounds of SIMON64/96, SIMON64/128, SIMON96/96, SIMON96/144, SIMECK48/96, and SIMECK64/128 by one round to 31, 32, 38, 39, 31, and 38, respectively.