分组密码AES和SMS4的安全性分析
|
摘要
分组密码属于对称密码体制,具有加解密速度快、易于标准化和便于软硬件实现等特点,在信息安全领域有广泛的应用。因此,围绕分组密码的安全性分析进行研究具有重要意义。本文针对高级加密标准AES和国内官方公布的第一个商用分组密码算法SMS4给出了新的密码分析方法,取得了如下成果:
1.研究了高级加密标准AES的不可能差分密码分析。利用AES线性变换的差分分支数为5的特点,提出了AES更一般的4轮不可能差分区分器;然后,利用表查询方法和早淘汰方法,提出了AES不可能差分密码分析中新的密钥筛选技术。基于AES中广泛使用的4轮不可能差分区分器和新的密钥筛选技术,利用密钥扩展方案,给出了7轮AES-128、7轮AES-192、7轮AES-256和8轮AES-256新的不可能差分密码分析。与最优的AES不可能差分密码分析相比,在数据复杂度和存储复杂度都不变的情况下,上述不可能差分密码分析的时间复杂度降低。
2.基于差分密码分析原理,提出了分组密码新的分析方法:非对称不可能飞来器攻击。该分析方法是通过构造非对称不可能飞来器区分器,排除满足这种关系的密钥,并最终恢复出正确密钥的一种攻击方法。利用密钥编排方案、表查询方法和数据多次利用方法,把新分析方法应用于AES-128:首先构造了AES的4轮非对称不可能飞来器区分器,然后基于该区分器对7轮AES-128进行了攻击。与已有7轮AES-128的攻击相比,新攻击的数据复杂度和时间复杂度降低,其代价是存储复杂度有所提高。
3.研究了AES的中间相遇攻击。利用AES轮变换的特点,分别提出了没有密钥白化时和带有密钥白化时5轮AES的新性质。基于两种性质和时空折中技术,首先给出了未考虑密钥扩展方案时8轮AES的中间相遇攻击,然后给出了利用密钥扩展方案时8轮AES-192和8轮AES-256的中间相遇攻击。同时,在8轮AES-192的攻击中,通过改变表的存储和索引,提出了新的部分表查询技术。已有的中间相遇攻击可分为两类,与第一类攻击相比,在数据复杂度不变的情况下,新攻击的时间复杂度和存储复杂度降低;与第二类攻击相比,在8轮AES-256和未考虑密钥扩展方案的8轮AES中,新攻击的数据复杂度和时间复杂度降低,其代价是存储复杂度有所提高。
4.研究了SMS4抵抗差分密码分析的能力。根据SMS4中线性变换的性质和S盒的差分分布特性,详细分析了SMS4的4轮差分特征,指出SMS4的19轮差分特征是由相同结构的4轮差分特征级联而成。基于概率为2-125的19轮差分特征,提出了23轮SMS4的差分密码分析。结果表明:新分析的时间复杂度和存储复杂度低于已有23轮SMS4的分析,其代价是数据复杂度有所提高。
5.研究了SMS4抵抗线性密码分析的能力。根据SMS4中线性变换的性质和S盒的线性逼近特性,构造了SMS4新的16轮线性逼近。基于该线性逼近,提出了20轮SMS4的线性密码分析。结果表明:新分析的数据复杂度和时间复杂度低于已有20轮SMS4的线性密码分析,其代价是存储复杂度有所提高。同时,把16轮线性逼近扩展为19轮线性逼近,该线性逼近的提出增加了线性密码分析破译23轮SMS4的可能性。
A block cipher is a symmetric cryptographic algorithm. It has many attractivefeatures such as high-speed encryption and decryption, easy standardization, efficientimplementation and so on. Therefore it is essential to investigate the cryptanalysis ofblock ciphers. In this dissertation, some new cryptanalytic attacks are proposed forAdvanced Encryption Standard (AES) and the SMS4algorithm which is the firstcommercial block cipher published by Chinese government. The main results arespecified as follows:
1. The security of AES against impossible differential cryptanalysis is studied. Ageneral4-round impossible differential of AES is proposed using the propertythat the differential branch number of AES linear transformation is5. Then, anew key-sieving technique is presented in impossible differential attacks onAES with table look-up method and an early abort strategy. Based on thewidely used4-round impossible differential and the new key-sieving technique,new attacks on7-round AES-128,7-round AES-192,7-round AES-256and8-round AES-256are presented by exploiting weaknesses in the AES keyschedule. Compared with the best known impossible differential attacks onAES, our new attacks reduce the time complexity while the data and memorycomplexity remains unchanged.
2. Based on the principle of differential cryptanalysis, we introduce a newcryptanalytic technique on block ciphers: asymmetric impossible boomerangattack. The attack uses an asymmetric impossible boomerang distinguisher toeliminate wrong key material and leave the right key candidate. Withconsiderations of key schedule, techniques of looking up tables and re-usingthe data, the asymmetric impossible boomerang attack is applied to AES-128: a4-round asymmetric impossible boomerang distinguisher of AES is firstconstructed; then based on it, a new attack on7-round AES-128is put forward.Our new attack reduces the data and time complexity of the previously knownattacks on7-round AES-128at the cost of a higher memory complexity.
3. The security of AES against a meet-in-the-middle attack is studied. Using theproperties of AES round transformation, new5-round AES properties withwhitening key and without whitening key are proposed respectively. Base on the two new properties and a time-memory tradeoff, a new meet-in-the-middleattack on8-round AES independent of the key schedule algorithm is firstly putforward; new meet-in-the-middle attacks on8-round AES-192and8-roundAES-256with key schedule considerations are then presented. Meanwhile inthe attack on8-round AES-192, the new partial table look-up technique isproposed through altering the storage and index of the table. The previouslyknown meet-in-the-middle attacks can be classified into two types. Our resultsreduce the complexity of them as follow: for the first, the time and memorycomplexity is reduced with the data complexity unchanged; for the second, thedata and time complexity is reduced at the cost of a higher memory complexityin the attacks on8-round AES-256and8-round AES independent of the keyschedule algorithm.
4. The security of SMS4against differential cryptanalysis is examined. Using theproperties of the difference distribution of S-box and the linear diffusiontransformation in SMS4, the detailed analysis on4-round differentialcharacteristics of SMS4is made. It is pointed out that19-round differentialcharacteristics of SMS4can be viewed as the cascade of these4-rounddifferential characteristics with the same structure. Based on the19-rounddifferential characteristics with a probability of2-125of SMS4, new differentialcryptanalysis of23-round SMS4is put forward. It is shown that our new attackhas a lower time and memory complexity than the best known cryptanalysis of23-round SMS4at the cost of a higher data complexity.
5. The security of SMS4against linear cryptanalysis is examined. Using theproperties of the linear approximation of S-box and the linear diffusiontransformation in SMS4, a new16-round linear approximation of SMS4can beconstructed. Then based on it, new linear cryptanalysis of20-round SMS4ispresented. It is shown that our new attack has a lower data and timecomplexity than the currently known linear cryptanalysis of20-round SMS4atthe cost of a higher memory complexity. Meanwhile,19-round linearapproximation can be obtained by extending the16-round linearapproximation. It increases the chance of the successful linear cryptanalysis of23-round SMS4.
1.研究了高级加密标准AES的不可能差分密码分析。利用AES线性变换的差分分支数为5的特点,提出了AES更一般的4轮不可能差分区分器;然后,利用表查询方法和早淘汰方法,提出了AES不可能差分密码分析中新的密钥筛选技术。基于AES中广泛使用的4轮不可能差分区分器和新的密钥筛选技术,利用密钥扩展方案,给出了7轮AES-128、7轮AES-192、7轮AES-256和8轮AES-256新的不可能差分密码分析。与最优的AES不可能差分密码分析相比,在数据复杂度和存储复杂度都不变的情况下,上述不可能差分密码分析的时间复杂度降低。
2.基于差分密码分析原理,提出了分组密码新的分析方法:非对称不可能飞来器攻击。该分析方法是通过构造非对称不可能飞来器区分器,排除满足这种关系的密钥,并最终恢复出正确密钥的一种攻击方法。利用密钥编排方案、表查询方法和数据多次利用方法,把新分析方法应用于AES-128:首先构造了AES的4轮非对称不可能飞来器区分器,然后基于该区分器对7轮AES-128进行了攻击。与已有7轮AES-128的攻击相比,新攻击的数据复杂度和时间复杂度降低,其代价是存储复杂度有所提高。
3.研究了AES的中间相遇攻击。利用AES轮变换的特点,分别提出了没有密钥白化时和带有密钥白化时5轮AES的新性质。基于两种性质和时空折中技术,首先给出了未考虑密钥扩展方案时8轮AES的中间相遇攻击,然后给出了利用密钥扩展方案时8轮AES-192和8轮AES-256的中间相遇攻击。同时,在8轮AES-192的攻击中,通过改变表的存储和索引,提出了新的部分表查询技术。已有的中间相遇攻击可分为两类,与第一类攻击相比,在数据复杂度不变的情况下,新攻击的时间复杂度和存储复杂度降低;与第二类攻击相比,在8轮AES-256和未考虑密钥扩展方案的8轮AES中,新攻击的数据复杂度和时间复杂度降低,其代价是存储复杂度有所提高。
4.研究了SMS4抵抗差分密码分析的能力。根据SMS4中线性变换的性质和S盒的差分分布特性,详细分析了SMS4的4轮差分特征,指出SMS4的19轮差分特征是由相同结构的4轮差分特征级联而成。基于概率为2-125的19轮差分特征,提出了23轮SMS4的差分密码分析。结果表明:新分析的时间复杂度和存储复杂度低于已有23轮SMS4的分析,其代价是数据复杂度有所提高。
5.研究了SMS4抵抗线性密码分析的能力。根据SMS4中线性变换的性质和S盒的线性逼近特性,构造了SMS4新的16轮线性逼近。基于该线性逼近,提出了20轮SMS4的线性密码分析。结果表明:新分析的数据复杂度和时间复杂度低于已有20轮SMS4的线性密码分析,其代价是存储复杂度有所提高。同时,把16轮线性逼近扩展为19轮线性逼近,该线性逼近的提出增加了线性密码分析破译23轮SMS4的可能性。
A block cipher is a symmetric cryptographic algorithm. It has many attractivefeatures such as high-speed encryption and decryption, easy standardization, efficientimplementation and so on. Therefore it is essential to investigate the cryptanalysis ofblock ciphers. In this dissertation, some new cryptanalytic attacks are proposed forAdvanced Encryption Standard (AES) and the SMS4algorithm which is the firstcommercial block cipher published by Chinese government. The main results arespecified as follows:
1. The security of AES against impossible differential cryptanalysis is studied. Ageneral4-round impossible differential of AES is proposed using the propertythat the differential branch number of AES linear transformation is5. Then, anew key-sieving technique is presented in impossible differential attacks onAES with table look-up method and an early abort strategy. Based on thewidely used4-round impossible differential and the new key-sieving technique,new attacks on7-round AES-128,7-round AES-192,7-round AES-256and8-round AES-256are presented by exploiting weaknesses in the AES keyschedule. Compared with the best known impossible differential attacks onAES, our new attacks reduce the time complexity while the data and memorycomplexity remains unchanged.
2. Based on the principle of differential cryptanalysis, we introduce a newcryptanalytic technique on block ciphers: asymmetric impossible boomerangattack. The attack uses an asymmetric impossible boomerang distinguisher toeliminate wrong key material and leave the right key candidate. Withconsiderations of key schedule, techniques of looking up tables and re-usingthe data, the asymmetric impossible boomerang attack is applied to AES-128: a4-round asymmetric impossible boomerang distinguisher of AES is firstconstructed; then based on it, a new attack on7-round AES-128is put forward.Our new attack reduces the data and time complexity of the previously knownattacks on7-round AES-128at the cost of a higher memory complexity.
3. The security of AES against a meet-in-the-middle attack is studied. Using theproperties of AES round transformation, new5-round AES properties withwhitening key and without whitening key are proposed respectively. Base on the two new properties and a time-memory tradeoff, a new meet-in-the-middleattack on8-round AES independent of the key schedule algorithm is firstly putforward; new meet-in-the-middle attacks on8-round AES-192and8-roundAES-256with key schedule considerations are then presented. Meanwhile inthe attack on8-round AES-192, the new partial table look-up technique isproposed through altering the storage and index of the table. The previouslyknown meet-in-the-middle attacks can be classified into two types. Our resultsreduce the complexity of them as follow: for the first, the time and memorycomplexity is reduced with the data complexity unchanged; for the second, thedata and time complexity is reduced at the cost of a higher memory complexityin the attacks on8-round AES-256and8-round AES independent of the keyschedule algorithm.
4. The security of SMS4against differential cryptanalysis is examined. Using theproperties of the difference distribution of S-box and the linear diffusiontransformation in SMS4, the detailed analysis on4-round differentialcharacteristics of SMS4is made. It is pointed out that19-round differentialcharacteristics of SMS4can be viewed as the cascade of these4-rounddifferential characteristics with the same structure. Based on the19-rounddifferential characteristics with a probability of2-125of SMS4, new differentialcryptanalysis of23-round SMS4is put forward. It is shown that our new attackhas a lower time and memory complexity than the best known cryptanalysis of23-round SMS4at the cost of a higher data complexity.
5. The security of SMS4against linear cryptanalysis is examined. Using theproperties of the linear approximation of S-box and the linear diffusiontransformation in SMS4, a new16-round linear approximation of SMS4can beconstructed. Then based on it, new linear cryptanalysis of20-round SMS4ispresented. It is shown that our new attack has a lower data and timecomplexity than the currently known linear cryptanalysis of20-round SMS4atthe cost of a higher memory complexity. Meanwhile,19-round linearapproximation can be obtained by extending the16-round linearapproximation. It increases the chance of the successful linear cryptanalysis of23-round SMS4.
引文
[1] C. E. Shannon. Communication theory of security system. Bell System TechnicalJournal.1949,28: pp.656-715.
[2] National Institute of Standards and Technology (NIST), USA, Data EncryptionStandards (DES), FIPS-46,1977.
[3] E. Biham, A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems.Journal of Cryptology,1991,4(1), pp.3-72.
[4] M. Matsui. Linear Cryptanalysis Method for DES Cipher. Advances inCryptology-EUROCRYPT1993, Springer-Verlag,1993, LNCS:765, pp.386-397.
[5] NIST-AES. Federal Information Processing Standard (FIPS) for the AdvancedEncryption Standard. http://csrc.nist.gov/CryptoToolkit/aes/.
[6] J. Daemen, V. Rijnmen. AES Proposal: Rijndael. http://csrc.nist.gov/encryption/aes/rijndael.
[7] National Institute of Standards and Technology (NIST), USA, AdvancedEncryption Standards (AES), FIPS-197,2001.
[8] R. Anderson, E. Biham, L. R. Knudsen. Serpent: A Proposal for the AdvancedEncryption Standard, NIST AES Proposal (1998).
[9] IBM Corporation. MARS-a candidate cipher for AES. http://www.research.ibm.com/security/mars.pdf.
[10] R. Rivest, M. Robshaw, R. Sidney, et al. The RC6block cipher. http://people.csail.mit.edu/rivest/Rc6.pdf.
[11] B. Schneier, J. Kelsey, D. Whiting, et al. Twofish: A128-Bit Block Cipher.http://www.schneier.com/twofish.html.
[12] NESSIE. New European Schemes for Signatures, Integrity, and Encryption.http://www.cosic.esat.kuleuven.ac.be/nessie/index.html.
[13] X. Lai, J. Massey. A Proposal for a New Block Encryption Standard. Advances inCryptology-EUROCRYPT1990, Springer-Verlag,1991, LNCS:473, pp.389-404.
[14] V. Rijmen, P. Barreto. The Khazad Block Cipher. http://www.larc.usp.br/~pbarreto/KhazadPage.html.
[15] M. Matsui. Block Encryption Algoritym MISTY. Proceedings of FSE1997,Springer-Verlag,1997, LNCS:1267, pp.64-74.
[16] K. Aoki, T. Ichikawa, M. Kanda, et al. Camellia: a128-bit Block Cipher Suitablefor Multiple Platforms-Design and Analysis. Proceedings of SAC2000,Springer-Verlag,2001, LNCS:2012, pp.39-56.
[17] H. Handschuh, L. Knudsen, M. Robshaw. Analysis of SHA-1in Encryption Mode.Topics in Cryptology CT-RSA2001, Springer-Verlag,2001, LNCS:2020, pp.70-83.
[18] H. Handschuh, D. Naccache. SHACAL. NESSIE,2001. https://www.cosic.esat.kuleuven.be/nessie.
[19] J. Massey, G. Khachatrian, M. Kuregian. Nomination of SAFER++as candidatealgorithm for the New European Schemes for Signatures, Integrity, andEncryption (NESSIE). http://web.eecs.utk.edu/~dunigan/cns06/SAFER.ps.
[20] KISA. A Design and Analysis of SEED(S). http://www.kisa.or.kr/technology/sub1/128-seed.pdf.
[21] D. Kwon, J. Kim, S. Park, et al. New Block Cipher: ARIA. Proceedings of ICISC2003, Springer-Verlag,2004, LNCS:2971, pp.432-445.
[22] CRYPTREC. Evaluation of Cryptographic Techniques. http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[23] Office of State Commercial Cipher Administration. Block Cipher for WLANProducts-SMS4.http://www.oscca.gov.cn/UpFile/2006021016423197990.pdf.
[24] SHA-3. http://www.nist.gov/encryption/sha-3.
[25]李超,孙兵,李瑞林.分组密码的攻击方法与实例分析.科学出版社,2010年5月,pp.2-222.
[26]王育民,刘建伟.通信网的安全理论与技术.西安电子科技大学出版社,2002年5月,pp.171-177.
[27]吴文玲,冯登国.分组密码工作模式的研究现状.计算机学报,2006,29(1), pp.21-36.
[28]吴文玲,冯登国,张文涛.分组密码的设计与分析.清华大学出版社.2009年10月, pp.95-406.
[29] A. Sorkin. Lucifer, a Cryptographic Algorithm. Cryptologia,8(l),1984, pp:2-41.
[30] A. Shimizu, S. Miyaguchi. Fast data Encipherment Algorithm FEAL. Advances inCryptology-EUROCRYPT1987, Springer-Verlag,1988, LNCS:293, pp.267-280.
[31]吴世忠.应用密码—协议、算法与C源程序.北京:机械工业出版社,2000. pp.234-236.
[32] L. Brown, J. Seberry. LOKI-A Cryptographic Primitive for Authentication andSecrecy Applications, Advances in Cryptology-AUSCRYPT1990, Springer-Verlag,1990, pp.229-236.
[33]胡予濮,张玉清,肖国镇.对称密码学.机械工业出版社,2002年3月, pp.40-6.
[34] P. Junod, S. Vaudenay. FOX: a New Family of Block Ciphers. Proceedings ofSAC2004, Springer-Verlag,2004, LNCS:2595, pp.131-146.
[35] B. Schneier, J. Kelsey. Unbalanced Feistel Networks and Blocks Cipher Design.Proceedings of FSE1995, Springer-Verlag,1996, LNCS:3557, pp.121-144.
[36] K. Nyberg. Generalized Feistel Networks. Advances in Cryptology-ASIACRYPT1996, Springer-Verlag,1996, LNCS:1163, pp.91-104.
[37] T. Shirai, L. Shibutani, T. Akishita, et al. The128-bit blockcipher CLEAF.Proceedings of FSE2007, Springer-Verlag,2007, LNCS:4593, pp.181-195.
[38] M.Matsui. New Structural of Block Cipher with Provable Security againstDifferential and Linear Cryptanalysis. Proceedings of FSE1996, Springer-Verlag,1996, LNCS:1039, pp.205-217.
[39] M. Hellman. A Cryptanalytic Time-Memory-Tradeoff. IEEE Trans. InformationTheory,1980,26(4), pp.401-406.
[40] E. Biham, A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems.Journal of Cryptology,1991,4(1), pp.3-72.
[41] E. Biham, A. Shamir. Differential cryptanalysis of the full16-round DES.Advances in Cryptology-CRYPTO1992, Springer-Verlag,1993, LNCS:740, pp.487-496.
[42] J. Kim. Combined Differential, Linear and Related-Key Attacks on Block Ciphersand MAC Algorithms. Doctoral Dissertation Katholieke University Leuven,November2006, pp.1-78.
[43] X. Lai. Higher Order Derivatives and Different Cryptanalysis. Communicationsand Cryptography, Kluwer Academic Press,1994, pp.227-233.
[44] L. Knudsen. Truncated and Higher Order Differentials. Proceedings of FSE1995,Springer-Verlage,1995, LNCS:1008, pp.196-211
[45] W.Wu, W. Zhang, D. Feng. Impossible Differential Cryptanalysis of reduced-round ARIA and Camellia. Journal of Computer Science and Technology,2007,22(3), pp449-456.
[46] D. Wagner. The Boomerang Attack. Proceedings of FSE1999, Springer-Verlag,1999, LNCS:1636, pp.156-170.
[47] J. Kelsey, T. Kohno, B. Schneier. Amplified boomerang attacks againstreduced-round MARS and Serpent. Proceedings of FSE2000, Springer-Verlag,2001, LNCS:1978, pp.75-93.
[48] E. Biham, O.Dunkelman, N. Neller. The Rectangle Attack-Rectangling theSerpent. Advances in Cryptology-EUROCRYPT2001, Springer-Verlag,2001,LNCS:2045, pp.340-357.
[49] Tardy-Corfdir A, Gilbert H. A known plaintext attack of FEAL-4and FEAL-6.Advances in Cryptology-CRYPTO1991, Springer-Verlag,1992, LNCS:576, pp.172-182.
[50] M. Matsui, A. Yamagishi. A New Method for Known Plaintext Attack of FEALCipher. Advances in Cryptology-EUROCRYPT1992, Springer-Verlag,1993,LNCS:658, pp.81-91.
[51] B. Kaliski, M. Robshaw. Linear Cryptanalysis Using Multiple Approximations.Advances in Cryptology-CRYPTO1994, Springer-Verlag,1994, LNCS:839, pp.26-39.
[52] S. Langford, M. Hellman. Different-Linear Cryptanalysis. Advances inCryptology-CRYOTO1994, Springer-Verlag,1994, LNCS:839, pp.5-12.
[53] C. Harpes, J. Massey. Partitioning Cryptanalysis. Proceedings of FSE1997,Springer-Verlag,1997, LNCS:1267, pp.13-27.
[54] L. Knudsen. DEAL-a128bit block cihper. http://www2.mat.dtu.dk/people/Lars.R.Knudsen/newblock.html
[55] E. Biham, A. Biryukov, A. Shamir. Cryptanalysis of Skipjack Reduced to31Rounds Using Impossible Differentials. Advances in Cryptology-EUROCRYPT1999, Springer-Verlag,1999, LNCS:1592, pp.12-23.
[56] E. Biham, O. Dunkelman, N. Keller. New results on boomerang and rectangleattacks. Proceedings of FSE2002, Springer-Verlag,2002, LNCS:2365, pp.1-16.
[57] E. Biham. New Types of Cryptanalytic Attacks Using Related Keys. Journal ofCryptology,1994,7(1), pp.229-246.
[58] T. Jakobsen, L. Knudsen. The Interpolation Attack on Block Ciphers. Proceedingsof FSE1997, Springer-Verlag, LNCS:1267,pp.28-40,1997.
[59] J. Daemen, L. Knudsen, V. Rijmen. The Block Cipher Square. Proceedings of FSE1997, Springer-Verlag,1997, LNCS:1267, pp.149-165.
[60] S. Lucks. The Saturation Attack-a Bait for Two Fish. Proceedings of FSE2001,Springer-Verlag,2001, LNCS:2355, pp.187-205.
[61] A. Biryukov, A. Shamir. Structure Cryptanalysis of SASAS. Advances inCryptology-EUROCRYPT2001, Springer-Verlag,2001, LNCS:2045, pp.394-405.
[62] L. Knudsen, D. Wagner. Integral Cryptanalysis. Proceedings of FSE2002,Springer-Verlag,2002, LNCS:2356, pp.112-127.
[63] B. Sun, L. Qu, C. Li. New cryptanalysis of block ciphers with low algebric degree.Proceedings of FSE2009, Springer-Verlag,2009, LNCS:5665, pp.180-192.
[64] Y. Hu, Y. Zhang, G. Xiao. Integral cryptanalysis of SAFER++. Electronic Letters,1999,35(17):1458-1459.
[65] G. Jakimoski, Y. Desmedt. Related-key differential cryptanalysis of192-bit keyAES variants. Proceedings of SAC2003, Springer-Verlag, LNCS:3006, pp.208-221,2004.
[66] E. Biham, O. Dunkelman, N. Keller. Related-key impossible differential attackson AES-192. Topics in Cryptology CT-RSA2006, Springer-Verlag, LNCS:3860,pp.21-31,2006.
[67] W. Zhang, L. Zhang, W Wu, et al. Improved related-key impossible differentialattacks on reduced round AES-192. Proceedings of SAC2006, Springer-Verlag,LNCS:4356, pp.15-27.2007.
[68] E. Biham, O. Dunkelman, N. Keller. Related-key and boomerang attacks.Advances in Cryptology-EUROCRYPT2005, Springer-Verlag, LNCS:3494, pp.507-525,2005.
[69] S. Hong, J. Kim, S. Lee, et al. Related-key rectangle attacks on reduced versionsof SHACAL-1and AES-192. Proceedings of FSE2005, Springer-Verlag, LNCS:3557, pp.368-383,2005.
[70] J. Kim, S. Hong, B. Preneel. Related-key rectangle attacks on reduced AES-192and AES-256. Proceedings of FSE2007, Springer-Verlag, LNCS:4593,pp.225-24,2007.
[71] A. Biryukov, D. Khovratovich. Related-key cryptanalysis of the full AES-192andAES-256. Advances in Cryptology-ASIACRYPT2009, Springer-Verlag,2009.LNCS:5912, pp.1-18.
[72] A. Biryukov, D. Khovratovich, I.Nikolic. Distinguisher and related-key attack onthe full AES-256(extended version). Advances in Cryptology-CRYPTO2009,Springer-Verlag,2009.LNCS:5677, pp.231-249.
[73] H. Gilbert, M. Minier. A Collision Attack on7Rounds of Rijndael. Proceedings ofthe Third Advanced Encryption Standard Candidate Conference, NIST,2000.http://homes.esat.kuleuven.be/~abiryuko/Cryptan/11-hgilbert.pdf
[74] N. Ferguson, J. Kelsey, B. Schneier, et al. Improved Cryptanalysis of Rijndael.Proceedings of FSE2000, Springer-Verlag,2001, LNCS:1978, pp.213-230.
[75] J.Cheon, M. Kim, K. Kim, et al. Improved impossible differential cryptanalysis ofRijndael. Proceedings of ICISC2001. Springer-verlag,2002, LNCS:2288, pp.39-49.
[76] E. Biham, N. Keller. Cryptanalysis of Reduced Variants of Rijndael. Proceedingsof the Third Advanced Encryption Standard Candidate Conference, NIST,2000.http://www.madchat.fr/crypto/codebreakers/35-ebiham.pdf.
[77] A. Biryukov. The Boomerang Attack on5and6-round Reduced AES.Proceedings of AES2004, Springer-verlag,2005, LNCS:3373, pp.11-15.
[78] R. Phan. Impossible Differential Cryptanalysis of7-round Advanced EncryptionStandard (AES). Information Processing Letters,2004,91(1), pp.33-38.
[79] W. Zhang, W. Wu, D. Feng. New Results on Impossible Differential Cryptanalysisof Reduced AES. Proceedings of ICISC2007, Springer-verlag,2007. LNCS:4817,pp.239-250.
[80] J. Lu. Cryptanalysis of Block Ciphers. Doctoral Dissertation, Royal HollowayUniversity of London,30July2008, pp.15-104.
[81] J. Lu, O. Dunkelman, N. Keller, et al. New Impossible Differential Attacks onAES. Progress in Cryptology-INDOCRYPT2008, Springer-Verlag,2008, LNCS:5365, pp.279-293.
[82] H. Demirci, A. Selcuk. A Meet-in-the-middle Attack on8-round AES.Proceedings of FSE2008, Springer-verlag,2008, LNCS:5086, pp.116-126.
[83] H. Demirci, I. Taskm, M. Coban, et al. Improved meet-in-the-middle attacks onAES. Progress in Cryptology-INDOCRYPT2009, Springer-verlag,2009, LNCS:5922, pp.144-156.
[84] O. Dunkelman, N. Keller, A. Shamir. Improved single-key attacks on8-roundAES. Advances in Cryptology-ASIACRYPT2010, Springer-verlag,2010, LNCS:6477, pp.158-176.
[85] Y. Wei, J. Lu, Y. Hu. Meet-in-the-Middle Attack on8Rounds of the AES BlockCipher under192Key Bits. Proceedings of ISPEC2011, Springer-verlag,2011,LNCS:6672, pp.222-232.
[86] W. Ji, L. Hu. New Description of SMS4by an Embedding over GF (28). Progressin Cryptology-INDOCRYPT2007, Springer-verlag,2007, LNCS:4859, pp.238-251.
[87]王金波.基于循环移位构造最优线性变换.密码进展—中国密码学年会2007年论文集,西南交通大学出版社,2007年.
[88] F. Liu, W. Ji, L. Hu, J. Ding, et al. Analysis of the SMS4Block Cipher.Proceedings of ACISP2007, Springer-verlag,2007, LNCS:4586, pp.158-170.
[89] J. Lu. Attacking Reduced-Round Versions of the SMS4Block Cipher in theChinese WAPI Standard. Proceedings of ICICS2007, Springer-verlag,2007,LNCS:4861, pp.306-318.
[90] D. Toz, O. Dunkelman. Analysis of Two Attacks on Reduced-Round Versions ofthe SMS4. Proceedings of ICICS2008, Springer-verlag,2008, LNCS:5308, pp.141-156.
[91] L. Zhang, W. Zhang, W. Wu. Cryptanalysis of Reduced-Round SMS4Blockcipher. Proceedings of ACISP2008, Springer-verlag,2008, LNCS:5107, pp.216-229.
[92] T. Kim, J. Kim, S. Hong, et al. Linear and Differential Cryptanalysis of ReducedSMS4Block Cipher. Cryptology ePrint Archive, report2008/281, http://eprint.iacr.org/2008/281.
[93] J. Etrog, M. Robshaw. The Cryptanalysis of Reduced-Round SMS4. Proceedingsof SAC2008, Springer-verlag,2009, LNCS:5381, pp.51-65.
[94] W. Zhang, W. Wu, D. Feng, et al. Some New Observations on the SMS4BlockCipher in the Chinese WAPI Standard. Proceedings of ISPEC2009.Springer-verlag,2009,LNCS:5451,pp.324-335.
[95] B. Su, W. Wu, W. Zhang. Security of the SMS4Block Cipher against DifferentialCryptanalysis. Journal of Computer Science and Technology,2011,26(1):130-138.
[96]吴文玲,张蕾.不可能差分密码分析研究进展.系统科学与数学,2008,28(8):pp.971-983.
[97] R. Phan, M. Siddiqi.Generalised Impossible Differentials of Advanced EncryptionStandard, IEE Electronics Letters,2001,37(14), pp.896-898.
[98] H. Demirci, A. Selcuk, E. Ture. A New Meet-in-the-middle Attack on IDEA.Proceedings of SAC2003, Springer-verlag,2004, LNCS:3006, pp.117-129.
[99] B. Collard, F. Standaert, J. Quisquater. Improving the Time Complexity ofMatsui's Linear Cryptanalysis. Proceedings of ICISC2007, Springer-Verlag,2007,LNCS4817, pp.77-88.
[100] P. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, andOther Systems. Advances in Cryptology-CRYPTO1996, Springer-Verlag,1996,LNCS:1109, pp.104-113.
[101] H. Handschuh, H. Heys. A timing Attacks on RC5. Proceedings of SAC1998,Springer-Verlag,1999, LNCS:1556, pp.306-318.
[102] P. Kocher, J. Jaffe, B. Jun. Differential Power Analysis. Advances inCryptology-CRYPTO1999, Springer-Verlag,1999, LNCS:1666, pp.386-397.
[103] P. Dusart, G. Letourneux, O. Vivolo. Differential Fault Analysis. Proceedings ofACNS2003, Springer-Verlag,2003, LNCS:2846, pp.293-306.
[104] D. Osvik, A. Shamir, E. Tromer. Cache Attacks and Countermeasures: The Caseof AES. Topics in Cryptology CT-RSA2006, Springer-Verlag,2006, LNCS:3860,pp.1-20.
[2] National Institute of Standards and Technology (NIST), USA, Data EncryptionStandards (DES), FIPS-46,1977.
[3] E. Biham, A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems.Journal of Cryptology,1991,4(1), pp.3-72.
[4] M. Matsui. Linear Cryptanalysis Method for DES Cipher. Advances inCryptology-EUROCRYPT1993, Springer-Verlag,1993, LNCS:765, pp.386-397.
[5] NIST-AES. Federal Information Processing Standard (FIPS) for the AdvancedEncryption Standard. http://csrc.nist.gov/CryptoToolkit/aes/.
[6] J. Daemen, V. Rijnmen. AES Proposal: Rijndael. http://csrc.nist.gov/encryption/aes/rijndael.
[7] National Institute of Standards and Technology (NIST), USA, AdvancedEncryption Standards (AES), FIPS-197,2001.
[8] R. Anderson, E. Biham, L. R. Knudsen. Serpent: A Proposal for the AdvancedEncryption Standard, NIST AES Proposal (1998).
[9] IBM Corporation. MARS-a candidate cipher for AES. http://www.research.ibm.com/security/mars.pdf.
[10] R. Rivest, M. Robshaw, R. Sidney, et al. The RC6block cipher. http://people.csail.mit.edu/rivest/Rc6.pdf.
[11] B. Schneier, J. Kelsey, D. Whiting, et al. Twofish: A128-Bit Block Cipher.http://www.schneier.com/twofish.html.
[12] NESSIE. New European Schemes for Signatures, Integrity, and Encryption.http://www.cosic.esat.kuleuven.ac.be/nessie/index.html.
[13] X. Lai, J. Massey. A Proposal for a New Block Encryption Standard. Advances inCryptology-EUROCRYPT1990, Springer-Verlag,1991, LNCS:473, pp.389-404.
[14] V. Rijmen, P. Barreto. The Khazad Block Cipher. http://www.larc.usp.br/~pbarreto/KhazadPage.html.
[15] M. Matsui. Block Encryption Algoritym MISTY. Proceedings of FSE1997,Springer-Verlag,1997, LNCS:1267, pp.64-74.
[16] K. Aoki, T. Ichikawa, M. Kanda, et al. Camellia: a128-bit Block Cipher Suitablefor Multiple Platforms-Design and Analysis. Proceedings of SAC2000,Springer-Verlag,2001, LNCS:2012, pp.39-56.
[17] H. Handschuh, L. Knudsen, M. Robshaw. Analysis of SHA-1in Encryption Mode.Topics in Cryptology CT-RSA2001, Springer-Verlag,2001, LNCS:2020, pp.70-83.
[18] H. Handschuh, D. Naccache. SHACAL. NESSIE,2001. https://www.cosic.esat.kuleuven.be/nessie.
[19] J. Massey, G. Khachatrian, M. Kuregian. Nomination of SAFER++as candidatealgorithm for the New European Schemes for Signatures, Integrity, andEncryption (NESSIE). http://web.eecs.utk.edu/~dunigan/cns06/SAFER.ps.
[20] KISA. A Design and Analysis of SEED(S). http://www.kisa.or.kr/technology/sub1/128-seed.pdf.
[21] D. Kwon, J. Kim, S. Park, et al. New Block Cipher: ARIA. Proceedings of ICISC2003, Springer-Verlag,2004, LNCS:2971, pp.432-445.
[22] CRYPTREC. Evaluation of Cryptographic Techniques. http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[23] Office of State Commercial Cipher Administration. Block Cipher for WLANProducts-SMS4.http://www.oscca.gov.cn/UpFile/2006021016423197990.pdf.
[24] SHA-3. http://www.nist.gov/encryption/sha-3.
[25]李超,孙兵,李瑞林.分组密码的攻击方法与实例分析.科学出版社,2010年5月,pp.2-222.
[26]王育民,刘建伟.通信网的安全理论与技术.西安电子科技大学出版社,2002年5月,pp.171-177.
[27]吴文玲,冯登国.分组密码工作模式的研究现状.计算机学报,2006,29(1), pp.21-36.
[28]吴文玲,冯登国,张文涛.分组密码的设计与分析.清华大学出版社.2009年10月, pp.95-406.
[29] A. Sorkin. Lucifer, a Cryptographic Algorithm. Cryptologia,8(l),1984, pp:2-41.
[30] A. Shimizu, S. Miyaguchi. Fast data Encipherment Algorithm FEAL. Advances inCryptology-EUROCRYPT1987, Springer-Verlag,1988, LNCS:293, pp.267-280.
[31]吴世忠.应用密码—协议、算法与C源程序.北京:机械工业出版社,2000. pp.234-236.
[32] L. Brown, J. Seberry. LOKI-A Cryptographic Primitive for Authentication andSecrecy Applications, Advances in Cryptology-AUSCRYPT1990, Springer-Verlag,1990, pp.229-236.
[33]胡予濮,张玉清,肖国镇.对称密码学.机械工业出版社,2002年3月, pp.40-6.
[34] P. Junod, S. Vaudenay. FOX: a New Family of Block Ciphers. Proceedings ofSAC2004, Springer-Verlag,2004, LNCS:2595, pp.131-146.
[35] B. Schneier, J. Kelsey. Unbalanced Feistel Networks and Blocks Cipher Design.Proceedings of FSE1995, Springer-Verlag,1996, LNCS:3557, pp.121-144.
[36] K. Nyberg. Generalized Feistel Networks. Advances in Cryptology-ASIACRYPT1996, Springer-Verlag,1996, LNCS:1163, pp.91-104.
[37] T. Shirai, L. Shibutani, T. Akishita, et al. The128-bit blockcipher CLEAF.Proceedings of FSE2007, Springer-Verlag,2007, LNCS:4593, pp.181-195.
[38] M.Matsui. New Structural of Block Cipher with Provable Security againstDifferential and Linear Cryptanalysis. Proceedings of FSE1996, Springer-Verlag,1996, LNCS:1039, pp.205-217.
[39] M. Hellman. A Cryptanalytic Time-Memory-Tradeoff. IEEE Trans. InformationTheory,1980,26(4), pp.401-406.
[40] E. Biham, A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems.Journal of Cryptology,1991,4(1), pp.3-72.
[41] E. Biham, A. Shamir. Differential cryptanalysis of the full16-round DES.Advances in Cryptology-CRYPTO1992, Springer-Verlag,1993, LNCS:740, pp.487-496.
[42] J. Kim. Combined Differential, Linear and Related-Key Attacks on Block Ciphersand MAC Algorithms. Doctoral Dissertation Katholieke University Leuven,November2006, pp.1-78.
[43] X. Lai. Higher Order Derivatives and Different Cryptanalysis. Communicationsand Cryptography, Kluwer Academic Press,1994, pp.227-233.
[44] L. Knudsen. Truncated and Higher Order Differentials. Proceedings of FSE1995,Springer-Verlage,1995, LNCS:1008, pp.196-211
[45] W.Wu, W. Zhang, D. Feng. Impossible Differential Cryptanalysis of reduced-round ARIA and Camellia. Journal of Computer Science and Technology,2007,22(3), pp449-456.
[46] D. Wagner. The Boomerang Attack. Proceedings of FSE1999, Springer-Verlag,1999, LNCS:1636, pp.156-170.
[47] J. Kelsey, T. Kohno, B. Schneier. Amplified boomerang attacks againstreduced-round MARS and Serpent. Proceedings of FSE2000, Springer-Verlag,2001, LNCS:1978, pp.75-93.
[48] E. Biham, O.Dunkelman, N. Neller. The Rectangle Attack-Rectangling theSerpent. Advances in Cryptology-EUROCRYPT2001, Springer-Verlag,2001,LNCS:2045, pp.340-357.
[49] Tardy-Corfdir A, Gilbert H. A known plaintext attack of FEAL-4and FEAL-6.Advances in Cryptology-CRYPTO1991, Springer-Verlag,1992, LNCS:576, pp.172-182.
[50] M. Matsui, A. Yamagishi. A New Method for Known Plaintext Attack of FEALCipher. Advances in Cryptology-EUROCRYPT1992, Springer-Verlag,1993,LNCS:658, pp.81-91.
[51] B. Kaliski, M. Robshaw. Linear Cryptanalysis Using Multiple Approximations.Advances in Cryptology-CRYPTO1994, Springer-Verlag,1994, LNCS:839, pp.26-39.
[52] S. Langford, M. Hellman. Different-Linear Cryptanalysis. Advances inCryptology-CRYOTO1994, Springer-Verlag,1994, LNCS:839, pp.5-12.
[53] C. Harpes, J. Massey. Partitioning Cryptanalysis. Proceedings of FSE1997,Springer-Verlag,1997, LNCS:1267, pp.13-27.
[54] L. Knudsen. DEAL-a128bit block cihper. http://www2.mat.dtu.dk/people/Lars.R.Knudsen/newblock.html
[55] E. Biham, A. Biryukov, A. Shamir. Cryptanalysis of Skipjack Reduced to31Rounds Using Impossible Differentials. Advances in Cryptology-EUROCRYPT1999, Springer-Verlag,1999, LNCS:1592, pp.12-23.
[56] E. Biham, O. Dunkelman, N. Keller. New results on boomerang and rectangleattacks. Proceedings of FSE2002, Springer-Verlag,2002, LNCS:2365, pp.1-16.
[57] E. Biham. New Types of Cryptanalytic Attacks Using Related Keys. Journal ofCryptology,1994,7(1), pp.229-246.
[58] T. Jakobsen, L. Knudsen. The Interpolation Attack on Block Ciphers. Proceedingsof FSE1997, Springer-Verlag, LNCS:1267,pp.28-40,1997.
[59] J. Daemen, L. Knudsen, V. Rijmen. The Block Cipher Square. Proceedings of FSE1997, Springer-Verlag,1997, LNCS:1267, pp.149-165.
[60] S. Lucks. The Saturation Attack-a Bait for Two Fish. Proceedings of FSE2001,Springer-Verlag,2001, LNCS:2355, pp.187-205.
[61] A. Biryukov, A. Shamir. Structure Cryptanalysis of SASAS. Advances inCryptology-EUROCRYPT2001, Springer-Verlag,2001, LNCS:2045, pp.394-405.
[62] L. Knudsen, D. Wagner. Integral Cryptanalysis. Proceedings of FSE2002,Springer-Verlag,2002, LNCS:2356, pp.112-127.
[63] B. Sun, L. Qu, C. Li. New cryptanalysis of block ciphers with low algebric degree.Proceedings of FSE2009, Springer-Verlag,2009, LNCS:5665, pp.180-192.
[64] Y. Hu, Y. Zhang, G. Xiao. Integral cryptanalysis of SAFER++. Electronic Letters,1999,35(17):1458-1459.
[65] G. Jakimoski, Y. Desmedt. Related-key differential cryptanalysis of192-bit keyAES variants. Proceedings of SAC2003, Springer-Verlag, LNCS:3006, pp.208-221,2004.
[66] E. Biham, O. Dunkelman, N. Keller. Related-key impossible differential attackson AES-192. Topics in Cryptology CT-RSA2006, Springer-Verlag, LNCS:3860,pp.21-31,2006.
[67] W. Zhang, L. Zhang, W Wu, et al. Improved related-key impossible differentialattacks on reduced round AES-192. Proceedings of SAC2006, Springer-Verlag,LNCS:4356, pp.15-27.2007.
[68] E. Biham, O. Dunkelman, N. Keller. Related-key and boomerang attacks.Advances in Cryptology-EUROCRYPT2005, Springer-Verlag, LNCS:3494, pp.507-525,2005.
[69] S. Hong, J. Kim, S. Lee, et al. Related-key rectangle attacks on reduced versionsof SHACAL-1and AES-192. Proceedings of FSE2005, Springer-Verlag, LNCS:3557, pp.368-383,2005.
[70] J. Kim, S. Hong, B. Preneel. Related-key rectangle attacks on reduced AES-192and AES-256. Proceedings of FSE2007, Springer-Verlag, LNCS:4593,pp.225-24,2007.
[71] A. Biryukov, D. Khovratovich. Related-key cryptanalysis of the full AES-192andAES-256. Advances in Cryptology-ASIACRYPT2009, Springer-Verlag,2009.LNCS:5912, pp.1-18.
[72] A. Biryukov, D. Khovratovich, I.Nikolic. Distinguisher and related-key attack onthe full AES-256(extended version). Advances in Cryptology-CRYPTO2009,Springer-Verlag,2009.LNCS:5677, pp.231-249.
[73] H. Gilbert, M. Minier. A Collision Attack on7Rounds of Rijndael. Proceedings ofthe Third Advanced Encryption Standard Candidate Conference, NIST,2000.http://homes.esat.kuleuven.be/~abiryuko/Cryptan/11-hgilbert.pdf
[74] N. Ferguson, J. Kelsey, B. Schneier, et al. Improved Cryptanalysis of Rijndael.Proceedings of FSE2000, Springer-Verlag,2001, LNCS:1978, pp.213-230.
[75] J.Cheon, M. Kim, K. Kim, et al. Improved impossible differential cryptanalysis ofRijndael. Proceedings of ICISC2001. Springer-verlag,2002, LNCS:2288, pp.39-49.
[76] E. Biham, N. Keller. Cryptanalysis of Reduced Variants of Rijndael. Proceedingsof the Third Advanced Encryption Standard Candidate Conference, NIST,2000.http://www.madchat.fr/crypto/codebreakers/35-ebiham.pdf.
[77] A. Biryukov. The Boomerang Attack on5and6-round Reduced AES.Proceedings of AES2004, Springer-verlag,2005, LNCS:3373, pp.11-15.
[78] R. Phan. Impossible Differential Cryptanalysis of7-round Advanced EncryptionStandard (AES). Information Processing Letters,2004,91(1), pp.33-38.
[79] W. Zhang, W. Wu, D. Feng. New Results on Impossible Differential Cryptanalysisof Reduced AES. Proceedings of ICISC2007, Springer-verlag,2007. LNCS:4817,pp.239-250.
[80] J. Lu. Cryptanalysis of Block Ciphers. Doctoral Dissertation, Royal HollowayUniversity of London,30July2008, pp.15-104.
[81] J. Lu, O. Dunkelman, N. Keller, et al. New Impossible Differential Attacks onAES. Progress in Cryptology-INDOCRYPT2008, Springer-Verlag,2008, LNCS:5365, pp.279-293.
[82] H. Demirci, A. Selcuk. A Meet-in-the-middle Attack on8-round AES.Proceedings of FSE2008, Springer-verlag,2008, LNCS:5086, pp.116-126.
[83] H. Demirci, I. Taskm, M. Coban, et al. Improved meet-in-the-middle attacks onAES. Progress in Cryptology-INDOCRYPT2009, Springer-verlag,2009, LNCS:5922, pp.144-156.
[84] O. Dunkelman, N. Keller, A. Shamir. Improved single-key attacks on8-roundAES. Advances in Cryptology-ASIACRYPT2010, Springer-verlag,2010, LNCS:6477, pp.158-176.
[85] Y. Wei, J. Lu, Y. Hu. Meet-in-the-Middle Attack on8Rounds of the AES BlockCipher under192Key Bits. Proceedings of ISPEC2011, Springer-verlag,2011,LNCS:6672, pp.222-232.
[86] W. Ji, L. Hu. New Description of SMS4by an Embedding over GF (28). Progressin Cryptology-INDOCRYPT2007, Springer-verlag,2007, LNCS:4859, pp.238-251.
[87]王金波.基于循环移位构造最优线性变换.密码进展—中国密码学年会2007年论文集,西南交通大学出版社,2007年.
[88] F. Liu, W. Ji, L. Hu, J. Ding, et al. Analysis of the SMS4Block Cipher.Proceedings of ACISP2007, Springer-verlag,2007, LNCS:4586, pp.158-170.
[89] J. Lu. Attacking Reduced-Round Versions of the SMS4Block Cipher in theChinese WAPI Standard. Proceedings of ICICS2007, Springer-verlag,2007,LNCS:4861, pp.306-318.
[90] D. Toz, O. Dunkelman. Analysis of Two Attacks on Reduced-Round Versions ofthe SMS4. Proceedings of ICICS2008, Springer-verlag,2008, LNCS:5308, pp.141-156.
[91] L. Zhang, W. Zhang, W. Wu. Cryptanalysis of Reduced-Round SMS4Blockcipher. Proceedings of ACISP2008, Springer-verlag,2008, LNCS:5107, pp.216-229.
[92] T. Kim, J. Kim, S. Hong, et al. Linear and Differential Cryptanalysis of ReducedSMS4Block Cipher. Cryptology ePrint Archive, report2008/281, http://eprint.iacr.org/2008/281.
[93] J. Etrog, M. Robshaw. The Cryptanalysis of Reduced-Round SMS4. Proceedingsof SAC2008, Springer-verlag,2009, LNCS:5381, pp.51-65.
[94] W. Zhang, W. Wu, D. Feng, et al. Some New Observations on the SMS4BlockCipher in the Chinese WAPI Standard. Proceedings of ISPEC2009.Springer-verlag,2009,LNCS:5451,pp.324-335.
[95] B. Su, W. Wu, W. Zhang. Security of the SMS4Block Cipher against DifferentialCryptanalysis. Journal of Computer Science and Technology,2011,26(1):130-138.
[96]吴文玲,张蕾.不可能差分密码分析研究进展.系统科学与数学,2008,28(8):pp.971-983.
[97] R. Phan, M. Siddiqi.Generalised Impossible Differentials of Advanced EncryptionStandard, IEE Electronics Letters,2001,37(14), pp.896-898.
[98] H. Demirci, A. Selcuk, E. Ture. A New Meet-in-the-middle Attack on IDEA.Proceedings of SAC2003, Springer-verlag,2004, LNCS:3006, pp.117-129.
[99] B. Collard, F. Standaert, J. Quisquater. Improving the Time Complexity ofMatsui's Linear Cryptanalysis. Proceedings of ICISC2007, Springer-Verlag,2007,LNCS4817, pp.77-88.
[100] P. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, andOther Systems. Advances in Cryptology-CRYPTO1996, Springer-Verlag,1996,LNCS:1109, pp.104-113.
[101] H. Handschuh, H. Heys. A timing Attacks on RC5. Proceedings of SAC1998,Springer-Verlag,1999, LNCS:1556, pp.306-318.
[102] P. Kocher, J. Jaffe, B. Jun. Differential Power Analysis. Advances inCryptology-CRYPTO1999, Springer-Verlag,1999, LNCS:1666, pp.386-397.
[103] P. Dusart, G. Letourneux, O. Vivolo. Differential Fault Analysis. Proceedings ofACNS2003, Springer-Verlag,2003, LNCS:2846, pp.293-306.
[104] D. Osvik, A. Shamir, E. Tromer. Cache Attacks and Countermeasures: The Caseof AES. Topics in Cryptology CT-RSA2006, Springer-Verlag,2006, LNCS:3860,pp.1-20.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |