LAC认证加密的伪造攻击及其改进
|
摘要
针对认证加密算法在设计中出现的一些不足,尤其是近年兴起的CAESAR竞赛征集算法,介绍了两种伪造攻击的手段,通过破坏密文的完整性达到欺骗认证者的目的。以LAC候选算法为例,通过伪造攻击的方法对其内部结构、认证机制和攻击原理进行了分析和描述,并对其原有结构进行了改进,使其能够有效地抵抗现有的伪造攻击。通过对其安全性进行分析,表明LAC算法改进方案能够有效抵抗伪造攻击。
The shortcomings of the design in authenticated encryption algorithm make the algorithm vulnerable to attack,especially to the CAESAR algorithm in recent years.Forgery attack is an effective measures to deal with the authenticated encryption algorithm.The measures of forgery attack can also be applied to the LAC authentication encryption algorithm which is one of the CAESAR competition candidate algorithm.Through the analysis of the LAC algorithm's internal structure,authentication mechanism and attack method,this paper put forward the improved scheme.Through the analysis of its security,it shows that the LAC improvement scheme can effectively resist forgery attacks.
The shortcomings of the design in authenticated encryption algorithm make the algorithm vulnerable to attack,especially to the CAESAR algorithm in recent years.Forgery attack is an effective measures to deal with the authenticated encryption algorithm.The measures of forgery attack can also be applied to the LAC authentication encryption algorithm which is one of the CAESAR competition candidate algorithm.Through the analysis of the LAC algorithm's internal structure,authentication mechanism and attack method,this paper put forward the improved scheme.Through the analysis of its security,it shows that the LAC improvement scheme can effectively resist forgery attacks.
引文
[1]Gilbert E N,Macwilliams F J,Sloane N J A.Codes which detect deception[J].Bell System Technical Journal,1974,53(3):405-424.
[2]Naito Y.Full PRF-secure message authentication code based on tweakable block cipher[C]//Proc of the 9th International Conference on Provable Security.Berlin:Springer-Verlaag,2015:167-182.
[3]Goldwasser S,Bellare M.Lecture notes on cryptography[EB/OL].(2015-06-05).http://cseweb.ucsd.edu/~mihir/papers/gb.pdf.
[4]李超,孙兵,李瑞林.分组密码的攻击方法与实例分析[M].北京:科学出版社,2010.
[5]陈杰,胡予濮,韦永壮.随机消息伪造攻击PMAC和TMAC-V[J].计算机学报,2007,30(10):1827-1832.
[6]Wang Xiaoyun,Yu Hongbo.How to break MD5 and other hash functions[C]//Advances in Cryptology-EUROCRYPT.Berlin:Springer,2005:19-35.
[7]Wang Xiaoyun,Yin Y L,Yu Hongbo.Finding collisions in the full SHA-1[C]//Advances in Cryptology.Berlin:Springer,2010:17-36.
[8]Zhang Lei,Wu Wenling,Wang Yanfeng,et al.LAC:a lightweight authenticated encryption cipher[EB/OL].(2014-03-16).http://competitions.cr.yp.to/round1/lacv1.pdf.
[9]Bogdanov A,Mendel F,Regazzoni F,et al.ALE:AES-based lightweight authenticated encryption[C]//Proc of International Workshop on Fast Software Encryption.Berlin:Springer,2013:447-466.
[10]Wu Wenling,Zhang Lei.LBlock:a lightweight block cipher[C]//Proc of International Conference on Applied Cryptography&Network Security.Berlin:Springer,2011:327-344.
[11]张文涛,卿斯汉,吴文玲.嵌套Feistel结构的SP型分组密码的可证明安全性[J].计算机研究与发展,2004,41(8):1389-1397.
[12]Biham E.New types of cryptanalytic attacks using related keys[C]//Advance in Cryptology-EUROCRYPT.1994:398-409.
[13]Courtois N T,Pieprzyk J.Cryptanalysis of block ciphers with overdefined systems of equations[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2002:267-287.
[14]Minier M,Naya-Plasencia M.A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock[J].Information Processing Letters,2012,112(16):624-629.
[15]Biryukov A,Khovratovich D.Related-key cryptanalysis of the full AES-192 and AES-256[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2009:1-18.
[16]Chen Jiageng,Miyaji A.Differential cryptanalysis and boomerang cryptanalysis of LBlock[C]//Security Engineerin and Intelligence Informatics.Berlin:Springer,2013:1-15.
[17]Sun Siwei,Hu Lei,Wang Meiqin,et al.Constructing mixed-integer programming models whose feasible region is exactly the set of all valid differential characteristics of SIMON[EB/OL].(2015-02-19).http://eprint.iacr.org/2015/122.
[18]Sun Siwei,Hu Lei,Wang Peng,et al.Automatic security evaluation and(related-key)differential characteristic search:application to SIMON,PRESENT,LBlock,DES(L)and other bit-oriented block ciphers[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2014:158-178.
[2]Naito Y.Full PRF-secure message authentication code based on tweakable block cipher[C]//Proc of the 9th International Conference on Provable Security.Berlin:Springer-Verlaag,2015:167-182.
[3]Goldwasser S,Bellare M.Lecture notes on cryptography[EB/OL].(2015-06-05).http://cseweb.ucsd.edu/~mihir/papers/gb.pdf.
[4]李超,孙兵,李瑞林.分组密码的攻击方法与实例分析[M].北京:科学出版社,2010.
[5]陈杰,胡予濮,韦永壮.随机消息伪造攻击PMAC和TMAC-V[J].计算机学报,2007,30(10):1827-1832.
[6]Wang Xiaoyun,Yu Hongbo.How to break MD5 and other hash functions[C]//Advances in Cryptology-EUROCRYPT.Berlin:Springer,2005:19-35.
[7]Wang Xiaoyun,Yin Y L,Yu Hongbo.Finding collisions in the full SHA-1[C]//Advances in Cryptology.Berlin:Springer,2010:17-36.
[8]Zhang Lei,Wu Wenling,Wang Yanfeng,et al.LAC:a lightweight authenticated encryption cipher[EB/OL].(2014-03-16).http://competitions.cr.yp.to/round1/lacv1.pdf.
[9]Bogdanov A,Mendel F,Regazzoni F,et al.ALE:AES-based lightweight authenticated encryption[C]//Proc of International Workshop on Fast Software Encryption.Berlin:Springer,2013:447-466.
[10]Wu Wenling,Zhang Lei.LBlock:a lightweight block cipher[C]//Proc of International Conference on Applied Cryptography&Network Security.Berlin:Springer,2011:327-344.
[11]张文涛,卿斯汉,吴文玲.嵌套Feistel结构的SP型分组密码的可证明安全性[J].计算机研究与发展,2004,41(8):1389-1397.
[12]Biham E.New types of cryptanalytic attacks using related keys[C]//Advance in Cryptology-EUROCRYPT.1994:398-409.
[13]Courtois N T,Pieprzyk J.Cryptanalysis of block ciphers with overdefined systems of equations[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2002:267-287.
[14]Minier M,Naya-Plasencia M.A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock[J].Information Processing Letters,2012,112(16):624-629.
[15]Biryukov A,Khovratovich D.Related-key cryptanalysis of the full AES-192 and AES-256[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2009:1-18.
[16]Chen Jiageng,Miyaji A.Differential cryptanalysis and boomerang cryptanalysis of LBlock[C]//Security Engineerin and Intelligence Informatics.Berlin:Springer,2013:1-15.
[17]Sun Siwei,Hu Lei,Wang Meiqin,et al.Constructing mixed-integer programming models whose feasible region is exactly the set of all valid differential characteristics of SIMON[EB/OL].(2015-02-19).http://eprint.iacr.org/2015/122.
[18]Sun Siwei,Hu Lei,Wang Peng,et al.Automatic security evaluation and(related-key)differential characteristic search:application to SIMON,PRESENT,LBlock,DES(L)and other bit-oriented block ciphers[C]//Advance in Cryptology-ASIACRYPT.Berlin:Springer,2014:158-178.