分组密码的分析与设计
|
摘要
现代密码学理论和密码技术是信息安全的重要基础。分组密码是密码学的一个重要分支,它具有速度快、易于标准化和便于软硬件实现等特点,通常是信息与网络安全中实现数据加密、数字签名、认证及密钥管理的核心体制。
随着AES活动的开展,分组密码成为近几年密码学研究中非常活跃的一个课题。自主性是信息安全的一个重要特点,在我国,依靠自己的力量并汲取现有的先进经验进行分组密码的研究、设计和开发也是非常必要的。
分组密码的研究内容主要包括三个方面:分组密码的设计原理、分组密码的安全性分析和分组密码的应用研究。围绕着分组密码的安全性分析和设计,本论文取得了以下五个方面的主要研究成果:
1.分别利用差分-非线性密码分析、截断差分-线性密码分析、积分密码分析三种不同的密码分析方法,对Safer++进行了密码分析;
2.在对分组密码的可证明安全性和实际安全性研究的基础上,提出了一个嵌套Feistd结构的SP型分组密码的模型。采用该模型,只需适当选取密码特性好的非线性模块和线性模块,就可以构造出具有很好地抵抗差分密码分析和线性密码分析的能力、加解密相似的分组密码算法;
3.采用上述密码模型,给出了一个用该模型构造的具体的分组密码算法SCF。并且对SCF作了一些初步的密码分析和详细的统计测试,结果表明:SCF密码足够抵抗一些已知的密码分析、具有很好的统计性能。
4.对一类基于混沌函数的分组密码结构GFS4(GFS8)的安全性做了评估,分析结果表明:从抵抗差分密码分析和线性密码分析的安全性与所需要的执行代价相比,这类密码结构不如CAST-256型密码结构和普通的Feistel型密码结构。因此在分组密码的设计中,我们不推荐使用这类密码结构。
5.利用两种方法对一个基于细胞自动机的分组密码系统CAC的变形进行了分析,结果表明:CAC的这种变形在选择明文攻击下是极不安全的。对CAC的变形进行分析的意义在于:知道CAC的具体设计细节后,借鉴对该变形的分析,有可能对CAC密码系统本身的安全性造成威胁。
Modem cryptological theory and cryptological technology are important basis of information security. Block cipher is an important branch of cryptology, it has many attractive features such as high rates, easy for standardization, and efficient for both software and hardware implementations. Block ciphers are usually core components in information and Internet security for data encryption, data signature, authentication and key management.
Along with the launch of AES process, block ciphers has become a very active subject in recent years. Autonomy is a notable feature of information security. So it's very necessary to conduct block cipher research, design and development relying on our own ability, and absorbing advanced experience at the same time.
The research contents of block ciphers can be divided into three parts: design principles of block ciphers, security analysis of block ciphers and application research of block ciphers. Concentrating on security analysis and design of block ciphers, five principal achievements have been obtained in this dissertation:
1.Using differential-nonlinear cryptanalysis, truncated differential-linear cryptanalysis and integral cryptanalysis respectively, three attacks of reduced-round Safer++ are given;
2.Based on the survey of provable security and practical security of block ciphers, a block cipher model of SPN cipher containing Feistel structure is proposed. Adopting this model and properly selecting some nonlinear and linear modules which has good cryptographic properties, a concrete block cipher can thus be constructed, which is provably secure against differential and linear cryptanalysis, and also has self-inverse structure for encryption and decryption.
3.Adopting the above model, a concrete block cipher named SCF is proposed. Some initial cryptanalysis and detailed statistical tests of SCF are given, the results show that SCF can resist some known cryptanalytic attacks and has excellent statistical properties.
4.Security of a class of block ciphers based on chaotic maps against differential and linear cryptanalysis is studied. The results show that this kind of cipher structure is not good compared with some famous cipher structure such as
CAST-256 cipher structure and common Feistel structure. So we don't recommend this kind of cipher structure when designing a new cipher. 5. Security analyses of a variant of a new block cipher system (called CAC) based on cellular automata theory are given using two cryptanalytic approaches. The results show that this variant of CAC is very insecure under chosen-plaintext attacks. The importance of analysis of this variant is: using cryptanalysis of the variant for reference, attacks on the original cipher may be found when knowing some of the design details of CAC.
随着AES活动的开展,分组密码成为近几年密码学研究中非常活跃的一个课题。自主性是信息安全的一个重要特点,在我国,依靠自己的力量并汲取现有的先进经验进行分组密码的研究、设计和开发也是非常必要的。
分组密码的研究内容主要包括三个方面:分组密码的设计原理、分组密码的安全性分析和分组密码的应用研究。围绕着分组密码的安全性分析和设计,本论文取得了以下五个方面的主要研究成果:
1.分别利用差分-非线性密码分析、截断差分-线性密码分析、积分密码分析三种不同的密码分析方法,对Safer++进行了密码分析;
2.在对分组密码的可证明安全性和实际安全性研究的基础上,提出了一个嵌套Feistd结构的SP型分组密码的模型。采用该模型,只需适当选取密码特性好的非线性模块和线性模块,就可以构造出具有很好地抵抗差分密码分析和线性密码分析的能力、加解密相似的分组密码算法;
3.采用上述密码模型,给出了一个用该模型构造的具体的分组密码算法SCF。并且对SCF作了一些初步的密码分析和详细的统计测试,结果表明:SCF密码足够抵抗一些已知的密码分析、具有很好的统计性能。
4.对一类基于混沌函数的分组密码结构GFS4(GFS8)的安全性做了评估,分析结果表明:从抵抗差分密码分析和线性密码分析的安全性与所需要的执行代价相比,这类密码结构不如CAST-256型密码结构和普通的Feistel型密码结构。因此在分组密码的设计中,我们不推荐使用这类密码结构。
5.利用两种方法对一个基于细胞自动机的分组密码系统CAC的变形进行了分析,结果表明:CAC的这种变形在选择明文攻击下是极不安全的。对CAC的变形进行分析的意义在于:知道CAC的具体设计细节后,借鉴对该变形的分析,有可能对CAC密码系统本身的安全性造成威胁。
Modem cryptological theory and cryptological technology are important basis of information security. Block cipher is an important branch of cryptology, it has many attractive features such as high rates, easy for standardization, and efficient for both software and hardware implementations. Block ciphers are usually core components in information and Internet security for data encryption, data signature, authentication and key management.
Along with the launch of AES process, block ciphers has become a very active subject in recent years. Autonomy is a notable feature of information security. So it's very necessary to conduct block cipher research, design and development relying on our own ability, and absorbing advanced experience at the same time.
The research contents of block ciphers can be divided into three parts: design principles of block ciphers, security analysis of block ciphers and application research of block ciphers. Concentrating on security analysis and design of block ciphers, five principal achievements have been obtained in this dissertation:
1.Using differential-nonlinear cryptanalysis, truncated differential-linear cryptanalysis and integral cryptanalysis respectively, three attacks of reduced-round Safer++ are given;
2.Based on the survey of provable security and practical security of block ciphers, a block cipher model of SPN cipher containing Feistel structure is proposed. Adopting this model and properly selecting some nonlinear and linear modules which has good cryptographic properties, a concrete block cipher can thus be constructed, which is provably secure against differential and linear cryptanalysis, and also has self-inverse structure for encryption and decryption.
3.Adopting the above model, a concrete block cipher named SCF is proposed. Some initial cryptanalysis and detailed statistical tests of SCF are given, the results show that SCF can resist some known cryptanalytic attacks and has excellent statistical properties.
4.Security of a class of block ciphers based on chaotic maps against differential and linear cryptanalysis is studied. The results show that this kind of cipher structure is not good compared with some famous cipher structure such as
CAST-256 cipher structure and common Feistel structure. So we don't recommend this kind of cipher structure when designing a new cipher. 5. Security analyses of a variant of a new block cipher system (called CAC) based on cellular automata theory are given using two cryptanalytic approaches. The results show that this variant of CAC is very insecure under chosen-plaintext attacks. The importance of analysis of this variant is: using cryptanalysis of the variant for reference, attacks on the original cipher may be found when knowing some of the design details of CAC.
引文
[1] C.E.Shannon. "Communication Theory of Secrecy Systems." Bell System Technical Journal, 1949(vol.28): 656-715.
[2] W.Diffie, M.E.Hellman. "New Directions in Cryptograhy." IEEE Transactions on Information Theory, 1976(vol.IT-22),No.6: 644-654.
[3] NBS. "Data Encryption Standard." FIPS PUB 46, National Bureau of Standards, Washington,D.C. (Jan. 1977).
[4] R.L.Rivest, A.Shamir, L.M.Adleman. "A Method for Obtaining Digital Signatures and Pulic-key Cryptosystems." Communications of the ACM, 1978(vol.21): 120-126.
[5] S.Goldwasser, M.Bellare. "Lecture Notes on Cryptography." Available at http://www-cse. ucsd. edu/users/mihir/papers/gb.html.
[6] L.R.Kudsen. "Contemporary Block Ciphers." Lectures on Data Security, Modem Cryptology in Theory and Practice, LNCS Tutorial 1561, I.B.Damgard, ed., Springer-Verlag, 1999:105-126. Also available at http://www.ii.uib.no/~larsr/papers/ survey98.ps.
[7] E.Biham, A.Shamir. "Differential Cryptanalysis of DES-like Cryptosystems." Journal of Cryptology, 1991(vol.4)Nol : 3-72.
[8] M.Matsui. "Linear Cryptanalysis Method for DES Cipher." Advances in Cryptology-EUROCRYPT'93 Proceedings, Springer-Verlag, 1994:386-397.
[9] X.Lai. "Higher Order Derivations and Differential Cryptanalysis." Proceedings of Symposium on Communication, Coding and Cryptography, Feb. 10-13,1994, Monte-Verita, Ascona, Switzerland.
[10] L.R.Knudsen. "Truncated and Higher Order Differentials." Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:196-211.
[11] L.R.Knudsen. "DEAL-A 128-bit Block Cipher." Technical report 151,Dept.of Informatics, University of Bergen, Norway,1998. Also available at http://www.nist. gov/aes.
[12] E.Biham, A.Biryukov, A.Shamir. "Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials." Proceedings of Eurocrypt'99, J.Stem, ed., LNCS 1592, Springer-Verlag, 1999:12-23. Also available at http://www. cryptography.com.
[13] B.S.Kaliski, Jr., M.J.B.Robshaw. "Linear Cryptanalysis Using Multiple Approximations." Advances in Cryptology-CRYPTO'94 Proceedings, Y.Desmedt,ed., LNCS 839, Springer-Verlag, 1994:26-39.
[14] B.S.Kaliski, Jr., M.J.B.Robshaw. "Linear Cryptanalysis Using Multiple Approximations and FEAL." Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:249-264.
[15] L.R.Knudsen, M.J.B.Robshaw. "Non-linear Approximations in Linear Cryptanalysis." Proceedings of Eurocrypt'96, U,Maurer, ed., LNCS 1070, Springer- Verlag, 1996:224-236.
[16] C.Harpes, J.L.Massey. "Partitioning Cryptanalysis." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:13-27.
[17] S.K.Langford, M.E.Hellman. "Differential-Linear Cryptanalysis." Proceedings of Crypto'94, Y.Desmedt,ed., LNCS 839, Springer-Verlag, 1994:17-26.
[18] E.Biham, O.Dunkelman, N.Keller. "Enhancing Differential-linear Cryptanalysis." Proceedings of Asiacrypt'02, Y.Zheng,ed., LNCS 2501, Springer-Verlag, 2002:254-266.
[19] E.Biham, N.Keller, O.Dunkelman. "Differential-linear Cryptanalysis of Serpent." Proceedings of Fast Software Encryption-FSE'03, T.Johansson,ed., Springer-Verlag.
[20] T.Jakobsen. "The Interpolation Attack on Block Cipher." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:28-40.
[21] E.Biham. "New Types of Cryptanalytic Attacks Using Related Keys." Journal of Cryptology, 1994(vol.7), No.4:229-246.
[22] L.R.Knudsen, D.Wagner. "Integral Cryptanalysis." Proceedings of Fast Software Encryption-FSE'02, J.Daemen and V.Rijmen, ed., LNCS 2356, Springer-Verlag, 2002:112-127.
[23] A.Biryukov, A.Shamir. "Structural Cryptanalysis of SASAS." Proceedings of Eurocrypt'01, B.Pfitzmann, ed., LNCS 2045, Springer-Verlag, 2001:394-405.
[24] J.Daemen, L.R.Knudsen, V.Rijmen. "The block cipher Square." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag,1997: 149-165.
[25] S.Lucks, "The Saturation Attack-a Bait for Twofish." Proceedings of Fast Software Encryption-FSE'01, M.Matsui,ed., LNCS 2355, Springer-Verlag,2001: 1-15.
[26] N.T.Courtois, J.Pieprzyk. "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations." Available at http://eprint.iacr.org/2002/044/, 2002.
[27] S.Murphy, M.J.B.Robshaw. "Essential Algebraic Structure within the AES." Proceedings of Crypto'02, M.Yung,ed., LNCS 2442, Springer-Verlag,2002: 1-16.
[28] S.Murphy, M.J.B.Robshaw. "Comments on the Security of the AES and the XSL Technique." Electronic Letters, 2003(vol.39), No. 1:36-38.
[29] T.Moh. "On the Courtois-Pieprzyk's Attack on Rijndael." University of San Diego Web-Site, Sept.2002. Available at http://www.usdsi.com/aes.html.
[30] D.Coppersmith. "Impact .of Courtois and Pieprzyk Results." NIST AES Discussion Forum, Sept.2002. Available at http://www.nist.gov/aes/.
[31] AES website: http://www.nist.gov/aes.
[32] National Institute of Standards and Technology. Advanced Encryption Standard.FIPS 197.26 November 2001.
[33] NESSIE website: https://www.cosic.esat.kuleuven.ac.be/nessie/.
[34] NESSIE Phase I: Selection of Primitives, Sep,2001. Available at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[35] Portfolio of Recommended Cryptographic Primitives. Feb,2003. Availble at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[36] NESSIE Security Report D20,Version 2.0. Feb,2003. Available at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[37] Japan CRYPTREC website:http ://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[38] J.Daemen. Cipher and Hash Function Design Strategies Based on Linear and Differential Cryptanalysis. Doctoral dissertation, K.U.Leuven, Mar. 1995.
[39] R.Anderson, E.Biham, L.R.Knudsen. Serpent: A Proposal for the Advance Encryption Standard,1998. Available at http://www.cl.cam.ac.uk/~rjal4/serpent.html.
[40] R.L.Rivest, M.J.B.Robshaw, R.Sidney etc. The RC6 Block Cipher. v1.1, Aug, 1998. Available at http://www.rsalabs.com/rc6/.
[41] L.R.Knudsen, W.Meier. Correlations in RC6 with a Reduced Number of Rounds.Proceedings of Fast Software Encryption-FSE'00, B.Schnerer, ed., LNCS 1978, Springer-Verlag, 2000:94-108.
[42] Nippon Telegraph and Telephone Corporation. Specification of E2-A 128-bit Block Cipher. 1999, Available at http://info.isl.ntt.co.jp/e2/.
[43] K.Aoki, T.Ichikawa, M.Kanda, M.Matsui etc. Specification of Camellia- A 128-bit Block Cipher. 2000, available at http://info.isl.ntt.co.jp/camellia/.
[44] M.Kanda, Y. Takashima, T.Matsumoto, K.Aoki. A Strategy for Constructing Fast Round Functions with Practical Security against Differential and Linear Cryptanalysis. Proceedings of Selected Areas in Cryptography-SAC'99.LNCS 1556, Springer-Verlag, 1999:264-279.
[45] M.Kanda. Practical Security Evaluation against Differential and Linear Attacks for Feistel Ciphers with SPN Round Function. Proceedings of Selected Areas in Cryptography-SAC'00,D.R.Stinson etc. ed. LNCS 2012, Springer-Verlag, Aug 2000: 168-179.
[46] X.Lai, J.L.Massey. IDEA, Primitive submitted to NESSIE by R.Straub, MediaCrypt AG, Sept.2000.
[47] E.Biham, A.Biryukov, A.Shamir. Miss in the Middle Attacks on IDEA, Khufu, and Khafre. Proceedings of Fast Software Encryption - FSE'99. L.R.Knudsen ed. LNCS 1636. Springer-Verlag, 1999:124-138.
[48] M.Matsui. New Block Encryption Algorithm MISTY. Proceedings of Fast Software Encryption-FSE' 97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:53-67.
[49] 3GPP, 3rd Generation Partnership Project; Technical Specification Group Services and System Aspeets;3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, 2002. Available at ftp://ftp. 3 gpp .org/specs/latest/Rel-5/35-series/.
[50] H.Handschhuh, D.Naccachie. Shacal-1 and Shacal-2. Primitive submitted to NESSIE by Gemplus, modified version. Available at NESSIE website.
[51] M.J.O.Saariner. Cryptanalysis of Block Ciphers Based on SHA-1 and MD5.Proceedings of Fast Software Encryption-FSE'03. T.Jojansson, ed. 2003. Also available at http://www.tcs.hut.fi/~mjos/shaan.ps.
[52] J.L.Massey. SAFERK-64: A byte-oriented block-ciphering algorithm. Fast Software Encryption. Proc.Cambridge Security Workshop, Combridge, U.K., LNCS809 Springer Verlag, 1994:1-17.
[53] J.L.Massey, G.H.Khachatrian and M.K.Kuregian. Nomination of SAFER+ as Candidate algorithm for the advanced Encryption Standard(AES). Available at http://www.nist.gov/aes.
[54]. J.L.Massey, G.H.Khachatrian and M.K.Kuregian. Nomination of SAFER++ as Candidate algorithm for the new European Schemes for Signatures, Integrity, and Encryption (NESSIE). Available at http://www.cosic.esat.kuleuven.ac.be/nessie/.
[55] A. Biryukov, C. De Canniμere, G. Dellkrantz. Cryptanalysis of Safer++. Advances in Cryptology-CRYPTO'03 Proceedings.
[56] K.Ohkuma, H.Shimizu, F.Sano, S.Kawamura. The Block Cipher Hierocrypt.Proceedings of Selected Areas in Cryptography-SAC'00,D.R.Stinson etc. ed. LNCS 2012, Springer-Verlag, Aug 2000: 72-88.
[57] P.S.L.M.Barreto, V.Rijmen, J.Nakahara, Jr, B.Preneel etc. Improved Square Attacks against Reduced-round Hierocrypt. Proceedings of Fast Software Encryption-FSE'01, M.Matsui,ed., LNCS 2355, Springer-Verlag,2001: 165-173.
[58] P.S.L.M.Barreto, V. Rijmen. The Anubis block cipher. Primitive submitted to NESSIE, Sept. 2000.
[59] P.S.L.M.Barreto, V. Rijmen. The Khazad legacy-level block cipher. Primitive submitted to NESSIE, Sept. 2000.
[60] A.Biryukov. Analysis of involutional ciphers: Khazad and Anubis. Proceedings of Fast Software Encryption-FSE'03. T.Johansson, ed. LNCS, Springer-Verlag, 2003.
[61] Skipjack and KEA Specification. Version 2.0, 29 May 1998. Available at http://csrc.nist.gov/encryption/skipjack-kea.htm.
[62] E.Biham, A.Biryukov, A. Shamir. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. Proceedings of Eurocrypt'99 J. Stern,ed.
LNCS 1592. Springer-Verlag, 1999:12-23.
[63] Seokhie Hong, Jaechul Sung, Sangjin Lee, etc. Provable security for 13 round Skipjack- like structure. Information Processing Letters 82 (5),2002: 243-246.
[64] E.Biham, N. Keller. Cryptanalysis of Reduced Variants of Rijndael. Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr.2000.
[65] J.H.Cheon, M.Kim, K.Kim, J.Y. Lee, S. Kang. Improved Impossible Differential Cryptanalysis of Rijndael and Crypton. Proceedings of ICISC'01. K. Kim, ed. LNCS 2288. Springer-Verlag, 2001:39-49.
[66] S.Lucks. Attacking Seven Rounds of Rijndael Under 192-bit and 256-bit keys. Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr.2000.
[67] N.Ferguson, J.Kelsey, S.Lucks, B.Schneier, M.Stay, D.Wagner, D.Whiting. Improved cryptanalysis of Rijndael. Proceedings of Fast Software Encryption-FSE'00. B.Schneier, ed. LNCS 1978. Springer-Verlag, 2000: 213-230.
[68] H.Gilbert, M.Minier. A Collision Attack on Seven Rounds of Rijndael.Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr. 2000:230-241.
[69] N.Ferguson, R.Schroeppel, D.Whiting. A Simple Algebraic Representationof Rijndael. Proceedings of Selected Areas in Cryptography - SAC'01. S. Vaudenay, A. M. Youssef, eds. LNCS 2259, Springer-Verlag, 2001:103-111.
[70] N.T.Courtois, J.Pieprzyk. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. Available at http://eprint.iacr.org/2002/044/, 2002.
[71] D.Coppersmith. Impact of Courtois and Piepryzk Results. NIST AES Discussion Forum, Sept. 2002. Available at http://www.nist.gov/aes/.
[72] T.Moh. On the Courtois-Pieprzyk's attack on Rijndael. University of San Diego web-site, September 2002. Available from http://www.usdsi.com/aes.html.
[73] S.Murphy, M.J.B.Robshaw. Essential Algebraic Structure within the AES. Advances in Cryptology-CRYPTO 2002. M.Yung, ed. LNCS 2442, Springer-Verlag, Aug. 2002:1-16.
[74] E.Barkan, E.Biham. In How Many Ways Can You Write Rijndael? Proceedings of Asiacrypt'02. Y. Zheng, ed. LNCS 2501, Springer-Verlag, 2002:160-175.
[75] J.Daemen,V.Rijmen. The Design of Rijndael. Information Security and Cryptography. Springer Verlag, 2002.
[76] L.R.Knudsen. Practically Secure Feistel Ciphers. Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:211-221.
[77] M.Luby, C.Racko. How to Construct Pseudorandom Permutations from Pseudorandom functions. SIAM Journal on Computing, 1988(vol.17), no.2: 373-386.
[78] J.L.Massey. "SAFERK-64: One Year Later". Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:212-241.
[79] J.L.Massey. On the optimality of SAFER+ diffusion. Proceedings of the Second AES Candidate Conference, NIST, 1999. Available at http://www.nist.gov/aes.
[80] G.Piret, J.J.Quisquater. Integral cryptanalysis on reduced-round Safer++, Public report, NESSIE, 2003. Available at http://eprint.iacr.org.
[81] L.R.Knudsen. A Key-Schedule Weakness in SAFER K-64. Advances in Cryptology-CRYPTO'95, D.Coppersmith, ed. LNCS 962, Springer-Verlag, 1995: 274-286.
[82] Charles S. Williams. Proposal for a "Tweak" to Cylink's AES Candidate Algorithm SAFER+. Availavle at http://www.nist.gov/aes.
[83] L.R.Knudsen, T.A.Berson. Truncated Differentials of SAFER. Proceedings of Fast Software Encryption-FSE'96, D.Gollmann, ed., LNCS 1039, Springer-Verlag,1996:15-26.
[84] Hongjun Wu,Feng Bao, Robert H. Deng. Improved Truncated Differential Attacks on SAFER. Advances in Cryptology - ASIACRYPT'98, K. Ohta, D. Pei Eds. LNCS 1514, Springer-Verlag, 1998: 133-147.
[85] J.Nakahara Jr, B.Preneel, Joos Vandewalle. Linear Cryptanalysis of Reduced-Round SAFER++. Proceedings of the 2nd NESSIE workshop,2001.Available at http://www.esat.kuleuven.ac.be/~nakahara/.
[86]. X.Lai, J.L.Massey, S.Murphy. Markov ciphers and differential cryptanalysis. Proceedings of Eurocrypt'91, R.A.Rueppel,ed. LNCS 547, Springer-Verlag, 1991:17-38.
[87] K.Nyberg, Linear approximation of block ciphers. Advances in Cryptology-EUROCRYPT'94, AlfredoDe Santis, ed. LNCS950. Springer-Verlag, 1995: 439-444.
[88] K.Nyberg, L.R.Knudsen, Provable security against a differential attack. Journal of Cryptology, 1995,8(1):27-37.
[89] S.Hong, S.Lee, J.Lim, et al. Provable Security against Differential and Linear Cryptanalysis for the SPN Structure. Fast Software Encryption'2000, LNCS 1978. Bruce Schneier, ed. Springer-Verlag, 2000: 273-283.
[90] J S Kang, S Hong, S Lee, Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks. ETRI journal, 2001, 23(4):158-167.
[91] K Ohkuma, H Shimizu F Sano. Security assessment of Hierocrypt and Rijndael against the differential and linear Cryptanalysis. Proceedings of the 2nd NESSIE Workshop,2001,available at http://citeseer.nj.nec.com/ohkuma01 security.html.
[92] K Aoki. Strict evaluation of the maximum average of differential probability and the maximum average of linear probability. IEICE TRANS FUNDAMENTALS. 1997,1:2-8.
[93] K.Nyberg, Differentially uniform mappings for cryptography, Advances in
cryptology, Proceedings Eurocrypt'93, LNCS 765, T.Helleseth, ed. Springer-Verlag,1994:55-64.
[94] J. Nechvatal, E. Barker, L. Bassham, et. al. Report on the development of the advanced encryption standard. Available at : http://csrc.nist.gov/encryption/aes/.
[95] Goce Jakimoski, Ljupco Kocarev. Chaos and Cryptography :Block Encryption Ciphers Based on Chaotic Maps. IEEE Transaction on Circuits and Systems-1:Fundamental Theory and Applications, 2001, 48(2): 163-169.
[96] E.Biham. On Matsui's Linear Cryptanalysis. Advances in Cryptology Eurocrypt'94, LNCS 950, Springer-Verlag. 1995: 341-355.
[97] M.Matsui. On Correlation Between the Order of S-boxes and the Strength of DES.Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:366-375.
[98] 吴文玲,贺也平,一类广义Feistel密码的安全性评估,《电子与信息学报》,V0124(9):1177-1184.
[99] T.Habutsu, Y.Nishiio,I.Sasase etc. A Secret Key Cryptosystem by Iterating a Chaotic Map. Advances in Cryptology- Eurocrypt'91, LNCS 547, Springer-Verlag.1991: 127-140.
[100] E.Biham. Cryptanalysis of the Chaotic-map Cryptosystem Suggested at EUROCRYPT'91. Advances in Cryptology-Eurocrypt'91, LNCS 547, Springer-Verlag. 1991:532-534.
[101] G.Jakimoski, L.Kocarev, Analysis of Some Recently Proposed Chaos-based Encryption Algorithms. Phys. Lett. A 291, 2001:381-384.
[102] M.S.Baaptista. Cryptography with Chaos. Phys.Lett.Vol.240,1998:50-54.
[103] Y.H.Chu,S.Chang. Dynamical Cryptography Based on Symchronized Chaotic Systems. Electron.Lett., Vol 35,1999:974-975.
[104] E.Alvarez, A.Femandez, P.Garcia etc. New Approach to Chaotic Encryption. Phys. Lett. A. 1999:373-375.
[105] S.Wolfram. Cryptography with Cellular Automata. Hugh.C.Williams Ed. Advances in Cryptology' 85,Santa Barbara.California:Springer, 1986:429-432.
[106] P.Guan. Cellular Automaton Public-Key Systems. Complex System,1987,1:51-57.
[107] S.Nandi, B.K.Kar, P.P.Chaudhuri. Theory and Application of Cellular Automata in Cryptograph. IEEE Trans.Computers, 1994, 43 (12): 1346-1357.
[108] Subhayan Sen, Chandrama Shaw. Cellular Automata Based Cryptosystem (CAC). In: R.Deng eds. Information And Communications Security. Berlin:Springer Verlag, LNCS 2513,2002:303-314..
[109] Comments on "Theory and Applications of Cellular Automata in Cryptography", S.R. Blackburn, S. Murphy, K.G. Paterson. IEEE Transactions on Computers, 1997,46(5):637-638.
[2] W.Diffie, M.E.Hellman. "New Directions in Cryptograhy." IEEE Transactions on Information Theory, 1976(vol.IT-22),No.6: 644-654.
[3] NBS. "Data Encryption Standard." FIPS PUB 46, National Bureau of Standards, Washington,D.C. (Jan. 1977).
[4] R.L.Rivest, A.Shamir, L.M.Adleman. "A Method for Obtaining Digital Signatures and Pulic-key Cryptosystems." Communications of the ACM, 1978(vol.21): 120-126.
[5] S.Goldwasser, M.Bellare. "Lecture Notes on Cryptography." Available at http://www-cse. ucsd. edu/users/mihir/papers/gb.html.
[6] L.R.Kudsen. "Contemporary Block Ciphers." Lectures on Data Security, Modem Cryptology in Theory and Practice, LNCS Tutorial 1561, I.B.Damgard, ed., Springer-Verlag, 1999:105-126. Also available at http://www.ii.uib.no/~larsr/papers/ survey98.ps.
[7] E.Biham, A.Shamir. "Differential Cryptanalysis of DES-like Cryptosystems." Journal of Cryptology, 1991(vol.4)Nol : 3-72.
[8] M.Matsui. "Linear Cryptanalysis Method for DES Cipher." Advances in Cryptology-EUROCRYPT'93 Proceedings, Springer-Verlag, 1994:386-397.
[9] X.Lai. "Higher Order Derivations and Differential Cryptanalysis." Proceedings of Symposium on Communication, Coding and Cryptography, Feb. 10-13,1994, Monte-Verita, Ascona, Switzerland.
[10] L.R.Knudsen. "Truncated and Higher Order Differentials." Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:196-211.
[11] L.R.Knudsen. "DEAL-A 128-bit Block Cipher." Technical report 151,Dept.of Informatics, University of Bergen, Norway,1998. Also available at http://www.nist. gov/aes.
[12] E.Biham, A.Biryukov, A.Shamir. "Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials." Proceedings of Eurocrypt'99, J.Stem, ed., LNCS 1592, Springer-Verlag, 1999:12-23. Also available at http://www. cryptography.com.
[13] B.S.Kaliski, Jr., M.J.B.Robshaw. "Linear Cryptanalysis Using Multiple Approximations." Advances in Cryptology-CRYPTO'94 Proceedings, Y.Desmedt,ed., LNCS 839, Springer-Verlag, 1994:26-39.
[14] B.S.Kaliski, Jr., M.J.B.Robshaw. "Linear Cryptanalysis Using Multiple Approximations and FEAL." Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:249-264.
[15] L.R.Knudsen, M.J.B.Robshaw. "Non-linear Approximations in Linear Cryptanalysis." Proceedings of Eurocrypt'96, U,Maurer, ed., LNCS 1070, Springer- Verlag, 1996:224-236.
[16] C.Harpes, J.L.Massey. "Partitioning Cryptanalysis." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:13-27.
[17] S.K.Langford, M.E.Hellman. "Differential-Linear Cryptanalysis." Proceedings of Crypto'94, Y.Desmedt,ed., LNCS 839, Springer-Verlag, 1994:17-26.
[18] E.Biham, O.Dunkelman, N.Keller. "Enhancing Differential-linear Cryptanalysis." Proceedings of Asiacrypt'02, Y.Zheng,ed., LNCS 2501, Springer-Verlag, 2002:254-266.
[19] E.Biham, N.Keller, O.Dunkelman. "Differential-linear Cryptanalysis of Serpent." Proceedings of Fast Software Encryption-FSE'03, T.Johansson,ed., Springer-Verlag.
[20] T.Jakobsen. "The Interpolation Attack on Block Cipher." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:28-40.
[21] E.Biham. "New Types of Cryptanalytic Attacks Using Related Keys." Journal of Cryptology, 1994(vol.7), No.4:229-246.
[22] L.R.Knudsen, D.Wagner. "Integral Cryptanalysis." Proceedings of Fast Software Encryption-FSE'02, J.Daemen and V.Rijmen, ed., LNCS 2356, Springer-Verlag, 2002:112-127.
[23] A.Biryukov, A.Shamir. "Structural Cryptanalysis of SASAS." Proceedings of Eurocrypt'01, B.Pfitzmann, ed., LNCS 2045, Springer-Verlag, 2001:394-405.
[24] J.Daemen, L.R.Knudsen, V.Rijmen. "The block cipher Square." Proceedings of Fast Software Encryption-FSE'97, E.Biham,ed., LNCS 1267,Springer-Verlag,1997: 149-165.
[25] S.Lucks, "The Saturation Attack-a Bait for Twofish." Proceedings of Fast Software Encryption-FSE'01, M.Matsui,ed., LNCS 2355, Springer-Verlag,2001: 1-15.
[26] N.T.Courtois, J.Pieprzyk. "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations." Available at http://eprint.iacr.org/2002/044/, 2002.
[27] S.Murphy, M.J.B.Robshaw. "Essential Algebraic Structure within the AES." Proceedings of Crypto'02, M.Yung,ed., LNCS 2442, Springer-Verlag,2002: 1-16.
[28] S.Murphy, M.J.B.Robshaw. "Comments on the Security of the AES and the XSL Technique." Electronic Letters, 2003(vol.39), No. 1:36-38.
[29] T.Moh. "On the Courtois-Pieprzyk's Attack on Rijndael." University of San Diego Web-Site, Sept.2002. Available at http://www.usdsi.com/aes.html.
[30] D.Coppersmith. "Impact .of Courtois and Pieprzyk Results." NIST AES Discussion Forum, Sept.2002. Available at http://www.nist.gov/aes/.
[31] AES website: http://www.nist.gov/aes.
[32] National Institute of Standards and Technology. Advanced Encryption Standard.FIPS 197.26 November 2001.
[33] NESSIE website: https://www.cosic.esat.kuleuven.ac.be/nessie/.
[34] NESSIE Phase I: Selection of Primitives, Sep,2001. Available at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[35] Portfolio of Recommended Cryptographic Primitives. Feb,2003. Availble at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[36] NESSIE Security Report D20,Version 2.0. Feb,2003. Available at https://www.cosic.esat.kuleuven.ac.be/nessie/.
[37] Japan CRYPTREC website:http ://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[38] J.Daemen. Cipher and Hash Function Design Strategies Based on Linear and Differential Cryptanalysis. Doctoral dissertation, K.U.Leuven, Mar. 1995.
[39] R.Anderson, E.Biham, L.R.Knudsen. Serpent: A Proposal for the Advance Encryption Standard,1998. Available at http://www.cl.cam.ac.uk/~rjal4/serpent.html.
[40] R.L.Rivest, M.J.B.Robshaw, R.Sidney etc. The RC6 Block Cipher. v1.1, Aug, 1998. Available at http://www.rsalabs.com/rc6/.
[41] L.R.Knudsen, W.Meier. Correlations in RC6 with a Reduced Number of Rounds.Proceedings of Fast Software Encryption-FSE'00, B.Schnerer, ed., LNCS 1978, Springer-Verlag, 2000:94-108.
[42] Nippon Telegraph and Telephone Corporation. Specification of E2-A 128-bit Block Cipher. 1999, Available at http://info.isl.ntt.co.jp/e2/.
[43] K.Aoki, T.Ichikawa, M.Kanda, M.Matsui etc. Specification of Camellia- A 128-bit Block Cipher. 2000, available at http://info.isl.ntt.co.jp/camellia/.
[44] M.Kanda, Y. Takashima, T.Matsumoto, K.Aoki. A Strategy for Constructing Fast Round Functions with Practical Security against Differential and Linear Cryptanalysis. Proceedings of Selected Areas in Cryptography-SAC'99.LNCS 1556, Springer-Verlag, 1999:264-279.
[45] M.Kanda. Practical Security Evaluation against Differential and Linear Attacks for Feistel Ciphers with SPN Round Function. Proceedings of Selected Areas in Cryptography-SAC'00,D.R.Stinson etc. ed. LNCS 2012, Springer-Verlag, Aug 2000: 168-179.
[46] X.Lai, J.L.Massey. IDEA, Primitive submitted to NESSIE by R.Straub, MediaCrypt AG, Sept.2000.
[47] E.Biham, A.Biryukov, A.Shamir. Miss in the Middle Attacks on IDEA, Khufu, and Khafre. Proceedings of Fast Software Encryption - FSE'99. L.R.Knudsen ed. LNCS 1636. Springer-Verlag, 1999:124-138.
[48] M.Matsui. New Block Encryption Algorithm MISTY. Proceedings of Fast Software Encryption-FSE' 97, E.Biham,ed., LNCS 1267,Springer-Verlag, 1997:53-67.
[49] 3GPP, 3rd Generation Partnership Project; Technical Specification Group Services and System Aspeets;3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, 2002. Available at ftp://ftp. 3 gpp .org/specs/latest/Rel-5/35-series/.
[50] H.Handschhuh, D.Naccachie. Shacal-1 and Shacal-2. Primitive submitted to NESSIE by Gemplus, modified version. Available at NESSIE website.
[51] M.J.O.Saariner. Cryptanalysis of Block Ciphers Based on SHA-1 and MD5.Proceedings of Fast Software Encryption-FSE'03. T.Jojansson, ed. 2003. Also available at http://www.tcs.hut.fi/~mjos/shaan.ps.
[52] J.L.Massey. SAFERK-64: A byte-oriented block-ciphering algorithm. Fast Software Encryption. Proc.Cambridge Security Workshop, Combridge, U.K., LNCS809 Springer Verlag, 1994:1-17.
[53] J.L.Massey, G.H.Khachatrian and M.K.Kuregian. Nomination of SAFER+ as Candidate algorithm for the advanced Encryption Standard(AES). Available at http://www.nist.gov/aes.
[54]. J.L.Massey, G.H.Khachatrian and M.K.Kuregian. Nomination of SAFER++ as Candidate algorithm for the new European Schemes for Signatures, Integrity, and Encryption (NESSIE). Available at http://www.cosic.esat.kuleuven.ac.be/nessie/.
[55] A. Biryukov, C. De Canniμere, G. Dellkrantz. Cryptanalysis of Safer++. Advances in Cryptology-CRYPTO'03 Proceedings.
[56] K.Ohkuma, H.Shimizu, F.Sano, S.Kawamura. The Block Cipher Hierocrypt.Proceedings of Selected Areas in Cryptography-SAC'00,D.R.Stinson etc. ed. LNCS 2012, Springer-Verlag, Aug 2000: 72-88.
[57] P.S.L.M.Barreto, V.Rijmen, J.Nakahara, Jr, B.Preneel etc. Improved Square Attacks against Reduced-round Hierocrypt. Proceedings of Fast Software Encryption-FSE'01, M.Matsui,ed., LNCS 2355, Springer-Verlag,2001: 165-173.
[58] P.S.L.M.Barreto, V. Rijmen. The Anubis block cipher. Primitive submitted to NESSIE, Sept. 2000.
[59] P.S.L.M.Barreto, V. Rijmen. The Khazad legacy-level block cipher. Primitive submitted to NESSIE, Sept. 2000.
[60] A.Biryukov. Analysis of involutional ciphers: Khazad and Anubis. Proceedings of Fast Software Encryption-FSE'03. T.Johansson, ed. LNCS, Springer-Verlag, 2003.
[61] Skipjack and KEA Specification. Version 2.0, 29 May 1998. Available at http://csrc.nist.gov/encryption/skipjack-kea.htm.
[62] E.Biham, A.Biryukov, A. Shamir. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. Proceedings of Eurocrypt'99 J. Stern,ed.
LNCS 1592. Springer-Verlag, 1999:12-23.
[63] Seokhie Hong, Jaechul Sung, Sangjin Lee, etc. Provable security for 13 round Skipjack- like structure. Information Processing Letters 82 (5),2002: 243-246.
[64] E.Biham, N. Keller. Cryptanalysis of Reduced Variants of Rijndael. Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr.2000.
[65] J.H.Cheon, M.Kim, K.Kim, J.Y. Lee, S. Kang. Improved Impossible Differential Cryptanalysis of Rijndael and Crypton. Proceedings of ICISC'01. K. Kim, ed. LNCS 2288. Springer-Verlag, 2001:39-49.
[66] S.Lucks. Attacking Seven Rounds of Rijndael Under 192-bit and 256-bit keys. Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr.2000.
[67] N.Ferguson, J.Kelsey, S.Lucks, B.Schneier, M.Stay, D.Wagner, D.Whiting. Improved cryptanalysis of Rijndael. Proceedings of Fast Software Encryption-FSE'00. B.Schneier, ed. LNCS 1978. Springer-Verlag, 2000: 213-230.
[68] H.Gilbert, M.Minier. A Collision Attack on Seven Rounds of Rijndael.Proceedings of the Third Advanced Encryption Standard Conference, NIST, Apr. 2000:230-241.
[69] N.Ferguson, R.Schroeppel, D.Whiting. A Simple Algebraic Representationof Rijndael. Proceedings of Selected Areas in Cryptography - SAC'01. S. Vaudenay, A. M. Youssef, eds. LNCS 2259, Springer-Verlag, 2001:103-111.
[70] N.T.Courtois, J.Pieprzyk. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. Available at http://eprint.iacr.org/2002/044/, 2002.
[71] D.Coppersmith. Impact of Courtois and Piepryzk Results. NIST AES Discussion Forum, Sept. 2002. Available at http://www.nist.gov/aes/.
[72] T.Moh. On the Courtois-Pieprzyk's attack on Rijndael. University of San Diego web-site, September 2002. Available from http://www.usdsi.com/aes.html.
[73] S.Murphy, M.J.B.Robshaw. Essential Algebraic Structure within the AES. Advances in Cryptology-CRYPTO 2002. M.Yung, ed. LNCS 2442, Springer-Verlag, Aug. 2002:1-16.
[74] E.Barkan, E.Biham. In How Many Ways Can You Write Rijndael? Proceedings of Asiacrypt'02. Y. Zheng, ed. LNCS 2501, Springer-Verlag, 2002:160-175.
[75] J.Daemen,V.Rijmen. The Design of Rijndael. Information Security and Cryptography. Springer Verlag, 2002.
[76] L.R.Knudsen. Practically Secure Feistel Ciphers. Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:211-221.
[77] M.Luby, C.Racko. How to Construct Pseudorandom Permutations from Pseudorandom functions. SIAM Journal on Computing, 1988(vol.17), no.2: 373-386.
[78] J.L.Massey. "SAFERK-64: One Year Later". Proceedings of Fast Software Encryption-FSE'94, B.Preneel, ed., LNCS 1008, Springer-Verlag, 1995:212-241.
[79] J.L.Massey. On the optimality of SAFER+ diffusion. Proceedings of the Second AES Candidate Conference, NIST, 1999. Available at http://www.nist.gov/aes.
[80] G.Piret, J.J.Quisquater. Integral cryptanalysis on reduced-round Safer++, Public report, NESSIE, 2003. Available at http://eprint.iacr.org.
[81] L.R.Knudsen. A Key-Schedule Weakness in SAFER K-64. Advances in Cryptology-CRYPTO'95, D.Coppersmith, ed. LNCS 962, Springer-Verlag, 1995: 274-286.
[82] Charles S. Williams. Proposal for a "Tweak" to Cylink's AES Candidate Algorithm SAFER+. Availavle at http://www.nist.gov/aes.
[83] L.R.Knudsen, T.A.Berson. Truncated Differentials of SAFER. Proceedings of Fast Software Encryption-FSE'96, D.Gollmann, ed., LNCS 1039, Springer-Verlag,1996:15-26.
[84] Hongjun Wu,Feng Bao, Robert H. Deng. Improved Truncated Differential Attacks on SAFER. Advances in Cryptology - ASIACRYPT'98, K. Ohta, D. Pei Eds. LNCS 1514, Springer-Verlag, 1998: 133-147.
[85] J.Nakahara Jr, B.Preneel, Joos Vandewalle. Linear Cryptanalysis of Reduced-Round SAFER++. Proceedings of the 2nd NESSIE workshop,2001.Available at http://www.esat.kuleuven.ac.be/~nakahara/.
[86]. X.Lai, J.L.Massey, S.Murphy. Markov ciphers and differential cryptanalysis. Proceedings of Eurocrypt'91, R.A.Rueppel,ed. LNCS 547, Springer-Verlag, 1991:17-38.
[87] K.Nyberg, Linear approximation of block ciphers. Advances in Cryptology-EUROCRYPT'94, AlfredoDe Santis, ed. LNCS950. Springer-Verlag, 1995: 439-444.
[88] K.Nyberg, L.R.Knudsen, Provable security against a differential attack. Journal of Cryptology, 1995,8(1):27-37.
[89] S.Hong, S.Lee, J.Lim, et al. Provable Security against Differential and Linear Cryptanalysis for the SPN Structure. Fast Software Encryption'2000, LNCS 1978. Bruce Schneier, ed. Springer-Verlag, 2000: 273-283.
[90] J S Kang, S Hong, S Lee, Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks. ETRI journal, 2001, 23(4):158-167.
[91] K Ohkuma, H Shimizu F Sano. Security assessment of Hierocrypt and Rijndael against the differential and linear Cryptanalysis. Proceedings of the 2nd NESSIE Workshop,2001,available at http://citeseer.nj.nec.com/ohkuma01 security.html.
[92] K Aoki. Strict evaluation of the maximum average of differential probability and the maximum average of linear probability. IEICE TRANS FUNDAMENTALS. 1997,1:2-8.
[93] K.Nyberg, Differentially uniform mappings for cryptography, Advances in
cryptology, Proceedings Eurocrypt'93, LNCS 765, T.Helleseth, ed. Springer-Verlag,1994:55-64.
[94] J. Nechvatal, E. Barker, L. Bassham, et. al. Report on the development of the advanced encryption standard. Available at : http://csrc.nist.gov/encryption/aes/.
[95] Goce Jakimoski, Ljupco Kocarev. Chaos and Cryptography :Block Encryption Ciphers Based on Chaotic Maps. IEEE Transaction on Circuits and Systems-1:Fundamental Theory and Applications, 2001, 48(2): 163-169.
[96] E.Biham. On Matsui's Linear Cryptanalysis. Advances in Cryptology Eurocrypt'94, LNCS 950, Springer-Verlag. 1995: 341-355.
[97] M.Matsui. On Correlation Between the Order of S-boxes and the Strength of DES.Advances in Cryptology-Eurocrypt'94, LNCS 950, Springer-Verlag, 1995:366-375.
[98] 吴文玲,贺也平,一类广义Feistel密码的安全性评估,《电子与信息学报》,V0124(9):1177-1184.
[99] T.Habutsu, Y.Nishiio,I.Sasase etc. A Secret Key Cryptosystem by Iterating a Chaotic Map. Advances in Cryptology- Eurocrypt'91, LNCS 547, Springer-Verlag.1991: 127-140.
[100] E.Biham. Cryptanalysis of the Chaotic-map Cryptosystem Suggested at EUROCRYPT'91. Advances in Cryptology-Eurocrypt'91, LNCS 547, Springer-Verlag. 1991:532-534.
[101] G.Jakimoski, L.Kocarev, Analysis of Some Recently Proposed Chaos-based Encryption Algorithms. Phys. Lett. A 291, 2001:381-384.
[102] M.S.Baaptista. Cryptography with Chaos. Phys.Lett.Vol.240,1998:50-54.
[103] Y.H.Chu,S.Chang. Dynamical Cryptography Based on Symchronized Chaotic Systems. Electron.Lett., Vol 35,1999:974-975.
[104] E.Alvarez, A.Femandez, P.Garcia etc. New Approach to Chaotic Encryption. Phys. Lett. A. 1999:373-375.
[105] S.Wolfram. Cryptography with Cellular Automata. Hugh.C.Williams Ed. Advances in Cryptology' 85,Santa Barbara.California:Springer, 1986:429-432.
[106] P.Guan. Cellular Automaton Public-Key Systems. Complex System,1987,1:51-57.
[107] S.Nandi, B.K.Kar, P.P.Chaudhuri. Theory and Application of Cellular Automata in Cryptograph. IEEE Trans.Computers, 1994, 43 (12): 1346-1357.
[108] Subhayan Sen, Chandrama Shaw. Cellular Automata Based Cryptosystem (CAC). In: R.Deng eds. Information And Communications Security. Berlin:Springer Verlag, LNCS 2513,2002:303-314..
[109] Comments on "Theory and Applications of Cellular Automata in Cryptography", S.R. Blackburn, S. Murphy, K.G. Paterson. IEEE Transactions on Computers, 1997,46(5):637-638.