首页
社区
课程
招聘
[邀请码已发]本人在eprint上发表的论文
发表于: 2009-12-13 12:16 10239

[邀请码已发]本人在eprint上发表的论文

2009-12-13 12:16
10239
【分享】(向moonife 求邀请码)本人在eprint上发表的论文
第一篇:
“Cache Timing Attacks on Camellia Block Cipher ”

      网页链接 http://eprint.iacr.org/2009/354

      PDF链接 http://eprint.iacr.org/2009/354.pdf

Cryptology ePrint Archive: Report 2009/354
Cache Timing Attacks on Camellia Block Cipher

ZHAO Xin-jie and WANG Tao and ZHENG Yuan-yuan

Abstract: Camellia, as the final winner of 128-bit block cipher in NESSIE, is the most secure block cipher of the world. In 2003, Tsunoo proposed a Cache Attack using a timing of CPU cache, successfully recovered Camellia-128 key within 228 plaintexts and 35 minutes. In 2004, IKEDA YOSHITAKA made some further improvements on Tsunoo’s attacks, recovered Camellia-128 key within 221.4 plaintexts and 22 minutes. All of their attacks are belonged to timing driven Cache attacks, our research shows that, due to its frequent S-box lookup operations, Camellia is also quite vulnerable to access driven Cache timing attacks, and it is much more effective than timing driven Cache attacks. Firstly, we provide a general analysis model for symmetric ciphers using S-box based on access driven Cache timing attacks, point out that the F function of the Camellia can leak information about the result of encryption key XORed with expand-key, and the left circular rotating operation of the key schedule in Camellia has serious designing problem. Next, we present several attacks on Camellia-128/192/256 with and without FL/FL-1. Experiment results demonstrate: 500 random plaintexts are enough to recover full Camellia-128 key; 900 random plaintexts are enough to recover full Camellia-192/256 key; also, our attacks can be expanded to known ciphertext conditions by attacking the Camellia decryption procedure; besides, our attacks are quite easy to be expanded to remote scenarios, 3000 random plaintexts are enough to recover full encryption key of Camellia-128/192/256 in both local and campus networks. Finally, we discuss the reason why Camellia is weak in this type of attack, and provide some advices to cipher designers for hardening ciphers against cache timing attacks.

Category / Keywords: Camellia-128/192/256; block cipher; access driven; Cache timing attack; side channel attack; remote attack; F function; S-box lookup index; left circular rotating operation; key schedule; known ciphertext

第二篇:

“An Improved Differential Fault Attack on Camellia”

      网页链接 http://eprint.iacr.org/2009/585

      PDF链接 http://eprint.iacr.org/2009/585.pdf

   

Cryptology ePrint Archive: Report 2009/585
An Improved Differential Fault Attack on Camellia

ZHAO Xin-jie, WANG Tao

Abstract: The S-box lookup is one of the most important operations in cipher algorithm design, and also is the most effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies an active fault based implementation attack on block ciphers with S-box. Firstly, it proposes the basic DFA model and then presents two DFA models for Feistel and SPN structure block ciphers. Secondly, based on the Feistel DFA model, it presents several improved attacks on Camellia encryption and proposes new attacks on Camellia key schedule. By injecting one byte random fault into the r-1th round left register or the the r-1th round key, after solving 8 equations to recover 5 or 6 propagated differential fault of the rth round left register, 5 or 6 bytes of the rth equivalent subkey can be recovered at one time. Simulation experiments demonstrate that about 16 faulty ciphertexts are enough to obtain Camellia-128 key, and about 32, 24 ciphertexts are required to obtain both Camellia-192/256 key with and without FL/FL-1 layer respectively. Compared with the previous study by ZHOU Yongbin et. al. by injecting one byte fault into the rth round left register to recover 1 equivalent subkey byte and obtaining Camellia-128 and Camellia-192/256 with 64 and 96 faulty ciphertexts respectively, our attacks not only extend the fault location, but also improve the fault injection efficiency and decrease the faulty ciphertexts number, besides, our DFA model on Camellia encryption can be easily extended to DFA on Camellia key schedule case, while ZHOU’s can not. The attack model proposed in this paper can be adapted into most of the block ciphers with S-boxes. Finally, the contradictions between traditional cryptography and implementation attacks are analyzed, the state of the art and future directions of the DFA on Block ciphers with S-boxes are discussed.

  Category / Keywords: Implementation attack; Differential fault analysis; S-box lookup; Feistel structure; SPN structure; Camellia; Block cipher;Key schedule

欢迎交流。
email:zhaoxinjieem@163.com

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (13)
雪    币: 48
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
2
这位兄弟英文真强,
2009-12-13 19:44
0
雪    币: 234
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
不但是点将贴,而且是跨区点将贴
2009-12-13 19:51
0
雪    币: 1708
活跃值: (586)
能力值: ( LV15,RANK:670 )
在线值:
发帖
回帖
粉丝
4
你在别的区上发表论文,跟要看雪的邀请有何相干?
要是转内容过来,还可以理解。
兄弟,要理智点。不要冲动,切勿急功近利,违反论坛规则得不偿失
2009-12-13 19:55
0
雪    币: 433
活跃值: (1870)
能力值: ( LV17,RANK:1820 )
在线值:
发帖
回帖
粉丝
5
建议楼主把文章发到看雪上,若设为精华,自己就有邀请码拿了
2009-12-13 20:01
0
雪    币: 13
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
看雪新手发不了,只能在这发了…
2009-12-13 23:13
0
雪    币: 2096
活跃值: (100)
能力值: (RANK:420 )
在线值:
发帖
回帖
粉丝
7
1) 恭喜您很有勇氣及決心將文章投稿在 Eprint,請問 354585 目前有無獲得回應!?

2)
請問貴大作的 "Cache Timing Attacks on Camellia Block Cipher " 是否比【分享】Camellia Topics. 裡的攻擊法還要更有效率!?
雖然兩種攻擊方法不同,綜合評估哪一個為佳!? (譬如 時間成本, 方法複雜度,...,攻擊技巧)

3)
在網路上有一網址 http://www.sciencetimes.com.cn/blog/user_content.aspx?id=275574,裡面提到內容如下:
国际密码协会在线平台Eprint 发表第二篇文章:An Improved Differential Fault Attack on Camellia

昨天很高兴,上午我今年5月份投到软件学报的文章被录用了,中午我投到国际密码协会在线平台Eprint 的第二篇文章也被录用了!

现将eprint上第二篇文章链接和摘要贴出来,与大家分享!

“An Improved Differential Fault Attack on Camellia”

网页链接 http://eprint.iacr.org/2009/585

PDF链接 http://eprint.iacr.org/2009/585.pdf

想必與論文作者有密切關係!?
其實,ePrint 並沒有什麼嚴格的審核機制,只要不是離譜的文章,上傳文章不是件難事。
但是,由3)裡所指出網址內容來看,是否將一單純事件給誇大否!?

4)
本人沒有權利也沒有邀請碼可發送,如您需要邀請碼,請耐心等候『新人交流投稿』 版主 moonife  的發送;若您有迫切需要,可留言向壇主 Kanxue 直接反應及索取。

5)
建議上傳的論文,先排好版面,及文法可能要再仔細檢查,如此才不會有反效果。
最後期待貴大作能獲得廣大響應,並將其轉投至其他期刊。
2009-12-14 08:31
0
雪    币: 6
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
你在说什么?
2009-12-14 08:55
0
雪    币: 13
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
感谢rockinuk,我是两篇文章第一作者,已投期刊。
2009-12-14 13:32
0
雪    币: 13
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
1)  谢谢rockinuk的关注,354 和 585已经获得MIT实验室 Eran Tromer,印度科技大学教授Debdeep Mukhopadhyay等人的关注,意见都很好。
2)  "Cache Timing Attacks on Camellia Block Cipher " 和“A simple power analysis attack against the key schedule of the Camellia block cipher”攻击方法不同,各有优点,Cache攻击主要针对软件,可以进行远程攻击,而能量攻击则只能在物理上可接触的硬件平台上实现,我们的Cache攻击几秒钟就可以拿到密钥,比能量分析效率应该高些,样本量也很小,具体可见文章内容。
3) 在網路上有一網址 http://www.sciencetimes.com.cn/blog/user_content.aspx?id=275574,本人就是第一作者,另外所有描述都是属实的,没有夸大其词。至于Eprint文章水平怎么样,这个大家各有各的说法。
4) 呵呵,关于邀请码的问题,我是想有的时候到这里和大家交流方便需要,时间呢并不着急。在此也希望版主moonife 或Kanxue 能够授予邀请码给我。
5) 上传论文,只是交流稿,因英文功底有限,语法问题,老兄如有高见,欢迎指教。
6) 论文已经投送到期刊上,Cache攻击论文2个月后被计算机学报录用,另一篇还在审,欢迎讨论和交流。
我的email是zhaoxinjieem@163.com
2009-12-14 19:13
0
雪    币: 2096
活跃值: (100)
能力值: (RANK:420 )
在线值:
发帖
回帖
粉丝
11
想你誤解我的意思。
我的原意是指「ePrint 並不像期刊一樣,會有專人幫你審論文,你上傳的文章,若有人有興趣就會提供一些寶貴的意見,而期刊就只有拒絕或是接受兩種模式,ePrint 做法並沒有要求原作者撤稿。還有,我並沒有提及ePrint 水平怎麼樣。」

最後預祝貴作品能在期刊中嶄露頭角。
2009-12-15 01:00
0
雪    币: 13
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
呵呵,谢谢rockinuk关心。我还在改进
2009-12-15 01:15
0
雪    币: 2096
活跃值: (100)
能力值: (RANK:420 )
在线值:
发帖
回帖
粉丝
13
方便的話,是否可以將這些專家所提供的意見,提供出來讓大家拜讀一下。
謝謝。
2009-12-18 18:35
0
雪    币: 13
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
14
1 Eran Tromer对我们另一篇软件学报的AESCache计时攻击论文中,第一轮AES攻击,由于查找表和Cache组映射关系的不对齐性,500个样本即可恢复完整密钥感到神奇,他们也验证并分析了这个问题。

2 Debdeep Mukhopadhyay和我们主要讨论了故障分析通用模型的问题。
2009-12-19 07:57
0
游客
登录 | 注册 方可回帖
返回
//