IET Information Security最新文献

{"title":"An optimisation for a two-round good-case latency protocol","authors":"Kexin Hu,&nbsp;Zhenfeng Zhang,&nbsp;Kaiwen Guo,&nbsp;Weiyu Jiang,&nbsp;Xiaoman Li,&nbsp;Jiang Han","doi":"10.1049/ise2.12123","DOIUrl":"https://doi.org/10.1049/ise2.12123","url":null,"abstract":"<p>Byzantine broadcast is a fundamental primitive in distributed computing. A highly efficient Byzantine broadcast protocol, motivated by the real-world performance of practical state machine replication protocols, is increasingly needed. This article focuses on the state-of-the-art partially synchronous Byzantine broadcast protocol proposed by Abraham et al. (PODC’21), which achieves optimal good-case latency of two rounds and optimal resilience of <i>n</i> ≥ 5<i>f</i> − 1 in this setting. Each step of the protocol is analysed, and then improved by cutting down the number of messages required to be collected and transmitted <i>in the heaviest step</i> of the protocol <i>by about half</i>, without adding any extra cost. This benefits from a new property, named “spread”, that we identify and extract from the original protocol. It helps us to eliminate non-essential work in its view-change procedure. The authors also show that no further reduction is possible without violating security. A prototype is implemented and the performances of improved and original protocols are evaluated in the same environment. The results show that our improvement can achieve about 50% lower communication cost and 40% shorter latency at a scale of 100 replicas. The latency gap becomes wider as the scale further increases.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"664-680"},"PeriodicalIF":1.4,"publicationDate":"2023-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12123","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50131632","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Search framework for neutral bits and boomerangs in SHA-1 collision attacks","authors":"Degang Li,&nbsp;Yang Yang,&nbsp;Guang Zeng","doi":"10.1049/ise2.12122","DOIUrl":"https://doi.org/10.1049/ise2.12122","url":null,"abstract":"<p>Neutral bits and boomerangs are key techniques for accelerating collision search in SHA-1 attacks. The current acceleration techniques for SHA-1 near-collision attacks are reviewed and a generic search framework for neutral bits and boomerangs is presented. The framework can efficiently construct auxiliary paths for a given differential path and message bit relations and find and store ideal boomerangs. The framework was applied to free-start attacks for 76-step SHA-1, and the complexity was reduced from <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>50.25</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{50.25}$</annotation>\u0000 </semantics></math> to <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>47.9</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{47.9}$</annotation>\u0000 </semantics></math>. Relaxing the boomerang's restrictions on message words, the authors propose an accelerating technique termed semi-boomerangs, combined with the search framework of boomerangs, which increases the speed of collision search by 3.48 times in a free-start attack for 80-step SHA-1 and the complexity for 80-step attack was reduced from <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>57.5</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{57.5}$</annotation>\u0000 </semantics></math> to <math>\u0000 <semantics>\u0000 <mrow>\u0000 <msup>\u0000 <mn>2</mn>\u0000 <mn>55.7</mn>\u0000 </msup>\u0000 </mrow>\u0000 <annotation> ${2}^{55.7}$</annotation>\u0000 </semantics></math>.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"647-663"},"PeriodicalIF":1.4,"publicationDate":"2023-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12122","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50124897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploiting statistical effective fault attack in a blind setting","authors":"Navid Vafaei,&nbsp;Hadi Soleimany,&nbsp;Nasour Bagheri","doi":"10.1049/ise2.12121","DOIUrl":"https://doi.org/10.1049/ise2.12121","url":null,"abstract":"<p>In order to obtain the secret key, the majority of physical attacks require knowledge of the plaintext or ciphertext, which may be unavailable or cannot be exploited. Blind attacks are introduced to do key recovery in circumstances where the adversary has no direct access to plaintext and ciphertext. A combination of fault and power attacks can circumvent typical countermeasures in this setting, for example, Fault Template Attack (FTA). However, FTA relies on bit fault injection, which is difficult to implement in practice. The SIFA-blind, a framework for executing the Statistical Ineffective Fault Attack, is more flexible, but sensitivity to setup noise and missed faults is its main drawback. To address this deficiency, we suggest two ways to use Statistical Effective Fault Attack in a blind setting that are much less affected by missed faults and noise when measuring power traces, even though they do not use fault injection at the bit level. In order to demonstrate the viability and adaptability of our proposed attacks, we injected a fault via glitch frequency onto the ChipWhisperer board. While SEFA-blind does not need a bit-level fault, our results demonstrate that it is better than SIFA-blind when the number of missed faults increases.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"639-646"},"PeriodicalIF":1.4,"publicationDate":"2023-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12121","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50141900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Revisit two memoryless state-recovery cryptanalysis methods on A5/1","authors":"Yanbin Xu,&nbsp;Yonglin Hao,&nbsp;Mingxing Wang","doi":"10.1049/ise2.12120","DOIUrl":"https://doi.org/10.1049/ise2.12120","url":null,"abstract":"&lt;p&gt;At ASIACRYPT 2019, Zhang proposed a near collision attack on A5/1 claiming to recover the 64-bit A5/1 state with a time complexity around 2&lt;sup&gt;32&lt;/sup&gt; cipher ticks with negligible memory requirements. Soon after its proposal, Zhang's near collision attack was severely challenged by Derbez et al. who claimed that Zhang's attack cannot have a time complexity lower than Golic's memoryless guess-and-determine attack dating back to EUROCRYPT 1997. In this article, both the guess-and-determine and the near collision attacks for recovering A5/1 states with negligible memory complexities are studied. Firstly, a new guessing technique called the &lt;i&gt;move guessing technique&lt;/i&gt; that can construct linear equation filters in a more efficient manner is proposed. Such a technique can be applied to both guess-and-determine and collision attacks for efficiency improvements. Secondly, the filtering strength of the linear equation systems is taken into account for complexity analysis. Such filtering strength are evaluated with practical experiments making the complexities more convincing. Based on such new techniques, the authors are able to give 2 new guess-and-determine attacks on A5/1: the 1st attack recovers the internal state &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;0&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{0}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with time complexity 2&lt;sup&gt;43.92&lt;/sup&gt;; the 2nd one recovers a different state &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;1&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{1}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with complexity 2&lt;sup&gt;43.25&lt;/sup&gt;. Golic's guess-and-determine attack and Zhang's near collision attacks are revisited. According to our detailed analysis, the complexity of Golic's &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;1&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{1}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; recovery attack is no lower than 2&lt;sup&gt;46.04&lt;/sup&gt;, higher than the previously believed 2&lt;sup&gt;43&lt;/sup&gt;. On the other hand, Zhang's near collision attack recovers &lt;math&gt;\u0000 &lt;semantics&gt;\u0000 &lt;mrow&gt;\u0000 &lt;msup&gt;\u0000 &lt;mi&gt;s&lt;/mi&gt;\u0000 &lt;mn&gt;0&lt;/mn&gt;\u0000 &lt;/msup&gt;\u0000 &lt;/mrow&gt;\u0000 &lt;annotation&gt; ${boldsymbol{s}}^{0}$&lt;/annotation&gt;\u0000 &lt;/semantics&gt;&lt;/math&gt; with the time complexity 2&lt;sup&gt;53.19&lt;/sup&gt;: such a complexity can be further lowered to ","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"626-638"},"PeriodicalIF":1.4,"publicationDate":"2023-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12120","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50152087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bit-level evaluation of piccolo block cipher by satisfiability problem solver","authors":"Shion Utsumi,&nbsp;Kosei Sakamoto,&nbsp;Takanori Isobe","doi":"10.1049/ise2.12119","DOIUrl":"https://doi.org/10.1049/ise2.12119","url":null,"abstract":"<p>In the field of symmetric key cryptography, the security against distinguishing attacks is one of the crucial security requirements. With advancements in computing capabilities and cryptanalysis techniques in recent years, more efficient methods have been proposed for exploring distinguishers using Mixed-Integer Linear Programing (MILP) or satisfiability problem (SAT), thereby updating the security bounds of various ciphers. Piccolo is a lightweight block cipher proposed at CHES in 2011, with support 80-bit and 128-bit keys. Designers have undergone a rough security evaluation against differential, impossible differential, and related-key differential attacks, based on nibble-wise estimations due to the limitation of computational resource. Here, the authors perform bit-level evaluations on Piccolo block cipher against differential, integral and impossible differential attacks by leveraging SAT-based approaches. For the first time, the authors succeed in identifying optimal differential distinguisher on 6 rounds in the single key setting, and on 10/12 rounds in the related-key setting for 80-bit and 128-bit keys, respectively. For integral attacks, the authors find integral distinguisher up to 7 rounds. Although the number of attacked rounds is the same as that of the previous attack, the authors find the 56th ordered integral distinguisher, which enable reducing the data complexity for attacks from 2⁶³ to 2⁵⁶. As a result, the authors find the 7-round impossible differentials which is the same number of rounds as the previous nibble-wise evaluation.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"616-625"},"PeriodicalIF":1.4,"publicationDate":"2023-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12119","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50147304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling","authors":"Liukun He,&nbsp;Liangmin Wang,&nbsp;Keyang Cheng,&nbsp;Yifan Xu","doi":"10.1049/ise2.12118","DOIUrl":"https://doi.org/10.1049/ise2.12118","url":null,"abstract":"<p>Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor-based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in classifying specific applications due to more complicated traffic patterns in the spatial and temporal dimensions. As a solution, the authors propose FlowMFD, a novel Tor-based application traffic classification approach using amount-frequency-direction (MFD) chromatographic features and spatial-temporal modelling. Expressly, FlowMFD mines the interaction pattern between Tor applications and servers by analysing the time series features (TSFs) of different size packets. Then MFD chromatographic features (MFDCF) are designed to represent the pattern. Those features integrate multiple low-dimensional TSFs into a single plane and retain most pattern information. In addition, FlowMFD utilises a cascaded model with a two-dimensional convolutional neural network (2D-CNN) and a bidirectional gated recurrent unit to capture spatial-temporal dependencies between MFDCF. The authors evaluate FlowMFD under the public ISCXTor2016 dataset and the self-collected dataset, where we achieve an accuracy of 92.1% (4.2%↑) and 88.3% (4.5%↑), respectively, outperforming state-of-the-art comparison methods.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"598-615"},"PeriodicalIF":1.4,"publicationDate":"2023-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12118","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50143678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CryptoEval: Evaluating the risk of cryptographic misuses in Android apps with data-flow analysis","authors":"Cong Sun,&nbsp;Xinpeng Xu,&nbsp;Yafei Wu,&nbsp;Dongrui Zeng,&nbsp;Gang Tan,&nbsp;Siqi Ma,&nbsp;Peicheng Wang","doi":"10.1049/ise2.12117","DOIUrl":"https://doi.org/10.1049/ise2.12117","url":null,"abstract":"<p>The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate understanding of how cryptographic misuses can undermine the security of an Android app is critical to the subsequent mitigation strategies but also challenging. Although various approaches have been proposed to detect cryptographic misuse in Android apps, studies have yet to focus on estimating the security risks of cryptographic misuse. To address this problem, the authors present an extensible framework for deciding the threat level of cryptographic misuse in Android apps. Firstly, the authors propose a general and unified specification for representing cryptographic misuses to make our framework extensible and develop adapters to unify the detection results of the state-of-the-art cryptographic misuse detectors, resulting in an adapter-based detection tool chain for a more comprehensive list of cryptographic misuses. Secondly, the authors employ a misuse-originating data-flow analysis to connect each cryptographic misuse to a set of data-flow sinks in an app, based on which the authors propose a quantitative data-flow-driven metric for assessing the overall risk of the app introduced by cryptographic misuses. To make the per-app assessment more useful for app vetting at the app-store level, the authors apply unsupervised learning to predict and classify the top risky threats to guide more efficient subsequent mitigation. In the experiments on an instantiated implementation of the framework, the authors evaluate the accuracy of our detection and the effect of data-flow-driven risk assessment of our framework. Our empirical study on over 40,000 apps, and the analysis of popular apps reveal important security observations on the real threats of cryptographic misuse in Android apps.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"582-597"},"PeriodicalIF":1.4,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12117","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50154035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An interpretable semi-supervised system for detecting cyberattacks using anomaly detection in industrial scenarios","authors":"Ángel Luis Perales Gómez,&nbsp;Lorenzo Fernández Maimó,&nbsp;Alberto Huertas Celdrán,&nbsp;Félix J. García Clemente","doi":"10.1049/ise2.12115","DOIUrl":"https://doi.org/10.1049/ise2.12115","url":null,"abstract":"<p>When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"553-566"},"PeriodicalIF":1.4,"publicationDate":"2023-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12115","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50126571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Revocable identity-based matchmaking encryption in the standard model","authors":"Zhe Jiang,&nbsp;Xiwen Wang,&nbsp;Kai Zhang,&nbsp;Junqing Gong,&nbsp;Jie Chen,&nbsp;Haifeng Qian","doi":"10.1049/ise2.12116","DOIUrl":"https://doi.org/10.1049/ise2.12116","url":null,"abstract":"<p>Identity-based Matchmaking Encryption (IB-ME) is an extension notion of matchmaking encryption (CRYPTO 2019), where a sender and a receiver can specify an access policy for the other party. In IB-ME, data encryption is performed by not only a receiver identity but also a sender's encryption key. Nevertheless, previous IB-ME schemes have not considered the problem of <i>efficient revocation</i>. Hence, the authors introduce a new notion of revocable IB-ME (RIB-ME) and formalise the syntax and security model of RIB-ME. In particular, the authors give an effective and simple construction of RIB-ME in the standard model, whose security is reduced to the hardness of decisional bilinear Diffie—Hellman problem and computational Diffie—Hellman problem. In addition, the authors show two extensions of our RIB-ME scheme to consider chosen-ciphertext security and forward privacy.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"567-581"},"PeriodicalIF":1.4,"publicationDate":"2023-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12116","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50126572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Meet-in-the-middle attacks on round-reduced CRAFT based on automatic search","authors":"Zhangjun Ma,&nbsp;Manman Li,&nbsp;Shaozhen Chen","doi":"10.1049/ise2.12114","DOIUrl":"https://doi.org/10.1049/ise2.12114","url":null,"abstract":"<p>CRAFT is a lightweight block cipher designed by Beierle et al. to effectively resist differential fault attacks at fast software encryption 2019. In this article, Demirci-Selçuk meet-in-the-middle (DS-MITM) attacks on round-reduced CRAFT based on automatic search are proposed. A DS-MITM automatic search model for CRAFT was constructed, and then, the automatic search model was used to detect a 9-round DS-MITM distinguisher. The strong relations between the round-subtweakeys were observed and the key-dependent sieve technique was adopted to reduce the memory complexity of the attack. Based on the 9-round distinguisher, a 19-round DS-MITM attack can be presented. Due to the strong key relations, the time complexity can be reduced by the key-bridging technique and the equivalent round-subtweakey. The time complexity of the 19-round DS-MITM attack is 2^114.68 19-round CRAFT encryption, the data complexity is 2⁵⁶ chosen plaintexts, and the memory complexity is 2¹⁰⁹ 64-bit blocks. Adding one round to the end of the 19-round DS-MITM attack, a 20-round DS-MITM attack can be proposed. The time complexity of the 20-round attack is 2^126.94 20-round CRAFT encryption, the data complexity is 2⁵⁶ chosen plaintexts, and the memory complexity is 2¹⁰⁹ 64-bit blocks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"534-543"},"PeriodicalIF":1.4,"publicationDate":"2023-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12114","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50117512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}