{"title":"一些第一轮凯撒候选人的密码分析","authors":"J. Alizadeh, M. Aref, N. Bagheri, H. Sadeghi","doi":"10.22042/ISECURE.2016.7.2.5","DOIUrl":null,"url":null,"abstract":"AES _ CMCCv1, AVALANCHEv1, CLOCv1, and SILCv1 are four candidates of the first round of CAESAR. CLOCv1 is presented in FSE 2014 and SILCv1 is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against AES _ CMCCv1 with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLOCv1 and SILCv1 with the complexity of O(2n/2) queries and the success probability of 0.63, in which n is bit length of message blocks. In addition, a forgery attack is presented against AVALANCHEv1 which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"149 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cryptanalysis of some first round CAESAR candidates\",\"authors\":\"J. Alizadeh, M. Aref, N. Bagheri, H. Sadeghi\",\"doi\":\"10.22042/ISECURE.2016.7.2.5\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"AES _ CMCCv1, AVALANCHEv1, CLOCv1, and SILCv1 are four candidates of the first round of CAESAR. CLOCv1 is presented in FSE 2014 and SILCv1 is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against AES _ CMCCv1 with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLOCv1 and SILCv1 with the complexity of O(2n/2) queries and the success probability of 0.63, in which n is bit length of message blocks. In addition, a forgery attack is presented against AVALANCHEv1 which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.\",\"PeriodicalId\":436674,\"journal\":{\"name\":\"ISC Int. J. Inf. Secur.\",\"volume\":\"149 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-01-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ISC Int. J. Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.22042/ISECURE.2016.7.2.5\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/ISECURE.2016.7.2.5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cryptanalysis of some first round CAESAR candidates
AES _ CMCCv1, AVALANCHEv1, CLOCv1, and SILCv1 are four candidates of the first round of CAESAR. CLOCv1 is presented in FSE 2014 and SILCv1 is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against AES _ CMCCv1 with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLOCv1 and SILCv1 with the complexity of O(2n/2) queries and the success probability of 0.63, in which n is bit length of message blocks. In addition, a forgery attack is presented against AVALANCHEv1 which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
