Query:
学者姓名:邹剑
Refining:
Year
Type
Indexed by
Source
Complex
Co-
Language
Clean All
Abstract :
当前还未发现ZUC算法S盒的高效线路实现方案,一般以查找表的方式进行实现.该操作将消耗大量的硬件资源,非常不适用于在受限环境下使用ZUC算法.针对上述不足,本文首次给出ZUC算法S盒的完整线路实现以及线性变换的in-place实现,可以有效地降低ZUC算法线路实现的资源开销.ZUC算法中的S盒由4个大小为8×8的S盒组合而成,即S=(S0,S1,S2,S3),其中S0=S2,S1=S3.首先,使用穷举剪枝的搜索策略以及基于SAT的S盒优化技术给出S0中3个P变换的高效线路实现,进而首次得到S0的紧凑线路实现.其次,根据S1的代数表达式,通过应用几种最先进的组合逻辑最小化技术,对正规基下F28域上求逆运算的720种塔域表示进行全面的研究,得到S1的紧凑线路实现.相较于以往基于复合域的实现方法,节省了25.48%的硬件开销.最后,将ZUC算法中的线性变换转换成矩阵形式,并使用优化线性矩阵的启发式算法得到其in-place实现,减少了34.77%的XOR门数,且不需要使用额外的辅助比特.本文研究将会对传统环境下以及量子环境下ZUC算法的线路实现产生积极的影响.
Keyword :
S盒 S盒 ZUC ZUC 线性变换 线性变换 线路实现 线路实现
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | 邹剑 , 黄倩 , 魏子豪 et al. ZUC算法的线路优化实现 [J]. | 密码学报(中英文) , 2024 , 11 (5) : 1108-1125 . |
| MLA | 邹剑 et al. "ZUC算法的线路优化实现" . | 密码学报(中英文) 11 . 5 (2024) : 1108-1125 . |
| APA | 邹剑 , 黄倩 , 魏子豪 , 李立基 , 吴文玲 . ZUC算法的线路优化实现 . | 密码学报(中英文) , 2024 , 11 (5) , 1108-1125 . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
The Zu Chongzhi cryptographic algorithm (ZUC) is a stream cipher algorithm published in China. This paper focuses on the realization of the complete quantum circuit for the ZUC-128 algorithm with low T-depth. The S-box is a crucial component of the nonlinear aspect of the ZUC-128 algorithm. Initially, we derive the classical circuit implementations of S0 and S1 using an exhaustive pruning strategy and tower domain decomposition technology. Subsequently, we develop quantum circuits for S0 and S1 in two steps: first by reducing the AND-depth of the classical circuit, and then by ensuring that the T-depth of the quantum circuit equals the AND-depth of the classical circuit. Our new S0 and S1 quantum circuits both have a T-depth of 7. We are currently researching the quantum circuit implementation of the adder and L function in order to minimize the T-depth of the entire circuit. Finally, we propose the construction of quantum circuit to realize the whole process of ZUC-128 algorithm with low T-depth. When the number of rounds L = 32 in the working step, this quantum circuit requires 46008 qubits, 682340 T gates, 2008535 CNOT gates and 42680 NOT gates, with the T-depth of 11341, and the number of qubits multiplied by T-depth is 5.22 × 108 © 2024 Chinese Academy of Sciences. All rights reserved.
Keyword :
quantum circuit quantum circuit tower domain decomposition tower domain decomposition ZUC-128 ZUC-128
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zou, J. , Xiang, S. , Zou, C. et al. An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现] [J]. | Scientia Sinica: Physica, Mechanica et Astronomica , 2024 , 54 (12) . |
| MLA | Zou, J. et al. "An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现]" . | Scientia Sinica: Physica, Mechanica et Astronomica 54 . 12 (2024) . |
| APA | Zou, J. , Xiang, S. , Zou, C. , Wu, W. . An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现] . | Scientia Sinica: Physica, Mechanica et Astronomica , 2024 , 54 (12) . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
In MILCOM 2015, Kelly et al. proposed the authentication encryption algorithm MK-3, which applied the 16-bit S-box. This paper aims to implement the 16-bit S-box with less circuit area. First, we classified the irreducible polynomials over F2n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{2<^>n}$$\end{document} into three kinds. Then we compared the logic gates required for multiplication over the finite field constructed by the three types of irreducible polynomials. According to the comparison result, we constructed the composite fields, F(24)2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{(2<^>4)<^>2}$$\end{document} and F(28)2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{(2<^>8)<^>2}$$\end{document}. Based on the isomorphism of finite fields, the operations over F216\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{2<^>{16}}$$\end{document} can be conducted over F(28)2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{(2<^>8)<^>2}$$\end{document}. Similarly, elements over F28\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{2<^>8}$$\end{document} can be mapped to the corresponding elements over F(24)2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{(2<^>4)<^>2}$$\end{document}. Next, the SAT solver was used to optimize the operations over smaller field F24\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathbb {F}_{2<^>4}$$\end{document}. At last, the architecture of the optimized MK-3 S-box was worked out. Compared with the implementation proposed by the original designer, the circuit area of the MK-3 S-box in this paper is reduced by at least 55.9%.
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Li, Yanjun , Zhang, Weiguo , Lin, Yiping et al. A circuit area optimization of MK-3 S-box [J]. | CYBERSECURITY , 2024 , 7 (1) . |
| MLA | Li, Yanjun et al. "A circuit area optimization of MK-3 S-box" . | CYBERSECURITY 7 . 1 (2024) . |
| APA | Li, Yanjun , Zhang, Weiguo , Lin, Yiping , Zou, Jian , Liu, Jian . A circuit area optimization of MK-3 S-box . | CYBERSECURITY , 2024 , 7 (1) . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
In this paper, we present some new key-recovery attacks on Misty L-KF, Misty R-KF, and generalized Feistel schemes. Firstly, we propose a new 5-round distinguisher on Misty L-KF structure. Based on our new distinguisher attack, we propose a new6-round Demiric-Sel & ccedil;uk meet-in-the-middle attack (DS-MITM attack) against Misty L-KF structure. Secondly, we extend our classical DS-MITM attack to a new quantum DS-MITM attack on Misty L-KF structure by using the quantum claw finding algorithm. In addition, we apply the above method to attack Misty R-KF and generalized Feistel schemes. To sum up, we construct our classical key-recovery attacks on the 6-round Misty L-KF structure and Misty R-KF structure with O(2(3n/4)) time and O(2(n/2)) memory cost. By using a quantum computer, our new quantum key-recovery attacks on the 6-round Misty L-KF structures and Misty R-KF structures can be constructed with O(2n/2) time and O(2n/2) memory cost. Furthermore, we can construct our new quantum (5d-4)-round key-recovery attacks on the d-branch contracting Feistels with O(2(d-1)n/d) time and O(2(d-1)n/d) memory cost. In the end, we can construct our new quantum(4d-3)-round and (5d-4)-round key-recovery attacks on the two types of d-branch expanding Feistels with O(2(d-1)n/d) time and O(2(d-1)n/d) memory cost.
Keyword :
Cryptanalysis Cryptanalysis Generalized Feistel scheme Generalized Feistel scheme Misty structure Misty structure Quantum DS-MITM attack Quantum DS-MITM attack
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zou, Jian , Huang, Kairong , Zhu, Min et al. New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes [J]. | QUANTUM INFORMATION PROCESSING , 2024 , 23 (4) . |
| MLA | Zou, Jian et al. "New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes" . | QUANTUM INFORMATION PROCESSING 23 . 4 (2024) . |
| APA | Zou, Jian , Huang, Kairong , Zhu, Min , Zou, Hongkai , Luo, Yiyuan , Liu, Qian . New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes . | QUANTUM INFORMATION PROCESSING , 2024 , 23 (4) . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
In this paper, we promote Trojan message attacks against Merkle-Damg & aring;rd hash functions and their concatenation combiner in quantum settings for the first time. Two main quantum scenarios are considered, involving the scenarios where a substantial amount of cheap quantum random access memory (qRAM) is available and where qRAM is limited and expensive to access. We first discuss the construction of diamond structures and analyze the corresponding time complexity in both of these quantum scenarios. Secondly, we propose quantum versions of the generic Trojan message attacks on Merkle-Damg & aring;rd hash functions as well as their improved versions by combining with diamond structures and expandable messages, and then determine their cost. Finally, we propose Trojan message attack against Merkle-Damg & aring;rd hash concatenation combiner in quantum setting. The results show that Trojan message attacks can be improved significantly with quantum computers under both scenarios, so the security of hash constructions in classical setting requires careful re-evaluation before being deployed to the post-quantum cryptography schemes.
Keyword :
Collision attack Collision attack Herding attack Herding attack qRAM qRAM Quantum computation Quantum computation Quantum cryptography Quantum cryptography Trojan message Trojan message
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Xu, Ying , Du, Xiaoni , Zou, Jian . Quantum security of Trojan message attacks on Merkle-Damgård hash construction [J]. | DESIGNS CODES AND CRYPTOGRAPHY , 2024 . |
| MLA | Xu, Ying et al. "Quantum security of Trojan message attacks on Merkle-Damgård hash construction" . | DESIGNS CODES AND CRYPTOGRAPHY (2024) . |
| APA | Xu, Ying , Du, Xiaoni , Zou, Jian . Quantum security of Trojan message attacks on Merkle-Damgård hash construction . | DESIGNS CODES AND CRYPTOGRAPHY , 2024 . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
The differential meet-in-the-middle (MITM) attack is a new cryptanalysis technique proposed at Crypto 2023. It has achieved good results in attacking some symmetric encryption algorithms. In this paper, we enhance the differential-meet-in-the-middle attack by utilizing MILP to construct the best differential trail for a distinguisher in the offline phase and optimizing the attack process during the online phase. This optimization leads to a reduction in the time complexity of the attack. We apply the differential meet-inthe- middle attack to 8-round FUTURE with 264data, 248 memory, 2124time complexity. Besides, our attack to the on 14-round CRAFT with 264 data, 274 memory, 2104 time complexity. As far as we know, it is the first key recovery attack to FUTURE. © 2023 ACM.
Keyword :
Cryptography Cryptography Integer programming Integer programming
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Lin, Han , Zou, Jian , Li, Jiayin . The differential meet-in-the-middle attack on FUTURE and CRAFT [C] . 2023 : 151-158 . |
| MLA | Lin, Han et al. "The differential meet-in-the-middle attack on FUTURE and CRAFT" . (2023) : 151-158 . |
| APA | Lin, Han , Zou, Jian , Li, Jiayin . The differential meet-in-the-middle attack on FUTURE and CRAFT . (2023) : 151-158 . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
Kupyna is an AES-like hash function that has been confirmed as the Ukrainian hash standard DSTU 7564:2014 in 2015. In this paper, we present some preimage attacks and collision attacks on Kupyna. We combine guess-and-determine and MITM methods, using a MILP-based MITM attack tool, to apply them to the Kupyna hash cryptographic algorithm. We improve the preimage attack on 6-round Kupyna-256 (OT), increasing the complexity from the previous best attack complexity of 2240 to 2224. Additionally, we also propose, for the first time, collision attacks on 6-round Kupyna-256 (OT) and 8-round Kupyna-512 (OT), with complexities of 2116 and 2444 respectively. © 2023 ACM.
Keyword :
Hash functions Hash functions Integer programming Integer programming
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Xu, Jinxing , Zou, Jian , Lan, Qiufu et al. Improved Meet-in-the-Middle Cryptanalysis on Kupyna [C] . 2023 : 136-143 . |
| MLA | Xu, Jinxing et al. "Improved Meet-in-the-Middle Cryptanalysis on Kupyna" . (2023) : 136-143 . |
| APA | Xu, Jinxing , Zou, Jian , Lan, Qiufu , Li, Jiayin . Improved Meet-in-the-Middle Cryptanalysis on Kupyna . (2023) : 136-143 . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
目前,在非平衡环境下的 r-碰撞问题还没有得到有效的解决.本文提出了一种新的高效算法来对 r 个不同的非平衡函数寻找对应的 r-碰撞.新算法是将现有的 r-碰撞算法、并行碰撞搜索算法与非平衡中间相遇攻击技术进行有机结合.具体攻击过程如下所示:首先,攻击者把 r 个函数分成左右两个集合,当 r 为偶数时,其对应的左右集合分别为{fl1,fl2,…,flr/2}和{ft1,ft2,…,ftr/2},并需要在左右集合中对应位置的两个非平衡函数 fli 和 fti(1≤i≤「r/2」)之间寻找碰撞.以第 i 对为例,攻击者在碰撞-收集阶段可以采用 PCS 算法收集两个非平衡函数 fli 和 fti 的 2mi 个碰撞.注意到,攻击者需要对左右集合中「r/2」个位置对重复上述寻找碰撞的操作.如果 r 是奇数,攻击者还需要对剩下的函数 f 收集 2m0 个函数值.在碰撞-收集阶段之后,攻击者采用中间相遇攻击在 r-「r/2」个列表中寻找 r-碰撞.新算法的主要结果是:(1)与现有的 r-碰撞算法不同,新算法的时间复杂度是由所需存储量和所选择的分组方法决定的.(2)在存储足够的情况下,新的 r-碰撞算法的时间复杂度公式为:当 r = 2k 时,时间复杂度为 O(2(r-1)n+∑r/2 x=1 log2 Rtx/r+log2 Rlj/2);当 r = 2k+1 时,时间复杂度为O(2(r-1)(n+log2Rlj/2)+log2Rc+∑(r-1)/2x=1 log2Rtx/r),其中 Rlj 表示左集合中实现代价最大的函数的实现代价,Rc 表示未配对函数的实现代价,Rtx(1≤x≤(r-1)/2)表示右集合中各函数实现代价.对于 r = 2k(或 r = 2k+1),攻击者首先需要找到 min(∑r/2x=1 log2 Rtx/r+log2 Rlj/2)(或 min(log2 Rc+∑(r-1)/2x=1 log2 Rtx/r+(r-1)log2 Rlj/2r)),从而求出该情况下的最佳分组方法和最佳时间复杂度.(3)在存储有限的情况下,如果不知道所有分组方法所需的时间复杂度,攻击者就无法得到最佳的时间复杂度.
Keyword :
r-碰撞算法 r-碰撞算法 并行碰撞搜索算法 并行碰撞搜索算法 非平衡中间相遇攻击 非平衡中间相遇攻击
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | 邹剑 , 李金春 , 董乐 et al. 非平衡r-碰撞问题的高效解决算法 [J]. | 密码学报 , 2023 , 10 (3) : 574-587 . |
| MLA | 邹剑 et al. "非平衡r-碰撞问题的高效解决算法" . | 密码学报 10 . 3 (2023) : 574-587 . |
| APA | 邹剑 , 李金春 , 董乐 , 李灵琛 . 非平衡r-碰撞问题的高效解决算法 . | 密码学报 , 2023 , 10 (3) , 574-587 . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
At SAC 2021, Frixons et al. proposed quantum boomerang attacks that can effectively recover the keys of block ciphers in the quantum setting. Based on their work, we further consider how to quantize the generic boomerang attacks proposed by Biham et al. at FSE 2002, so as to obtain more generic quantum boomerang attacks. Similar to Frixons et al.’s work, we only consider quantum key recovery attacks in the single-key setting. With the help of some famous quantum algorithms, this paper presents two methods to convert the attacks of Biham et al. into some new quantum key recovery attacks. In order to proof our methods, we apply our new ideas to attack Serpent-256 and ARIA-196. To sum up, for Serpent-256, we give valid 9-round and 10-round quantum key recovery attacks respectively. The quantum time complexity of 9-round and 10-round of Serpent-256 is 2 115.43 and 2 126.6 respectively. Furthermore, we show a valid quantum key attack on 6-round ARIA-196 which has a time complexity of 2 89.8 with negligible memory. The time complexity of the above quantum attacks are better than the corresponding classical attacks and quantum generic key recovery attack via Grover’s algorithm. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
Keyword :
Block cipher Block cipher Boomerang attack Boomerang attack Key recovery attack Key recovery attack Quantum algorithm Quantum algorithm Quantum search Quantum search
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zou, H. , Zou, J. , Luo, Y. . New results on quantum boomerang attacks [J]. | Quantum Information Processing , 2023 , 22 (4) . |
| MLA | Zou, H. et al. "New results on quantum boomerang attacks" . | Quantum Information Processing 22 . 4 (2023) . |
| APA | Zou, H. , Zou, J. , Luo, Y. . New results on quantum boomerang attacks . | Quantum Information Processing , 2023 , 22 (4) . |
| Export to | NoteExpress RIS BibTex |
Version :
Abstract :
Permutation polynomials with low c-differential uniformity and boomerang uniformity have wide applications in cryptography. In this paper, by utilizing the Weil sums technique and solving some certain equations over F-2n, we determine the c-differential uniformity and boomerang uniformity of these permutation polynomials: (1) f1(x) = x + Tr-1(n)( x(2k+1)+1+ x(3)+ x + ux), where n = 2k+ 1, u is an element of F-2n with Tr-1(n)(u) = 1; (2) f(2)(x) = x + Tr-1(n)( x(2k+3)+( x + 1)(2k)+3), where n = 2k+ 1; (3) f(3)(x) = x(-1)+ Tr-1(n)(( x(-1)+ 1)(d)+ x(-d)), where nis even and dis a positive integer. The results show that the involutions f(1)(x) and f(2)(x) are APcN functions for c is an element of F(2)n\{0, 1}. Moreover, the boomerang uniformity of f(1)(x) and f(2)(x) can attain 2(n). Furthermore, we generalize some previous works and derive the upper bounds on the c-differential uniformity and boomerang uniformity of f(3)(x). (c) 2023 Elsevier Inc. All rights reserved.
Keyword :
Boomerang uniformity Boomerang uniformity C-differential uniformity C-differential uniformity Permutation polynomial Permutation polynomial
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Liu, Qian , Huang, Zhiwei , Xie, Jianrui et al. The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n) [J]. | FINITE FIELDS AND THEIR APPLICATIONS , 2023 , 89 . |
| MLA | Liu, Qian et al. "The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n)" . | FINITE FIELDS AND THEIR APPLICATIONS 89 (2023) . |
| APA | Liu, Qian , Huang, Zhiwei , Xie, Jianrui , Liu, Ximeng , Zou, Jian . The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n) . | FINITE FIELDS AND THEIR APPLICATIONS , 2023 , 89 . |
| Export to | NoteExpress RIS BibTex |
Version :
Export
| Results: |
Selected to |
| Format: |
