Cryptanalysis Of Hash Function GOST R And Block Cipher ITUbee And KASUMI  Posted on:20161031  Degree:Doctor  Type:Dissertation  Country:China  Candidate:Z Y Wang  Full Text:PDF  GTID:1108330461485478  Subject:Information security  Abstract/Summary:  PDF Full Text Request  With the rapid development of computer technology and internet, informatization becomes more and more popular in our daily life. However, the growing prominence of information security problems such as communication security and privacy protection is considered as the greatest threat to information society. Cryptography is the base of security. Cryptanalysis takes an important role in Cryptography as it discover the weaknesses of ciphers to guarantee their safety usage. Proposed by Mendel et al, rebound technique focuses on AESlike permutations which are widely used in constructing hash functions. Now, this technique has also been used to analyze other hash function structures and even block ciphers. In 2010, Gilbert et al presented SuperSbox, which promotes the development of rebound technique.1. Cryptanalysis of Russia Hash Standard GOST RIn August 2011, Stribog was selected as new national standard of Russia which was called GOST R 34.112012. Designed by Grebnev et al, Stribog has compression function based on AESlike permutation. Applying rebound technique, we give collision attacks on roundreduced compression function of Stribog. Result on up to 9.5 rounds is proposed, the time complexity is 2176 and the memory requirement is 2128 bytes. These results are the first cryptanalysis results on Stribog. The 9.5round collision result can be further used to construct 10round limited birthday distinguisher.As Stribog uses checksum in its structure, the collision property on compression does not hold for hash function. In ACNS 2014, Ma et al constructed collision on Stribog with multiple colliding message blocks. With birthday paradox, they think 64 colliding message blocks is enough to constructed collision on Stribog. However, the checksum does not meet the prerequisites of birthday paradox. We recompute the number of blocks under our new model which is more accurate compared with Ma’s. The number turns out to be 106 rather than 64.2. Differential Fault Attack on ITUbeeThe block cipher ITUbee was proposed by Karakog on LightSec 2013. With a Feistel structure, this cipher supports key size of 80. There is no key schedule in ITUbee. The design principle makes ITUbee easy to perform in resource constrained software environment. Taking this cipher as an example, we propose a new differential fault attack with rebound technique and SuperSbox. With only two faults injected, we could recover all key bits. The time complexity is about 243 round operations. This complexity can be reduced by injecting more faults. With four faults injected, the time complexity is only 225 round function operations. It takes only a few seconds to recover device key on PC.3. Differential Fault Attack on KASUMIThe block cipher KASUMI is the base of A5/3 cryptosystem which is widely used in GSM and 3G telephony. The normal key size of KASUMI is 128 bits. However, to compact with old version, many GSM devices support 64 bits key.Taking advantage of key schedule and SuperSbox technique, we achieve new fault attack on KASUMI with 64 bits key. The time complexity is only about 232 encryptions. The attack can be verified with simulation. It takes only a few minutes to recover the right key on PC. Compared with previous results, our attack model is more general. Besides, the time complexity is much lower than before.  Keywords/Search Tags:  Symmetrickey cryptography, cryptanalysis, hash function, rebound technique, SuperSbox, block cipher, fault attack, GOST R, ITUbee, KASUMI  PDF Full Text Request  Related items 
 
