Font Size: a A A

Cryptanalysis Of Hash Function GOST R And Block Cipher ITUbee And KASUMI

Posted on:2016-10-31Degree:DoctorType:Dissertation
Country:ChinaCandidate:Z Y WangFull Text:PDF
GTID:1108330461485478Subject:Information security
Abstract/Summary:PDF Full Text Request
With the rapid development of computer technology and internet, informatization becomes more and more popular in our daily life. However, the growing prominence of information security problems such as communication security and privacy protec-tion is considered as the greatest threat to information society. Cryptography is the base of security. Cryptanalysis takes an important role in Cryptography as it discover the weaknesses of ciphers to guarantee their safety usage. Proposed by Mendel et al, rebound technique focuses on AES-like permutations which are widely used in con-structing hash functions. Now, this technique has also been used to analyze other hash function structures and even block ciphers. In 2010, Gilbert et al presented Super-Sbox, which promotes the development of rebound technique.1. Cryptanalysis of Russia Hash Standard GOST RIn August 2011, Stribog was selected as new national standard of Russia which was called GOST R 34.11-2012. Designed by Grebnev et al, Stribog has compres-sion function based on AES-like permutation. Applying rebound technique, we give collision attacks on round-reduced compression function of Stribog. Result on up to 9.5 rounds is proposed, the time complexity is 2176 and the memory requirement is 2128 bytes. These results are the first cryptanalysis results on Stribog. The 9.5-round collision result can be further used to construct 10-round limited birthday distinguisher.As Stribog uses checksum in its structure, the collision property on compression does not hold for hash function. In ACNS 2014, Ma et al constructed collision on Stribog with multiple colliding message blocks. With birthday paradox, they think 64 colliding message blocks is enough to constructed collision on Stribog. However, the checksum does not meet the prerequisites of birthday paradox. We recompute the number of blocks under our new model which is more accurate compared with Ma’s. The number turns out to be 106 rather than 64.2. Differential Fault Attack on ITUbeeThe block cipher ITUbee was proposed by Karakog on LightSec 2013. With a Feistel structure, this cipher supports key size of 80. There is no key schedule in ITUbee. The design principle makes ITUbee easy to perform in resource constrained software environment. Taking this cipher as an example, we propose a new differential fault attack with rebound technique and Super-Sbox. With only two faults injected, we could recover all key bits. The time complexity is about 243 round operations. This complexity can be reduced by injecting more faults. With four faults injected, the time complexity is only 225 round function operations. It takes only a few seconds to recover device key on PC.3. Differential Fault Attack on KASUMIThe block cipher KASUMI is the base of A5/3 cryptosystem which is widely used in GSM and 3G telephony. The normal key size of KASUMI is 128 bits. However, to compact with old version, many GSM devices support 64 bits key.Taking advantage of key schedule and Super-Sbox technique, we achieve new fault attack on KASUMI with 64 bits key. The time complexity is only about 232 encryptions. The attack can be verified with simulation. It takes only a few minutes to recover the right key on PC. Compared with previous results, our attack model is more general. Besides, the time complexity is much lower than before.
Keywords/Search Tags:Symmetric-key cryptography, cryptanalysis, hash function, rebound technique, Super-Sbox, block cipher, fault attack, GOST R, ITUbee, KASUMI
PDF Full Text Request
Related items