利用旁道資訊對RC6進行的代數攻擊分析

Chen-Chi Lin; 林珍綺

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/5058

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	鄭振牟
dc.contributor.author	Chen-Chi Lin	en
dc.contributor.author	林珍綺	zh_TW
dc.date.accessioned	2021-05-15T17:51:24Z	-
dc.date.available	2014-09-03
dc.date.available	2021-05-15T17:51:24Z	-
dc.date.copyright	2014-09-03
dc.date.issued	2014
dc.date.submitted	2014-08-16
dc.identifier.citation	[1]B. S. Kaliski Jr., Y. L. Yin, On the Security of the RC5 Encryption Algorithm', RSA Laboratories Technical Report TR-602, Version 1.0 - September 1998. [2]E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer-Verlag, New York, 1993. [3]R.L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin, The RC6 Block Cipher', v1.1, August 20, 1998. [4]S. Contini, R.L. Rivest, M.J.B. Robshaw and Y.L. Yin. The Security of the RC6 Block Cipher. v.1.0, August 20, 1998. Available at www.rsa.com/rsalabs/aes/. [5]S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. Some Comments on the First Round AES Evaluation of RC6. Available at http://csrc.nist.gov/encryption/aes/round1/pubcmnts.htm. [6]S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. Improved analysis of some simplified variants of RC6. In L. Knudsen, editor, Fast Software Encryption, Sixth International Workshop, Rome, Italy, March 1999, LNCS 1636, pages 1–15. Springer Verlag, 1999. [7]S. Contini and Y.L. Yin. On differential properties of data dependent rotations and their use in Mars and RC6. Presented at the 2nd AES conference, see www.nist.gov/aes. [8]J. Daemen, L. Knudsen, and V. Rijmen. The block cipher Square. In E. Biham, editor, Fast Software Encryption, Fourth International Workshop, Haifa, Israel, January 1997, LNCS 1267, pages 149–165. Springer Verlag, 1997.H. Gilbert, H. Handschuh, A. Joux, and S. Vaudenay. A Statistical Attack on RC6. In B. Schneier, editor, Fast Software Encryption, Seventh International Workshop. Springer Verlag, 2001. To appear. [9]A. Biryukov and E. Kushilevitz. Improved cryptanalysis of RC5. In K. Nyberg, editor, Advances in Cryptology Eurocrypt '98, volume 1403 Lecture Notes in Computer Science, pages 85-99, 1998. Springer Verlag. [10]M. Matsui, The first experimental cryptanalysis of the Data Encryption Standard'. In Advances in Cryptology - Crypto'94, pp 1-11, Springer Verlag, New York, 1994. [11]B.S. Kaliski and Y.L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. In D. Coppersmith, editor, Advances in Cryptology Crypto '95, volume 963 of Lecture Notes in Computer Science, pages 171-184, 1995. Springer Verlag. [12]M.H. Heys. Linearly weak keys of RC5. IEE Electronic Letters, Vol. 33, pages 836-838, 1997. [13]L.R. Knudsen and W. Meier. Improved differential attacks on RC5. In N. Koblitz, editor, Advances in Cryptology - Crypto '96, volume 1109 of Lecture Notes in Computer Science, pages 216-228, 1996. Springer Verlag. [14]A. A. Selcuk. New results in linear cryptanalysis of RC5. In S. Vaudenay, editor, Fast Software Encryption, volume 1372 of Lecture Notes in Computer Science, pages 1-16, 1998, Springer-Verlag.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/5058	-
dc.description.abstract	本篇論文詳述一種新的CCA(Chosen Ciphertext Attack)攻擊法，可利用旁道攻擊(Side Channel Attack)所獲得的資訊，建立減法差分代數式並以SAT Solver工具求解。經學理分析驗證，本論文所提方法可在2^43的資料量與2^78的計算複雜度內成功破譯RC6最末回合之加密密鑰(round key)，並利用末回合密鑰還原對應的漂白密鑰值(whitening key)，其計算複雜度僅約2^32。另外，本論文亦在不同強度之資訊假設（又稱oracle）下，分析攻擊所需資料量與計算複雜度之間的trade-off關係。	zh_TW
dc.description.abstract	This paper details a novel chosen ciphertext attack on RC6 cipher which has been chosen as one of the finalists for AES competition (March 1999) and has been declared to be resistant to all known cryptanalysis since then. In this paper, it’ll be shown that with the aid of side channel information and algebraic analysis the attacker can recover all round keys and whitening keys by using at most 2^43 ciphertext pairs and 2^78 computations. Moreover, this paper also provides theoretic analysis of the trade-off between different oracles and the general assumption (without any side channel information given), and then proves that the distribution of round key candidates may not be uniformly random.	en
dc.description.provenance	Made available in DSpace on 2021-05-15T17:51:24Z (GMT). No. of bitstreams: 1 ntu-103-R97943158-1.pdf: 1649487 bytes, checksum: 9d968355ffaf41535a5e0e1b13b362a2 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	口試委員會審定書……………………………………………………………………………………………i 中文摘要……………………………………………………………………………………………………………ii 英文摘要…………………………………………………………………………………………………………iii 目錄……………………………………………………………………………………………………………………iv 圖目錄…………………………………………………………………………………………………………………v 表目錄…………………………………………………………………………………………………………………vi 第壹章、簡介……………………………………………………………………………………………………1 第貳章、預備知識……………………………………………………………………………………………2 第一節、區塊密……………………………………………………………………………………………2 第二節、加密結構…………………………………………………………………………………………2 第三節、 AES候選演算法……………………………………………………………………………5 第四節、密碼分析…………………………………………………………………………………………7 第參章、 RC6加密演算法………………………………………………………………………………10 第一節、 RC6規格………………………………………………………………………………………10 第二節、基本運算………………………………………………………………………………………10 第三節、虛擬碼與流程示意圖……………………………………………………………………11 第四節、傳統安全性分析方法……………………………………………………………………13 第肆章、本論文攻擊方法……………………………………………………………………………………19 第一節、 RC6的密文現象……………………………………………………………………………19 第二節、攻擊條件(Oracle)…………………………………………………………………………24 第三節、代數式求解…………………………………………………………………………………25 第四節、還原回合密鑰………………………………………………………………………………40 第五節、還原漂白密鑰………………………………………………………………………………55 第六節、攻擊步驟………………………………………………………………………………………57 第伍章、複雜度分析…………………………………………………………………………………………60 第陸章、總結………………………………………………………………………………………………………63 第柒章、參考文獻………………………………………………………………………………………………64 第捌章、附錄………………………………………………………………………………………………………66
dc.language.iso	zh-TW
dc.subject	破密分析	zh_TW
dc.subject	RC6	zh_TW
dc.subject	旁道攻擊	zh_TW
dc.subject	減法差分	zh_TW
dc.subject	代數攻擊	zh_TW
dc.subject	cryptanalysis	en
dc.subject	RC6	en
dc.subject	side channel information	en
dc.subject	algebraic analysis	en
dc.subject	chosen ciphertext attack	en
dc.title	利用旁道資訊對RC6進行的代數攻擊分析	zh_TW
dc.title	Algebraic Cryptanalysis of RC6 with Side Channel Information	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳君明,洪維志
dc.subject.keyword	RC6,旁道攻擊,減法差分,代數攻擊,破密分析,	zh_TW
dc.subject.keyword	RC6,side channel information,algebraic analysis,chosen ciphertext attack,cryptanalysis,	en
dc.relation.page	73
dc.rights.note	同意授權(全球公開)
dc.date.accepted	2014-08-17
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電子工程學研究所	zh_TW
顯示於系所單位：	電子工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf	1.61 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。