查看更多>>摘要:In ASIACCS 2015,Nunez,et al.proposed a proxy re-encryption scheme,named NTRUReEnc-rypt,based on NTRU,which allows a proxy to translate ciphertext under the delegator's public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee's private key.Because of the potential resistance to quantum algorithm,high efficiency and various applications in real life,NTRUReEncrypt has drawn lots of attention and its security has been widely discussed and analyzed.In PQCrypto2019,Liu,et al.proposed two key recovery attacks against it.However,their first attack heavily relies on a weaken decryption oracle,and the second attack needs to collect about 260 cipher-texts from the same message by theoretical analysis,which makes both of the attacks unrealistic.In this paper,inspired by the broadcast attack against NTRU,the authors find out that for NTRUReEncrypt the delegator and the delegatee can efficiently recover each other's private key in polynomial time without any unrealistic assumptions.In addition,the authors also show how to fix NTRUReEncrypt to resist the proposed attacks.As a by-product,the authors also show how to commit broadcast attacks against NTRU 2001 with even dg,which was thought infeasible before.
查看更多>>摘要:Trivium is an international standard of lightweight stream ciphers(ISO/IEC 29192-3:2012).In this paper,the Trivium-like NFSRs,a class of Galois NFSRs generalized from the Galois NFSR of Trivium,are studied from the perspective of Fibonacci NFSRs.It is shown that an n-stage Trivium-like NFSR cannot be equivalent to an n-stage Fibonacci NFSR,which is proved by showing the existence of"collision initial states".As an intermediate conclusion,a necessary and sufficient condition for a kind of linear degeneracy of a Trivium-like NFSR is obtained from the persepective of interleaved sequences.Moreover,the smallest stage number of a Fibonacci NFSR that can generate all the output sequences of an n-stage Trivium-like NFSR is shown to be greater than n-7 and this value is no less than 371=287+min{93,84,111} specifically for the 288-stage Galois NFSR used in Trivium.These results contradict the existence of a equivalent Fibonacci model of Trivium NFSR of small stage,which implies that Trivium algorithm possesses a fair degree of immunity against"structure attack".
NETL
NSTL
万方数据