References of "Zhang, Bin 40000743"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailCryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF
Biryukov, Alex UL; Kizhvatov, Ilya UL; Zhang, Bin UL

in Applied Cryptography and Network Security - 9th International Conference (2011)

SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to ... [more ▼]

SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS’2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 2^39.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 2^58 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 2^29.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 2^50 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results. [less ▲]

Detailed reference viewed: 180 (2 UL)
Full Text
Peer Reviewed
See detailAnalysis of SNOW 3G XOR Resynchronization Mechanism
Biryukov, Alex UL; Priemuth-Schmid, Deike UL; Zhang, Bin UL

in SECRYPT 2010 (2010)

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper, we investigate the resynchronization ... [more ▼]

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper, we investigate the resynchronization security of a close variant of SNOW 3G, in which two modular additions are replaced by xors and which is called SNOW 3G$^{\oplus}$. It is shown that the feedback from the FSM to the LFSR is crucial for security. Given a pair of \textit{known} IVs, the cipher without such a feedback is extremely vulnerable to differential known IV attacks with practical complexities ($2^{57}$ time and $2^{33}$ keystream). With such a feedback, it is shown that $16$ out of $33$ initialization rounds can be broken by a differential \textit{chosen} IV attack. This is the first public evaluation result for this algorithm. [less ▲]

Detailed reference viewed: 127 (2 UL)
Full Text
Peer Reviewed
See detailMultiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G (+)
Biryukov, Alex UL; Priemuth-Schmid, Deike UL; Zhang, Bin UL

in ACNS 2010 (2010)

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper we study the resynchronization mechanism of ... [more ▼]

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper we study the resynchronization mechanism of SNOW 3G and of a similar cipher SNOW 3G ⊕  using multiset collision attacks. For SNOW 3G we show a simple 13-round multiset distinguisher with complexity of 28 steps. We show full key recovery chosen IV resynchronization attacks for up to 18 out of 33 initialization rounds of SNOW3G ⊕  with a complexity of 257 to generate the data and 253 steps of analysis. [less ▲]

Detailed reference viewed: 169 (3 UL)
Full Text
See detailNew Cryptanalysis of Irregularly Decimated Stream Ciphers.
Zhang, Bin UL

in Selected Areas in Cryptography (2009)

In this paper we investigate the security of irregularly decimated stream ciphers. We present an improved correlation analysis of various irregular decimation mechanisms, which allows us to get much ... [more ▼]

In this paper we investigate the security of irregularly decimated stream ciphers. We present an improved correlation analysis of various irregular decimation mechanisms, which allows us to get much larger correlation probabilities than previously known methods. Then new correlation attacks are launched against the shrinking generator with Krawczyk’s parameters, LILI-∐, DECIM v2 and DECIM-128 to access the security margin of these ciphers. We show that the shrinking generator with Krawczyk’s parameters is practically insecure; the initial internal state of LILI-∐ can be recovered reliably in 272.5 operations, if 224.1-bit keystream and 274.1-bit memory are available. This disproves the designers’ conjecture that the complexity of any divide-and-conquer attack on LILI-∐ is in excess of 2128 operations and requires a large amount of keystream. We also examine the main design idea behind DECIM, i.e., to filter and then decimate the output using the ABSG algorithm, by showing a class of correlations in the ABSG mechanism and mounting attacks faster than exhaustive search on a 160-bit (out of 192-bit) reduced version of DECIM v2 and on a 256-bit (out of 288-bit) reduced version of DECIM-128. Our result on DECIM is the first nontrivial cryptanalytic result besides the time/memory/data tradeoffs. While our result confirms the underlying design idea, it shows an interesting fact that the security of DECIM rely more on the length of the involved LFSR than on the ABSG algorithm. [less ▲]

Detailed reference viewed: 151 (0 UL)
Full Text
See detailAn Improved Fast Correlation Attack on Stream Ciphers
Zhang, Bin UL; Feng, Dengguo

in Selected Areas in Cryptography (2008)

At Crypto’2000, Johansson and Jönsson proposed a fast correlation attack on stream ciphers based on the Goldreich-Rubinfeld-Sudan algorithm. In this paper we show that a combination of their approach with ... [more ▼]

At Crypto’2000, Johansson and Jönsson proposed a fast correlation attack on stream ciphers based on the Goldreich-Rubinfeld-Sudan algorithm. In this paper we show that a combination of their approach with techniques for substituting keystream and evaluating parity-checks gives us the most efficient fast correlation attack known so far. An application of the new algorithm results in the first-known near-practical key recovery attack on the shrinking generator with the parameters suggested by Krawczyk in 1994, which was verified in the 40-bit data LFSR case for which the only previously known efficient attacks were distinguishing attacks. [less ▲]

Detailed reference viewed: 125 (0 UL)