检索结果-南通市图书馆

Committed-programming reductions: formalizations,implications and relations

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Science china(information sciences) 2024年第10期67卷 151-171页

作者： Jiang zhang Yu YU dengguo feng Shuqin FAN Zhenfeng zhang state key laboratory of Cryptology Department of Computer Science and Engineering Shanghai Jiao Tong University Trusted Computing and information Assurance laboratory Institute of SoftwareChinese Academy of Sciences

In this work, we introduce a class of black-box(BB) reductions called committed-programming reduction(CPRed) in the random oracle model(ROM) and obtain the following interesting results:(1) we demonstrate that some well-known schemes, including the full-domain hash(FDH) signature(Eurocrypt1996) and the Boneh-Franklin identity-based encryption(IBE) scheme(Crypto 2001), are provably secure under CPReds;(2) we prove that a CPRed associated with an instance-extraction algorithm implies a reduction in the quantum ROM(QROM). This unifies several recent results, including the security of the Gentry-Peikert-Vaikuntanathan IBE scheme by Zhandry(Crypto 2012) and the key encapsulation mechanism(KEM) variants using the Fujisaki-Okamoto transform by Jiang et al.(Crypto 2018) in the ***, we show that CPReds are incomparable to non-programming reductions(NPReds) and randomly-programming reductions(RPReds) formalized by Fischlin et al.(Asiacrypt 2010).

关键词： provable security random oracle model quantum random oracle model black-box reduction/separation programmability

Black-box testing based on colorful taint analysis

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Science china(information sciences) 2012年第1期55卷 171-183页

作者： CHEN Kai1,2,3,feng dengguo1,SU PuRui1&zhang YingJun1,2,3 1state key laboratory of information security,institute of software,chinese academy of Science,beij.ng 100190,china 2state key laboratory of information security,Graduate University of chinese academy of sciences,beij.ng 100049,china 3National Engineering Research Center of information security,beij.ng 100190,china 1. state key laboratory of information security Institute of Software Chinese Academy of Science Beijing 100190 China2. State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China3. National Engineering Research Center of Information Security Beijing 100190 China

software vulnerability detection is one of the most important methods for guaranteeing software *** main classes of methods can detect vulnerabilities in binary files:white-box testing and black-box *** former needs to construct and solve path constraints to detect *** has two main drawbacks:path exploding and complexity of *** latter often aimlessly exhausts various inputs to test binary *** paper combines both testing methods to detect vulnerabilities in binary *** analyzing the input elements that aect check condition corresponding to a certain check point,we can generate one class of inputs that get to the check point to increase fuzzing *** analyzing the relationship between guard conditions and check condition,the redundant check points are *** taint analysis method(CTAM)is proposed to compute guard conditions,which is more ecient than traditional taint analysis method(TTAM).We implemented a prototype and made several experiments on *** results showed that our method could increase the eciency of black-box testing.

关键词： software testing vulnerability detection dynamic testing black-box testing colorful taint analysis

LOL: a highly flexible framework for designing stream ciphers

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Science china(information sciences) 2024年第9期67卷 62-75页

作者： dengguo feng Lin JIAO Yonglin HAO Qunxiong ZHEng Wenling WU Wenfeng QI Lei zhang Liting zhang Siwei SUN Tian TIAN state key laboratory of Cryptology PLA Strategic Support Force information Engineering University institute of software Chinese Academy of Sciences Westone Cryptologic Research Center School of Cryptology University of Chinese Academy of Sciences

In this paper, we propose LOL, a general framework for designing blockwise stream ciphers. The proposed framework achieves ultrafast software implementations for ubiquitous virtual networks in 5G/6G environments and high-security levels for post-quantum cryptography. The LOL framework is structurally strong; furthermore, this framework and all its components enjoy high flexibility with various extensions. On the basis of the LOL framework, we propose new stream-cipher designs called LOL-MINI and LOL-DOUBLE with the support of the AES-NI and single instruction multiple data instructions. The former applies the basic LOL single mode, while the latter uses the extended parallel-dual mode. LOL-MINI and LOL-DOUBLE support 256-bit key length. Our thorough evaluations revealed that these cipher designs have 256-bit security margins against all existing cryptanalysis methods, including differential, linear, and integral. The software performances of LOL-MINI and LOL-DOUBLE can reach 89 and 135 Gbps. In addition to pure encryptions,the LOL-MINI and LOL-DOUBLE stream ciphers can be applied in a stream-cipher-then-MAC strategy to make AEAD schemes.

关键词： stream cipher 5G/6G mobile system fast software implementation

security analysis of a new stream cipher

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Science in china(Series F) 2006年第3期49卷 286-301页

作者： zhang bin feng dengguo state key laboratory of information security Institute of Software Chinese Academy of Sciences Beijing 100080 China

In this paper, we analyze the security of a new stream cipher-COSvd（2,128）. This cipher was proposed by E. Filiol et al. at the ECRYPT SASC＇2004 （The state of the Art of Stream Ciphers）. It uses clock-controlled non-linear feedback registers together with an S-box controlled by a chaotic sequence and was claimed to prevent any existing attacks. However, our analysis shows that there are some serious security flaws in the design of the S-box, resulting in heavy biased byte distribution in the keystream. In some broadcast applications, this flaw will cause a ciphertext-only attack with high success rate. Besides, there are also many security flaws in other parts of the cipher. We point out these flaws one by one and develop a divide-and-conquer attack to recover the secret keys from O（2^26）-byte known plaintext with success rate 93.4597% and complexity O（2^113）, which is much lower than 2^512, the complexity of exhaustive search.

关键词： stream cipher divide-and-conquer attack non-linear feedback shift registers (NLFSR) chaotic sequence.

The Cognition Is Not Enough:Another Look on Existing Interesting Points Chosen Methods

在线全文

学校读者我要写书评

暂无评论

chinese Journal of Electronics 2017年第2期26卷 416-423页

作者： FAN Guangjun ZHOU Yongbin zhang Hailong feng dengguo state key laboratory of Computer Science Institute of SoftwareChinese Academy of Sciences state key laboratory of information security Institute of Information EngineeringChinese Academy of Sciences

For classical template attacks,many papers suggested a guideline of choosing interesting points which is still not *** to now,many different methods of choosing interesting points were ***,it is still unclear that which approach will lead to the best classification performance for template *** comprehensively evaluate and compare the classification performance of template attacks when using different methods of choosing interesting *** results show that the Correlation power analysis based method and the Sum of squared pairwise t-differences based method will lead to the best classification *** find that some methods of choosing interesting points provide the same results in the same ***,we correctly prove the guideline of choosing interesting points is correct by presenting a new way of conducting template attacks.

关键词： Side-channel attacks Power analysis attacks Template attacks Interesting points

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

一种高效和可扩展的OCSP系统

通信学报 2003年第11期24卷 93-99页

作者：周永彬卿斯汉季庆光张振峰中国科学院软件研究所中国科学院信息安全技术工程研究中心北京100080 信息安全国家重点实验室北京100080

证书状态查询是PKI中的一个关键问题,OCSP是解决这个问题的一种重要机制。本文分析了OCSP协议的技术细节,并在此基础上设计了一种高效的、可扩展的OCSP系统。文中对该系统的关键技术和其自身的安全性问题进行了详细的论述。最后,给出了... 详细信息

证书状态查询是PKI中的一个关键问题,OCSP是解决这个问题的一种重要机制。本文分析了OCSP协议的技术细节,并在此基础上设计了一种高效的、可扩展的OCSP系统。文中对该系统的关键技术和其自身的安全性问题进行了详细的论述。最后,给出了关于OCSP机制的一些未决问题以及某些思考。

关键词：公钥基础设施 OCSP系统证书状态查询认证中心

在线全文

学校读者我要写书评

暂无评论

主动防御攻击工具库设计

计算机工程与应用 2003年第33期39卷 159-161,198页

作者：卞莹张玉清郎良冯登国中国科学院研究生院国家计算机网络入侵防范中心北京100039 中国科学院研究生院信息安全国家重点实验室北京100039

主动防御攻击工具库是为主动防御攻击平台提供攻击工具的数据库。文章对主动防御平台系统做了简要介绍,重点分析了如何针对攻击工具的特点对攻击工具进行分类,以及如何选取攻击工具,最后给出了基于这些分类所构造的主动防御平台攻击工... 详细信息

主动防御攻击工具库是为主动防御攻击平台提供攻击工具的数据库。文章对主动防御平台系统做了简要介绍,重点分析了如何针对攻击工具的特点对攻击工具进行分类,以及如何选取攻击工具,最后给出了基于这些分类所构造的主动防御平台攻击工具库的结构。

关键词：攻击工具数据库主动防御

Performance analysis and comparison of PoW,PoS and DAG based blockchains

在线全文

学校读者我要写书评

暂无评论

Digital Communications and Networks 2020年第4期6卷 480-485页

作者： bin Cao Zhenghui zhang Daquan feng Shengli zhang Lei zhang Mugen Peng Yun Li The state key laboratory of Networking and Switching Technology Beijing University of Posts and TelecommunicationsBeijing100876China The state key laboratory of Integrated Services Networks(Xidian University) Xian710000China School of Communications and information Engineering and Chongqing key Lab of Mobile Communications Technology Chongqing University of Posts and TelecommunicationsChongqing400065China The Guangdong key laboratory of Intelligent information Processing College of Electronic and Information EngineeringShenzhen UniversityShenzhen518060China College of information Engineering Shenzhen UniversityShenzhen518060China School of Engineering University of GlasgowGlasgowG128QQUK

In the blockchain,the consensus mechanism plays a key role in maintaining the security and legitimation of contents recorded in the *** blockchain consensus mechanisms have been ***,there is no technical analysis and comparison as a guideline to determine which type of consensus mechanism should be adopted in a specific scenario/*** this end,this work investigates three mainstream consensus mechanisms in the blockchain,namely,Proof of Work(PoW),Proof of Stake(PoS),and Direct Acyclic Graph(DAG),and identifies their performances in terms of the average time to generate a new block,the confirmation delay,the Transaction Per Second(TPS)and the confirmation failure *** results show that the consensus process is affected by both network resource(computation power/coin age,buffer size)and network load *** addition,it shows that PoW and PoS are more sensitive to the change of network resource while DAG is more sensitive to network load conditions.

关键词： Blockchain Proof of work Proof of stake Direct acyclic graph Performance comparison

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

关注商业版PGP7.0的新功能

通信技术 2001年第5期34卷 54-55,67页

作者：张玉安冯登国中国科大研究生院信息安全国家重点实验室北京100039

继PGP6.版本之后美国网络联盟公司(NAI)又推出了PGP7.0版。除了在操作界面和加密算法上做了改进外,新版PGP的突出特点是新增了Gauntlet自适应网关代理防火墙、Cyber-cop入侵检测、PGPVPN和电子商务服务器。新版PGP使该网络密码软件的功... 详细信息

继PGP6.版本之后美国网络联盟公司(NAI)又推出了PGP7.0版。除了在操作界面和加密算法上做了改进外,新版PGP的突出特点是新增了Gauntlet自适应网关代理防火墙、Cyber-cop入侵检测、PGPVPN和电子商务服务器。新版PGP使该网络密码软件的功能由传统的数据信息保密上升到数据信息保密和网络系统安全两大方面使PGP这朵绚丽的网络密码之花又添异彩。

关键词：计算机网络网络安全因特网网上密码 PGP7.0