WEKO3
アイテム
Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack
https://ipsj.ixsq.nii.ac.jp/records/95214
https://ipsj.ixsq.nii.ac.jp/records/952141df68a6c-ee46-401d-bfb9-2f5f5d46cdac
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5409005 (339.0 kB)
|
Copyright (c) 2013 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2013-09-15 | |||||||||||
| タイトル | ||||||||||||
| タイトル | Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack | |||||||||||
| タイトル | ||||||||||||
| 言語 | en | |||||||||||
| タイトル | Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| キーワード | ||||||||||||
| 主題Scheme | Other | |||||||||||
| 主題 | [特集:未来を切り開くコンピュータセキュリティ技術] stream cipher, slide attack, related-key attack, RAKAPOSHI, initialization process, partial slide pair | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者所属 | ||||||||||||
| Kobe University | ||||||||||||
| 著者所属 | ||||||||||||
| Hiroshima University | ||||||||||||
| 著者所属 | ||||||||||||
| Kobe University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Kobe University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Hiroshima University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Kobe University | ||||||||||||
| 著者名 |
Takanori, Isobe
× Takanori, Isobe
× Toshihiro, Ohigashi
× Masakatu, Morii
|
|||||||||||
| 著者名(英) |
Takanori, Isobe
× Takanori, Isobe
× Toshihiro, Ohigashi
× Masakatu, Morii
|
|||||||||||
| 論文抄録 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | This paper gives a first security evaluation of a lightweight stream cipher RAKAPOSHI. In particular, we analyze a slide property of RAKAPOSHI such that two different Key-IV pairs generate the same keystream but n-bit shifted. To begin with, we demonstrate that any Key-IV pair has a corresponding slide Key-IV pair that generates an n-bit shifted keystream with a probability of 2-2n. In order to experimentally support our results, some examples of such pairs are given. Then, we show that this property is able to be converted into key recovery attacks on RAKAPOSHI. In the related-key setting, our attack based on the slide property can recover a 128-bit key with a time complexity of 241 and 238 chosen IVs. Moreover, by using a variant of slide property called partial slide pair, this attack is further improved, and then a 128-bit key can be recovered with a time complexity of 233 and 230 chosen IVs. Finally, we present a method for speeding up the brute force attack by a factor of 2 in the single key setting. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online) DOI http://dx.doi.org/10.2197/ipsjjip.21.599 ------------------------------ |
|||||||||||
| 論文抄録(英) | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | This paper gives a first security evaluation of a lightweight stream cipher RAKAPOSHI. In particular, we analyze a slide property of RAKAPOSHI such that two different Key-IV pairs generate the same keystream but n-bit shifted. To begin with, we demonstrate that any Key-IV pair has a corresponding slide Key-IV pair that generates an n-bit shifted keystream with a probability of 2-2n. In order to experimentally support our results, some examples of such pairs are given. Then, we show that this property is able to be converted into key recovery attacks on RAKAPOSHI. In the related-key setting, our attack based on the slide property can recover a 128-bit key with a time complexity of 241 and 238 chosen IVs. Moreover, by using a variant of slide property called partial slide pair, this attack is further improved, and then a 128-bit key can be recovered with a time complexity of 233 and 230 chosen IVs. Finally, we present a method for speeding up the brute force attack by a factor of 2 in the single key setting. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online) DOI http://dx.doi.org/10.2197/ipsjjip.21.599 ------------------------------ |
|||||||||||
| 書誌レコードID | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AN00116647 | |||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 54, 号 9, 発行日 2013-09-15 |
|||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||
