【作者】 郭伟；

【导师】 何大可；

【作者基本信息】 西南交通大学 ， 信息安全， 2011， 博士

【摘要】 混沌密码学是非线性科学与密码学交叉融合的一门新的科学。经过了20多年的发展,混沌密码学涉及的范围由初期的流密码和分组密码,扩展到了包含Hash函数、公钥密码、数字水印、图像隐藏等在内的广泛领域,许多基于混沌的信息安全算法和协议相继被提出。作为混沌密码学的一个重要分支,混沌Hash函数是近几年的一个研究热点,也是混沌理论在密码学领域中的一个新应用。本文主要从两个方面对混沌Hash函数展开研究：一是分析现有的典型混沌Hash方案的安全性并给出有效的攻击方法；二是设计安全性能更好、效率更高的混沌Hash算法。具体工作如下：(1)分析了Ren等人提出的一种基于时空混沌的Hash函数的安全性。提出了一类针对分段线性混沌映射的算术差分分析方法,并利用此方法找到了目标方案的两类最小差分传播路径。利用最小差分传播路径,设计了一种伪造攻击方案,使攻击者可以在不知道密钥的情况下,从相互关联的8个单分组差分消息及其中间链接Hash值中,以极高的概率伪造出合法的“明文-MAC”对。给出了对目标算法的改进建议。(2)对Xiao等人提出的一种基于混沌映射的并行带密钥Hash方案和一种基于混沌神经网络的并行Hash方案进行了安全性分析。利用差分分析方法,找到了这两种方案所采用的并行结构的设计缺陷,并设计了两类伪造攻击方案,使得攻击者可在不知道密钥的情况下,利用关联消息及其MAC值,伪造出合法的“明文-MAC”对。指出了这两类方案所采用的基于可变参数的PWLCM系统存在永恒不动点,并成功设计了一类弱密钥攻击方案,使得恶意的认证用户可以通过选择特定的弱密钥,利用不动点来构造有意义的MAC碰撞。(3)对Xiao等人所提出的一种基于混沌映射的并行Hash改进方案Huang等人所提出的一种基于混沌神经网络的并行Hash改进方案、以及Wang等人所提出的一种基于混沌耦合格子的并行Hash方案进行了密码分析。指出三种改进方案各自的缺陷和不足,并对Xiao方案和Wang方案给出了相应的伪造攻击方案。参考PMAC算法,给出了一种混沌并行Hash的改进结构。(4)分析了Yang等人所提出的一种基于混沌网络结构的Hash函数的安全性。利用代数分析方法,给出了目标方案混沌压缩函数的方程组模型,并在此基础上,设计了对目标方案的密钥恢复攻击。给出了对目标算法的改进建议。(5)总结了对多种典型的混沌Hash算法的密码分析成果,分析其安全漏洞的产生原因,并结合传统Hash的经典设计思路,提出了一种全新的混沌Hash算法。新算法采用了宽管道HAIFA迭代结构,可抵御对M-D结构的通用攻击；其压缩函数基于混沌迭代并吸取了一些传统Hash的经典设计。在对所提算法的性能分析中,首次引入了NISSIE项目中对完全性、雪崩效应、严格雪崩准则的统计测试方法,对混沌Hash的非线性扩散程度做了定性分析。理论分析和实验测试表明,该混沌Hash算法在保证算法执行效率的同时,克服了混沌Hash函数设计中的已知安全缺陷,具有较高的安全性。更多还原

【Abstract】 Chaotic cryptography is a new interdisciplinary field combining cryptography and nonlinear science. Over the last two decades, the scope of chaotic cryptography has vastly extended, from stream cipher and block cipher in the early period, to include hash function, pubic-key cipher, digital watermark and image hiding, etc., and many chaotic cryptographic algorithms and protocols have been proposed so far. Chaotic hash function is a major branch of chaotic cryptography, which has become a research hotspot in recent years, and also a new application of chaos theory in the field of cryptography.In this thesis, research on chaotic hash function focuses on the following two aspects:firstly, analyzes the security of previously proposed chaotic hash schemes and poses new attacks; secondly, designs new chaotic hash scheme with stronger security properties and higher efficiency. The main contributions of this thesis are given as follows:Chapter2analyzes the security of a one-way hash function construction based on spatiotemporal chaos, proposed by Ren et al. in2009. A new kind of differential attack named "arithmetic differential attack", is introduced to construct two kinds of differential paths in the round function of Ren’s scheme. Based on these differential paths, a simple forgery attack can be devised, where the valid MAC of a random256-bit message can be calculated, without knowledge of the secret key, from eight related256-bit messages and their intermediate hash values. Furthermore, some preliminary advice on how to improve the Ren’s scheme is given.Chapter3analyzes the security of two parallel keyed hash schemes proposed by Xiao et al., separately in2008and2009, where one is based on chaotic maps, and the other is based on chaotic neural network. The security leak of the underlying parallel structure is revealed through differential cryptanalysis, and two kinds of forgery attacks are devised, where the valid MAC of a random message can be calculated from related messages and their MACs, without knowledge of the secret key. In addition, a class of weak-keys in both schemes is discussed, where keys are considered as weak-keys in the sense that they turn the chaotic orbit of PWLCM into fixed point. With these weak keys, different messages will have identical MACs, in other words, MAC collision happens at this case.In order to overcome the weaknesses of the two parallel keyed hash schemes, three different schemes were proposed, i.e., an improved parallel hash scheme based on chaotic maps proposed by Xiao et al. in2009, an improved parallel hash scheme based on chaotic neural network proposed by Huang et al. in2011, and a parallel hash scheme based coupled map lattices proposed by Wang et al. in2011. The security of these three proposals is analyzed, and their weaknesses are identified. The forgery attacks on Xiao’s improved scheme and on Wang’s improved scheme are presented, respectively. Moreover, a provable secure parallel structure, which is inspired by the PMAC algorithm, is proposed to remedy these security flaws.Chapter4analyzes the security of a one-way hash function construction based on chaotic map network, proposed by Yang et al. in2009. It is found that the chaotic round function of Yang’s scheme can be translated into a set of systems of linear equations by applying algebraic analysis, and hence a key-recovery attack is devised based on these equations. Preliminary advice on how to improve the original scheme is also discussed.In Chapter5, the cryptanalysis results available so far are summarized, and the root causes of the security vulnerabilities are analyzed. Then a new chaotic hash function is proposed, which combines the advantages of both chaotic system and conventional hash function. The proposed hash scheme follows HAIFA structure with internal wide-pipe design strategy, which does not suffer from the known generic attacks that work on the M-D construction. The compression function in-use is based on chaotic iteration, and includes some classic design elements form traditional hash function as well. A statistical evaluation methodology developed by NESSIE project is introduced for the performance analysis, which includes three well-known cryptologic measures for diffusion property:the degrees of completeness, of avalanche effect and of strict avalanche criterion. Theoretical analysis and numeric simulation show that the proposed algorithm avoids all known security pitfalls of chaotic hash function, and achieves fast hashing speed as well.更多还原