在文獻探討中我們已看過了幾種相關攻擊法,因此對於此類型攻擊方式,如何防範它 成為設計一個串流密碼系統的重要研究課題,值得深入探討。目前關於此方面的文獻已相 當的多,最早提出防禦相關攻擊法技術的文獻是在 1984 年由 Siegenthaler[43]所提出的,主 要的方法是建構一個相關免疫函數作為串流密碼系統中的組合函數,可以保證在某個門檻
由於 f(x)是一個(m,n)CI 函數,因此
3
(2) 複製(reproduction):
首先隨機選取 20 個 CI 函數作為第0 基因世代中的染色體,每個染色體以下面的
接著定義一個評分函數(fitness function),此函數主要的功能是提供一個判定組合函 數優劣的標準。依據評分函數值,以輪盤法(weighted roulette wheel)的方式隨機挑選染色 體進入生殖池(mating pooling)做為交配運算之用。本文中針對關免疫函數 所提出的 條件函數與機率分佈策略定義如下:
圖 5-9:交配運算子切割範例說明
.
圖 5-11:譜值演化流程圖
產生的基因世代染色體如下表 5-3 所列。我們由圖 5-11 可以看出相關免疫函數的 值 由第 0 世代的
) (w Ff 10234096逐漸演化縮小成
5134096,表示越後面的世代之相關免疫函數,具 有更高的非線性度,由此可以知道透過基因演算法來尋找非線性度高的相關免疫函數是可 行的。我們亦觀察到一個有趣的現象,由定理 5.1 中所建構出的相關免疫函數,由於主要 是以排列的方式產生兩個函數建構而成,因此,建構出的函數大致上均是屬於同一類型的 函數,具有相似的性質,因此函數的譜值只有某幾種特定的數值,所以在本實驗中,歷經 了幾個世代的演化,其值均無明顯的差異。
參考文獻
[1] C. A. Ankenbrandt, B,P Buckles and F.E. Petry, “Scene recognition Using genetic algorithm with sematic nets”, Pattern Recognition Letters, Vol. 11, 1990, pp. 285-293.
[2] E. Biham and O. Dunkelman, “Cryptanalysis of the A5/1 GSM stream cipher,” in Progress in Cryptology – INDOCRYPT 2000, vol. 1977 of Lecture Notes in Computer Science, pp.
43–51, Springer-Verlag, 2000.
[3] A. Biryukov, A. Shamir, and D. Wagner, “Real time cryptanalysis of A5 on a PC,” in Procedding Fast Softeare Encryption 2000, New York:Springer-Verlag, 2000, Vol. 1978, pp.1-18.
[4] S. Babbage, C. D. Cannière, J. Lano, B. Preneel, and J. Vandewalle, “Cryptanalysis of SOBER-t32,” Fast Software Encryption 2003, to be published in LNCS.
[5] J. Bernasconi and C. G. Gunther, “Analysis of a nonlinear feedforward logic for binary sequence generators,” BBC Tech. Rep., 1985
[6] T. Beth and F. Piper, “The stop-and-go generator,” in Lecture Notes in Computer Science 209; Advances in Cryptology: Porc. Eurocrypt ’84, T. Beth, N. Cot, and I. Ingemarsson, Eds., Paris, France, April 9-11, 1984, pp. 88-92. Berlin: Springer-Verlag, 1985.
[7] M. Briceno, I. Goldberg, and D. Wagner, “A pedagogical implementation of A5/1,”
Technical report, 1999. web publication, http://www.scard.org/gsm/body.html.
[8] L. Brynielsson, “On the linear complexity of combined shift register sequences,” in Lecture Notes in Computer Science 219; Advances in Cryptology: Proc. Eurocrypt ’85, F. Pichler, Ed., Linz, Austria, April 1985, pp. 156-166. Berlin: Springer-Verlag, 1986.
[9] B. P. Buckles, F. E. Petry, and R. L. Kuester, “Schema survival rates and heuristic search in genetic algorithm”, IEEE Trans, Sys, Man, and Cybernetics, 1990.
[10] W. G. Chambers and S. M. Jennings, “Linear equivalence of certain BRM shift-register sequences,” Electron. Lett., vol. 20, Nov. 1984.
[11] A. H. Chan and R. A. Games, “On the linear span of binary sequences obtained form finite geometries,” in Lecture Notes in Computer Science 263; Advances in Cryptology: Proc.
Crypto ’86, A. M. Odlyzko, Ed., Santo Barbara, CA, Aug. 11-15, 1986, pp. 405-417. Berlin:
Springer-Verlag, 1987.
[12] A. H. Chan, M. Goresky, and A. Klapper, “Correlation functions of geometric sequences,”
Proc. Eurocypt ’90, I. Damgrad, Ed., Springer-Verlag (in press).
[13] J. H. Cheon, “Nonlinear Vector Resilient Functions.” In Adances in Cryptology, CRYPT 2001, Springer-Verlag, pp. 458-469, 2001.
[14] P. Ekdahl and T. Hohansson, “SNOW-a new stream cipher,” in Proceedings of First Open NESSIE Workshop, KU-Leuven, 2000.
[15] P. Ekdahl and T. Johansson, “Some results on correlations in the bluetoouth stream generator,” in 10th Joint conference on communications and coding, pp. 210–224, 2000.
[16] P. Ekdahl and T. Johnsson, “Distinguishing attacks on SOBER-t16 and SOBER-t32,” in Fast Software Encryption 2002, LNCS 2365, J. Daemen, V. Rijmen, Eds., Springer-Verlag,
pp. 210-224, 2002.
[17] P. Ekdahl and T. Johansson, “Another attack on A5,” in Proceedings of 2001 IEEE International Symposium on Information Theory, 2001, pp. 160-167.
[18] D. E. Goldberg, “Genetic algorithm in search, optimization, and machine learing”, Addison Wesley, Reading, MA, 1989.
[19] J. D. Golic, V. Bagini, and G. Morgari, “Linear cryptanalysis of bluetoouth stream cipher,”
Advances in Cryptology – EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science, pp. 238–255, Springer-Verlag, 2002.
[20] J. Golic and M. V. Zivkovic, “On the linear complexity of nonuniformly decimated pn-sequences,” IEEE Trans. Inform. Theory, vol. 34, pp. 1077-1079, Sept. 1988.
[21] J. D. Golic, “On the linear complexity of functions of periodic GF(q)-sequences,” IEEE Trans. Inform. Theory, vol. IT-35, pp. 69-75, Jan. 1989.
[22] D. Gollman and W. G. Chambers, “clock-controlled shift-registers: A review,” IEEE J.
Selected Areas Commun., vol. 7, pp. 525-533, May 1989.
[23] C. G. Gunther, “Alternating step generators controlled by de Bruijn sequences,” in Lecture Notes in Computer Science 304; Advances in Cryptology: Proc. Eurocrypt ’87, D. Chaum and W. L. Price, Eds., Amsterdam, The Netherlands, April 13-15, 1987, pp. 5-14.
Berlin:Springer-Verlag, 1988.
[24] P. Hawkes and G. Rose. “Primitive specification and supporting documentation for SOBER-t16 submission to NESSIE.” In Proceedings of the First Open NESSIE Workshop, 13-14 November 2000, Heverlee, Belgium.
[25] P. Hawkes and G. Rose. “Primitive specification and supporting documentation for SOBER-t32 submission to NESSIE.” In Proceedings of the First Open NESSIE Workshop, 13-14 November 2000, Heverlee, Belgium.
[26] C. L. Karr, et al., “Control of an exothermic chemical reaction suing fuzzy logic and genetic algorithms”, Proc. International Fuzzy System and Intellignet Control Conference, 1992, pp.
246-254.
[27] E. L. Key, “An analysis of the structure and complexity of nonlinear binary sequence generators,” IEEE Trans. Inform. Theory, vol. IT-22, no. 6, pp. 732-763, Nov. 1976.
[28] M. Krause, “Bdd-based cryptanalysis of keystream generators,” Advances in Cryptology – EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science, pp. 222–237 Springer-Verlag, 2002.
[29] P. V. Kumar and R. A. Scholtz, “Bounds on the linear span of bent sequences,” IEEE Trans.
Inform. Theory, vol. IT-29, pp. 854-862, Nov. 1983.
[30] J. L. Massy, “Cryptography and system theory,” Proceeding 24th Allerton Conference Communication , Control, Comput., Oct. 1-3, 1986.
[31] R. L. McFarland, “A family difference sets in non-cyclic groups,” J. Combinatorial Theory, Ser. A 15, pp. 1-10, 1973.
[32] P. Nyffeler, Binare Automaten und ihre linearen Rekursionen, Ph. D. thesis, University of Berne, 1975.
[33] S. Petrovi and A. Fster-Sabater, “Cryptanalysis of the A5/2 algorithm,” Cryptology ePrint Archive, Report 2000/052, 2000. Available on http://eprint.iacr.org/.
[34] G. Rose, “A stream cipher based on linear feedback over GF(28),” In C. Boyd and E.
Dawson, Editors, ACISP’98, Australian Conference on Information Security and Privacy, Springer-Verlag, July 1998, Vol. 1438.
[35] G. Rose, “SOBER: a stream cipher based on linear feedback over GF(28),” Preprint, 1999.
[36] G. Rose, “S16&S32:Fast stream ciphers based on linear feedback over GF(2n),” Preprint, 2000.
[37] G. Rose and P. Hawkes, “The t-class of SOBER stream ciphers.” Available on http://www.home.aone.net.au/qualcomm.
[38] R. A. Rueppel, Analysis and Design of Stream Ciphers, Berlin: Springer-Verlag, 1986.
[39] R. A. Rueppel and O. Staffelbach, “Products of sequences with maximum linear complexity,” IEEE Trans. Inform. Theory, vol. IT-33, no. 1, pp. 124-131, Jan. 1987.
[40] J. A. Serret, “Cours d’algebre superisure,” Tome II, p. 154, Gauthier-Villars, Paris, 1886.
[41] J. D. Schaffer, et al., “A study of control parameters affecting online performance of genetic algorithms for function optimization”, Proc. Third Int. Conf. On Genetic Algorithms, Fairfax, VA, June 1989, pp. 51-60.
[42] C. E. Shannon, “Communications theory of secrecy sustems”, Bell Sys. Tech. Jornal, Vol.
28, pp.656-715, 1949.
[43] T. Siegenthaler, “Correlation immunity of non-linear combining functions for cryptographic applications”, IEEE Trans. On Inform. Theory, IT-30, pp. 776-780, 1984.
[44] B. Smeets, “A note on sequences generated by clock-controlled shift registers,” in Lecture Notes in Computer Science 219; Advances in Cryptology: Proc. Eurocrypt ’85, F. Pichler, Ed., Linz, Austria, April 1985, pp. 40-42. Berlin: Springer-Verlag, 1986.
[45] R. Vogel, “On the linear complexity of cascaded sequences,” in Lecture Notes in Computer Science 209; Advances in Cryptology: Proc. Eurocrypt ’84, T. Beth, N. Cot, and I.
Ingemarsson, Eds., Paris, France, April 9-11, 1984, pp. 99-109. Berlin: Springer-Verlag, 1985.
計畫成果自評
本計畫依原訂進度順利進行。除了相關文件的蒐集與研讀外,目前也得到了很豐碩的 成果。我們針對擬隨機序列產生器的核心元件—布林函數,利用基因演算法物競天擇的特 性設計出具有優良性質的布林函數。後面的附錄列出本計畫期間我們所發表的論文。