已为您找到该学者10条结果 成果回收站
【期刊论文】The Second-Preimage Attack on MD4
王小云, Hongbo Yu, Gaoli Wang, Guoyan Zhang, and Xiaoyun Wang
CANS 2005, LNCS 3810, pp. 1-12, 2005.,-0001,():
-1年11月30日
In Eurocrypt'05, Wang et al. presented new techniques to find collisions of Hash function MD4. The techniques are not only efficient to search for collisions, but also applicable to explore the secondpreimage of MD4. About the second-preimage attack, they showed that a random message was a weak message with probability 2−122 and it only needed a one-time MD4 computation to find the second-preimage corresponding to the weak message. A weak message means that there exits a more efficient attack than the brute force attack to find its secondpreimage. In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. For any random message, it is a weak message with probability 2−56, and it can be converted into a weak message by message modification techniques with about 227 MD4 computations. Furthermore, the original message is close to the resulting message (weak message), i. e, the Hamming weight of the difference for two messages is about 44.
Hash function,, collision differential path,, second-preimage,, weak message.,
-
268浏览
-
0点赞
-
0收藏
-
0分享
-
103下载
-
0
-
引用
【期刊论文】The Differential Cryptana]ysis of an AES Finalist-Serpent
王小云, X. Y. Wang*, L. C. K. Hui*, K. P. Chow*, C. F. Chong*, W. W. Tsang*, H. W. Chan*
,-0001,():
-1年11月30日
Serpent is one of the five AES finalists. In our paper, we give solne differentials about Serpent, two of the differentials are a 5-round differential with the probability of 1/207 and a 6-round diffierential with the probability of 1/207. The best known differential before our paper is a 5-round differential with the probability of 1/207 given in [9]. Additionally, we provide all the possible best differentials for some cases about Serpent. From these best differentials, we eonclude that the 16-round best differential is not higher than 1/207 and that the 17-round differential is less than 1/2128.
-
51浏览
-
0点赞
-
0收藏
-
0分享
-
90下载
-
0
-
引用
【期刊论文】The Differential Analysis of Reduced Skipjack Variants
王小云, L. C. K. Hui*, X. Y. Wang*, K. P. Chow*, W. W. Tsang*, C. F. Chong*, H. W. Chan*
,-0001,():
-1年11月30日
In this paper, we use the a 12-round differential (5-16 rounds) to analyze the reduced Skipjack variants starting from the first round. The analysis result is that, breaking 1-21 rounds Skipjack variant needs about 217 chosen plaintexts and 264 encryptions, breaking 1-24 variant needs about 246 chosen plaintexts and 272 encryptions, and 1-26 variants needs about 246 chosen plaintexts and 260 encryptions.
-
65浏览
-
0点赞
-
0收藏
-
0分享
-
137下载
-
0
-
引用
【期刊论文】Secure and Practical Tree-Structure Signature Schemes Based on Discrete Logarithms
王小云, X. Y. Wang, L. C. Hui, K. P. Chow, W. W. Tsang, C. F. Chong, and H. W. Chan
PKC 2000, LNCS 1751, pp. 167-177, 2000.,-0001,():
-1年11月30日
In this paper, we present another tree-structure signature scheme based on discrete logarithm problem modulo p, where p is a large prime. The basic signing algorithm is the original ELGmal signature scheme. The scheme attains ideal security, i. e, finding existential forgeries under adaptively chosen message attacks is equivalent to solving the discrete logarithm of any random integer y∈Z*p. The scheme is also efficient, it can be implemented almost as efficiently as the original ELGamal signature scheme. We can regard the scheme as an application of ELGamal signature scheme in tree-structure signature schemes.
-
70浏览
-
0点赞
-
0收藏
-
0分享
-
98下载
-
0
-
引用
【期刊论文】How to Break MD5 and Other Hash Functions
王小云, Xiaoyun Wang and Hongbo Yu
EUROCRYPT 2005, LNCS 3494, pp. 19-35, 2005.,-0001,():
-1年11月30日
MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initialvalue of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.
-
377浏览
-
0点赞
-
0收藏
-
0分享
-
229下载
-
0
-
引用