一些密碼元件之分析與設計

Abstract

網路犯罪伴隨著網路的興起而成長，其核心價值──數位內容正面臨嚴重的威脅。本論文改良網路安全主要元件：對稱式加密演算法、單向雜湊函數以及安全協定的設計以及探討應用於隨意網路上金鑰管理的方法。 本論文替換了進階加密標準(AES)中回合函式的部分運算方法，並改以位元當作運算單位，使得可以抵抗三回合的平方攻擊法，以及線性攻擊法、差分攻擊法，得以證明在許多方面比AES優良。本研究也基於安全雜湊演算法(SHA)的設計精神，定義了一般性的SHA，其接受任意長度訊息輸入，並產生所需要長度的訊息摘要。本研究提出一個新的觀點，以評估SHA-256-XOR演算法的安全複雜度，即是計數每個演算方程式中所牽涉的項數，以取代計算碰撞機率的方法。引用基因演算法探究訊息排程中趨近最佳的參數組合，使相對於標準方法可以提升1.5到4倍的安全複雜度。最後，本論文改良了秘密分享機制並應用於金鑰管理方法以減少通訊、計算量的花費。 本論文的貢獻將會讓非模加安全雜湊運算的研發者感到興趣，而這樣的運算方式會有利於使用較少邏輯閘的硬體實作。另外，本論文所提出的方法論亦可以應用於所有引用秘密分享機制的設計方法以減少訊息長度而不會降低安全程度。

Increasing cybercrime activities on the Internet introduces various threats to core values and digital content. This dissertation improves the design of symmetric cipher algorithms and one-way hash functions, and clarifies the functions of key management in mobile ad hoc networks. We replace some procedures in the round function of the advanced encryption standard (AES) and use bits as the operation unit to foil the 3-round square attack. Moreover, we apply linear cryptanalysis and differential cryptanalysis to the proposed cipher, which is superior to AES. Our study defines a generalized secure hash algorithm (SHA) algorithm based on SHA family rules. The algorithm accepts arbitrary length messages as inputs that generate message digests with the required length. We propose a new perspective of complexity for SHA-256-XOR functions by counting the terms involved in each equation, instead of analyzing the probability of finding collisions within SHA-256-XOR hash functions. We apply genetic algorithms to find the near-optimal message schedule parameter sets that enhance the complexity 4 times for SHA-1 and 1.5 times for SHA-256-XOR, when compared to their original SHA-1 and SHA-256-XOR functions. Finally, we modify the secret sharing scheme and apply it to autonomous key management (AKM) for reducing communication and computation costs. Our results are useful when designing security for modular-addition-free hash functions, simplifying hardware implementation and allowing a smaller gate count, and when designing symmetric ciphers. The proposed methodology applies to all cryptographic threshold-based schemes that truncate message size without compromising security.