Please pluck foam note that JavaScript and style sheet are used in this website, Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original. Even in such a case, however, the contents can be used safely.
Group Iwata Akirajun professor at Nagoya University, Nagoya NEC Corporation, Graduate School of Engineering Science Department of calculation August pluck foam 17, 2012, Keisuke Ohashi graduate student of the Department, of Minematsu Kazuhiko chief scientist of NEC Corporation, I have found that there is a defect in the safety assurance of (Note 1) GCM is the authentication encryption scheme of international standard. In addition, we succeeded in removing the defect pluck foam was located, to repair the safety assurance of the GCM. It is employed in the standardization process of many from the fact that it has been considered that the safety and is guaranteed mathematically GCM also has a high computational efficiency, and it is used extensively in inter-governmental and private. However, theoretical grounding of the guarantee was invalid is now clear. In addition, pluck foam we have succeeded in ensuring that the mathematically its safety without having pluck foam to remove the defect was located, to change the specifications of the GCM. Thus, (2) is in the safety block cipher used inside the GCM, attack method tractable, it is not a limit value above a certain has been shown that the probability of success. Increased risk for large limits than the number has been believed so far, but the results indicate that there is no safety problem with using GCM in practice as long as it is properly implemented You. I will be announced at the International Conference CRYPTO 2012 to be held on (Pacific Ocean Time) 23 日 から August 19, 2012 at the University of California, pluck foam Santa Barbara, these research results. Summary
(Galois / Counter Mode, Galois / Counter pluck foam Mode) is a cryptographic technique pluck foam called authenticated encryption method for simultaneously encrypting and authenticating data GCM. It was designed in 2004 by John Viega and David A. McGrew. Since it has been considered that safety and is guaranteed by mathematical proof by two designers GCM also has a high computational efficiency, GCM initially American NIST (note 3) It has been employed in the standardization process to advance a number of IEEE ISO / IEC and (Note 4) and (Note 5). Use and NSA in (Note 6), protection of data on the Internet, such as has been used on a daily basis all over the world. pluck foam To the method of attack tractable, by proving mathematically that this is not a limit value or more there is the probability of success, pluck foam ensuring the safety in GCM. Development of attacks against GCM is an important research topic in understanding, and verify its safety, attack several methods have been proposed so far. A value less than the limit that GCM will allow, and therefore the probability of successful attack these methods does not shake its safety assurance. It has been considered the safety of the GCM is is guaranteed by mathematical proof, that there is no defect there. Study results
I am using a common key encryption element technique called block cipher therein in GCM. First, pluck foam if it is idealized that there is no defect at all in this block cipher, we have succeeded in developing a method of attack specific to overturn a part of the safety assurance of the GCM in this study. While the supposed is 80 2-128 following safety assurance of GCM is correct, the probability of successful attacks against GCM idealized, we have developed consists in 94 2-128 or more that exceeds the allowable range is actually You. Therefore, this method of attack shows that there is a defect in the safety assurance of the GCM. (94 2-128 2.76 10-37), and therefore is not a real threat, the success probability of this attack method is the method of attack theoretical A probability is negligibly small. In addition, without contradiction from the guarantee of safety for the GCM with a block cipher of reality that is not idealized, only overturn the part of the claim of the safety of the designer. Further, the attack can not be if the input data is called the initial value is limited to 96 bits, or defined, to be used are limited to 96-bit pluck foam initial pluck foam value of the GCM in terms of computational efficiency a number of standards are recommended. On the other hand, attack method developed shows that the theoretical grounding of safety assurance of ever GCM was invalid. In addition, by improving the method of attack that we have developed, it is possible to suggest that there is a strong possibility of attack such a way that the threat realistically future will be developed is not zero, the safety of the GCM is the first place or can guarantee mathematically , I show that the unresolved problem exists. We managed to ensure mathematically safety pluck foam GCM without respect to these problems, to remove the defect, and to change the specifications. Thus, the block cipher used inside the GCM is in the safe, attack method tractable, it is not a limit value above which it is was shown that the probability of success. Furthermore, when limited to 96-bit initial value, and succeeded in ensuring higher safety. Outlook of the significance and future pluck foam of result
GCM is an authenticated encryption scheme of NIST recommended, and it is adopted in the standardization process of many other. Attack method proposed in this paper, is that to the GCM is an encryption technology that is standardized wide, was first demonstrated theoretical attacks in the sense of overturning portion of claim safety designer. On the other hand, it has been able to prove mathematically the safety of the GCM. It is greatly different cryptographic other technologies there is no proof such, this is an indication that there is no problem of safety to be used for the GCM in practice as long as it is properly implemented. However, since the greater than the number has been believed so far, the limit value of the attack success probability nor recommended to re-evaluate the risk, be used exclusively with the 96-bit initial values when using the GCM will be. The results of this study shows that there is room for improvement in the design of the GCM. By the results, as well as to the design and findings of the present study, designing the authentication encryption scheme having a higher safety is expected. Term
Breaking and Repairing GCM Security Proofs author: Akira Iwata (Nagoya University), Keisuke Ohashi (Nagoya University), International Conference name: (Crypto 2012, http://www.iacr.org/conferences/crypto2012/) paper title CRYPTO 2012 Of Minematsu Kazuhiko (NEC) this study, part of the study by Akira Iwata was conducted by Grant (Grant-in-Aid for Young Scientists (A), 22680001) by Kakenhi. Inquiries pluck foam from the general public on this issue
No comments:
Post a Comment