Ling Song
Chinese Academy of Sciences
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Ling Song.
international conference on the theory and application of cryptology and information security | 2014
Siwei Sun; Lei Hu; Peng Wang; Kexin Qiao; Xiaoshuang Ma; Ling Song
We propose two systematic methods to describe the differential property of an S-box with linear inequalities based on logical condition modelling and computational geometry respectively. In one method, inequalities are generated according to some conditional differential properties of the S-box; in the other method, inequalities are extracted from the H-representation of the convex hull of all possible differential patterns of the S-box. For the second method, we develop a greedy algorithm for selecting a given number of inequalities from the convex hull. Using these inequalities combined with Mixed-integer Linear Programming (MILP) technique, we propose an automatic method for evaluating the security of bit-oriented block ciphers against the (related-key) differential attack with several techniques for obtaining tighter security bounds, and a new tool for finding (related-key) differential characteristics automatically for bit-oriented block ciphers.
international conference on information security and cryptology | 2013
Siwei Sun; Lei Hu; Ling Song; Yonghong Xie; Peng Wang
Counting the number of active S-boxes is a common way to evaluate the security of symmetric key cryptographic schemes against differential attack. Based on Mixed Integer Linear Programming (MILP), Mouha et al. proposed a method to accomplish this task automatically for word-oriented symmetric-key ciphers with SPN structures. However, this method can not be applied directly to block ciphers of SPN structures with bitwise permutation diffusion layers (S-bP structures), due to its ignorance of the diffusion effect derived collaboratively by nonlinear substitution layers and bitwise permutation layers. In this paper we extend Mouha et al.’s method for S-bP structures by introducing new representations for exclusive-or (XOR) differences to describe bit/word level differences simultaneously and by taking the collaborative diffusion effect of S-boxes and bitwise permutations into account. Our method is applied to the block cipher PRESENT-80, an international standard for lightweight symmetric key cryptography, to automatically evaluate its security against differential attacks. We obtain lower bounds on the numbers of active S-boxes in the single-key model for full 31-round PRESENT-80 and in related-key model for round-reduced PRESENT-80 up to 12 rounds, and therefore automatically prove that the full-round PRESENT-80 is secure against single-key differential attack, and the cost of related-key differential attack on the full-round PRESENT-80 is close to that of an exhaustive search: the best related-key differential characteristic for full PRESENT-80 is upper bounded by \(2^{-72}\).
IACR Cryptology ePrint Archive | 2013
Ling Song; Lei Hu
PRINCE is a new lightweight block cipher proposed at the ASIACRYPT’2012 conference. In this paper two observations on the linear layer of the cipher are presented. Based on the observations a differential fault attack is applied to the cipher under a random nibble-level fault model, aiming to use fault injections as few as possible. The attack uniquely determines the 128-bit key of the cipher using less than 7 fault injections on average. In the case with 4 fault injections, the attack limits the size of key space to less than 218.
international conference on information security | 2015
Qianqian Yang; Lei Hu; Siwei Sun; Kexin Qiao; Ling Song; Jinyong Shan; Xiaoshuang Ma
In CRYPTO 2014 Albrecht et al. brought in a 20-round iterative lightweight block cipher PRIDE which is based on a good linear layer for achieving a tradeoff between security and efficiency. A recent analysis is presented by Zhao et al. Inspired by their work, we use an automatic search method to find out 56 iterative differential characteristics of PRIDE, containing 24 1-round iterative characteristics, based on three of them we construct a 15-round differential and perform a differential attack on the 19-round PRIDE, with data, time and memory complexity of 262, 263 and 271 respectively.
International Workshop on Lightweight Cryptography for Security and Privacy | 2014
Ling Song; Lei Hu; Bingke Ma; Danping Shi
SIMON is a family of lightweight block ciphers designed by the U.S National Security Agency in 2013. In this paper, we analyze the resistance of the SIMON family of block ciphers against the recent match box meet-in-the-middle attack which was proposed in FSE 2014. Our attack particularly exploits the weaknesses of the linear key schedules of SIMON. Since the data available to the adversary is rather limited in many concrete applications, it is worthwhile to assess the security of SIMON against such low-data attacks.
Science in China Series F: Information Sciences | 2017
Danping Shi; Lei Hu; Siwei Sun; Ling Song; Kexin Qiao; Xiaoshuang Ma
摘要创新点密码算法的不同部件具有相同输入时的线性逼近的相关度计算不能应用堆积引理, 其计算是一个对线性分析结果有重要影响的难题。 充分考虑了 SIMON 分组密码算法不同运算的相关性, 通过化标准二次型的方法准确计算了轮函数线性逼近的相关度, 得到精确的线性分析结果。 基于混合整数线性规划建模, 找到了 SIMON 算法的多个版本的更好的线性迹和线性闭包, 给出了 SIMON 的更好的密钥恢复攻击结果。
international workshop on security | 2016
Qianqian Yang; Lei Hu; Siwei Sun; Ling Song
Khudra is a block cipher proposed by Souvik Kolay and Debdeep Mukhopadhyay in the SPACE 2014 conference which is applicable to Field Programmable Gate Arrays (FPGAs). It is an 18-round lightweight cipher based on recursive Feistel structure, with a 64-bit block size and 80-bit key size. The designers indicated that 18 rounds of Khudra provide sufficient security margin for related key attacks. But in this paper, we obtain \(2^{16}\) 14-round related-key impossible differentials of Khudra, and based on these related-key impossible differentials for 32 related keys, we launch an attack on the full Khudra with data complexity of \(2^{63}\) related-key chosen-plaintexts, time complexity of about \(2^{68.46}\) encryptions and memory complexity of \(2^{64}\). This is the first known attack on full Khudra.
international conference on information security | 2015
Siwei Sun; Lei Hu; Meiqin Wang; Qianqian Yang; Kexin Qiao; Xiaoshuang Ma; Ling Song; Jinyong Shan
We focus on extending the applicability of the mixed-integer programming MIP based method in differential cryptanalysis such that more work can be done automatically. Firstly, we show how to use the MIP-based technique to obtain almost all high probability 2-round iterative related-key differential characteristics of PRIDE a block cipher proposed in CRYPTO 2014 automatically by treating the
international conference on information and communication security | 2014
Ling Song; Lei Hu; Siwei Sun; Zhang Zhang; Danping Shi; Ronglin Hao
international conference on information security | 2013
Ling Song; Lei Hu
g_i^{j}\cdot