Nowadays,the application scenarios in the resource-constrained terminal system appear more and more,and the data encryption requirement of them also needs to be satisfied.There are many lightweight block ciphers designed such as PRESENT which is an international standard block cipher.PFP cipher is an ultra-lightweight block cipher which takes Feistel structure,and its round function is designed by using the experience of PRESENT cipher for reference.The block size of PFP is 64-bit,the key size of PFP is 80-bit and its round number is 34.For PFP,this paper studies its ability against impossible differential cryptanalysis.In the design document,the designers proposed a 5-round impossible differential and attacked reduced 6-round PFP cipher with this distinguisher.Moreover,the designers can recover 32-bit master key.Comparing with this result,by exploiting the differential property of the S-box in PFP,this paper constructs a 7-round impossible differential distinguisher and attack reduced 9-round PFP.Moreover,it can recover 36-bit master key.Therefore,the result is much better than the known one in terms of either the round number or the recovered key.So far as I know,the result in this paper is the best impossible differential cryptanalysis of PFP cipher.

Recent advances in quantum computing have posed a serious potential security threat to the majority of current network security protocols,whose security relies on classical number-theoretic hard problems.As the basic network security protocols,authenticated key agreement protocols bear the brunt.Therefore,quantum-resistant authenticated key agreement protocols have become a recent hot research topic.Thereinto,lattice-based post-quantum cryptographic schemes,with strong security and high computational efficiency,have gained extensive attention in recent years,and are developing rapidly,which are expected to be included in the future standards of quantum-resistant cryptographic algorithms.In this paper,research on lattice-based post-quantum authenticated key agreement protocols is focused on.Firstly,the research background of quantum-resistant authenticated key agreement protocols is introduced,and the main computational hard problems that the security designs of current lattice-based post-quantum cryptographic schemes depend on are also described.Then,an overview of the existing typical lattice-based post-quantum authenticated key agreement protocols is given,and by taking the two-party protocols as the main research object,the basic construction modes of related schemes and performance of several current typical related protocols are discussed,analyzed and compared.Lastly,the existing problems in the current research are summarized,and the future development of related research is also forecasted.

The traditional encryption scheme does not take into account the situation in which the adversary eavesdrops on the ciphertext to force the sender or receiver to hand over the public key,random number,plaintext,or secret key used in the encryption.Therefore,the concept of deniable encryption was proposed in 1997 to solve the information leakage caused by the coercion problem.At present,only several complete deniable encryption schemes have been proposed and implemented.However,the schemes are not practical due to the problems of low encryption efficiency and high expansion rate.By constructing a “translucent set”,a practical bi-deniable anti-quantum encryption scheme is proposed in this paper.The scheme uses the difficult problem of Module Learning With Errors (MLWE) based on polynomial ring to construct two ciphertext distributions that adversaries can’tdistinguish.The indistinguishability of two ciphertext distributions is verified by chi-square statistical experiments.The schemes’ security can be reduced to the Shortest Independent Vectors Problem (SIVP).Meanwhile,the correctness,security,deniable,expansion rate and complexity of the scheme are theoretically analyzed.And the experimental results obtained through C++are consistent with the theoretical analysis.Experimental results show that the bit error rate is about 1×10^<sup>－23,the ciphertext expansion rate 5.0,and the encryption efficiency is about 670 KB/s.Therefore,it has practical application prospects in many scena-rios,such as electronic election and electronic bidding.

One of the most fundamental problems in computer science is unstructured search,and Grover quantum search algorithm is designed for the unstructured search problem.Grover quantum search algorithm can be used to solve graph coloring,shortest path sorting and other problems,and it can also effectively decipher the cipher system.In this paper,Grover search algorithm combined with classical pretreatment is proposed to realize integer decomposition.Firstly,quantum circuits of Grover algorithm with different qubits are simulated based on IBMQ cloud platform,and the prime factors P and Q of N are simulated using Grover algorithm.Then,the simplified equation is transformed into Boolean logic relation to build Oracle in Grover algorithm.Finally,the probability of finding the solution is changed by changing the number of iterations.According to the experimental results of the simulation circuit,the feasibility of solving prime factors P and Q using Grover algorithm is verified,and the target item is searched with 78% probability of success under the condition of 16 search space and one G iteration.The differences of quantum bit number and time asymptotic complexity between Grover algorithm and Shor algorithm for solving some numbers are compared.The experiment of integer decomposition by Grover quantum search algorithm expands the application field of this algorithm,and the acceleration effect of Grover algorithm is especially obvious in large search problems.

Since GANs(Generative Adversarial Networks) has been put forward,it has been widely used in various fields,and its application in the field of information security is getting more and more deeply.However,using GANs to realize secure communication under public key cryptosystem has not been reported publicly.Therefore,in view of the adversarial nature of both communication sides and their adversary,this paper proposes an adversarial learning mechanism of GANs.In the public key cryptosystems scenarios,the key generator,encryption and decryption of both communication sides,and the decipher process of adversary are regarded as neural networks,then we use the certification confidentiality to strengthen public-private key linkage.Afterwards,by using the adversarial learning mechanism to train both communication sides and their adversary,we realize the authenticable encrypted secure communication (AEC-AN) between both communication sides on the open channel.In the experiment,4 keys with lengths of 16 bit,32 bit,64 bit and 128 bit have been used for training.The experiment result shows that Bob's accuracy rate is between 91%~94%,and Eve's error rate is between 43%~57%,which is close to the probability of Eve's random guess,thus proving that the proposed mechanism of GANs achieves the secure communication between both communication sides under the environment of adversary eavesdropping.

The identity-based encryption(IBE) by lattice can effectively resist quantum attacks,and this mechanism takes users’ identity information as public keys,which can ease the management of public key infrastructure(PKI) with an extremely large number of users.The lattice-based IBE system is an improvement of the traditional PKI to solve some problems in the Internet of Things(IoT) environment.However,previous IBE schemes based on lattices are cumbersome,and there are few implementations of these schemes.Aiming at this problem,this paper proposes an IBE scheme based on R-SIS and R-LWE with advantages of low expansion rate,which is secure against IND-sID-CPA.Firstly,a block reusing technology is proposed to reuse a ciphertext block for auxiliary decryption which occupies a significant amount in storage so that the expansion rate of ciphertext decreases and the encryption efficiency improves in a large extent.Then,by using a compression algorithm and introducing a plaintext expansion parameter,the two indicators of the scheme have been further optimized.Next,the scheme’s security,correctness,and computing complexity are analyzed through rigorous theoretical derivation,and numerical experiments with Maple give the optimal parameter values of this scheme under three scenarios.Finally,the new scheme is implemented with C++,and the performance of the scheme and the BFRS scheme in three scenarios are compared.Experiments and comparisons show that,while ensuring the correctness and security,this scheme improves the encryption and decryption efficiency of the original scheme and reduces the ciphertext expansion rate effectively.

Certificateless public key cryptosystem combines the advantages of identity-based cryptosystem and traditional PKI public key cryptosystem,overcomes the key escrow problem of identity-based public key cryptosystem and the certificate management problem of PKI system,and has obvious advantages.By analysing the security of a strongly secure certificateless signature scheme proposed by Hassouna,et al,it shows that the scheme cannot resist the attack of falsifying messages and do not use private key generated by system master key to sign.So it is not a certificateless signature scheme.On this basis,an improved certificateless signature scheme is proposed and it proves the scheme can resist the attack of the first class of strong adversaries and the second class of adversaries.In the random oracle model and under the assumption of the Diffie-Hellman problem of the elliptic curve,the improved scheme satisfies the existential forgery.

Bitcoin is one of the most mature public chain application systems,the user key is the critical factor to the process of determining the ownership of Bitcoin,the security of Bitcoin is guaranteed by the safe management of the user key,and the loss of the key will lead to the loss of a large number of user assets.So it is an urgent problem to recover the lost assets.This paper proposes a key update mechanism in Bitcoin based on the improved P2PKHCA (pay-to-public-key-hash-with-conditional-anonymity) script scheme to solve above problems.Firstly,the key generation algorithm in the P2PKHCA scheme is improved by introducing the key life cycle and random number to solve its key leakage problem.Secondly,the two new opcodes,OP_KEYUPDATE and OP_TSELECTION,are proposed to design the new key update script to realize the user key update of the Bitcoin system.Finally,two types of key update schemes based on the key update script are constructed to make the script suitable for the requirements of different key update applications.The security analysis and performance analysis of the key update mechanism show that the proposed mechanism realizes the recovery of lost Bitcoins in the Bitcoin system on the premise of the effective completion of update of user's key.

In the application of traditional cryptography,people always assume that the endpoints are secure and the adversary is on the communication channel.However,the prevalence of malware and system vulnerabilities makes endpoint compromise a se-rious and immediate threat.For example,it is vulnerable to various attacks such as memory content being destroyed by viruses,randomness generator being corrupted,etc.What's worse,protocol sessions usually have a long lifetime,so they need to store session-related secret information for a long time.In this situation,it becomes essential to design high-strength security protocols even in the setting where the memory contents and intermediate values of computation (including the randomness) can be exposed.Ratchet key exchange is a basic tool to solve this problem.In this paper,we overview the definition,model and construction of ratchet key exchange,including unidirectional ratcheted key exchange,sesquidirectional ratcheted key exchange and bidirectionalratcheted key exchange,and prospect the future development of ratchet key exchange.

Aiming at the degeneracy problem of discrete chaotic dynamics system in the digital domain, an algorithm that can configure the Lyapunov exponents of the system to be all positive is proposed.The algorithm is based on the principle of chaos anti-control.First, a feedback matrix is introduced.All the parameters in the set are specified carefully, and it is proved from a theore-tical point of view that the algorithm can configure the Lyapunov exponent to be fully positive.Subsequently, the boundedness of the system orbit and the finiteness of the Lyapunov exponent are proved, and the numerical simulation analysis and performance comparison of the configuration are carried out through several examples, so as to verify that the algorithm can produce a discrete chaotic system without degenerate.There are certain advantages in numerical accuracy and algorithm running time.The configured chaotic system is then used to generate the sequence and then quantized.The quantization scheme is to take out the effective digital combination of the sequence.Some dynamic transformation processing on the sequence can enhance the randomness and complexity of the output sequence.We convert the transformed output sequence into a binary sequence, perform a number of randomness and statistical tests, and compare the performance with the general chaotic sequence.The test results show that the sequence has better random characteristics and can be used in a chaotic sequence cipher system.

The profiled side-channel analysis method can effectively attack the implementation of cryptographic,and the side-channel cryptanalysis method based on convolutional neural network (CNNSCA) can efficiently carry out cryptographic attacks,and even can attack the implementation of protected encryption algorithms.In view of the current research status of side-channel cryptanalysis profiling methods,this paper compares and analyzes the characteristics and performance differences of several CNNSCA models,and focuses on the typical CNN model structure and side-channel signal public data set ASCAD.Through model comparison and experimental results,it compares and analyzes the effects of different CNN network modeling methods,and then analyzes the performance factors that affect the CNNSCA method and the advantages of the side-channel profiling method based on convolutional neural networks.Research and analysis show that CNNSCA based on VGG variants performs best in generalization and robustness when attacking target data sets in various situations,but whether the training level of the used CNN model and the hyperparameter settings are most suitable for SCA scenarios have not been verified.In the future,researchers can improve the classification accuracy and decryption performance of CNNSCA by adjusting various hyperparameters of the CNN model,use data enhancement techniques and combine the excellent CNN network in the Imagenet competition to explore the most suitable CNN model for SCA scenarios,which is a development trend.