[1]国家标准化委员会. GBT 33133—2016 祖冲之序列密码算法, 第1部分: 算法描述[S]. 北京: 中国标准出版社, 2016[2]国家密码管理局. GMT 0001.1—2012 祖冲之序列密码算法, 第1部分: 算法描述[S]. 北京: 中国标准出版社, 2012[3]ETSISAGE. TS 35.222 Specification of the 3GPP Confidentiality and Integrity Algorithms 128EEA3 & 128EIA3. Document 2: ZUC Specification[SOL]. 2011[20161014]. http:www.3gpp.orgDynaReport35series.htm[4]ETSISAGE. TR 35.921 Specification of the 3GPP Confidentiality and Integrity Algorithms 128EEA3 & 128EIA3. Document 4: Design and Evaluation Report[SOL]. 2011[20161014]. http:www.3gpp.orgDynaReport35series.htm[5]Zhu Xuanyong, Qi Wenfeng. On the distinctness of modular reductions of maximal length sequences modulo odd prime powers[J]. Mathematics of Computation, 2008, 77(263): 16231637[6]Chan A, Games R. On the linear span of binary sequences obtained from finite geometries[C] Advances in Cryptology—Crypto. Berlin: Springer, 1987: 405417[7]Sun B, Tang X, Li C. Preliminary cryptanalysis results of ZUC[COL] Proc of the 1st Int Workshop on ZUC Algorithm. 2010[20161014]. http:www.dacas.cnzuc10pdfzuc_06.pdf[8]Wu H, Huang T, Nguyen P, et al. Differential attacks against stream cipher ZUC[G] LNCS 7658: Proc of Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2012: 262277[9]Dai W, Biryukov A, Cannière C. A distinguishing attack of SNOW 2.0 with linear masking method[C] Proc of Int Workshop on Selected Areas in Cryptography. Berlin: Springer, 2003: 2328[10]Coppersmith D, Halevi S, Jutla C. Cryptanalysis of stream ciphers with linear masking[G] LNCS 2442: Proc of Crypto2002. Berlin: Springer, 2002: 515532[11]Nyberg K, Wallén J. Improved linear distinguishers for SNOW 2.0[C] Proc of Int Workshop on FAST Software Encryption. Berlin: Springer, 2006: 144162[12]Courtois N, Meier W. Algebraic attacks on stream ciphers with linear feedback[G] LNCS 2656: Advance in Cryptology—EUROCRYPT 2003. Berlin: Springer, 2003: 345359[13]Rnjom S, Helleseth T. Attacking the filter generator over GF (2m)[C] Proc of Int Workshop on Arithmetic of Finite Fields. Berlin: Springer, 2007: 264275[14]Meier W, Pasalic E, Carlet C. Algebraic attacks and decomposition of Boolean functions[G] LNCS 3027: Advances in Cryptology—EUROCRYPT, 2004. Berlin: Springer, 2004: 474491[15]Courtois N, Klimov A, Patarin J, et al. Efficient algorithms for solving overdefined systems of multivariate polynomial equations[C] Advances in Cryptology—EUROCRYPT 2000. Berlin: Springer, 2000: 392407[16]Diem C. The XLalgorithm and a conjecture from commutative algebra[C] Advances in Cryptology—ASIACRYPT 2004. Berlin: Springer, 2004: 323337[17]Hawkes P, Rose G. Guessanddetermine attacks on SNOW[G] LNCS 2595: Selected Area of Cryptography—SAC2002. Berlin: Springer, 2002: 3746[18]Canniere C. Guess and determine attacks on SNOW[OL] NESSIE Project. 2001[20161014].http:link.springer.comcontentpdf10.10073540364927_4.pdf[19]Ahmadi H, Eghlidos T, Khazaei S, et al. Improved guess and determine attack on SOSEMANUK[OL]. Estream Project. 2005[20161014]. https:www.cosic.esat.kuleuven.beecryptstreampapersdir085.pdf[20]Babbage S H. Improved “exhaustive search” attacks on stream ciphers[C] Proc of European Convention on Security and Detection. London: IET, 1995: 161166[21]关杰, 丁林, 刘树凯, 等. SNOW3G与ZUC流密码的猜测决定攻击[J]. 软件学报, 2013, 24(6): 13241333[22]Biryukov A, Shamir A. Cryptanalytic timememorydata tradeoffs for stream ciphers[C] Advances in Cryptology—ASIACRYPT 2000. Berlin: Springer, 2000: 113[23]Hong J, Sarkar P. New Applications of time memory data tradeoffs[C] Advances in Cryptology—ASIACRYPT 2005. Berlin: Springer, 2005: 353372[24]Jin H, Sarkar P, Sarkar P. Rediscovery of time memory tradeoffs[OL]. 2005[20161014]. http:eprint.iacr.org2005090.pdf[25]Dunkelman O, Keller N. Treatment of the initial value in timememorydata tradeoff attacks on stream ciphers[J]. Information Processing Letters, 2008, 107(5): 133137
|