УДК 004.056.55

О. БЕСПАЛОВ
Інститут проблем моделювання в енергетиці ім. Г.Є. Пухова НАН України,
Київ, Україна,  alexb5dh@gmail.com

ПОБУДОВА ССА-СТІЙКОЇ МОДИФІКАЦІЇ АЛГОРИТМУ,
ВИЗНАЧЕНОГО В ДСТУ 9041:2020

СПИСОК ЛІТЕРАТУРИ

• 1. ДСТУ 9041:2020. Інформаційні технології. Криптографічний захист інформації. Алгоритм шифрування коротких повідомлень, що ґрунтується на скручених еліптичних кривих Едвардса. Чинний від 2020-11-01. Київ: УкрНДНЦ, 2020. IV, 36 с.
• 2. Katz J., Lindell Y. Introduction to modern cryptography. 2nd ed. Boca Raton: CRC Press, 2014. 577 p. https://doi.org/10.1201/b17668.
• 3. Bessalov A., Kovalchuk L., Kuchynska N., Telizhenko O. Algorithm for short messages encryption on twisted Edward curves. 20th Central European Conference on Cryptology (CECC 2020). Zagreb, Croatia, June 24–26, 2020. P. 16–17. URL: https://web.math.pmf.unizg.hr/~duje/cecc2020/.
• 4. Tan G., Zhang R., Ma H., Tao Y. An efficient CCA-secure access control encryption for any policy. In: Information Security and Cryptology. Inscrypt 2020. Wu Y., Yung M. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2021. Vol. 12612. P. 104–112. https://doi.org/10.1007/978-3-030-71852-7_7.
• 5. Asano K., Watanabe Y. Updatable public key encryption with strong CCA security: Security analysis and efficient generic construction. In: Topics in Cryptology — CT-RSA 2025. Patra A. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15598. P. 223–246. https://doi.org/10.1007/978-3-031-88661-4_10.
• 6. Libert B. Leveraging small message spaces for CCA1 security in additively homomorphic and BGN-type encryption. In: Advances in Cryptology — EUROCRYPT 2025. Fehr S., Fouque P.-A. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15602. P. 34–63. https://doi.org/10.1007/978-3-031-91124-8_2.
• 7. Matsuda T. Chosen ciphertext security via BARGs In: Public-Key Cryptography — PKC 2025. Jager T., Pan J. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15677. P 314–343. https://doi.org/10.1007/978-3-031-91829-2_10.
• 8. Panja S., Sharifian S., Jiang S., Safavi-Naini R. CCA-secure hybrid encryption in correlated randomness model and KEM combiners. arXiv:2401.00983v2 [cs.CR]. 24 Mar 2024. https://doi.org/10.48550/arXiv.2401.00983.
• 9. Boneh D. The decision Diffie–Hellman problem. URL: https://crypto.stanford.edu/~dabo/pubs/papers/DDH.pdf.
• 10. Bespalov O., Davydenko A., Kovalchuk L. Analyzing security of DSTU 9041:2020 and its modifications against distinguishing attacks. Digital Transformation: Strengthening the Cybersecurity Capacities in the Modern World: Materials of the International Scientific and Practical Conference (Krakow, 4–5 November 2025). Krakow, 2025. P. 43–44. URL: https://duikt.edu.ua/uploads/p_2779_38079537.pdf.
• 11. Schwabe P., Sprenkels D. The complete cost of cofactor h = 1. IACR Cryptology ePrint Archive. Report 2019/1166. 2019. URL: https://eprint.iacr.org/2019/1166.pdf.
• 12. The Ristretto Group. URL: https://ristretto.group/ristretto.html.
• 13. Hamburg M. Decaf: Eliminating cofactors through point compression. IACR Cryptology ePrint Archive. Report 2015/673. 2015. URL: https://eprint.iacr.org/2015/673.pdf.
• 14. Lira C.H., Lee P.J. Key recovery attack on discrete log-based schemes using a prime order subgroup. In: Advances in Cryptology — CRYPTO’97. CRYPTO 1997. Kaliski B.S. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 1997. Vol. 1294. P. 249–263. https://doi.org/10.1007/BFb0052240.
• 15. ECC security: Small subgroup attacks. URL: https://safecurves.cr.yp.to/twist.html.
• 16. Cofactor explained: Clearing elliptic curves’ dirty little secret. URL: https://loup-vaillant.fr/tutorials/cofactor.
• 17. Cremers C., Jackson D. Prime, order please! Revisiting small subgroup and invalid curve attacks on protocols using Diffie–Hellman. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA, 2019. P. 78–93. https://doi.org/10.1109/CSF.2019.00013.
• 18. ДСТУ 7624:2014. Криптографічний захист інформації. Симетричний блоковий алгоритм шифрування. Чинний від 2015-07-01. Київ: Мінекономрозвитку України, 2015. V, 221 с.
• 19. Anada H., Arita S. Identification schemes from key encapsulation mechanisms. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2012. Vol. E95-A, N 7. P. 1136–1155. https://doi.org/10.1587/transfun.E95.A.1136.
• 20. ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology. CRYPTO 1984. Blakley G.R., Chaum D. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 1985. Vol. 196. P. 10–18 https://doi.org/10.1007/3-540-39568-7_2.
• 21. Agrikola T., Hofheinz D., Kastner J. on instantiating the algebraic group model from falsifiable assumptions. In: Advances in Cryptology — EUROCRYPT 2020. Canteaut A., Ishai Y. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2020. Vol. 12106. P. 96–126. https://doi.org/10.1007/978-3-030-45724-2_4.
• 22. Abdalla M., Bellare M., Rogaway P. The Oracle Diffie–Hellman assumptions and an analysis of DHIES. In: Topics in Cryptology — CT-RSA 2001. Naccache D. (Ed.). Lecture Notes in Computer Science. Springer, 2001. Vol. 2020. P. 143–158. https://doi.org/10.1007/3-540-45353-9_12.
• 23. ISO/IEC 18033-2:2006. Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers. Geneva: ISO/IEC, 2006. URL: https://www.iso.org/standard/37971.html.
• 24. Bellare M., Namprempre C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Advances in Cryptology — ASIACRYPT 2000. Okamoto T. (Ed .). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 2000. Vol. 1976. P. 531–545. https://doi.org/10.1007/3-540-44448-3_41.
• 25. Hirani M. CCA security. CS 407 Cryptography (Fall 2023). Lecturer: D. Heath. 26.09.2023. URL: https://courses.grainger.illinois.edu/CS407/fa2023/Scribe%2010%202.pdf.
• 26. ДСТУ 7564:2014. Інформаційні технології. Криптографічний захист інформації. Функція ґешування (Купина). Чинний від 2015-04-01. Київ: Мінекономрозвитку України, 2015. ІІІ, 33 с.
• 27. Bellare M. New proofs for NMAC and HMAC: Security without collision resistance. Journal of Cryptology. 2015. Vol. 28. P. 844–878. https://doi.org/10.1007/s00145-014-9185-x.
• 28. Public comments on the decision proposal to convert FIPS 198-1 to a NIST special publication. Comment period: September 20 – October 20, 2022. URL: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/decision-proposal-comments/fips198-1-decision-proposal-comments-2022.pdf.
• 29. Jacobsen H. MACs, EUF-CMA, CBC-MAC, CMAC. TEK4500, University of Oslo, Autumn 2022. URL: https://www.uio.no/studier/emner/matnat/its/TEK4500/h22/lectures/lecture-4---macs-euf-cma-cbc-mac.pdf.
• 30. Dworkin M. Recommendation for block cipher modes of operation: The CMAC mode for authentication. NIST Special Publication 800-38B. National Institute of Standards and Technology, 2005. URL: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-38b.pdf.
• 31. Iwata T., Kurosawa K. OMAC: One-key CBC MAC. In: Fast Software Encryption (FSE 2003). Johansson T. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 2003. Vol. 2887. P. 129–153. https://doi.org/10.1007/978-3-540-39887-5_11.
• 32. Alekseychuk A.N., Kovalchuk L.V., Shevtsov A.S., Yakovliev S.V. Cryptographic properties of a new national encryption standard of Ukraine. Cybernetics and Systems Analysis. 2016. Vol. 52, N 3. P. 351–364. https://doi.org/10.1007/s10559-016-9835-0.
• 33. Oliynykov R.V., Gorbenko I.D., Kazymyrov O.V., et al. A new encryption standard of Ukraine: The Kalyna block cipher. IACR Cryptology ePrint Archive. Report 2015/650. 2015. URL: https://eprint.iacr.org/2015/650.
• 34. Lin L., Wu W. Improved meet-in-the-middle attacks on reduced-round Kalyna-128/256 and Kalyna-256/512. Designs, Codes and Cryptography. 2018. Vol. 86, N 4. P. 721–741. https://doi.org/10.1007/s10623-017-0353-5.
• 35. Fu K., Kamara S., Kohno T. Key regression: Enabling efficient key distribution for secure distributed storage (full version; extended abstract in NDSS 2006). URL: https://homes.cs.washington.edu/~yoshi/papers/KR/NDSS06.pdf.
• 36. Boneh D. Pseudorandom functions and permutations (PRP/PRF Switching). CS255: Introduction to cryptography. Stanford University, Winter 2011. URL: https://crypto.stanford.edu/dabo/courses/cs255_winter11/PRP-PRF.pdf.
• 37. Jacobsen H. Symmetric encryption, IND-CPA, CTR. TEK4500, University of Oslo, Autumn 2023. URL: https://www.uio.no/studier/emner/matnat/its/TEK4500/h23/lectures/lecture-3---symmetric-encryption-ind-cpa-ctr.pdf.
• 38. Bellare M., Rogaway P. Introduction to modern cryptography. 2005. URL: https://web.cs.ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf.
• 39. Li N. CS 555: Cryptography. Chosen-ciphertext security; Hybrid encryption. Purdue University, Spring 2012. URL: https://www.cs.purdue.edu/homes/ninghui/courses/555_Spring12/555_ Spring12_ topic11.pdf.
• 40. Roetteler M., Naehrig M., Svore K.M., Lauter K. Quantum resource estimates for computing elliptic curve discrete logarithms. IACR Cryptology ePrint Archive. Report 2017/598. 2017. URL: https://eprint.iacr.org/2017/598.pdf.
• 41. Quantinuum. Advancements in logical quantum computation: Demonstrations and results (presented at Q2B Silicon Valley). 2024. URL: https://www.quantinuum.com/blog/q2b-2024-advancements-in-logical-quantum-computation.
• 42. Quantinuum. Introducing helios: The most accurate quantum computer in the world. 2025. URL: https://www.quantinuum.com/blog/introducing-helios-the-most-accurate-quantum-computer-in-the-world.
• 43. Bos J.W., Kaihara M.E., Kleinjung T., Lenstra A.K., Montgomery P.L. Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. International Journal of Applied Cryptography. 2012. Vol. 2, N 3. P. 212–228. https://doi.org/10.1504/IJACT.2012.045590.
• 44. ETSI. ETSI TS 104 015 V1.1.1 (2025-02). Cyber security (CYBER); Quantum-safe cryptography (QSC); Efficient quantum-safe hybrid key exchanges with hidden access policies. Technical Specification. Feb 2025. (Reference: DTS/CYBER-QSC-0023.) URL: https://www.etsi.org/deliver/etsi_ts/104000_104099/104015/01.01.01_60/ts_104015v010101p.pdf.