CN102185690A - Optimal S box construction method and circuit - Google Patents

Optimal S box construction method and circuit Download PDF

Info

Publication number
CN102185690A
CN102185690A CN2011100296933A CN201110029693A CN102185690A CN 102185690 A CN102185690 A CN 102185690A CN 2011100296933 A CN2011100296933 A CN 2011100296933A CN 201110029693 A CN201110029693 A CN 201110029693A CN 102185690 A CN102185690 A CN 102185690A
Authority
CN
China
Prior art keywords
box
output
input
logic
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100296933A
Other languages
Chinese (zh)
Other versions
CN102185690B (en
Inventor
张蕾
吴文玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN2011100296933A priority Critical patent/CN102185690B/en
Publication of CN102185690A publication Critical patent/CN102185690A/en
Application granted granted Critical
Publication of CN102185690B publication Critical patent/CN102185690B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Design And Manufacture Of Integrated Circuits (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of optimal S box construction method and its circuits, belong to field of communication technology. The method include the steps that 1) set Information is inputted for S box; It is right With Carry out logic and operation, then by operation result with Value after exclusive or updates ; 2) right With it is updated Carry out logic or operation, then by operation result with Value after exclusive or updates ; 3) to updated With it is updated Carry out logic and operation, then by operation result with Value after exclusive or updates ; 4) to updated With it is updated Carry out logic or operation, then by operation result with Value after exclusive or updates ; 5) will be through step 2~4) it is updated As inputting information in step 1) Output through S box. This circuit includes four XOR operation unit A1, A2, A3, A4, two logic and operation unit Bs 1, B2, two logics or arithmetic element C1, C2. The present invention can quickly generate a large amount of optimal 4 × 4S boxes, and realization price of hardware is very small.

Description

A kind of optimum S box building method and circuit thereof
Technical field
The present invention proposes a kind of optimum S box building method and circuit thereof, can be applicable to generate fast a large amount of cryptography character and reach optimum 4 * 4S box, and the hardware of this class S box realization cost is very little, belongs to communication technical field.
Background technology
The S box is a kind of many output Boolean functions, is the extremely important non-linear components of structure cryptographic algorithm, is widely used in the multiple cryptography scheme.Especially nearly all adopted 4 * 4 S box in the lightweight cryptographic algorithm at the design of practical application request such as resource-constrained environment.Because the lightweight cryptographic algorithm all is to realize with hardware usually, therefore realize that as the hardware of the S box of algorithm basic module cost and fail safe have status of equal importance.The present invention has promptly proposed a kind of effective ways of constructing this class S box.
Because chaotic principle and diffusion principle that Shannon proposes are generally still followed in the design of Current Password algorithm, most of iteration type cryptographic algorithm has all adopted non-linear S box to reach chaotic effect.The S box is the Boolean function with n input, m output that is defined on the two element field, can regard following mapping as in essence
Figure BDA0000045634130000011
Usually abbreviate the S box of a n * m as.Because the S box is unique nonlinear block of many cryptographic algorithms, its cipher characteristic will directly influence the fail safe of whole cryptographic algorithm.For example, the nonlinearity of S box and cryptographic algorithm burden sexual assault ability have direct relation, use the S box of high nonlinearity to help the burden sexual assault in cryptographic algorithm; The difference uniformity of S box is introduced at differential cryptanalysis, is used for weighing the ability of a cryptographic algorithm opposing differential attack.Because differential attack and linear the attack are the most effective at present two kinds of attack methods, therefore above-mentioned two cryptography character are the topmost safety indexes of S box.
The S box that structure has good cryptography character is an important ring of cryptographic algorithm design always.For the scale of S box, existing article has proved the increase along with n,
Figure BDA0000045634130000012
Going up nearly all displacement all is non degenerate displacements.Therefore the scale when the S box is big more, and the cryptographic capabilities of the S box of Chan Shenging is just good more at random.When parameter m and n select when very big, nearly all S box all is non-linear, and it is relatively more difficult to find to attack the statistical property that can utilize.Yet because big S box all adopts the realization of tabling look-up usually, when parameter m and n excessive, with the memory space of increase algorithm (m2 at least nBit), make that reality is infeasible.At present popular is 8 * 8 S box, the result of study of this class S box is very abundant.Wherein the most frequently used building method is based on finite field gf (2 n) on inverse mapping F (x)=Ax -1+ B utilizes the cipher characteristics such as difference uniformity, nonlinearity and algebraic degree of the S box of this method construct can reach the best circumstance of 8 * 8S box.This method is present topmost S box building method, and most existing cryptographic algorithm such as AES, Camellia, SMS4 etc. have adopted such S box.Yet for resource-constrained applied environments such as radio frequency identification equipment, sensor networks, the hardware of 8 * 8S box is realized that expense is excessive and can't be suitable at all.Therefore in lightweight cryptographic algorithm, substantially all be to adopt 4 * 4 S box at this class application design.Regrettably, the structure at 4 * 4S box does not still have effective method at present, mostly is that the mode according to picked at random generates the S box, and cipher characteristics such as nonlinearity and difference uniformity are detected, till the S box that finds.Though as long as time and computing capability allow, adopt this mode always can construct needed S box, for algorithm designer, be still a job very consuming time.Therefore how generating the 4 * 4S box with good cryptography character fast is one of vital task of pin design algorithm.
The realization of cryptographic algorithm comprises that mainly software is realized and hardware is realized two aspects.In software was realized, the S box of cryptographic algorithm all can be easy to realize that not only fast and flexible also is applicable to various platforms by table lookup operation.Yet in the hardware of cryptographic algorithm was realized, the S box can only realize that its gate circuit number is to influence the important indicator that algorithm is realized performance with combinational logic circuit.But also do not have at present effective method can construct hardware and realize that the little and cryptography character of cost reaches optimum S box.For example, reach optimum 8 * 8S box for the cryptography character based on finite field inverse function structure commonly used, its hardware is realized on average needing at least 500.This will greatly influence it in resource-constrained environmental applications such as low cost, low-power consumption.For 4 * 4S box commonly used in the lightweight cryptographic algorithm, because this class S box major part is that its hardware realizes that cost alters a great deal, in our substantive test by the method construct that generates at random and test, it is 21.3~39.3 that its required gate circuit is counted excursion, 30.4 of average out to.Making has resource occupation, power consumption, cost in the realization environment of strict restriction at RFID tag, sensor network etc., will influence the hardware implementation efficiency of algorithm integral body.Therefore the hardware that proposes of the present invention realizes that the little and cryptography character of cost reaches the building method of optimum 4 * 4S box, has very big advantage under resource-constrained realization environment.
The structure of 4 * 4S box commonly used mostly is to adopt the method (the present invention is referred to as " original method ") that generates at random and test at present.Wherein, for the S box that generates at random, will mainly test following two cryptography characteristics:
(1) nonlinearity
For the S box S (X) of a n * m, its nonlinearity is defined as:
N S = min l ∈ L n 0 ≠ u ∈ F 2 m d H ( u · S ( X ) , l ( X ) ) ,
L wherein nRepresent the first affine function set of all n, d H(f, l) Hamming distance between expression f and the l.From definition as can be seen, the nonlinearity of S (X) is exactly any linear combination of carry-out bit and all about the smallest hamming distance of affine function of input.Can prove, be 4 for the nonlinearity upper bound of 4 * 4S box.
(2) difference uniformity
For the S box S (X) of a n * m, its difference uniformity is defined as:
δ = max α ∈ F 2 n α ≠ 0 max β ∈ F 2 m | { X ∈ F 2 n : S ( X ⊕ α ) ⊕ S ( X ) = β } |
Wherein α and β represent input difference and the output difference of S (X) respectively.From definition as can be seen, the difference uniformity of S (X) is introduced at differential attack.Utilize the difference uniformity of S box can be easy to estimate the probability of cryptographic algorithm differential path, the ability of tolerance cryptographic algorithm opposing differential attack.Existing document proves, is 4 for the difference uniformity upper bound of 4 * 4S box.
Usually, adopt the basic step of the optimum 4 * 4S box of original method structure as follows:
Step 1: generate at random one be defined in set 0,1 ..., the displacement P on the 15} is as the S box, promptly
Figure BDA0000045634130000031
Step 2: to the S box that generates, according to formula
Figure BDA0000045634130000032
L (X)) calculates the nonlinearity of this S box,, then carry out Step 3 if the nonlinearity value equals 4; Otherwise, re-execute Step 1;
Step 3: to the S box that generates, according to formula
Figure BDA0000045634130000033
Calculate the difference uniformity of this S box,, then carry out Step 4 if difference uniformity value equals 4; Otherwise, re-execute Step 1;
Step 4: export this S (X) as an optimum S box.
To the analysis of original method as can be known, the optimum 4 * 4S box of structure need make the S box that generates at random satisfy nonlinearity and two conditions of difference uniformity simultaneously.Consider be defined in set 0,1 ..., the total 16! of the displacement P on the 15} ≈ 2 44.25Individual, wherein have only small part to satisfy the condition of Step 2 and Step 3 simultaneously, therefore construct optimum S box by the mode of picked at random, when especially needing to choose a large amount of S box, will be a job very consuming time.In addition, because the optimum S box of structure all generates at random, usually can't write out the simple mathematical formula of this class S box, therefore the algebraic degree of its Boolean function expression formula and a number average are bigger, thereby make its hardware realize that required combinational logic gate circuit number is bigger, the hardware that increases cryptographic algorithm integral body is realized cost.The present invention realizes these two angles of cost from the hardware of a large amount of optimum S boxes of quick structure, reduction S box, provided a kind of by utilizing simple mathematical expression formula structure difference uniformity and nonlinearity to reach the method for 4 * 4S box of optimum, can be applicable to generate fast cryptography character and reach optimum 4 * 4S box, and this class S box is because mathematic(al) representation is simple, and its hardware realizes that required gate circuit number is far fewer than the average case that generates at random.
Summary of the invention
At problems of the prior art such as " original methods ", the object of the present invention is to provide a kind of optimum S box building method and circuit thereof.The present invention has at first constructed the simple and difference uniformity of a mathematic(al) representation and nonlinearity all reaches optimum 4 * 4S box, on this basis, a large amount of cryptography character reach optimum and hardware is realized the very little 4 * 4S box of cost by generating fast in the additional respectively affine transformation in the front and back of this S box conversion.
Technical scheme of the present invention is:
A kind of optimum S box building method the steps include:
1) establishes x 0x 1x 2x 3One 4 bit input informations for the S box; To x 0And x 1Carry out logic and operation, again with operation result and x 2Value behind the XOR is upgraded x 2And as S box input information x 2Corresponding output;
2) to x 1With the x after the step 1) renewal 2Carry out the logic OR computing, again with operation result and x 3Value behind the XOR is upgraded x 3And as S box input information x 3Corresponding output;
3) to the x after the step 1) renewal 2With step 2) x after upgrading 3Carry out logic and operation, again with operation result and x 0Value behind the XOR is upgraded x 0And as S box input information x 0Corresponding output;
4) to the x after the step 3) renewal 0With step 2) x after upgrading 3Carry out the logic OR computing, again with operation result and x 1Value behind the XOR is upgraded x 1And as S box input information x 1Corresponding output;
5) will be through step 2)~4) x after upgrading 0x 1x 2x 3As input information x in the step 1) 0x 1x 2x 3Output through the S box.
Further, generate two 4 * 4 two element field invertible matrix A, C at random; Generate two constant vectors at random
Figure BDA0000045634130000041
Figure BDA0000045634130000042
By formula S (x)=CS (Ax+b)+d calculates the content of the data replacement output of new S box S (x).
Further, for all
Figure BDA0000045634130000043
Whether check S (x) exists x to satisfy S (x)=x; If exist, then regenerate two element field invertible matrix A, C and constant vector
Figure BDA0000045634130000044
Figure BDA0000045634130000045
Further, list the algebraic expression of S (x),, check whether occurred all input variable x in this component function for the algebraic expression of each output bit correspondence 0x 1x 2x 3If, do not satisfy, then regenerate two element field invertible matrix A, C and constant vector
Figure BDA0000045634130000046
Figure BDA0000045634130000047
Further, described 4 bit input information x 0x 1x 2x 3Be arbitrary decimal numeral binary system 4 bit informations in 0~15 integer.
A kind of optimum S box structure circuit is characterized in that comprising four XOR unit A1, A2, A3, A4, two logic and operation unit B 1, B2, two logic OR arithmetic element C1, C2; Wherein,
Two inputs of B1 respectively with 4 bit input information x 0x 1x 2x 3X 0, x 1Connect, its output is connected with the input of A3;
Another input and the x of A3 2Connect, its output is connected with the input of C2, the input of B2 respectively, and the output valve of A3 is as x 2Corresponding output valve;
Another input and the x of C2 1Connect, its output is connected with the input of A4;
Another input and the x of A4 3Connect, its output is connected with another input of B2, the input of C1 respectively, and the output valve of A4 is as x 3Corresponding output valve;
Two inputs of A1 respectively with output, the x of B2 0Connect, its output is connected with another input of C1, and the output valve of A1 is as x 0Corresponding output valve;
Two inputs of A2 respectively with output, the x of C1 1Connect, its output valve is as x 1Corresponding output valve.
Further, described 4 bit input information x 0x 1x 2x 3Be arbitrary decimal numeral binary system 4 bit informations in 0~15 integer.
Concrete, the 4 bits input of at first establishing the S box among the present invention is respectively x 0x 1x 2x 3, then can define 4 * 4S box according to following expression.Four go on foot computings and upgrade corresponding bit value, the x that obtains at last below carrying out successively in order 0x 1x 2x 3Be the output of S box:
x 2^=x 0&x 1 (1)
x 3^=x 1|x 2 (2)
x 0^=x 2&x 3 (3)
x 1^=x 3|x 0 (4)
Concrete, the first step is calculated x 0﹠amp; x 1, result who obtains and x 2Behind the XOR as new x 2Value; Second step was calculated x 1| x 2, result who obtains and x 3Behind the XOR as new x 3Value (is annotated: the x that this step uses 2Be the value after upgrading through the first step); The 3rd step was calculated x 2﹠amp; x 3, result who obtains and x 0Behind the XOR as new x 0Value (is annotated: the x that this step uses 2, x 3Be the value after upgrading through first and second step); The 4th step was calculated x 3| x 0, result who obtains and x 1Behind the XOR as new x 1Value (is annotated: the x that this step uses 0, x 3Be the value after upgrading through second and third step); The x that obtains at last 0x 1x 2x 3Be the 4 bits output of S box.
List in table 1 according to the S box content that above-mentioned expression formula calculates.Concrete, for 16 possible input value x=0,1 ..., 15, be followed successively by through the corresponding output after the conversion of S box:
S(0)=0,S(1)=5,S(2)=15,S(3)=2,
S(4)=1,S(5)=4,S(6)=11,S(7)=6,
S(8)=12,S(9)=13,S(10)=7,S(11)=14,
S(12)=3,S(13)=10,S(14)=9,S(15)=8;
Through detecting, the nonlinearity of this S box and difference uniformity are 4, have reached the optimal situation of 4 * 4S box.And the conversion of this S box is very simple, only needs 4 XORs and 4 logical operation (‘ ﹠amp; ' and ' | '), when realizing, hardware only needs about 16.Therefore this S box is that a hardware realizes that the very low and cryptography character of cost reaches optimum 4 * 4S box.The structural map of this S box is seen accompanying drawing.
Table 14 * 4S box content
x 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
S(x) 0 5 15 2 1 4 11 6 12 13 7 14 3 10 9 8
Further, because affine transformation can not influence non-linear nature, can generate a large amount of cryptography character by additional respectively affine transformation before and after above-mentioned basic S box and reach optimum 4 * 4S box.Affine transformation is defined as a linear transformation and adds constant vector, i.e. a y=Ax+b.In finite dimensional situation, each affine transformation can be provided by a two element field matrix A and a constant vector b, and its computing is corresponding to the matrix multiplication between matrix and vector.In our invention, by additional respectively two reversible affine transformation f before and after above-mentioned basic S box 1: Ax+b, f 2: Cx+d, can obtain following new 4 * 4S box, its non-linear nature is constant:
S′(x)=C·S(A·x+b)+d,
Wherein A, C are 4 * 4 reversible two element field matrixes, and b, d are 4 dimensional vectors on the GF (2), the XOR on "+" the expression GF (2).
Consider total total about 2 15Individual 4 * 4 reversible two element field matrixes, by traveling through all possible matrix A and C, and constant vector b, Use said method can generate about 2 38Individual difference uniformity and nonlinearity all reach optimum 4 * 4S box.Because it is very easy generating and checking 4 * 4 reversible two element field matrixes, therefore utilize aforesaid way can generate a large amount of cryptography character fast and reach optimum 4 * 4S box, and its mathematic(al) representation is known, utilizes this mathematic(al) representation can be easy to provide hardware circuit implementation figure.Because the mathematic(al) representation of the optimum S box of this class is very simple, so its hardware realizes that required gate circuit number will be less than the average case that generates at random in the original method.
Compared with prior art, good effect of the present invention is:
Utilize the method among the present invention not only can generate 4 * 4S box that a large amount of cryptography character reach optimum fast, and the hardware of this class S box realization cost is very little, under resource-constrained realization environment very big advantage is arranged.The S box that uses this inventive method to construct can directly apply to the design and the realization of light weight cryptographic algorithm.
Description of drawings
Be easy to the structural map of hard-wired optimum 4 * 4S box.
Embodiment
Adopt the treatment step of N optimum 4 * 4S box of the solution of the present invention structure as follows:
Step 1: for i=1, and 2 ..., N is repeated below step:
Step 2: generate one 4 * 4 two element field matrix at random, and whether test this matrix reversible.If this matrix is reversible, be designated as A i, and carry out Step 3; Otherwise, re-execute this step.
Step 3: generate one 4 * 4 two element field matrix at random, and whether test this matrix reversible.If this matrix is reversible, be designated as C i, and carry out Step 4; Otherwise, re-execute this step.
Step 4: generate two constant vector b at random i,
Figure BDA0000045634130000071
Be calculated as follows the content S of new S box i(x)=C iS (A iX+b i)+d i, wherein S (x) is basic S box, its content is as shown in table 1.
Step 5: export this S i(x) as an optimum S box.If i<N returns Step 1 and repeats; Otherwise generation is finished.
Utilize said method can generate the S box that has good cryptography character in a large number fast.Wherein, can also be according to the demand of practical application, the condition that plus is outer.In for example present light weight cryptographic algorithm design, mostly only adopt simple bit permutation as diffusion layer.At this moment, can provide enough fail safes, need the S box to satisfy additional features such as no fixing point, completeness for guaranteeing the round function that non-linear S box and bit permutation constitute.Therefore, on the basis of such scheme, can behind Step4, proceed following check:
The check of Step 4.1:(fixing point) for all
Figure BDA0000045634130000072
Whether check exists x to satisfy S i(x)=x; If exist, then this S box has fixing point, returns Step 2 and repeats.
The check of Step 4.2:(completeness) lists S i(x) algebraic expression for the algebraic expression of each output bit correspondence, checks whether occurred all input variable x in this component function 0x 1x 2x 3If do not satisfy, then this S box is not completely, returns Step 2 and repeats.
For the raising situation of " optimization method " computational efficiency that the present invention provides is described, the implementation status to " original method " and " optimization method " compares now.Consider that present light weight algorithm block length is 64 bits mostly, so need 16 S boxes usually in the algorithm design.If adopt the step in " original method " to generate, our test shows approximately need be carried out 1200 tests just can obtain 16 optimum S boxes that satisfy above-mentioned full terms.And " optimization method " that adopt the present invention to provide on average only needs about 260 tests.Further, as the situation that only needs to generate less S box (for example 16), can utilize several to fix or known reversible 4 * 4 two element field matrixes, thereby omit the retest of Step2 and Step3, all constant vectors by among the traversal Step4 can generate required S box faster.At this moment, still carry out above-mentioned implementation in order successively, just in Step2 and Step3, directly use known two element field matrix and need not test, and enter Step4 and continue to carry out.Our test shows, only need about 35 trials can obtain 16 optimum S boxes that satisfy above-mentioned full terms this moment.
In addition, the structure of the S box that provides in the inventive method is very simple, the listed basic S box of table 1 especially, according to its algebraic expression as can be known its hardware realize 4 XORs of a needs, 2 logic and operation (‘ ﹠amp; ') and 2 logic OR computings (' | ').In 0.18 μ m technological standards cell library commonly used, 1 XOR needs 2.67,1 needs 1.33 with/exclusive disjunction, therefore should only need about 16 by basis S box when hardware is realized, far below on average required 30.4 of the S box that uses " original method " to generate at random.Consider that in the light weight cryptographic algorithm is realized except basic storage expressly and the required register of key, what take resource most is exactly the S box.For block length is the light weight cryptographic algorithm of 64 bits, needs to realize 16 S boxes, therefore uses the basic S box that provides among the present invention will on average save 230.4.Because the light weight cryptographic algorithm all is to be applied to resource constrained environment, its hardware realizes that scale can not surpass 2000 usually, and the light weight cryptographic algorithm is realized approximately needing 1500 preferably at present.Therefore, the use said method can be saved about 15% resource, and this cost control to the cryptographic algorithm chip, reduction power consumption etc. all is very helpful.In addition, even in the situation that has added linear transformation, because it is known to generate the mathematic(al) representation of S box, therefore can be easy to provide its hardware circuit implementation figure, this realizes under the situation of a large amount of S boxes remarkable advantages being arranged at needs.Especially, can also select simple Reversible Linear Transformation, the S box that make to generate not only satisfies above-mentioned whole cryptography character, and its hardware realizes required gate circuit number also seldom, and our test shows only needs about 22 can realize required S box this moment.
By as can be seen above-mentioned, utilize the method among the present invention not only can generate 4 * 4S box that a large amount of cryptography character reach optimum fast, and the hardware of this class S box realization cost is very little, under resource-constrained realization environment very big advantage is arranged.The S box that uses this inventive method to construct can directly apply to the design and the realization of light weight cryptographic algorithm.

Claims (7)

1. an optimum S box building method the steps include:
1) establishes x 0x 1x 2x 3One 4 bit input informations for the S box; To x 0And x 1Carry out logic and operation, again with operation result and x 2Value behind the XOR is upgraded x 2And as S box input information x 2Corresponding output;
2) to x 1With the x after the step 1) renewal 2Carry out the logic OR computing, again with operation result and x 3Value behind the XOR is upgraded x 3And as S box input information x 3Corresponding output;
3) to the x after the step 1) renewal 2With step 2) x after upgrading 3Carry out logic and operation, again with operation result and x 0Value behind the XOR is upgraded x 0And as S box input information x 0Corresponding output;
4) to the x after the step 3) renewal 0With step 2) x after upgrading 3Carry out the logic OR computing, again with operation result and x 1Value behind the XOR is upgraded x 1And as S box input information x 1Corresponding output;
5) will be through step 2)~4) x after upgrading 0x 1x 2x 3As input information x in the step 1) 0x 1x 2x 3Output through the S box.
2. the method for claim 1 is characterized in that generating at random two 4 * 4 two element field invertible matrix A, C; Generate two constant vectors at random
Figure FDA0000045634120000012
By formula S (x)=CS (Ax+b)+d calculates the content of the data replacement output of new S box S (x).
3. method as claimed in claim 2 is characterized in that for all
Figure FDA0000045634120000013
Whether check S (x) exists x to satisfy S (x)=x; If exist, then regenerate two element field invertible matrix A, C and constant vector
Figure FDA0000045634120000014
Figure FDA0000045634120000015
4. method as claimed in claim 2 is characterized in that listing the algebraic expression of S (x), for the algebraic expression of each output bit correspondence, checks whether occurred all input variable x in this component function 0x 1x 2x 3If, do not satisfy, then regenerate two element field invertible matrix A, C and constant vector
Figure FDA0000045634120000016
Figure FDA0000045634120000017
5. as claim 1 or 2 or 3 or 4 described methods, it is characterized in that described 4 bit input information x 0x 1x 2x 3Be arbitrary decimal numeral binary system 4 bit informations in 0~15 integer.
6. an optimum S box structure circuit is characterized in that comprising four XOR unit A1, A2, A3, A4, two logic and operation unit B 1, B2, two logic OR arithmetic element C1, C2; Wherein,
Two inputs of B1 respectively with 4 bit input information x 0x 1x 2x 3X 0, x 1Connect, its output is connected with the input of A3;
Another input and the x of A3 2Connect, its output is connected with the input of C2, the input of B2 respectively, and the output valve of A3 is as x 2Corresponding output valve;
Another input and the x of C2 1Connect, its output is connected with the input of A4;
Another input and the x of A4 3Connect, its output is connected with another input of B2, the input of C1 respectively, and the output valve of A4 is as x 3Corresponding output valve;
Two inputs of A1 respectively with output, the x of B2 0Connect, its output is connected with another input of C1, and the output valve of A1 is as x 0Corresponding output valve;
Two inputs of A2 respectively with output, the x of C1 1Connect, its output valve is as x 1Corresponding output valve.
7. circuit as claimed in claim 6 is characterized in that described 4 bit input information x 0x 1x 2x 3Be arbitrary decimal numeral binary system 4 bit informations in 0~15 integer.
CN2011100296933A 2011-01-27 2011-01-27 Optimal S box construction method and circuit Expired - Fee Related CN102185690B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100296933A CN102185690B (en) 2011-01-27 2011-01-27 Optimal S box construction method and circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100296933A CN102185690B (en) 2011-01-27 2011-01-27 Optimal S box construction method and circuit

Publications (2)

Publication Number Publication Date
CN102185690A true CN102185690A (en) 2011-09-14
CN102185690B CN102185690B (en) 2013-11-27

Family

ID=44571764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100296933A Expired - Fee Related CN102185690B (en) 2011-01-27 2011-01-27 Optimal S box construction method and circuit

Country Status (1)

Country Link
CN (1) CN102185690B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box
CN103378968A (en) * 2012-04-16 2013-10-30 中国科学院软件研究所 A construction method and a circuit of a G1 type S-box
CN103873229A (en) * 2014-03-13 2014-06-18 华南师范大学 Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment
CN111464288A (en) * 2019-12-18 2020-07-28 安徽继远软件有限公司 S box generation method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10133575A (en) * 1996-10-28 1998-05-22 Nippon Telegr & Teleph Corp <Ntt> Ciphering and deciphering device
CN101848081A (en) * 2010-06-11 2010-09-29 中国科学院软件研究所 S box and construction method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10133575A (en) * 1996-10-28 1998-05-22 Nippon Telegr & Teleph Corp <Ntt> Ciphering and deciphering device
CN101848081A (en) * 2010-06-11 2010-09-29 中国科学院软件研究所 S box and construction method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈华: "提高S盒非线性度的有效算法", 《计算机科学》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box
CN103368725B (en) * 2012-04-06 2016-08-31 中国科学院软件研究所 A kind of G0 class S box building method and circuit thereof
CN103378968A (en) * 2012-04-16 2013-10-30 中国科学院软件研究所 A construction method and a circuit of a G1 type S-box
CN103378968B (en) * 2012-04-16 2016-08-03 中国科学院软件研究所 A kind of G1 class S box building method and circuit thereof
CN103873229A (en) * 2014-03-13 2014-06-18 华南师范大学 Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment
CN103873229B (en) * 2014-03-13 2017-01-11 华南师范大学 Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment
CN111464288A (en) * 2019-12-18 2020-07-28 安徽继远软件有限公司 S box generation method and system

Also Published As

Publication number Publication date
CN102185690B (en) 2013-11-27

Similar Documents

Publication Publication Date Title
Larsen et al. Definitions of generalized multi-performance weighted multi-state K-out-of-n system and its reliability evaluations
Megha Mukundan et al. Hash‐One: a lightweight cryptographic hash function
Meng et al. Topological structure and the disturbance decoupling problem of singular Boolean networks
CN103124955B (en) Chaos sequence generator and corresponding generation system
US20190109715A1 (en) Methods for constructing secure hash functions from bit-mixers
CN102185690B (en) Optimal S box construction method and circuit
Tutueva et al. Construction of one-way hash functions with increased key space using adaptive chaotic maps
CN103905462A (en) Encryption processing device and method capable of defending differential power analysis attack
CN112136134B (en) Cryptographic ASIC with combined functions
Akdemir et al. Design of cryptographic devices resilient to fault injection attacks using nonlinear robust codes
CN104270247A (en) Efficient generic Hash function authentication scheme suitable for quantum cryptography system
Huang A more secure parallel keyed hash function based on chaotic neural network
CN102594566A (en) Chaos message authentication code realization method for wireless sensor network
CN102799495B (en) For generating the device of School Affairs
CN103368725B (en) A kind of G0 class S box building method and circuit thereof
CN104025018A (en) Efficient Prime-Number Check
Kim et al. SELCOM: Selective compression scheme for lightweight nodes in blockchain system
CN103378968B (en) A kind of G1 class S box building method and circuit thereof
CN101330378B (en) Method for generating chaos sequence
Li et al. Automatic preimage attack framework on ascon using a linearize-and-guess approach
Miyazaki et al. Rounding logistic maps over integers and the properties of the generated sequences
Brown et al. Equivalence classes for cubic rotation symmetric functions
CN117764189A (en) Protection polynomial rejection via masked compression comparison
Fei et al. A scalable bit-parallel word-serial multiplier with fault detection on GF (2^ m)
Wu et al. Hankel-type model reduction for linear repetitive processes: differential and discrete cases

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131127

Termination date: 20210127

CF01 Termination of patent right due to non-payment of annual fee