CN113783684A - 16-bit S box construction method based on NFSR and Feistel structures - Google Patents

16-bit S box construction method based on NFSR and Feistel structures Download PDF

Info

Publication number
CN113783684A
CN113783684A CN202111078032.XA CN202111078032A CN113783684A CN 113783684 A CN113783684 A CN 113783684A CN 202111078032 A CN202111078032 A CN 202111078032A CN 113783684 A CN113783684 A CN 113783684A
Authority
CN
China
Prior art keywords
box
bit
nfsr
constructing
feistel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111078032.XA
Other languages
Chinese (zh)
Other versions
CN113783684B (en
Inventor
武小年
豆道饶
李灵琛
张润莲
韦永壮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202111078032.XA priority Critical patent/CN113783684B/en
Publication of CN113783684A publication Critical patent/CN113783684A/en
Application granted granted Critical
Publication of CN113783684B publication Critical patent/CN113783684B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Error Detection And Correction (AREA)

Abstract

The invention discloses a method for constructing a 16-bit S box based on NFSR and Feistel structures, which comprises the steps of constructing an 8-bit S box sample set; two NFSR components are constructed by using 8-stage nonlinear feedback shift registers; combining the two constructed NFSR components with a Feistel structure, performing multiple rounds of iteration based on an 8-bit password S box sample set, and outputting after iteration to construct a 16-bit password S box; and finally, testing the constructed 16-bit S box, sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output. The method is based on NFSR and Feistel structures, and the S box replaces a round function, so that the structure is simple; a16-bit S box with better cryptology property can be constructed, and S box support with high security is provided for a block cipher algorithm.

Description

16-bit S box construction method based on NFSR and Feistel structures
Technical Field
The invention relates to the field of information security, in particular to a method for constructing a 16-bit S box based on NFSR and Feistel structures.
Background
The symmetric encryption algorithm has the characteristics of low cost, consistency in encryption and decryption and high efficiency, and occupies an important position in the field of cryptography. Block cipher algorithms are commonly used encryption algorithms in symmetric encryption. The S-Box (S-Box) is the only core component in most block cipher algorithms that provides the non-linear transformation, providing the necessary obfuscation to the cipher algorithm. At present, most attacks on the block cipher algorithm are attacks on an S box, so that the security property of the S box plays a very important role in the security property of the whole cipher algorithm, the S box is related to the security strength of the whole cipher algorithm, and the security indexes for judging the S box mainly comprise nonlinearity, difference uniformity, algebraic times, signal-to-noise ratio and the like.
The construction method of the password S box mainly comprises mathematical method construction, password algorithm structure construction, intelligent algorithm construction and the like. The classical cryptographic algorithm structure comprises a Feistel structure, an SPN structure, a Lai-Massey structure and the like, wherein the Feistel structure is a left-right balanced two-branch symmetrical structure, the structure can be iterated for multiple rounds, mainly comprises XOR operation, round function and left-right branch exchange, and has the advantages of consistent encryption and decryption, high efficiency, easiness in implementation and the like.
Aiming at the attack of the S box, the commonly used method mainly comprises mathematical attacks such as linear analysis, differential analysis, algebraic attack and the like. With the increase of computer computing power, 4-bit and 8-bit S-boxes have been difficult to resist attack threats brought by high-performance computing, especially quantum computing, due to the low complexity. To effectively combat such attacks, new cryptographic algorithms using high-bit S-boxes were designed, including 16/32/64-bit S-boxes. E.g., a 16-bit S-box with a higher number of bits relative to an 8-bit S-box, with a complexity of 2 higher8And therefore, the 16-bit S box can provide security for the cryptographic algorithm more effectively than the 8-bit S box.
At present, research and design on a high-bit password S box and a password algorithm are carried out at home and abroad, and in NBC algorithm, xu et al [1] in China use 16-level NFSR to construct a 16-bit S box. The NFSR is called a nonlinear feedback shift register, is widely used in the design of a stream cipher algorithm, and has the advantages of simple structure, easy realization and flexible state updating function transformation.
The invention provides a new construction method of a 16-bit cipher S box based on NFSR and Feistel structures, and constructs the 16-bit S box with strong cryptography property.
Reference documents:
[1] xuhong, Changming, Tanshu Ling, chiffon, Wangzhongxiao, NBC Algorithm [ J ] Proc, 2019,6(6):760 + 767.
Disclosure of Invention
The invention aims to provide a method for constructing a 16-bit S box based on NFSR and Feistel structures, which is used for constructing a 16-bit S box with strong cryptography property by designing an NFSR structure with good cryptography property and combining the NFSR structure with the Feistel structure and taking an 8-bit S box as a sample, thereby providing safe nonlinear transformation support for a block cipher algorithm.
The technical scheme for realizing the purpose of the invention is as follows:
a16-bit S box construction method based on NFSR and Feistel structures comprises the following steps:
(1) constructing an 8-bit S-box sample set;
by utilizing affine equivalence, selecting an AES algorithm 8-bit S box with better cryptography property as a sample construction sample set;
(2) constructing two NFSR components with superior cryptographic properties;
two NFSR components are constructed by using an 8-stage nonlinear feedback shift register, and diffusion and confusion support is provided for the constructed 16-bit cipher S box;
(3) constructing a 16-bit S box structure based on NFSR and Feistel;
combining the two NFSR components constructed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting after iteration to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the 16-bit S box structure constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output.
The method for constructing the 8-bit S-box sample set in the step (1) comprises the following specific steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:
Figure BDA0003262659920000021
wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,
Figure BDA0003262659920000022
the S box obtained by affine equivalence can ensure that the properties of the non-linearity, the difference uniformity, the algebraic times and the like are the same as the nature of the selected S box.
The construction of two NFSR components with better cryptology property in the step (2) comprises the following specific steps:
(2.1) in order to ensure that the constructed 16-bit S box has better diffusion and confusion effects and increase the safety of the S box, the invention constructs 2 8-stage NFSR components which are respectively marked as NFSR1 and NFSR2, the sequence of the NFSR components follows the principle of diffusion and confusion, 8 states exist in each 8-stage NFSR, and S is used as the state of the S boxi(i is more than or equal to 0 and less than or equal to 7) represents a certain bit state before the iteration of the register; with Si"0. ltoreq. i.ltoreq.7" denotes the bit state after the register iteration; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
(2.2) for NFSR1, the update function expression is set to:
Figure BDA0003262659920000031
(2.3) for NFSR2, the update function expression is:
Figure BDA0003262659920000032
the step (3) is to construct a 16-bit S box structure based on NFSR and Feistel, and comprises the following specific steps:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: the simple Feistel structure can achieve certain safety generally in 3-4 rounds, and the number of iteration rounds of the newly-structured structure is 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:
Figure BDA0003262659920000033
the final left and right branch outputs are defined as:
Figure BDA0003262659920000034
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as: si(x),0≤i≤3,
Figure BDA0003262659920000035
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of a 4-round Feistel structure, setting the iteration beat number to be 1 beat, and setting the 1 beat energyReducing the complexity of the construction, the output result of NFSR1 is expressed as:
Figure BDA0003262659920000036
similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
Figure BDA0003262659920000037
(3.6) output of the overall structure: based on NFSR and Feistel structures and calculation methods thereof, the final output expression of the new structure is as follows:
Figure BDA0003262659920000041
the method for traversing and searching the 16-bit S box in the step (4) comprises the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxPutting an 8-bit S box based on an AES algorithm S box affine equivalent structure into a SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; setting left and right branch inputs as, and taking the first value according to the dictionary sequence;
(4.2) according to a full traversal mode, selecting 4S boxes from the S box sample set, and respectively using the S boxes as S in the new structure0、S1、S2、S3
(4.3) substituting L and R into a formula for calculation, connecting the output L ' and R ' of the last left branch and the output R ' of the last right branch, converting the outputs into decimal integers, and storing the decimal integers into SBox _16 according to the array sequence;
(4.4) if R is in
Figure BDA0003262659920000042
If the domain is not traversed completely, then R is in
Figure BDA0003262659920000043
Traversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is in
Figure BDA0003262659920000044
If the domain is not traversed, then L is
Figure BDA0003262659920000045
Traversing the domain according to the dictionary sequence and taking down a value, and placing R in
Figure BDA0003262659920000046
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if the S box sample set is not completely traversed, continuing to traverse to obtain the next group of 4S boxes, and substituting S into the S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
The S box screening in the step (5) is to screen out the S box with excellent cryptology property from the 16-bit cipher S box result constructed in the step (4), because the constructed 16-bit S boxes are more, the state of the 16-bit S box is larger, the index testing time is longer, and if the time for testing the nonlinearity of one S box is about 10-12 hours, the invention sequentially screens according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and outputs the 16-bit cipher S box with excellent cryptology property.
The invention has the beneficial effects that:
(1) the method is based on NFSR and Feistel structures, and the S box replaces a round function, so that the structure is simple;
(2) the method can construct the 16-bit S box with better cryptology property, and provides the S box support with high security for the block cipher algorithm.
(3) The method of the invention is based on affine equivalence, and can construct a large number of 16-bit S boxes with better cryptology properties.
Drawings
FIG. 1 is a flow chart of the present invention for constructing a NFSR and Feistel composite structure;
FIG. 2 is a block diagram of the present invention for constructing the NFSR1 module;
FIG. 3 is a block diagram of the present invention for constructing the NFSR2 assembly;
FIG. 4 is a NFSR + Feistel composite structure of the present invention;
fig. 5 is a flow chart of the present invention for constructing a 16-bit S-box.
Detailed Description
The present invention will be further described with reference to the accompanying drawings, but the present invention is not limited thereto.
Referring to fig. 1, a method for constructing a 16-bit S-box based on NFSR and Feistel structures includes the steps of:
(1) constructing an 8-bit S-box sample set;
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:
Figure BDA0003262659920000051
wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,
Figure BDA0003262659920000052
the S box obtained by affine equivalence can ensure that the properties of the S box, such as nonlinearity, difference uniformity, algebraic times and the like, are the same as the nature of the selected S box;
(2) constructing and designing an NFSR component with better cryptology properties;
two NFSR components are constructed by using an 8-stage nonlinear feedback shift register, and diffusion and confusion support is provided for the constructed 16-bit cipher S box;
(3) constructing and designing a 16-bit S box structure based on NFSR and Feistel;
combining the NFSR component constructed and designed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the new structure of the 16-bit S box design constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the S box with better password property for output.
Step (2) constructs two NFSR components with better cryptology properties, and the specific steps are as follows:
(2.1) to ensure that the constructed 16-bit S-box has better diffusion and confusion effects and increase the security of the S-box, in the invention, 2 stages of 8 NFSR components are constructed, which are respectively marked as NFSR1 and NFSR2, as shown in FIGS. 2-3, and the sequence follows the principle of diffusion and confusion, 8 states are in each stage of 8 NFSR, and S is used as the statei(i is more than or equal to 0 and less than or equal to 7) represents a certain bit state before the iteration of the register; with Si"0. ltoreq. i.ltoreq.7" denotes the bit state after the register iteration; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
(2.2) for NFSR1, the update function expression is set to:
Figure BDA0003262659920000061
(2.3) for NFSR2, the update function expression is:
Figure BDA0003262659920000062
referring to fig. 4, the step (3) constructs a 16-bit S-box structure based on NFSR and Feistel, and the specific steps are as follows:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: the simple Feistel structure can achieve certain safety generally in 3-4 rounds, and the number of iteration rounds of the newly-structured structure is 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:
Figure BDA0003262659920000063
the final left and right branch outputs are defined as:
Figure BDA0003262659920000064
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as: si(x),0≤i≤3,
Figure BDA0003262659920000071
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of the 4-round Feistel structure, setting the number of iterative beats to be 1 beat, and setting 1 beat can reduce the complexity of the structure, then the output result of NFSR1 is expressed as:
Figure BDA0003262659920000072
similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
Figure BDA0003262659920000073
(3.6) output of the overall structure: based on NFSR and Feistel structures and calculation methods thereof, the final output expression of the new structure is as follows:
Figure BDA0003262659920000074
referring to fig. 5, the method for searching 16-bit S-box in a traversal manner in step (4) includes the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxPutting an 8-bit S box based on an AES algorithm S box affine equivalent structure into a SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; setting left and right branch inputs as, and taking the first value according to the dictionary sequence;
(4.2) according to a full traversal mode, selecting 4S boxes from the S box sample set as S0 and S in the new structure respectively1、S2、S3
(4.3) substituting L and R into a formula for calculation, connecting the output L ' and R ' of the last left branch and the output R ' of the last right branch, converting the outputs into decimal integers, and storing the decimal integers into SBox _16 according to the array sequence;
(4.4) if R is in
Figure BDA0003262659920000075
If the domain is not traversed completely, then R is in
Figure BDA0003262659920000076
Traversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is in
Figure BDA0003262659920000077
If the domain is not traversed, then L is
Figure BDA0003262659920000078
Traversing the domain according to the dictionary sequence and taking down a value, and placing R in
Figure BDA0003262659920000079
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if the S box sample set is not completely traversed, continuing to traverse to obtain the next group of 4S boxes, and substituting S into the S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
The method can construct the 16-bit S box with better cryptology property, and provides the S box support with high security for the block cipher algorithm. In the test, with 4S-box samples of 8 bits, 256S-boxes of 16 bits were constructed; the test result shows that the constructed 16-bit S boxes all meet bijection, and the algebraic times are all 15; the lower bound of the difference uniformity is 18, the upper bound is 22, wherein the difference uniformity is 117 for 18, the difference uniformity is 130 for 20, and the difference uniformity is only 9 for 22; the maximum nonlinearity is 31986, and 7 nonlinearity units are higher than 31980.

Claims (5)

1. A method for constructing a 16-bit S-box based on NFSR and Feistel structures, the method comprising the steps of:
(1) constructing an 8-bit S-box sample set;
selecting an AES algorithm 8-bit S box as a sample construction sample set by utilizing affine equivalence;
(2) two NFSR components are constructed by using 8-stage nonlinear feedback shift registers;
(3) constructing a 16-bit S box structure based on NFSR and Feistel;
combining the two NFSR components constructed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting after iteration to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the 16-bit S box structure constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output.
2. The method for constructing the 16-bit S-box according to claim 1, wherein the step (1) of constructing the 8-bit S-box sample set comprises the following specific steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:
Figure FDA0003262659910000011
wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,
Figure FDA0003262659910000012
3. the method for constructing a 16-bit S-box according to claim 1, wherein the step (2) of constructing two NFSR assemblies comprises the following specific steps:
(2.1) construct 2 8-stage NFSR modules, labeled NFSR1 and NFSR2, whose sequence follows the principles of diffusion and confusion, with 8 states in each 8-stage NFSR, denoted by SiIndicating a certain bit state, S, before the register iterationiWherein i is more than or equal to 0 and less than or equal to 7; with Si' indicating the state of the bit after the iteration of the register, SiWhere 0. ltoreq. i.ltoreq.7; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
(2.2) for NFSR1, the update function expression is set to:
Figure FDA0003262659910000021
(2.3) for NFSR2, the update function expression is:
Figure FDA0003262659910000022
4. the method for constructing the 16-bit S-box according to claim 1, wherein the step (3) of constructing the 16-bit S-box structure based on NFSR and Feistel comprises the following specific steps:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: setting the number of iteration rounds of the newly constructed structure as 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:
Figure FDA0003262659910000023
final left and right branch inputsThe radicals are respectively defined as:
Figure FDA0003262659910000024
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as:
Figure FDA0003262659910000031
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of the 4-round Feistel structure, setting the number of iterative beats to be 1 beat, and setting 1 beat can reduce the complexity of the structure, then the output result of NFSR1 is expressed as:
Figure FDA0003262659910000032
similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
Figure FDA0003262659910000033
(3.6) output of the overall structure: based on NFSR and Feistel structures and calculation methods thereof, the final output expression of the new structure is as follows:
Figure FDA0003262659910000034
5. the method for constructing a 16-bit S-box according to claim 1, wherein the step (4) of traversing and searching the 16-bit S-box comprises the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxWill be based on AES algorithm S-box affine and the likeThe 8-bit S-boxes of the price structure are put into the SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; set the left and right branch inputs as
Figure FDA0003262659910000035
And the first value is taken according to the dictionary sequence;
(4.2) Set from S-box sample Set in a full traversal mannerSBox4S boxes are selected from the S boxes and are respectively used as S in the new structure0、S1、S2、S3
(4.3) substituting L and R into the formula fNFSR+Feistel(L, R) calculating, connecting the output L 'and R' of the last left branch and right branch together, converting into decimal integers and storing in SBox _16 according to array sequence;
(4.4) if R is in
Figure FDA0003262659910000036
If the domain is not traversed completely, then R is in
Figure FDA0003262659910000037
Traversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is in
Figure FDA0003262659910000041
If the domain is not traversed, then L is
Figure FDA0003262659910000042
Traversing the domain according to the dictionary sequence and taking down a value, and placing R in
Figure FDA0003262659910000043
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if S Box sample SetSBoxIf the traversal is not completed, the traversal is continued to obtain the next group of 4S boxes, and the S boxes are substituted into S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
CN202111078032.XA 2021-09-15 2021-09-15 Construction method of 16-bit S box based on NFSR and Feistel structures Active CN113783684B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111078032.XA CN113783684B (en) 2021-09-15 2021-09-15 Construction method of 16-bit S box based on NFSR and Feistel structures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111078032.XA CN113783684B (en) 2021-09-15 2021-09-15 Construction method of 16-bit S box based on NFSR and Feistel structures

Publications (2)

Publication Number Publication Date
CN113783684A true CN113783684A (en) 2021-12-10
CN113783684B CN113783684B (en) 2023-07-18

Family

ID=78843876

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111078032.XA Active CN113783684B (en) 2021-09-15 2021-09-15 Construction method of 16-bit S box based on NFSR and Feistel structures

Country Status (1)

Country Link
CN (1) CN113783684B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710272A (en) * 2022-03-24 2022-07-05 北京电子科技学院 Automatic generation method and system of (n, m) -S box
CN114710272B (en) * 2022-03-24 2024-06-07 北京电子科技学院 Automatic generation method and system of (n, m) -S box

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051442A (en) * 2012-10-16 2013-04-17 中国科学院软件研究所 Cipher device adopting Feistel-PG structure and encryption method
WO2014092533A1 (en) * 2012-12-12 2014-06-19 Mimos Berhad A method to construct bijective substitution box from non-permutation power functions
CN111756521A (en) * 2020-06-25 2020-10-09 桂林电子科技大学 Cipher S box design method based on Feistel-SP structure
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051442A (en) * 2012-10-16 2013-04-17 中国科学院软件研究所 Cipher device adopting Feistel-PG structure and encryption method
WO2014092533A1 (en) * 2012-12-12 2014-06-19 Mimos Berhad A method to construct bijective substitution box from non-permutation power functions
CN111756521A (en) * 2020-06-25 2020-10-09 桂林电子科技大学 Cipher S box design method based on Feistel-SP structure
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
龚涛;陈少真;: "基于扩展Feistel结构S盒的构造分析", 信息工程大学学报, no. 03 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710272A (en) * 2022-03-24 2022-07-05 北京电子科技学院 Automatic generation method and system of (n, m) -S box
CN114710272B (en) * 2022-03-24 2024-06-07 北京电子科技学院 Automatic generation method and system of (n, m) -S box

Also Published As

Publication number Publication date
CN113783684B (en) 2023-07-18

Similar Documents

Publication Publication Date Title
Cid et al. Boomerang connectivity table: a new cryptanalysis tool
Boura et al. Efficient MILP modelings for sboxes and linear layers of SPN ciphers
Zhang et al. Division cryptanalysis of block ciphers with a binary diffusion layer
Kim et al. Impossible differential cryptanalysis using matrix method
CN103051442B (en) Cipher device adopting Feistel-PG structure and encryption method
CN112636899B (en) Lightweight S box design method
Biryukov et al. Cryptanalysis of Feistel networks with secret round functions
EP2316189B1 (en) Method for generating a cipher-based message authentication code
CN111756521B (en) Cipher S box design method based on Feistel-SP structure
Yang et al. Spectral analysis of ZUC-256
CN109768854A (en) A kind of implementation method of lightweight block cipher Wheel
Zhang et al. Security of SM4 against (related-key) differential cryptanalysis
Zong et al. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256
Chen et al. MILP-based related-key rectangle attack and its application to GIFT, Khudra, MIBS
Tang et al. A meet-in-the-middle attack on reduced-round ARIA
Hu et al. Finding all impossible differentials when considering the DDT
CN113783684B (en) Construction method of 16-bit S box based on NFSR and Feistel structures
Wang et al. Improved lightweight encryption algorithm based on optimized S-box
Ren et al. Cryptanalysis of reduced-round speck
CN109981247B (en) Dynamic S box generation method based on integer chaotic mapping
CN109936437B (en) power consumption attack resisting method based on d +1 order mask
US7103180B1 (en) Method of implementing the data encryption standard with reduced computation
Tian et al. Integral cryptanalysis on two block ciphers Pyjamask and uBlock
CN103546277B (en) The DPA of a kind of smart card SM4 algorithm attacks and key recovery method and system
CN114900286A (en) 16-bit S box construction method based on L-M-NFSR structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20211210

Assignee: Guangxi Huanzhi Technology Co.,Ltd.

Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY

Contract record no.: X2023980046248

Denomination of invention: A 16 bit S-box construction method based on NFSR and Feistel structures

Granted publication date: 20230718

License type: Common License

Record date: 20231108

EE01 Entry into force of recordation of patent licensing contract