CN113783684A - 16-bit S box construction method based on NFSR and Feistel structures - Google Patents
16-bit S box construction method based on NFSR and Feistel structures Download PDFInfo
- Publication number
- CN113783684A CN113783684A CN202111078032.XA CN202111078032A CN113783684A CN 113783684 A CN113783684 A CN 113783684A CN 202111078032 A CN202111078032 A CN 202111078032A CN 113783684 A CN113783684 A CN 113783684A
- Authority
- CN
- China
- Prior art keywords
- box
- bit
- nfsr
- constructing
- feistel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000010276 construction Methods 0.000 title claims description 12
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000012216 screening Methods 0.000 claims abstract description 12
- 238000012360 testing method Methods 0.000 claims abstract description 8
- PXFBZOLANLWPMH-UHFFFAOYSA-N 16-Epiaffinine Natural products C1C(C2=CC=CC=C2N2)=C2C(=O)CC2C(=CC)CN(C)C1C2CO PXFBZOLANLWPMH-UHFFFAOYSA-N 0.000 claims description 20
- 238000009792 diffusion process Methods 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 5
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 230000002708 enhancing effect Effects 0.000 claims description 3
- 230000002441 reversible effect Effects 0.000 claims description 3
- 230000000712 assembly Effects 0.000 claims 1
- 238000000429 assembly Methods 0.000 claims 1
- 239000000306 component Substances 0.000 description 13
- 238000013461 design Methods 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 239000002131 composite material Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000012067 mathematical method Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Error Detection And Correction (AREA)
Abstract
The invention discloses a method for constructing a 16-bit S box based on NFSR and Feistel structures, which comprises the steps of constructing an 8-bit S box sample set; two NFSR components are constructed by using 8-stage nonlinear feedback shift registers; combining the two constructed NFSR components with a Feistel structure, performing multiple rounds of iteration based on an 8-bit password S box sample set, and outputting after iteration to construct a 16-bit password S box; and finally, testing the constructed 16-bit S box, sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output. The method is based on NFSR and Feistel structures, and the S box replaces a round function, so that the structure is simple; a16-bit S box with better cryptology property can be constructed, and S box support with high security is provided for a block cipher algorithm.
Description
Technical Field
The invention relates to the field of information security, in particular to a method for constructing a 16-bit S box based on NFSR and Feistel structures.
Background
The symmetric encryption algorithm has the characteristics of low cost, consistency in encryption and decryption and high efficiency, and occupies an important position in the field of cryptography. Block cipher algorithms are commonly used encryption algorithms in symmetric encryption. The S-Box (S-Box) is the only core component in most block cipher algorithms that provides the non-linear transformation, providing the necessary obfuscation to the cipher algorithm. At present, most attacks on the block cipher algorithm are attacks on an S box, so that the security property of the S box plays a very important role in the security property of the whole cipher algorithm, the S box is related to the security strength of the whole cipher algorithm, and the security indexes for judging the S box mainly comprise nonlinearity, difference uniformity, algebraic times, signal-to-noise ratio and the like.
The construction method of the password S box mainly comprises mathematical method construction, password algorithm structure construction, intelligent algorithm construction and the like. The classical cryptographic algorithm structure comprises a Feistel structure, an SPN structure, a Lai-Massey structure and the like, wherein the Feistel structure is a left-right balanced two-branch symmetrical structure, the structure can be iterated for multiple rounds, mainly comprises XOR operation, round function and left-right branch exchange, and has the advantages of consistent encryption and decryption, high efficiency, easiness in implementation and the like.
Aiming at the attack of the S box, the commonly used method mainly comprises mathematical attacks such as linear analysis, differential analysis, algebraic attack and the like. With the increase of computer computing power, 4-bit and 8-bit S-boxes have been difficult to resist attack threats brought by high-performance computing, especially quantum computing, due to the low complexity. To effectively combat such attacks, new cryptographic algorithms using high-bit S-boxes were designed, including 16/32/64-bit S-boxes. E.g., a 16-bit S-box with a higher number of bits relative to an 8-bit S-box, with a complexity of 2 higher8And therefore, the 16-bit S box can provide security for the cryptographic algorithm more effectively than the 8-bit S box.
At present, research and design on a high-bit password S box and a password algorithm are carried out at home and abroad, and in NBC algorithm, xu et al [1] in China use 16-level NFSR to construct a 16-bit S box. The NFSR is called a nonlinear feedback shift register, is widely used in the design of a stream cipher algorithm, and has the advantages of simple structure, easy realization and flexible state updating function transformation.
The invention provides a new construction method of a 16-bit cipher S box based on NFSR and Feistel structures, and constructs the 16-bit S box with strong cryptography property.
Reference documents:
[1] xuhong, Changming, Tanshu Ling, chiffon, Wangzhongxiao, NBC Algorithm [ J ] Proc, 2019,6(6):760 + 767.
Disclosure of Invention
The invention aims to provide a method for constructing a 16-bit S box based on NFSR and Feistel structures, which is used for constructing a 16-bit S box with strong cryptography property by designing an NFSR structure with good cryptography property and combining the NFSR structure with the Feistel structure and taking an 8-bit S box as a sample, thereby providing safe nonlinear transformation support for a block cipher algorithm.
The technical scheme for realizing the purpose of the invention is as follows:
a16-bit S box construction method based on NFSR and Feistel structures comprises the following steps:
(1) constructing an 8-bit S-box sample set;
by utilizing affine equivalence, selecting an AES algorithm 8-bit S box with better cryptography property as a sample construction sample set;
(2) constructing two NFSR components with superior cryptographic properties;
two NFSR components are constructed by using an 8-stage nonlinear feedback shift register, and diffusion and confusion support is provided for the constructed 16-bit cipher S box;
(3) constructing a 16-bit S box structure based on NFSR and Feistel;
combining the two NFSR components constructed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting after iteration to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the 16-bit S box structure constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output.
The method for constructing the 8-bit S-box sample set in the step (1) comprises the following specific steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,the S box obtained by affine equivalence can ensure that the properties of the non-linearity, the difference uniformity, the algebraic times and the like are the same as the nature of the selected S box.
The construction of two NFSR components with better cryptology property in the step (2) comprises the following specific steps:
(2.1) in order to ensure that the constructed 16-bit S box has better diffusion and confusion effects and increase the safety of the S box, the invention constructs 2 8-stage NFSR components which are respectively marked as NFSR1 and NFSR2, the sequence of the NFSR components follows the principle of diffusion and confusion, 8 states exist in each 8-stage NFSR, and S is used as the state of the S boxi(i is more than or equal to 0 and less than or equal to 7) represents a certain bit state before the iteration of the register; with Si"0. ltoreq. i.ltoreq.7" denotes the bit state after the register iteration; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
the step (3) is to construct a 16-bit S box structure based on NFSR and Feistel, and comprises the following specific steps:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: the simple Feistel structure can achieve certain safety generally in 3-4 rounds, and the number of iteration rounds of the newly-structured structure is 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:the final left and right branch outputs are defined as:
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as: si(x),0≤i≤3,
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of a 4-round Feistel structure, setting the iteration beat number to be 1 beat, and setting the 1 beat energyReducing the complexity of the construction, the output result of NFSR1 is expressed as:similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
(3.6) output of the overall structure: based on NFSR and Feistel structures and calculation methods thereof, the final output expression of the new structure is as follows:
the method for traversing and searching the 16-bit S box in the step (4) comprises the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxPutting an 8-bit S box based on an AES algorithm S box affine equivalent structure into a SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; setting left and right branch inputs as, and taking the first value according to the dictionary sequence;
(4.2) according to a full traversal mode, selecting 4S boxes from the S box sample set, and respectively using the S boxes as S in the new structure0、S1、S2、S3;
(4.3) substituting L and R into a formula for calculation, connecting the output L ' and R ' of the last left branch and the output R ' of the last right branch, converting the outputs into decimal integers, and storing the decimal integers into SBox _16 according to the array sequence;
(4.4) if R is inIf the domain is not traversed completely, then R is inTraversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is inIf the domain is not traversed, then L isTraversing the domain according to the dictionary sequence and taking down a value, and placing R inTaking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if the S box sample set is not completely traversed, continuing to traverse to obtain the next group of 4S boxes, and substituting S into the S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
The S box screening in the step (5) is to screen out the S box with excellent cryptology property from the 16-bit cipher S box result constructed in the step (4), because the constructed 16-bit S boxes are more, the state of the 16-bit S box is larger, the index testing time is longer, and if the time for testing the nonlinearity of one S box is about 10-12 hours, the invention sequentially screens according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and outputs the 16-bit cipher S box with excellent cryptology property.
The invention has the beneficial effects that:
(1) the method is based on NFSR and Feistel structures, and the S box replaces a round function, so that the structure is simple;
(2) the method can construct the 16-bit S box with better cryptology property, and provides the S box support with high security for the block cipher algorithm.
(3) The method of the invention is based on affine equivalence, and can construct a large number of 16-bit S boxes with better cryptology properties.
Drawings
FIG. 1 is a flow chart of the present invention for constructing a NFSR and Feistel composite structure;
FIG. 2 is a block diagram of the present invention for constructing the NFSR1 module;
FIG. 3 is a block diagram of the present invention for constructing the NFSR2 assembly;
FIG. 4 is a NFSR + Feistel composite structure of the present invention;
fig. 5 is a flow chart of the present invention for constructing a 16-bit S-box.
Detailed Description
The present invention will be further described with reference to the accompanying drawings, but the present invention is not limited thereto.
Referring to fig. 1, a method for constructing a 16-bit S-box based on NFSR and Feistel structures includes the steps of:
(1) constructing an 8-bit S-box sample set;
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,the S box obtained by affine equivalence can ensure that the properties of the S box, such as nonlinearity, difference uniformity, algebraic times and the like, are the same as the nature of the selected S box;
(2) constructing and designing an NFSR component with better cryptology properties;
two NFSR components are constructed by using an 8-stage nonlinear feedback shift register, and diffusion and confusion support is provided for the constructed 16-bit cipher S box;
(3) constructing and designing a 16-bit S box structure based on NFSR and Feistel;
combining the NFSR component constructed and designed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the new structure of the 16-bit S box design constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the S box with better password property for output.
Step (2) constructs two NFSR components with better cryptology properties, and the specific steps are as follows:
(2.1) to ensure that the constructed 16-bit S-box has better diffusion and confusion effects and increase the security of the S-box, in the invention, 2 stages of 8 NFSR components are constructed, which are respectively marked as NFSR1 and NFSR2, as shown in FIGS. 2-3, and the sequence follows the principle of diffusion and confusion, 8 states are in each stage of 8 NFSR, and S is used as the statei(i is more than or equal to 0 and less than or equal to 7) represents a certain bit state before the iteration of the register; with Si"0. ltoreq. i.ltoreq.7" denotes the bit state after the register iteration; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
referring to fig. 4, the step (3) constructs a 16-bit S-box structure based on NFSR and Feistel, and the specific steps are as follows:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: the simple Feistel structure can achieve certain safety generally in 3-4 rounds, and the number of iteration rounds of the newly-structured structure is 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:the final left and right branch outputs are defined as:
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as: si(x),0≤i≤3,
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of the 4-round Feistel structure, setting the number of iterative beats to be 1 beat, and setting 1 beat can reduce the complexity of the structure, then the output result of NFSR1 is expressed as:similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
(3.6) output of the overall structure: based on NFSR and Feistel structures and calculation methods thereof, the final output expression of the new structure is as follows:
referring to fig. 5, the method for searching 16-bit S-box in a traversal manner in step (4) includes the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxPutting an 8-bit S box based on an AES algorithm S box affine equivalent structure into a SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; setting left and right branch inputs as, and taking the first value according to the dictionary sequence;
(4.2) according to a full traversal mode, selecting 4S boxes from the S box sample set as S0 and S in the new structure respectively1、S2、S3;
(4.3) substituting L and R into a formula for calculation, connecting the output L ' and R ' of the last left branch and the output R ' of the last right branch, converting the outputs into decimal integers, and storing the decimal integers into SBox _16 according to the array sequence;
(4.4) if R is inIf the domain is not traversed completely, then R is inTraversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is inIf the domain is not traversed, then L isTraversing the domain according to the dictionary sequence and taking down a value, and placing R inTaking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if the S box sample set is not completely traversed, continuing to traverse to obtain the next group of 4S boxes, and substituting S into the S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
The method can construct the 16-bit S box with better cryptology property, and provides the S box support with high security for the block cipher algorithm. In the test, with 4S-box samples of 8 bits, 256S-boxes of 16 bits were constructed; the test result shows that the constructed 16-bit S boxes all meet bijection, and the algebraic times are all 15; the lower bound of the difference uniformity is 18, the upper bound is 22, wherein the difference uniformity is 117 for 18, the difference uniformity is 130 for 20, and the difference uniformity is only 9 for 22; the maximum nonlinearity is 31986, and 7 nonlinearity units are higher than 31980.
Claims (5)
1. A method for constructing a 16-bit S-box based on NFSR and Feistel structures, the method comprising the steps of:
(1) constructing an 8-bit S-box sample set;
selecting an AES algorithm 8-bit S box as a sample construction sample set by utilizing affine equivalence;
(2) two NFSR components are constructed by using 8-stage nonlinear feedback shift registers;
(3) constructing a 16-bit S box structure based on NFSR and Feistel;
combining the two NFSR components constructed in the step (2) with a Feistel structure, performing multiple rounds of iteration based on the 8-bit password S box sample set constructed in the step (1), and outputting after iteration to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
traversing according to the left and right branches and the S box sample set based on the 16-bit S box structure constructed in the step (3) to construct a large number of 16-bit S boxes;
(5) s, screening boxes;
and (4) testing the 16-bit S box constructed in the step (4), sequentially screening according to the difference uniformity, the nonlinearity, the algebraic times and the signal-to-noise ratio, and screening out the 16-bit S box with better password property for output.
2. The method for constructing the 16-bit S-box according to claim 1, wherein the step (1) of constructing the 8-bit S-box sample set comprises the following specific steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:wherein S isAESAn S-box for AES; a and B are reversible matrixes of order n, and A and B are formed by GL (n and F)2) And a and b are n bit constants,
3. the method for constructing a 16-bit S-box according to claim 1, wherein the step (2) of constructing two NFSR assemblies comprises the following specific steps:
(2.1) construct 2 8-stage NFSR modules, labeled NFSR1 and NFSR2, whose sequence follows the principles of diffusion and confusion, with 8 states in each 8-stage NFSR, denoted by SiIndicating a certain bit state, S, before the register iterationiWherein i is more than or equal to 0 and less than or equal to 7; with Si' indicating the state of the bit after the iteration of the register, SiWhere 0. ltoreq. i.ltoreq.7; in the iterative updating, 4 bits needing to be updated are selected, namely the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit respectively, namely the four bits are updated by one beat of each iteration of the NFSR, and the other positions directly receive the data of the cyclic shift;
4. the method for constructing the 16-bit S-box according to claim 1, wherein the step (3) of constructing the 16-bit S-box structure based on NFSR and Feistel comprises the following specific steps:
(3.1) constructing a 16-bit S box on the basis of a Feistel structure, adopting the idea of constructing a large box by using a small box, taking an 8-bit S box as a sample, and taking an NFSR structure as a component for enhancing diffusion and confusion;
(3.2) determining the number of wheels of the combined structure: setting the number of iteration rounds of the newly constructed structure as 4 rounds;
(3.3) determining input/output: the newly constructed structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are respectively defined as:final left and right branch inputsThe radicals are respectively defined as:
(3.4) replace round function with S-box: the round function of the traditional Feistel structure is replaced by the selected 8-bit S-box, and the 4-round structure uses 4 8-bit S-boxes, which are respectively identified as: s0、S1、S2、S3(ii) a These 4S-boxes are taken from the 8-bit S-box sample set constructed in step (1.2) using affine equivalence, and the output of the round function, i.e. each S-box output, is expressed as:
(3.5) diffusion and obfuscation based on NFSR structure: adding NFSR1 to the left branch of the 2 nd round of the 4-round Feistel structure, setting the number of iterative beats to be 1 beat, and setting 1 beat can reduce the complexity of the structure, then the output result of NFSR1 is expressed as:similarly, adding NFSR2 to the left branch of the 3 rd round of the 4-round Feistel structure, setting the iterative beat number to 1 beat, the operation result of NFSR2 in the structure is expressed as:
5. the method for constructing a 16-bit S-box according to claim 1, wherein the step (4) of traversing and searching the 16-bit S-box comprises the following specific steps:
(4.1) initialization, setting the sample Set of 8-bit S-boxes to SetSBoxWill be based on AES algorithm S-box affine and the likeThe 8-bit S-boxes of the price structure are put into the SetSBoxPerforming the following steps; setting the 16-bit S box array SBox _16 to be empty; set the left and right branch inputs asAnd the first value is taken according to the dictionary sequence;
(4.2) Set from S-box sample Set in a full traversal mannerSBox4S boxes are selected from the S boxes and are respectively used as S in the new structure0、S1、S2、S3;
(4.3) substituting L and R into the formula fNFSR+Feistel(L, R) calculating, connecting the output L 'and R' of the last left branch and right branch together, converting into decimal integers and storing in SBox _16 according to array sequence;
(4.4) if R is inIf the domain is not traversed completely, then R is inTraversing the domain according to the dictionary sequence, taking the next value, and turning to (4.3);
if the traversal is completed, turning to (4.5);
(4.5) if L is inIf the domain is not traversed, then L isTraversing the domain according to the dictionary sequence and taking down a value, and placing R inTaking a first value in the domain according to the dictionary sequence, and turning to (4.3);
if the traversal is completed, turning to (4.6);
(4.6) obtaining a 16-bit S box, adding the array SBox _16 output stored with the 16-bit S box into the file, and emptying the array SBox _ 16;
(4.7) if S Box sample SetSBoxIf the traversal is not completed, the traversal is continued to obtain the next group of 4S boxes, and the S boxes are substituted into S0、S1、S2、S3Setting left and right branch inputs L and R to take the first value according to the dictionary sequence, and turning to (4.2); if the traversal is completed, turning to (4.8);
(4.8) ending the S-box search.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111078032.XA CN113783684B (en) | 2021-09-15 | 2021-09-15 | Construction method of 16-bit S box based on NFSR and Feistel structures |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111078032.XA CN113783684B (en) | 2021-09-15 | 2021-09-15 | Construction method of 16-bit S box based on NFSR and Feistel structures |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113783684A true CN113783684A (en) | 2021-12-10 |
CN113783684B CN113783684B (en) | 2023-07-18 |
Family
ID=78843876
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111078032.XA Active CN113783684B (en) | 2021-09-15 | 2021-09-15 | Construction method of 16-bit S box based on NFSR and Feistel structures |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113783684B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114710272A (en) * | 2022-03-24 | 2022-07-05 | 北京电子科技学院 | Automatic generation method and system of (n, m) -S box |
CN114710272B (en) * | 2022-03-24 | 2024-06-07 | 北京电子科技学院 | Automatic generation method and system of (n, m) -S box |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051442A (en) * | 2012-10-16 | 2013-04-17 | 中国科学院软件研究所 | Cipher device adopting Feistel-PG structure and encryption method |
WO2014092533A1 (en) * | 2012-12-12 | 2014-06-19 | Mimos Berhad | A method to construct bijective substitution box from non-permutation power functions |
CN111756521A (en) * | 2020-06-25 | 2020-10-09 | 桂林电子科技大学 | Cipher S box design method based on Feistel-SP structure |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
-
2021
- 2021-09-15 CN CN202111078032.XA patent/CN113783684B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051442A (en) * | 2012-10-16 | 2013-04-17 | 中国科学院软件研究所 | Cipher device adopting Feistel-PG structure and encryption method |
WO2014092533A1 (en) * | 2012-12-12 | 2014-06-19 | Mimos Berhad | A method to construct bijective substitution box from non-permutation power functions |
CN111756521A (en) * | 2020-06-25 | 2020-10-09 | 桂林电子科技大学 | Cipher S box design method based on Feistel-SP structure |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
Non-Patent Citations (1)
Title |
---|
龚涛;陈少真;: "基于扩展Feistel结构S盒的构造分析", 信息工程大学学报, no. 03 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114710272A (en) * | 2022-03-24 | 2022-07-05 | 北京电子科技学院 | Automatic generation method and system of (n, m) -S box |
CN114710272B (en) * | 2022-03-24 | 2024-06-07 | 北京电子科技学院 | Automatic generation method and system of (n, m) -S box |
Also Published As
Publication number | Publication date |
---|---|
CN113783684B (en) | 2023-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cid et al. | Boomerang connectivity table: a new cryptanalysis tool | |
Boura et al. | Efficient MILP modelings for sboxes and linear layers of SPN ciphers | |
Zhang et al. | Division cryptanalysis of block ciphers with a binary diffusion layer | |
Kim et al. | Impossible differential cryptanalysis using matrix method | |
CN103051442B (en) | Cipher device adopting Feistel-PG structure and encryption method | |
CN112636899B (en) | Lightweight S box design method | |
Biryukov et al. | Cryptanalysis of Feistel networks with secret round functions | |
EP2316189B1 (en) | Method for generating a cipher-based message authentication code | |
CN111756521B (en) | Cipher S box design method based on Feistel-SP structure | |
Yang et al. | Spectral analysis of ZUC-256 | |
CN109768854A (en) | A kind of implementation method of lightweight block cipher Wheel | |
Zhang et al. | Security of SM4 against (related-key) differential cryptanalysis | |
Zong et al. | Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256 | |
Chen et al. | MILP-based related-key rectangle attack and its application to GIFT, Khudra, MIBS | |
Tang et al. | A meet-in-the-middle attack on reduced-round ARIA | |
Hu et al. | Finding all impossible differentials when considering the DDT | |
CN113783684B (en) | Construction method of 16-bit S box based on NFSR and Feistel structures | |
Wang et al. | Improved lightweight encryption algorithm based on optimized S-box | |
Ren et al. | Cryptanalysis of reduced-round speck | |
CN109981247B (en) | Dynamic S box generation method based on integer chaotic mapping | |
CN109936437B (en) | power consumption attack resisting method based on d +1 order mask | |
US7103180B1 (en) | Method of implementing the data encryption standard with reduced computation | |
Tian et al. | Integral cryptanalysis on two block ciphers Pyjamask and uBlock | |
CN103546277B (en) | The DPA of a kind of smart card SM4 algorithm attacks and key recovery method and system | |
CN114900286A (en) | 16-bit S box construction method based on L-M-NFSR structure |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20211210 Assignee: Guangxi Huanzhi Technology Co.,Ltd. Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY Contract record no.: X2023980046248 Denomination of invention: A 16 bit S-box construction method based on NFSR and Feistel structures Granted publication date: 20230718 License type: Common License Record date: 20231108 |
|
EE01 | Entry into force of recordation of patent licensing contract |