CN114900286A - 16-bit S box construction method based on L-M-NFSR structure - Google Patents

16-bit S box construction method based on L-M-NFSR structure Download PDF

Info

Publication number
CN114900286A
CN114900286A CN202210533588.1A CN202210533588A CN114900286A CN 114900286 A CN114900286 A CN 114900286A CN 202210533588 A CN202210533588 A CN 202210533588A CN 114900286 A CN114900286 A CN 114900286A
Authority
CN
China
Prior art keywords
bit
box
nfsr
constructed
sample set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210533588.1A
Other languages
Chinese (zh)
Inventor
武小年
豆道饶
韦永壮
张润莲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202210533588.1A priority Critical patent/CN114900286A/en
Publication of CN114900286A publication Critical patent/CN114900286A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a method for constructing a 16-bit S box based on Lai-Massey and NFSR (L-M-NFSR) structures, which is characterized by selecting an AES algorithm S box as a sample construction sample set by using affine equivalence; by utilizing an 8-stage nonlinear feedback shift register, an NFSR structure with strict avalanche characteristics can be achieved by designing iteration with few beats, and the NFSR structure is combined with a Lai-Massey structure, an 8-bit S box is used as a sample, and the 8-bit S box is used as a round function in the Lai-Massey structure, so that the variability of the structure is enhanced, the structural design is simplified, and the NFSR structure is easy to realize. The method constructs a 16-bit S box with strong cryptography property, and provides safe nonlinear transformation support for a block cipher algorithm.

Description

16-bit S box construction method based on L-M-NFSR structure
Technical Field
The invention relates to the field of information security, in particular to a method for constructing a 16-bit S box based on an L-M-NFSR structure.
Background
The block cipher algorithm is widely used as a mainstream algorithm in the symmetric encryption algorithm. The design of block cipher algorithms needs to follow the shannon principle of diffusion and aliasing, where the aliasing property is mainly provided by means of the only S-Box (S-Box) capable of non-linear transformation. The security degree of the S-box determines the security strength of the overall cryptographic algorithm, so that attacks against the cryptographic algorithm are mainly attacks against the S-box at present. With grindingDES was shown to be compromised due to weakness in the nature of the S-box. With the increase of computer computing power, 4/8-bit S-boxes have been difficult to resist attack threats brought by high-performance computing, especially quantum computing, due to their low complexity. And 16-bit S-boxes, which are 2 higher in complexity than 8-bit S-boxes 8 The 16-bit S-box therefore has a strong advantage in resisting mathematical attacks.
The construction method of the password S box mainly comprises a mathematical method construction, a password algorithm structure construction, an intelligent algorithm construction and the like. The cipher algorithm structure is a common method, and classic cipher algorithm structures comprise a Feistel structure, an SPN structure, a MISTY structure, a Lai-Massey structure and the like, wherein the Lai-Massey structure is a two-branch structure, can iterate for multiple rounds, mainly comprises XOR operation and round functions, and has the advantages of simple structure, easiness in hardware implementation and the like. The evaluation indexes of the S box safety mainly comprise mathematical indexes and indexes for resisting side channel attacks. The mathematical indexes comprise nonlinearity, difference uniformity, algebraic times and the like; the evaluation of the side channel attack resistance index includes signal-to-noise ratio and the like.
Disclosure of Invention
The invention aims to provide a method for constructing a 16-bit S box based on Lai-Massey and NFSR (L-M-NFSR) structures, wherein the NFSR structure with strict avalanche characteristics can be achieved by designing iteration with less beat number, and is combined with the Lai-Massey structures, 8-bit S boxes are used as samples to construct 16-bit S boxes with strong cryptology properties, so that safe nonlinear transformation support is provided for a block cipher algorithm.
The technical scheme for realizing the purpose of the invention is as follows:
a16-bit S box construction method based on an L-M-NFSR structure comprises the following steps:
(1) constructing an 8-bit S-box sample set;
selecting an AES algorithm S box with better cryptography property as a sample construction sample set by using affine equivalence;
(2) designing an NFSR component which meets strict avalanche characteristics;
two NFSR components which have less iteration and can meet strict avalanche characteristics are constructed by using an 8-stage nonlinear feedback shift register, and complete diffusivity support is provided for the constructed 16-bit S-box;
(3) constructing a 16-bit S box structure based on the L-M-NFSR;
combining the constructed NFSR component with a Lai-Massey structure, performing multiple rounds of iteration based on the constructed 8-bit password S box sample set, calculating and outputting to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
based on the constructed new structure, a large number of 16-bit S boxes are constructed by fully traversing the 8-bit S box sample set and the left and right branches on an 8-bit binary domain;
(5) s, screening boxes;
and testing the constructed 16-bit S box to screen out the 16-bit password S box with better password property.
In the 16-bit S-box construction method of the present invention, the construction of the 8-bit S-box sample set in step (1) specifically comprises the following steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:
Figure BDA0003644130810000031
wherein, SBox AES An AES algorithm S box; m, N is an N-order reversible matrix, and M, N belongs to GL (N, F) 2 ) M, n are n bit constants,
Figure BDA0003644130810000032
the S box obtained by affine equivalence can ensure that the properties of the non-linearity, the difference uniformity, the algebraic times and the like are the same as the nature of the selected S box.
In the 16-bit S box construction method, the NFSR component which is constructed in the step (2) and accords with strict avalanche characteristics specifically comprises the following steps:
(2.1) in order to ensure that the constructed 16-bit S box has better diffusion effect and increase the safety of the S box, 2 8-stage NFSR components conforming to strict avalanche characteristics are constructed in the invention, which are respectively marked as NFSR1 and NFSR2, after a certain number of iterations, the sequence has diffusion characteristics, 8 state registers are arranged in each 8-stage NFSR, and R is used as i (0 ≦ i ≦ 7) for a certain bit state before register iteration, denoted R i '0 ≦ i ≦ 7' represents the bit state of the register after iteration, and in the iteration update, 4 bits to be updated are selected, namely 1 st, 3 rd, 5 th and 7 th bits, namely, every iteration of NFSR, the 4 bits are updated, and other positions directly receive circularly shifted data; setting the iterative beats of the NFSR1 and the NFSR2 to 10 beats and 23 beats respectively, wherein the two NFSRs can meet strict avalanche characteristics under the iterative beats;
(2.2) for NFSR1, the update function expression is set to:
Figure BDA0003644130810000033
(2.3) for NFSR2, the update function expression is set to:
Figure BDA0003644130810000041
in the 16-bit S-box construction method of the invention, the construction of the 16-bit S-box structure based on the L-M-NFSR in the step (3) comprises the following specific steps:
(3.1) constructing a 16-bit S box on the basis of a Lai-Massey structure, simplifying the design of a round function by taking 3 8-bit S boxes as the round function, providing stronger nonlinear support for the structure, and taking the NFSR structure constructed in the 2 steps (2) as a component for enhancing the diffusion effect;
(3.2) determining the number of wheels of the combined structure: the Lai-Massey structure can achieve certain safety in 3 rounds, and the number of iteration rounds of the new structure is set to be 3 rounds;
(3.3) determining input/output: the Lai-Massey structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, wherein the input of the initial left branch and the input of the initial right branch are divided intoThe definition is as follows:
Figure BDA0003644130810000042
the final left and right branch outputs are defined as:
Figure BDA0003644130810000043
(3.4) replace round function with 8-bit S-box: to increase the variability of the structure and simplify the design, the round function of the traditional Lai-Massey structure is replaced with the selected 8-bit S-boxes, and the 3-round structure uses 3 8-bit S-boxes, which are respectively identified as: s 0 、S 1 、S 2 (ii) a These 3S-boxes were taken from the 8-bit S-box sample set constructed using the replica equivalent in step (1), and the output of the round function, i.e., each S-box output, was expressed as:
Figure BDA0003644130810000044
(3.5) diffusion based on NFSR structure: placing the constructed NFSR1 and NFSR2 at the outputs of the left branch and the right branch of each round of the Lai-Massey structure respectively, wherein the calculation results of the NFSR1 and the NFSR2 in the first round of the structure are respectively represented by A1 and B1, and the calculation results in the second round of the structure are respectively represented by A2 and B2;
(3.6) output of the overall structure: based on the L-M-NFSR structure and the calculation method, the final output expression of the new structure is as follows:
Figure BDA0003644130810000051
in the 16-bit S box construction method of the invention, the step (4) of traversing and searching the 16-bit S box specifically comprises the following steps:
(4.1) initializing, setting a sample set of an 8-bit S-box as SBox8, and placing the 8-bit S-box based on an AES algorithm S-box affine equivalent structure into the sample set SBox 8; setting a 16-bit S-box Array with the length of 65536 to be null; the initial left and right branches are input as
Figure BDA0003644130810000052
According to the dictionary respectivelySequentially taking a first value;
(4.2) according to a full traversal mode, selecting 3S boxes from the S box sample set SBox8, and respectively using the 3S boxes as S in the new structure 0 、S 1 、S 2
(4.3) substituting L and R into the formula S LMN (L, R) calculating, performing first splicing on the output L 'and R' bit strings of the last left branch and the last right branch, converting the bit strings into decimal integers and sequentially storing the decimal integers into Array;
(4.4) if R is in
Figure BDA0003644130810000053
If the domain is not traversed completely, then R is in
Figure BDA0003644130810000054
Traversing the next value in the domain according to the dictionary sequence, and turning to (4.3); traversing to complete the turn (4.5);
(4.5) if L is in
Figure BDA0003644130810000055
If the domain is not traversed, then L is
Figure BDA0003644130810000056
Traversing next value in the domain according to the dictionary sequence, and placing R in
Figure BDA0003644130810000057
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3); finishing traversing if traversing is finished, and turning to (4.6);
(4.6) obtaining an Array of 65536 integer data elements, i.e. a 16-bit S-box Array, and writing the S-box out of the program to the TXT file of the disk by means of a character stream operation;
(4.7) if the traversal of the 8-bit S-box sample set SBox8 is not complete, then go on to get the next set of 3S-boxes, substituting S 0 、S 1 、S 2 Setting left and right branch inputs L and R to fetch respectively
Figure BDA0003644130810000061
In the domainOne value, go (4.2); traversing to complete the turn (4.8);
(4.8) ending the S-box search.
In the 16-bit S box construction method, S box screening in step (5) is to screen out S boxes with higher safety from constructed 16-bit password S box results, wherein the non-linearity, difference uniformity, algebraic times, bijection and signal-to-noise ratio of the S boxes are tested, and the 16-bit S boxes with excellent cryptology properties are screened out in a folding mode according to test results.
The invention has the beneficial effects that:
(1) the method is based on the L-M-NFSR structure, and takes an 8-bit S box as a round function in the Lai-Massey structure, so that the variability of the structure is enhanced, the structural design is simplified, and the method is easy to realize;
(2) the method can construct the 16-bit S box with better cryptology property, and provides the S box support with high security for the block cipher algorithm.
Drawings
FIG. 1 is a flow chart of an embodiment to construct a 16-bit S-box;
FIG. 2 is a block diagram of an embodiment of a component that configures the NFSR 1;
FIG. 3 is a block diagram of an embodiment of a component that configures the NFSR 2;
FIG. 4 is a diagram of an exemplary L-M-NFSR assembly;
FIG. 5 is a flow chart of an embodiment to construct a 16-bit S-box.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and examples, but the present invention is not limited thereto.
Examples
A16-bit S box construction method based on an L-M-NFSR structure, referring to FIG. 1, comprises the following steps:
(1) selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
an 8-bit S-box sample set SBox8 is constructed by using affine equivalence, and the affine equivalence formula is as follows:
Figure RE-GDA0003693405000000071
wherein, SBox AES An AES algorithm S box; m, N is an N-order reversible matrix, and M, N belongs to GL (N, F) 2 ) M, n is n bit constant, m, n belongs to F 2 n
Example 16-bit S-cell construction method, referring to fig. 1, step (2) constructs two 8-level NFSR components conforming to strict avalanche characteristics, labeled NFSR1 and NFSR2, respectively, as shown in fig. 2 and 3, and the specific steps are as follows:
(2.1) NFSR1 and NFSR2 components whose sequence has a diffusion property after a certain number of iterations, 8 state registers in each 8-stage NFSR, with R i (0 ≦ i ≦ 7) for a certain bit state before register iteration, denoted R i '0 ≦ i ≦ 7' represents the bit state of the register after iteration, and in the iteration update, 4 bits to be updated are selected, namely 1 st, 3 rd, 5 th and 7 th bits, namely, the NFSR updates the above 4 bits every iteration, and the other positions directly receive the circularly shifted data; the iterative beat numbers of the NFSR1 and the NFSR2 are respectively set to 10 beats and 23 beats, and the two NFSRs can meet the strict avalanche characteristic under the iterative beat numbers;
(2.2) for NFSR1, the update function expression is set to:
Figure BDA0003644130810000073
(2.3) for NFSR2, the update function expression is set to:
Figure BDA0003644130810000081
example 16 bit S-box construction method, referring to fig. 1, step (3) constructs a 16 bit S-box structure based on L-M-NFSR, referring to fig. 4, the specific steps are as follows:
(3.1) the design of the round function is simplified by taking 3 8-bit S boxes as the round function, strong nonlinear support is provided for the structure, and the NFSR structure constructed in 2 steps (2) is taken as a component for enhancing diffusion;
(3.2) determining the number of wheels of the combined structure: the Lai-Massey structure can achieve certain safety in 3 rounds, and the number of iteration rounds of the new structure is set to be 3 rounds;
(3.3) determining input/output: the structure is a balanced structure of left and right branches, so that the input/output of the left branch and the right branch are both 8 bits, where the input of the initial left and right branches are defined as:
Figure BDA0003644130810000082
the final left and right branch outputs are defined as:
Figure BDA0003644130810000083
(3.4) replace round function with 8-bit S-box: to increase the variability of the structure and simplify the design, the round function of the traditional Lai-Massey structure is replaced with the selected 8-bit S-boxes, and the 3-round structure uses 3 8-bit S-boxes, which are respectively identified as: s 0 、S 1 、S 2 (ii) a These 3S-boxes were taken from the 8-bit S-box sample set constructed using the replica equivalent in step (1), and the output of the round function, i.e., each S-box output, was expressed as:
Figure BDA0003644130810000084
(3.5) diffusion based on NFSR structure: placing the constructed NFSR1 and NFSR2 at the outputs of the left branch and the right branch of each round of the Lai-Massey structure respectively, wherein the calculation results of the NFSR1 and the NFSR2 in the first round of the structure are respectively represented by A1 and B1, and the calculation results in the second round of the structure are respectively represented by A2 and B2;
(3.6) output of the overall structure: based on the L-M-NFSR structure and the calculation method, the final output expression of the new structure is as follows:
Figure BDA0003644130810000091
embodiment 16 bit S box construction method, referring to fig. 1, step (4) traverses and searches 16 bit S box, referring to fig. 5, the specific steps are as follows:
(4.1) initialize, set the sample set of 8-bit S-boxesFor SBox8, putting an 8-bit S-box based on AES algorithm S-box affine equivalent structure into a sample set SBox 8; setting a 16-bit S-box Array with the length of 65536 to be null; the initial left and right branches are input as
Figure BDA0003644130810000092
Respectively taking a first value according to the dictionary sequence;
(4.2) according to a full traversal mode, selecting 3S boxes from the S box sample set SBox8, and respectively using the 3S boxes as S in the new structure 0 、S 1 、S 2
(4.3) substituting L and R into the formula S LMN (L, R) calculating, performing first splicing on the output L 'and R' bit strings of the last left branch and the last right branch, converting the bit strings into decimal integers and sequentially storing the decimal integers into Array;
(4.4) if R is in
Figure BDA0003644130810000093
If the domain is not traversed completely, then R is in
Figure BDA0003644130810000094
Traversing the next value in the domain according to the dictionary sequence, and turning to (4.3); traversing to complete the turn (4.5);
(4.5) if L is in
Figure BDA0003644130810000095
If the domain is not traversed, then L is
Figure BDA0003644130810000096
Traversing next value in the domain according to the dictionary sequence, and placing R in
Figure BDA0003644130810000097
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3); finishing traversing if traversing is finished, and turning to (4.6);
(4.6) obtaining an Array of 65536 integer data elements, i.e. a 16-bit S-box Array, and writing the S-box out of the program to the TXT file of the disk by means of a character stream operation;
(4.7) if the traversal of the 8-bit S-box sample set SBox8 is not complete, then go on to get the next set of 3S-boxes, substituting S 0 、S 1 、S 2 Setting left and right branch inputs L and R to fetch respectively
Figure BDA0003644130810000101
The first value in the field, go (4.2); traversing to complete the turn (4.8);
(4.8) ending the S-box search.
In the example 16-bit S-box construction method, referring to fig. 1, step (5) is S-box screening, specifically, an S-box with high security is screened from the constructed 16-bit cipher S-box results, where the non-linearity, the difference uniformity, the algebraic times, the bijectivity, and the signal-to-noise ratio of the S-box are tested, and a 16-bit S-box with excellent cryptology properties is screened according to the test results.
In the test of the embodiment, 256S boxes are selected from a batch of S boxes to be tested, and the test result shows that the constructed 16-bit S boxes all meet bijectivity, and the algebraic times are all 15; the difference uniformity has a lower bound of 18, an upper bound of 22, and a majority of 18; the highest nonlinearity is 31992; the lower bound of the signal-to-noise ratio is 146.712 and the upper bound is 148.937.
The embodiment shows that the method can construct a 16-bit S box with strong cryptology property, and provides safe nonlinear transformation support for the block cipher algorithm.

Claims (5)

1. A16-bit S box construction method based on an L-M-NFSR structure is characterized by comprising the following steps:
(1) constructing an 8-bit S-box sample set;
selecting an AES algorithm S box as a sample construction sample set by utilizing affine equivalence;
(2) constructing an NFSR component which conforms to strict avalanche characteristics;
two NFSR components which accord with strict avalanche characteristics are constructed by using an 8-stage nonlinear feedback shift register, and complete diffusivity support is provided for the constructed 16-bit S box;
(3) constructing a 16-bit S box structure based on the L-M-NFSR;
combining the constructed NFSR component with a Lai-Massey structure, performing multiple rounds of iteration based on the constructed 8-bit password S box sample set, calculating and outputting to construct a 16-bit password S box;
(4) traversing and searching a 16-bit S box;
based on the constructed new structure, a large number of 16-bit S boxes are constructed by fully traversing the 8-bit S box sample set and the left and right branches on an 8-bit binary domain;
(5) s, screening boxes;
and testing the constructed 16-bit S box to screen out the 16-bit password S box with better password property.
2. The method for constructing the 16-bit S-box according to claim 1, wherein the step (1) of constructing the 8-bit S-box sample set comprises the following specific steps:
(1.1) selecting 8-bit S-box samples: selecting an AES algorithm 8-bit S box as an affine equivalent sample, wherein the nonlinearity of the S box is 112, the difference uniformity is 4, and the algebraic number is 7;
(1.2) based on the selected 8-bit S box, constructing an S box sample set by using affine equivalence, wherein the affine equivalence formula is as follows:
Figure FDA0003644130800000011
wherein, SBox AES An AES algorithm S box; m, N is an N-order reversible matrix, and M, N belongs to GL (N, F) 2 ) M, n are n bit constants,
Figure FDA0003644130800000012
3. the method for constructing a 16-bit S-box as claimed in claim 1, wherein the step (2) of constructing the NFSR component conforming to the strict avalanche property comprises the following steps:
(2.1) 2 stage 8 NFSR modules conforming to the strict avalanche behavior are constructed, labeled NFSR1 and NFSR2, respectively, and after a certain number of beats of iteration, the sequence has a diffusionCharacteristically, there are 8 status registers in each 8-stage NFSR, at R i Representing a certain bit state of the register before iteration by R i ' represents the bit state of the register after iteration, 0 is less than or equal to i is less than or equal to 7, in the iteration updating, 4 bits needing to be updated are selected and are respectively the 1 st bit, the 3 rd bit, the 5 th bit and the 7 th bit, namely, the NFSR updates the 4 bits at each iteration, and other positions directly receive circularly shifted data; setting the iterative beats of the NFSR1 and the NFSR2 to 10 beats and 23 beats respectively, wherein the two NFSRs can meet strict avalanche characteristics under the iterative beats;
(2.2) for NFSR1, the update function expression is set to:
Figure FDA0003644130800000021
(2.3) for NFSR2, the update function expression is set to:
Figure FDA0003644130800000022
4. the method according to claim 3, wherein the step (3) of constructing the 16-bit S-box structure based on the L-M-NFSR comprises the following specific steps:
(3.1) constructing a 16-bit S box based on a Lai-Massey structure, taking 3 8-bit S boxes as round functions, and taking 2 NFSR structures constructed in the step (2) as components for enhancing diffusion;
(3.2) determining the number of wheels of the combined structure: the Lai-Massey structure can achieve certain safety in 3 rounds, and the number of iteration rounds of the new structure is set to be 3 rounds;
(3.3) determining input/output: the Lai-Massey structure is a balanced structure of left and right branches, so the input/output of the left branch and the right branch are both 8 bits, where the initial input of the left branch and the right branch are respectively defined as:
Figure FDA0003644130800000031
the final left and right branch outputs are defined as:
Figure FDA0003644130800000032
(3.4) replace round function with 8-bit S-box: the round function of the traditional Lai-Massey structure is replaced by the selected 8-bit S box, and the 3-round structure uses 3 8-bit S boxes, which are respectively marked as follows: s 0 、S 1 、S 2 (ii) a These 3S-boxes are taken from the 8-bit S-box sample set constructed in step (1) using affine equivalence, respectively, and let the output of the round function, i.e. each S-box output, be expressed as:
Figure FDA0003644130800000033
(3.5) diffusion based on NFSR structure: placing the constructed NFSR1 and NFSR2 at the outputs of the left branch and the right branch of each round of the Lai-Massey structure respectively, wherein the calculation results of the NFSR1 and the NFSR2 in the first round of the structure are respectively represented by A1 and B1, and the calculation results in the second round of the structure are respectively represented by A2 and B2;
(3.6) output of the overall structure: based on the L-M-NFSR structure and the calculation method, the final output expression of the new structure is as follows:
Figure FDA0003644130800000034
5. the method of claim 4, wherein the step (4) of traversing and searching the 16-bit S-box comprises the following steps:
(4.1) initializing, setting a sample set of an 8-bit S-box as SBox8, and placing the 8-bit S-box based on an AES algorithm S-box affine equivalent structure into the sample set SBox 8; setting a 16-bit S-box Array with the length of 65536 to be null; the initial left and right branches are input as
Figure FDA0003644130800000035
Respectively taking a first value according to the dictionary sequence;
(4.2) in a full traversal manner, fromSelecting 3S boxes from the S box sample set SBox8 as S in the new structure 0 、S 1 、S 2
(4.3) substituting L and R into the formula S LMN (L, R) calculating, performing first splicing on the output L 'and R' bit strings of the last left branch and the last right branch, converting the bit strings into decimal integers and sequentially storing the decimal integers into Array;
(4.4) if R is in
Figure FDA0003644130800000041
If the domain is not traversed completely, then R is in
Figure FDA0003644130800000042
Traversing the next value in the domain according to the dictionary sequence, and turning to (4.3); traversing to complete the turn (4.5);
(4.5) if L is in
Figure FDA0003644130800000043
If the domain is not traversed, then L is
Figure FDA0003644130800000044
Traversing next value in the domain according to the dictionary sequence, and placing R in
Figure FDA0003644130800000045
Taking a first value in the domain according to the dictionary sequence, and turning to (4.3); finishing traversing if traversing is finished, and turning to (4.6);
(4.6) obtaining an Array of 65536 integer data elements, i.e. a 16-bit S-box Array, and writing the S-box out of the program to the TXT file of the disk by means of a character stream operation;
(4.7) if the traversal of the 8-bit S-box sample set SBox8 is not complete, then go on to get the next set of 3S-boxes, substituting S 0 、S 1 、S 2 Setting left and right branch inputs L and R to fetch respectively
Figure FDA0003644130800000046
The first value in the field, go (4.2); complete traversalTurning to (4.8);
(4.8) ending the S-box search.
CN202210533588.1A 2022-05-15 2022-05-15 16-bit S box construction method based on L-M-NFSR structure Pending CN114900286A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210533588.1A CN114900286A (en) 2022-05-15 2022-05-15 16-bit S box construction method based on L-M-NFSR structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210533588.1A CN114900286A (en) 2022-05-15 2022-05-15 16-bit S box construction method based on L-M-NFSR structure

Publications (1)

Publication Number Publication Date
CN114900286A true CN114900286A (en) 2022-08-12

Family

ID=82724349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210533588.1A Pending CN114900286A (en) 2022-05-15 2022-05-15 16-bit S box construction method based on L-M-NFSR structure

Country Status (1)

Country Link
CN (1) CN114900286A (en)

Similar Documents

Publication Publication Date Title
Boura et al. Efficient MILP modelings for sboxes and linear layers of SPN ciphers
Derbez et al. Meet-in-the-middle attacks and structural analysis of round-reduced PRINCE
Shi et al. Programming the Demirci-Selçuk meet-in-the-middle attack with constraints
CN111756521B (en) Cipher S box design method based on Feistel-SP structure
Yang et al. Spectral analysis of ZUC-256
MX2011001228A (en) Method for generating a cipher-based message authentication code.
Zong et al. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256
Zong et al. Milp-aided related-tweak/key impossible differential attack and its applications to qarma, joltik-bc
Yang et al. Cube cryptanalysis of round-reduced ACORN
CN113783684B (en) Construction method of 16-bit S box based on NFSR and Feistel structures
He et al. Improved cube attacks on some authenticated encryption ciphers and stream ciphers in the Internet of Things
CN104967509B (en) It is a kind of to take turns ZUC stream cipher algorithm mask means of defence of the output for arithmetic mask
Yao et al. Topological graphic passwords and their matchings towards cryptography
Bagheri et al. Cryptanalysis of reduced NORX
Zhang et al. Security of SM4 against (related-key) differential cryptanalysis
Hu et al. Finding all impossible differentials when considering the DDT
CN114900286A (en) 16-bit S box construction method based on L-M-NFSR structure
Crowley Improved cryptanalysis of Py
Udovenko Convexity of division property transitions: theory, algorithms and compact models
ElSheikh et al. On MILP-based automatic search for bit-based division property for ciphers with (large) linear layers
US7103180B1 (en) Method of implementing the data encryption standard with reduced computation
Zhou et al. Efficient and extensive search for precise linear approximations with high correlations of full SNOW-V
Tian et al. Integral cryptanalysis on two block ciphers Pyjamask and uBlock
Luo et al. Improvements for finding impossible differentials of block cipher structures
Shiba et al. Integral and impossible‐differential attacks on the reduced‐round Lesamnta‐LW‐BC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination