总结了单S盒的硬件实现的最有效方法:一种是基于查找表的方法;一种是基于逻辑运算的方法。在文献[23]也指出高级加密标准(Advanced Encryption Standard, AES)中S盒的硬件实现效率非常高。本文构造动态S盒的核心是通过调整放射变换的行和列来得到新的S盒,其硬件执实现效率是单S盒的线性叠加,因此不论采用哪种硬件实现方法的效率不超过重复使用单S的效率。在文献[2,8]中的两种构造动态S盒的方法都存在一部分S盒的密码学性质不能达到最优,存在选择S盒等缺陷,其硬件的实现效率要高于使用重复使用单S盒的效率。如何提升多S盒的硬件执行效率将是下一步研究的目标。
4 结语
S盒是许多加密算法中的唯一的非线性部分,S盒的密码特性的好坏直接决定了密码算法的安全性。通过改变仿射变换矩阵,生成动态S盒,分析单个S盒的密码学特性,其各项指标和高级加密标准中使用的S盒一致,当把这些S盒动态使用时其动态密码学特性高于使用单个S盒;以使用8个动态S盒为例,通过实验计算发现除了代数次数没有发生变化,其他各项指标都优于使用单一S盒。使用动态S盒是一种能有效抵抗不可能差分分析的方法,最后分析了通过本文方法构造新的动态S盒的抵抗不可能差分攻击的性质更优,同时分析了该方法具有较好的硬件实现效率。
参考文献:
[1]冯登国,吴文玲,张文涛.分组密码的设计与分析[M].北京:清华大学出版社,2009:48-110.(FENG D G, WU W L, ZHANG W T. Design and Analysis of Block Cipher [M]. Beijing: Tsinghua University Press, 2009: 48-110.)
[2]邱劲,王平.基于混沌映射的动态S盒构造方法[J].计算机科学,2007,34(5):89-91.(QIU J, WANG P. A method to construct dynamic Sbox based on chaotic map[J]. Computer Science, 2007, 34(5): 89-91.)
[3]曹明,黄银峰,谷利泽,等.基于遗传蚁群算法的S盒构造[J].计算机应用研究,2008,25(5):1553-1554. (CAO M, HUANG Y F, GU L Z, et al. Construction of Sboxes based on genetic and ant colony algorithm [J]. Application Research of Computers, 2008, 25(5): 1553-1554.)
[4]STOIANOV N. One approach of using keydependent Sboxes in AES [C]// MCSS 2011: Proceedings of 4th International Conference on Multimedia Communications, Services and Security, Volume 149 of the series Communications in Computer and Information Science. Berlin: SpringerVerlag, 2011: 317-323.
[5]王海龙,孟繁军,张跃军,等.利用多进制组合快速构造S盒的AES算法设计[J].合肥工业大学学报(自然科学版),2014,37(4):432-434. (WANG H L, MENG F J, ZHANG Y J, et al. AES algorithm design of SBox based on Mary hexadecimal conversion method [J]. Journal of Hefei University of Technology (Natural Science),2014,37(4):432-434.)
[6]
DUNKELMAN O, KELLER N, SHAMIR A. Improved singlekey attacks on 8round AES192 and AES256 [C]// ASIACRYPT 2010: Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security, LNCS 6477. Berlin: SpringerVerlag, 2010: 158-176.
[7]胡志华,覃中平.一种新的8轮AES_128不可能差分分析[J].小型微型计算机系统,2013,34(9):2111-2115. (HU Z H, QIN Z P. Novel method for impossible differential cryptanalysis of 8round AES128 [J]. Journal of Chinese Computer Systems, 2013, 34(9): 2111-2115.)
[8]刘国强,金晨辉.一类动态S盒的构造与差分性质研究[J].电子与信息学报,2014,36(1):74-81. (LIU G Q, JIN C H. Investigation on construction and differential property of a class of dynamic Sbox [J]. Journal of Electronics & Information Technology, 2014, 36(1): 74-81.)
[9]陈利科,张润彤.一种基于动态S盒和动态P盒的快速分组密码算法——DSP[J].计算机科学,2009,36(2):78-80. (CHEN L K, ZHANG R T. Novel software block cipher using dynamic Sbox and Pbox [J]. Computer Science, 2009, 36(2): 78-80.)
[10]申兵,霍家佳.动态S盒的密码性质[J].通信技术, 2014, 47(12): 1429-1433. (SHEN B, HUO J J. Cryptographic property of dynamic Sbox [J]. Communications Technology, 2014, 47(12): 1429-1433.)
[11]殷新春,杨洁,谢立.密钥控制的多S盒Rijndeal算法[J].通信学报, 2007,28(9):125-132. (YIN X C, YANG J, XIE L. Keycontrolled Rijndael algorithm with multiple Sboxes [J]. Journal on Communications, 2007, 28(9): 125-132.)
[12]王文华,郑志明.基于可变S盒的随机加密方案[J].北京航空航天大学学报,2011,37(7):811-816. (WANG W H, ZHENG Z M. Random encryption scheme based on variable Sboxes [J]. Journal of Beijing University of Aeronautics and Astronautics, 2011, 37(7): 811-816.)
[13]MERKLE R C. Fast software encryption functions [C]// Proceedings of the Advances in Cryptology, LNCS 537. Berlin: SpringerVerlag, 1991: 477-501.
[14]SCHNEIER B. Description of a new variablelength key, 64bit block cipher[C]// Proceedings of the 1994 Cambridge Security Workshop on Fast Software Encryption, LNCS 809. Berlin: Springer, 1994: 191-204.
[15]NEDJAH N, DE MACEDO MOURELLE L. Designing substitution boxes for secure ciphers [J]. International Journal of Innovative Computing and Application, 2007, 1(1): 86-91.
[16]TU C. Design of an improved method of Rijndael Sbox [C]// ICCIC 2011: Proceedings of the 2011 International Conference on Computing and Information, Volume 231 of the series Communications in Computer and Information Science. Berlin: SpringerVerlag, 2011: 46-51.
[17]CLARK J A, JACOB J L, STEPNEY S. The design of Sboxes by simulated annealing [J]. New Generation Computing, 2005, 23(3): 219-231.
[18]WEBSTER A F, TAVARES S E. On the design of Sboxes[C]// CRYPTO 85 Advances in Cryptology. London: SpringerVerlag, 1986: 523-534.
[19]NYBERG K. Perfect nonlinear Sboxes [C]// EUROCRYPT 91: Proceedings of the 1991 Workshop on the Theory and Application of Cryptographic Techniques, LNCS 547. Berlin: SpringerVerlag, 1991: 378-386.
[20]温巧燕,钮心忻,杨义先.现代密码学中的布尔函数[M].北京:科学出版社,2000:147-152. (WEN Q Y, NIU X Q, YANG Y X. Boolean Function in Modern Cryptography [M]. Beijing: Science Press, 2000:147-152.)
[21]刘景伟,韦宝典,吕继强,等.AES S盒的密码特性分析[J]. 西安电子科技大学学报(自然科学版),2004,31(2):255-259. (LIU J W, WEI B D, LYU J Q, et al. Analysis of the cryptographic properties of the AES Sbox [J]. Journal of Xidian University, 2004, 31(2): 255-259.)
[22]吴文玲,张蕾.不可能差分密码分析研究进展[J].系统科学与数学,2008,28(8):971-983. (WU W L, ZHANG L. The stateoftheart of research on impossible differential cryptanalysis [J]. Journal of Systems Science and Mathematical Sciences, 2008, 28(8): 971-983.)
[23]杨红志,韩文报,赵龙.适用硬件实现的S盒构造方法[J].计算机应用,2010,30(3):674-684. (YANG H Z, HAN W B, ZHAO L. Construction method of Sbox suitable for hardware implementation [J]. Journal of Computer Applications, 2010, 30(3): 674-684.)
