西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (4): 170-179.doi: 10.19665/j.issn1001-2400.2023.04.017

• 网络空间安全专栏 • 上一篇    下一篇

一种大状态轻量级密码S盒的设计与分析

樊婷1(),冯伟2(),韦永壮1()   

  1. 1.桂林电子科技大学 广西密码学与信息安全重点实验室,广西壮族自治区 桂林 541004
    2.广西网信信息技术有限公司,广西壮族自治区 南宁 530000
  • 收稿日期:2023-01-16 出版日期:2023-08-20 发布日期:2023-10-17
  • 通讯作者: 冯伟
  • 作者简介:樊婷(1993—),女,桂林电子科技大学博士研究生,E-mail:fanting0801@163.com;|韦永壮(1976—),男,教授,E-mail:walker_wyz@guet.edu.cn
  • 基金资助:
    国家自然科学基金(62162016);国家自然科学基金(62062026);广西自然科学基金创新研究团队项目(2019GXNSFGA245004)

The design and cryptanalysis of a large state lightweight cryptographic S-box

FAN Ting1(),FENG Wei2(),WEI Yongzhuang1()   

  1. 1. Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China
    2. Guangxi Wangxin Information Technology Co.,Ltd.,Nanning 530000,China
  • Received:2023-01-16 Online:2023-08-20 Published:2023-10-17
  • Contact: Wei FENG

摘要:

Alzette是2020年美密会上提出的基于ARX结构的64比特轻量级S盒,具备软硬件性能出色、扩散性强和安全性高等诸多优点,受到了国内外的广泛关注。然而,具有杰出性能与安全性的64比特轻量级S盒极少,如何设计出一种比Alzette性能更佳的大状态轻量级S盒是目前研究的难点。基于ARX结构,设计出一种性能与安全性兼优的大状态轻量级密码S盒,提出了“层次筛选法”,通过提前设置最优差分/线性特征的界来确定最佳循环移位参数,并对新密码S盒给出了安全性评估。结果表明:新密码S盒与Alzette的软硬件实现性能相当;同时5轮新密码S盒最优差分特征(线性逼近)的概率达到2-17(2-8),7轮新密码S盒的最优线性逼近概率达到2-17;而Alzette的5轮最优差分特征(线性逼近)概率为2-10>2-17(2-5>2-8),7轮最优线性逼近概率为2-13>2-17。新密码S盒表现出更强的抗差分/线性密码分析的能力。

关键词: 轻量级分组密码, 密码S盒, 差分密码分析, 线性密码分析

Abstract:

Alzette is a 64 bit lightweight S-box based on the ARX structure proposed at the CRYPTO 2020.It has many advantages such as excellent hardware and software performance,strong diffusion and high security,so that it receives wide attention domestically and internationally.However,64-bit lightweight S-boxes with execllent performance and security are rare.Whether it is possible to design the large state lightweight S-box with better performance than Alzette is difficult in current research.In this paper,a large state lightweight cryptographic S-box based on the ARX structure with an excellent performance and security is designed.A “hierarchy filtering method” is proposed to determine the optimal rotation parameters by setting the best differential/linear characteristic bounds in advance,and the security evaluation for the new S-box is given.It is shown that the software and hardware implementation performance of the new S-box is equivalent to that of the Alzette.For the new S-box,the probability of 5-round best differential characteristic (linear approximation) up to 2-17(2-8),and the probability of 7-round best linear approximation reaches 2-17.But for the Alzette,the 5-round best differential characteristic (linear approximation) with probability of 2-10>2-17(2-5>2-8),and the 7-round best linear approximation with probability of 2-13>2-17.The new S-box shows a stronger resistance against differential cryptanalysis and linear cryptanalysis.

Key words: lightweight block cipher, cryptographic S-box, differential cryptanalysis, linear cryptanalysis

中图分类号: 

  • TN918.4