一种AES S盒改进方案及其硬件设计

为提高高级加密标准（advanced encryption standard,AES）算法的安全性,提出了一种新的S盒生成方案。在分析了现有S盒存在的问题后,基于S盒的构造原理和密码学性质,通过选择新的不可约多项式和仿射变换对,同时调整仿射变换与乘法逆的运算顺序,构造出一种新的S盒;对生成的新S盒与AES 的S盒以及其他改进S盒在代数式项数、严格雪崩标准距离等方面进行了比较,结果显示新S盒具有更好的代数性质,能够有效抵御代数攻击;还对新S盒进行了硬件设计并优化,DC综合结果显示新S盒复域优化实现消耗的资源比传统复域实现少12%,比查找表法实现少41%。新S盒在安全性方面优于现有S盒,将其应用于AES软件设计和硬件设计,并通过仿真测试验证了其正确性。     

基于Hénon映射的块加密算法

利用Hénon映射，提出了一个使用多动态S-box的块加密算法。使用Hénon映射，生成多个动态S-box，对各个数据块加密、解密时，按照一定规则选择其中一个变换函数（S-box）。对文本、图像、音频等不同格式的文件进行了加密与解密处理，分析了密码系统的安全性。实验表明，算法具有较高的安全性，加密速度较快，且对差分和线性密码攻击具有较强的抵抗能力。     

自动化门限掩码新方法

为了有效抵御差分功耗攻击,密码芯片通常在算法级使用掩码防护。现有的门限掩码方法主要依赖于手工对密码核心部件的分解、推算及随机比特数的配置,其明显的缺点是计算及验证过程复杂、烦琐,而且掩码方案实现效率往往较低。如何在不注入额外随机数的情况下,自动化地生成掩码方案是目前业界讨论的热点问题。基于依赖函数的最小共享数目提出一种自动化门限掩码新方法。该方法仅需在拆分变元时用到随机数,而其他掩码环节不需引入额外随机数。实验结果表明：该方法应用于轻量级密码LBlock算法及16类最优4 bit密码S盒上的一阶门限掩码防护时,其T-test的峰值较于不加防护情形下的峰值缩小10倍以上;在实际平台的差分功耗攻击下,使用100万条能量迹也无法恢复出LBlock密码算法的任何密钥比特。这证实该掩码防护是新型有效的。此外,针对SKINNY、Midori、PRESENT和PRINCE等轻量级密码算法使用的密码S盒还分别给出其一阶自动化门限掩码新方案。     

Cross-Correlation Analysis of Cryptographically Useful Boolean Functions and S-Boxes

We use the cross-correlation function as a fundamental tool to study cryptographic properties of Boolean functions. This provides a unified treatment of a large section of Boolean function literature. In the process we generalize old results and obtain new characterizations of cryptographic properties. In particular, new characterizations of bent functions and functions satisfying propagation characteristics are obtained in terms of the cross-correlation and auto-correlation properties of subfunctions. The exact relationship between the algebraic structure of the non-zeros of the spectrum and the auto-correlation values is obtained for a cryptographically important class of functions. Finally we study the suitability of S-boxes in stream ciphers and conclude that currently known constructions for S-boxes may not be adequate for such applications. Received April 27, 2001, and in revised form October 30, 2001. Online publication February 20, 2002.     

基于扩展型二维CA的图像加密算法

根据数字图像的存储特点,提出一种基于扩展型二维元胞自动机的图像加密算法,将二维元胞自动机与图像加密技术结合,利用元胞自动机生成数值范围在0-255区间的二维伪随机数矩阵,截取与图像大小相等的伪随机数矩阵作为密码对图像像素进行加密,解密为加密的逆过程。实验结果表明,该算法能快速产生密码,加密形式简单,具有较好的抗攻击能力,适合对数据量大的数字图像进行加密。     

SCENERY: a lightweight block cipher based on Feistel structure

In this paper, we propose a new lightweight block cipher called SCENERY. The main purpose of SCENERY design applies to hardware and software platforms. SCENERY is a 64-bit block cipher supporting 80-bit keys, and its data processing consists of 28 rounds. The round function of SCENERY consists of 8 4 × 4 S-boxes in parallel and a 32 × 32 binary matrix, and we can implement SCENERY with some basic logic instructions. The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology, and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles on 8-bit microcontrollers and 364 clock cycles on 64-bit processors. Compared with other encryption algorithms, the performance of SCENERY is well balanced for both hardware and software. By the security analyses, SCENERY can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key attacks.     

基于混沌理论的S盒图像置乱加密算法

基于AES中的S盒理论,针对S盒的一一映射的特性对图像分块进行图像像素字节位置的置乱,提出了S盒图像置乱算法,在基于S盒图像置乱的标准算法引入混沌理论,产生混沌随机序列,提出S盒图像置乱加密的改进算法;并通过三种测试方法:抗剪切测试、高斯白噪音测试和分布均匀性测试以及客观评价方法就具体实例分析这种算法的安全性和抗剪切能力;最后将其与标准算法进行比较研究。     

Design-space exploration of the most widely used cryptography algorithms

Network data are, currently, often encrypted at a low level. In addition, as it is widely supported, the majority of future networks will use low-layer (IP level) encryption. Moreover, current trends imply that future networks are likely to be dominated by mobile terminals, thus, the power consumption and electromagnetic emissions aspects of encryption devices will be critical. This paper presents several realizations of the two most widely used encryption algorithms, DES and AES, both in software and in hardware. We present software implementations of the algorithms running on two of the state-of-the-art Intel IXP Network Processors and 11 hardware realizations based on a standard-cell library. In particular, five of our hardware realizations are conventional flip-flop based clocked designs, whereas the other six are either asynchronous, or latch-based synchronous designs. We demonstrate that the most efficient realization of the DES algorithm is one of the proposed asynchronous hardware implementations, whereas for the AES algorithm the latch-based design presented seems to be optimal. By placing and routing those designs, we have also realized that the commercial ASIC synthesis tools cannot accurately predict the area and the performance of the placed and routed final netlist in such designs, since the ASIC implementations of the encrypted algorithms include a very large number of wires and a limited number of logic CMOS cells.     

Secure evolvable hardware for public-key cryptosystems

In this paper, genetic programming is used as an alternative means to automatically generate secure and minimal hardware designs of public-key cryptosystems such as the RSA cryptosystem. We evolve optimal hardware circuits for modular exponentiation, which is a cornerstone operation in many public-key cryptographic system. The evolved circuits minimize both space (i.e. required gate number) and time (i.e. encryption and decryption time). The evolved designs are shielded against side-channel leakage and hence secure. The structure of the cryptographic circuit is random and so the private key cannot be deduced using known attacks. We compare our results against existing well-known designs, which were produced by human designers based on the binary method. Nadia Nedjah, Ph.D.: She is an associate professor in the Department of Electronics Engineering and Telecommunications at the Faculty of Engineering, State University of Rio de Janeiro, Brazil. Her research interests include functional programming, embedded systems and reconfigurable hardware design as well as cryptography. Nedjah received her Ph.D. in Computation from the University of Manchester — Institute of Science and Technology (UMIST), England, her M.S.c. in System Engineering and Computation from the University of Annaba, Algeria and her Engineerind degree in Computer Science also from the University of Annaba, Algeria. Luiza de Macedo Mourelle, Ph.D.: She is an associate professor in the Department of System Engineering and Computation at the Faculty of Engineering, State University of Rio de Janeiro, Brazil. Her research interests include computer architecture, embedded systems design, hardware/software codesign and reconfigurable hardware. She received her Ph.D. in Computation from the University of Manchester — Institute of Science and Technology (UMIST), England, her M.S.c. in System Engineering and Computation from the Federal University of Rio de Janeiro (UFRJ), Brazil and her Engineering degree in Electronics also from UFRJ, Brazil.     

The provable constructive effect of diffusion switching mechanism in CLEFIA-type block ciphers

CLEFIA is a block cipher designed by Sony Corporation, adopted as a lightweight encryption algorithm of the new ISO/IEC 29192-2 standard, and proposed as a Japanese e-Government recommendation cipher CRYPTREC candidate.Provable security properties of cryptographic design are crucial in any security evaluation. Providing lower bounds on the number of active S-boxes in differential and linear characteristics has been one of the few important provable properties that can be formally shown for block ciphers and hence received a lot of attention.In this work, we prove tighter lower bounds on the number of linearly active S-boxes in CLEFIA-type generalized Feistel networks (GFNs) with diffusion switching mechanism (DSM). We show that every 6 rounds of such GFNs provide 50% more linearly active S-boxes than proven previously. Moreover, we experimentally demonstrate that the new bound is tight for up to at least 12 rounds, whereas the previous one is not. Thus, this paper delivers first provable evidence that diffusion switching mechanism actually provides an advantage by guaranteeing more active S-boxes in GFNs.     

Evolvable Reasoning Hardware: Its Prototyping and Performance Evaluation

In this paper, we propose evolvable reasoning hardware and its design methodology. In the proposed design methodology, case databases of each reasoning task are transformed into truth tables, which are evolved to extract rules behind the past cases through a genetic algorithm. Circuits for the evolvable reasoning hardware are synthesized from the evolved truth-tables. Parallelism in each task can be embedded directly in the circuits through the direct hardware implementation of the case databases. We developed the evolvable reasoning hardware prototype using Xilinx Virtex FPGA chips and applied it to the English-pronunciation-reasoning (EPR) task. The evolvable reasoning hardware for the EPR task was implemented with 270K gates, achieving an extremely high reasoning speed of less than 300 ns/phoneme. It also achieved a reasoning accuracy of 82.1% which is almost the same accuracy as NETTalk in neural networks and MBRTalk in parallel AI.     

Improving quality of DES S-boxes by cellular automata-based S-boxes

In the paper we use recently proposed cellular automata (CA) based methodology (Szaban and Seredynski in LNCS, vol. 5191, pp. 478–485, 2008) to design the 6×4 S-boxes functionally equivalent to S-boxes used in current cryptographic standard known as Data Encryption Standard (DES). We provide an exhaustive experimental analysis of the proposed CA-based S-boxes in terms of non-linearity, autocorrelation, balance and strict avalanche criterion, and compare results with ones corresponding to DES S-boxes. We show that the proposed CA-based S-boxes have cryptographic properties comparable to or better than classical S-box tables. The interesting feature of the proposed S-boxes is a dynamic flexible structure fully functionally realized by CA, while the classical DES S-boxes are represented by predefined unchangeable table structures.     

Construction of Cryptographically Strong S-Boxes Inspired by Bee Waggle Dance

In this paper, we explore a heuristic method called the bee waggle dance to construct cryptographically strong S-boxes. The S-boxes exhibit good cryptographic properties such as high nonlinearity, low differential uniformity and high algebraic degree. The method involves the use of a trinomial power function as the initial S-box. The elements in the S-box are then permuted using the bee waggle dance algorithm. The S-boxes produced using this method are found to compare reasonably well with other existing S-boxes constructed using alternative heuristic methods. To the best of our knowledge, this is the first attempt to construct cryptographically strong S-boxes using the bee waggle dance algorithm.     

用遗传算法实现逻辑函数的化简

在硬件设计中引入演化计算,在可编程逻辑器件上通过对基本硬件元器件进行演化而自动生成人工难以设计出的硬件结构,称为演化硬件设计。代数法和卡诺图法用来化简给定的逻辑函数,但它们难以化简规模很大的逻辑函数。这里用演化硬件设计方法实现了区别于传统的代数化简法和卡诺图化简法的一种新的对给定的某一逻辑函数进行化简的方法。实验表明演化硬件设计方法能够化简规模很大的逻辑函数。     

超混沌系统和AES结合的图像加密算法

针对传统AES（高级加密标准）加密算法存在密钥空间小、固定不变等缺点,提出了一个新的超混沌系统和AES结合的图像加密算法。该算法首先利用超混沌Qi系统产生超混沌序列,截取混沌序列作为AES加密算法的目标密钥,且截取过程中引入了明文图像像素的平均值作为参数,以适应明文图像的变化。然后,将目标密钥代入AES加密算法进行两轮循环加密,且每轮加密过程中的S盒和轮密钥由混沌序列产生,增强了密钥的随机性。仿真实验结果表明,该算法能够很好地结合两者的优点,达到很好的加密效果。     

满足若干密码学性质的S-盒的构造

S-盒是许多密码算法的唯一非线性部件,它的密码强度决定了整个密码算法的安全强度.但 是对于大的S-盒的构造比较困难,而且软硬件实现也比较难,目前比较流行的是8×8的S-盒 .基于m-序列,提出一种构造8×8与8×6的S-盒的方法,通过测试法从中选出了一批非线性 性质与差分均匀性都比较好的S-盒.同时,基于正形置换构造了一批4×4的S-盒.这些S-盒 对进一步设计密码算法提供了非线性资源.     

基于演化算法的电路自动设计方法

在电路设计中引入演化计算,在可编程逻辑器件上通过对基本电路元器件进行演化而自动生成人工不可能设计出的电路结构,称为演化硬件设计。文中介绍了演化硬件实现的物质基础、演化计算在硬件自动设计方法的实现过程以及该方法要解决的问题,并对演化数字电路、模拟电路的设计进行了分析,说明演化算法在电路自动设计中是切实有效的。     

基于一种DES算法改进体制的研究

本文用改进的S-盒替换原来的S-盒，用内部CBC三重加密模式以及相关密钥S-盒等方式构造出一种改进的DES加密体制。这种体制增强了线性密码分析攻击、差分密码分析攻击、穷举攻击和选择明文攻击的难度，而它加解密的速度并没有受到影响，相反通过使用相关密钥S-盒硬件芯片，其加解密的速度还将有所提高。     

基于演化硬件的图像加密技术研究

本文将演化硬件和细胞自动机图像加密相结合,提出了一种将演化硬件应用到图像加密中的新技术。通过对基本逻辑电路的演化找出正确的加密规则(搜索密钥),继而采用反向迭代加密技术对图像进行加密和解密。演化硬件既可以作为搜索密钥工具,也可以作为规则表的逻辑电路,密钥更换时不需要更换硬件,增加了硬件的重用性,而且实现了密钥分散,使加密安全性得到了增强。实验证实了该技术的可行性,取得了良好的加密效果。     

Word level bitwidth reduction for unbounded hardware model checking

In this paper we present a word-level model checking method that attempts to speed up safety property checking of industrial netlists. Our aim is to construct an algorithm that allows us to check both bounded and unbounded properties using standard bit-level model checking methods as back-end decision procedures, while incurring minimum runtime penalties for designs that are unsuited to our analysis. We do this by combining modifications of several previously known techniques into a static abstraction algorithm which is guaranteed to produce bit-level netlists that are as small or smaller than the original bitblasted designs. We evaluate our algorithm on several challenging hardware components.