一种有效缩减AES算法S盒面积的组合逻辑优化设计

 通过对AES算法S盒构造原理的研究,利用其中仿射变换的系数具有循环移位的周期性特点对电路结构进行改进,提出一种面积优化的AES算法S盒组合逻辑电路设计方法。该方法基于流水线技术,采用倍频复用的电路结构,较传统结构减少了逻辑资源的使用。经过EDA工具综合仿真和实际系统验证,该方法比Wolkerstorfer和Satoh的S盒有限域实现的硬件规模分别缩减了47.53%和41.49%,比Morioka的S盒真值表实现的硬件规模缩减了21.43%。该设计方案已成功用于一种基于FPGA实现的密码专用处理器设计中。     

一类动态S盒的构造与差分性质研究

该文对有限域的逆与仿射变换复合得到的动态S盒进行了研究。首先给出了动态S盒变换差分概率的刻画方法,并给出了动态S盒变换的差分对应是不可能差分对应的充分必要条件及不可能差分的个数。接着给出了动态S盒变换最大差分概率的上界及可达性。最后利用模拟实验的方法研究了由随机S盒来构造的动态S盒的差分性质。理论和实验分析都表明,这类动态S盒变换具有远好于单个S盒的差分特性。     

一种AES算法中S盒和逆S盒替换的表达式方法

S盒替换与逆S盒替换是AES算法性能的主要瓶颈,它直接影响AES芯片的运算速度.在优化Q-M化简法基础上,提出了一种实现AES算法中S盒替换和逆S盒替换的表达式方法,这种表达式方法相比于普遍使用的查表法,其延时减小了8.5%,面积减小了27.4%,功耗减小了17%.     

求S盒布尔函数表达式的一种新算法

求分组密码S盒布尔函数表达式就是要确定表达式的各个系数。本文给出布尔函数表达式中通项的取值与输入值之间的关系，证明了表达式通项的系数可由已知系数来确定，从而设计出求S盒布尔函数表达式一种新的递归算法。算法只进行异或和内积运算，运算次数少，具有简洁、易于编程实现、准确而快速的特点。应用于DES获得与公开文献相符的结果，应用于AES首次求出其S盒的布尔函数表达式。     

AES算法S盒性质验证

AES作为广泛使用的高级数据加密标准,其密码算法的安全性取决于非线性部件S盒的密码特性。本文首先学习了AES算法的基本加解密过程,特别分析了AES49436算法采用的时空折衷的思想。然后从布尔函数出发,利用C语言实现了AES的S盒,推导和计算了S盒平衡性、非线性度等密码特性,说明AES抗差分和抗线性攻击的本质原因。最后利用拉格朗日插值法,拟合了S盒的代数表达式。结果表明AESS盒代数表达式项数过少,表达式比较简单,存在一定的安全隐患。     

基于增强型延时感知CSE算法的AES S盒电路优化设计

针对高级加密标准（AES）S-盒优化,提出了一种增强型延时感知公共项消除（CSE）算法.该算法能够在不同延时约束条件下优化多常数乘法运算电路,并给出从最小延时到最小面积全范围的面积-延时设计折中.采用该算法优化了基于冗余有限域算术的S盒实现电路,确定了延时最优、面积最优的两种S盒构造.实例优化结果表明所提出算法的优化效率高、优化结果整体延时小.所设计的S盒电路基于65nm CMOS工艺库综合,结果表明,对比于已有文献中S盒复合域实现电路,所提出面积最优S盒电路的面积-延时积最小,比目前最小面积与最短延时的S盒组合逻辑分别减少了17.58%和19.74%.     

Camellia算法中S盒的密码学性质

作为大多数分组密码中唯一的非线性结构,S盒在很大程度上决定了分组密码的安全性。论文首先分析Camellia算法中S盒的迭代循环周期,然后从布尔函数出发,利用Walsh谱理论分析其平衡性、非线性性、严格雪崩准则、扩散特性和相关免疫性等密码性质,从理论上揭示了Camellia算法中S盒的安全性,最后指出了该算法中可能存在的安全隐患。     

针对AES和CLEFIA的改进Cache踪迹驱动攻击

通过分析"Cache失效"踪迹信息和S盒在Cache中不对齐分布特性,提出了一种改进的AES和CLEFIA踪迹驱动攻击方法。现有攻击大都假定S盒在Cache中对齐分布,针对AES和CLEFIA的第1轮踪迹驱动攻击均不能在有限搜索复杂度内获取第1轮扩展密钥。研究表明,在大多数情况下,S盒在Cache中的分布是不对齐的,通过采集加密中的"Cache失效"踪迹信息,200和50个样本分别经AES第1轮和最后1轮分析可将128bit AES主密钥搜索空间降低到216和1,80个样本经CLEFIA第1轮分析可将128bit CLEFIA第1轮扩展密钥搜索空间降低到216,220个样本经前3轮分析可将128bit CLEFIA主密钥搜索空间降低到216,耗时不超过1s。     

布尔函数法实现S盒在FPGA中的应用

S盒是一种非线性部件,在密码算法中占有重要的地位.在密码算法的FPGA实现过程中,S盒的实现一定程度上决定了算法的运行性能.传统的方法是利用FPGA内部集成的存储块生成查找表的方式实现.采用布尔函数方法实现S盒目前应用较少,该方法在某些情况下能提高FPGA中算法的运行性能,在实现输入位宽越小的S盒时越具有优势.文中以AES算法的S盒为例,给出了基于布尔函数实现S盒的步骤及仿真结果和电路延时分析.     

对AES算法的S盒布尔函数分析

分组密码的安全性很大程度上取决于分组密码中唯一的非线性结构S盒。论文对AES的S盒的代数性质进行分析,采用布尔函数的方法,先得到S盒的真值表,再求解S盒的布尔函数表达式,根据布尔函数表达式计算得出S盒的平衡性、正交性、线性性、差分均匀性质、鲁棒性、非线性性等代数性质,说明AES的S盒的安全性。     

Property of finite fields and its cryptography application

A new property of finite fields is discovered, that the co-ordinates of the finite field element are expressed by algebraic polynomials with the element itself as the variable. The new property is used to determine the algebraic expression of the Rijndael S box. Furthermore, it is shown why the expression of the Rijndael S box appears so simple.     

AES类S盒与Camellia类S盒的代数复杂度分析

S盒是很多分组密码算法唯一的非线性部件,它的密码学性质对分组密码的安全性至关重要。该文主要研究与有限域上逆变换仿射等价S盒的代数复杂度问题,利用有限域上的线性化多项式给出了两类S盒的最大代数复杂度,并得到了Camellia类S盒退化为AES类S盒的一个充分必要条件。     

非线性闭环系统的虚拟参考反馈校正控制设计

针对闭环非线性系统中的控制器为一非线性函数的情况,采用虚拟参考反馈校正控制的设计原理,根据控制器的输入—输出观测数据构造一个基于输出数据的线性仿射函数。通过最小化逼近误差,利用系统辨识的参数估计方法求取线性仿射函数中可调参数权值,从而采用一个含可调参数权值的线性仿射形式来逼近原非线性控制器,通过对参数权值的调整使得逼近误差较小,并给出参数权值的凸优化求解过程。最后用仿真算例验证方法的有效性和可行性。     

High Definition Image Encryption Algorithm Based on AES Modification

In this article, a high-speed and highly restricted encryption algorithm is proposed to cipher high-definition (HD) images based on the modified advanced encryption standard (AES) algorithm. AES is a well-known block cipher algorithm and has several advantages, such as high-level security and implementation ability. However, AES has some drawbacks, including high computation costs, pattern appearance, and high hardware requirements. The aforementioned problems become more complex when the AES algorithm ciphers an image, especially HD images. Three modifications are proposed in this paper to improve AES algorithm performance through, decreasing the computation costs, decreasing the hardware requirements, and increasing the security level. First, modification was conducted using MixColumn transformation in 5 rounds instead of 10 rounds in the original AES-128 to decrease the encryption time. Security is enhanced by improving the key schedule operation by adding MixColumn transformation to this operation as second modification. In addition, to decrease the hardware requirements, S-box and Inv. S-box in the original AES are replaced by one simple S-box used for encryption and decryption in the proposed method. The proposed AES version conducts one of the ciphering modes to solve the appearance pattern problem. Experimental results indicate that the proposed modifications to the AES algorithm made the algorithm more compatible with HD image encryption.     

描述Rijndael的一个新的方程组

由于Rijndael的S盒的代数表达式是逆函数合成GF(28)上一个q-多项式,该文合理假设S盒的变量并通过讨论各变量之间的关系,把Rijndael用GF(28)上一个多变量二次方程组来表示,使得Rijndael的密钥恢复等同于求解这个方程组.该方程组较Murphy-Robshaw方程组更简单,用XSL技术求解复杂度更低。     

Conditional Re‐encoding Method for Cryptanalysis‐Resistant White‐Box AES

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white‐box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white‐box attacks. The first white‐box AES (WB‐AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white‐box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB‐AES with 230 time complexity, and Michiels and others generalized it for all substitution‐linear transformation ciphers. Recently, a collision‐based cryptanalysis was also reported. In this paper, we revisit Chow and others’ first WB‐AES implementation and present a conditional re‐encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.     

3-D discrete analytical ridgelet transform.

In this paper, we propose an implementation of the 3-D Ridgelet transform: the 3-D discrete analytical Ridgelet transform (3-D DART). This transform uses the Fourier strategy for the computation of the associated 3-D discrete Radon transform. The innovative step is the definition of a discrete 3-D transform with the discrete analytical geometry theory by the construction of 3-D discrete analytical lines in the Fourier domain. We propose two types of 3-D discrete lines: 3-D discrete radial lines going through the origin defined from their orthogonal projections and 3-D planes covered with 2-D discrete line segments. These discrete analytical lines have a parameter called arithmetical thickness, allowing us to define a 3-D DART adapted to a specific application. Indeed, the 3-D DART representation is not orthogonal, It is associated with a flexible redundancy factor. The 3-D DART has a very simple forward/inverse algorithm that provides an exact reconstruction without any iterative method. In order to illustrate the potentiality of this new discrete transform, we apply the 3-D DART and its extension to the Local-DART (with smooth windowing) to the denoising of 3-D image and color video. These experimental results show that the simple thresholding of the 3-D DART coefficients is efficient.     

Transactions Papers - Constructions of Nonbinary Quasi-Cyclic LDPC Codes: A Finite Field Approach

This paper is concerned with construction of efficiently encodable nonbinary quasi-cyclic LDPC codes based on finite fields. Four classes of nonbinary quasi-cyclic LDPC codes are constructed. Experimental results show that codes constructed perform well with iterative decoding using a fast Fourier transform based q-ary sum-product algorithm and they achieve significant coding gains over Reed-Solomon codes of the same lengths and rates decoded with either algebraic hard- decision Berlekamp-Massey algorithm or algebraic soft-decision Kotter-Vardy algorithm.     

A New Stacked Two-Dimensional Spectral Iterative Technique (SIT) for Analyzing Microwave Power Deposition in Biological Media

Conventional numerical methods for analyzing power deposition in biological media have been restricted to bodies which are relatively small electrically. A new, stacked-two-dimensional-spectral-iterative-technique (SIT), presented below, does not involve the generation and inversion of a matrix and is capable of analyzing larger bodies. It is based on modeling the body by a set of planar parallel slabs and utilizing the simple (convolution-type) relationship between a current distribution on any slab and the field due to this current. This invertible relationship is conveniently formulated in the transform domain in a strictly algebraic fashion. The interactions between the various slabs are also simple and algebraic in the spectral domain. The solution is generated in an iterative manner by applying these relationships sequentially over the slabs until convergence is achieved. Discussion on convergence and numerical examples are given.