Analysis of 3-line generalized Feistel networks with double SD-functions

Generalized Feistel networks (GFN) are broadly employed in the design of primitives for block ciphers, stream ciphers, and hash functions. Lately, endowing the functions of GFNs with the structure of nonlinear substitution followed by linear diffusion (substitution-diffusion, SD) has received a great deal of attention. In this contribution, we prove tight lower bounds on the number of differentially and linearly active S-boxes for 3-line GFNs with double SD-functions where two SD-structures are applied one after another. We also show 8-round impossible differentials for 3-line GFNs with bijective functions. Moreover, we demonstrate that the proportion of active S-boxes in all S-boxes for such GFNs is by up to 14% higher than that for 4-line GFNs with double SD-functions, when instantiated with MDS matrices. This indicates that, rather surprisingly, the 3-line GFNs can be more efficient in practice than those with 4 lines.     

Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers

In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes.     

BORON: an ultra-lightweight and low power encryption design for pervasive computing

We propose an ultra-lightweight, compact, and low power block cipher BORON. BORON is a substitution and permutation based network, which operates on a 64-bit plain text and supports a key length of 128/80 bits. BORON has a compact structure which requires 1939 gate equivalents (GEs) for a 128-bit key and 1626 GEs for an 80-bit key. The BORON cipher includes shift operators, round permutation layers, and XOR operations. Its unique design helps generate a large number of active S-boxes in fewer rounds, which thwarts the linear and differential attacks on the cipher. BORON shows good performance on both hardware and software platforms. BORON consumes less power as compared to the lightweight cipher LED and it has a higher throughput as compared to other existing SP network ciphers. We also present the security analysis of BORON and its performance as an ultra-lightweight compact cipher. BORON is a well-suited cipher design for applications where both a small footprint area and low power dissipation play a crucial role.     

基于MILP方法的LED密码安全性分析

基于自动化搜索算法求解差分特征与线性逼近,成为了分组密码的差分与线性攻击研究热点。提出一种面向半个字节MILP模型自动化搜索密码算法的差分特征与线性逼近方法,对轻量级LED密码进行分析,以较少的变量与约束不等式求解活跃S盒数量,4轮运算至少有25个活跃S盒,这个结果与算法设计者给出的活跃S盒理论值相同,验证了该方法的正确性。最后,计算LED算法的最大差分特征及线性逼近概率,证明其能够抵抗差分与线性攻击。     

On the differential and linear efficiency of balanced Feistel networks

Balanced Feistel networks (BFN) have been widely used for constructing efficient block ciphers. They are known to provide high efficiency with respect to differential and linear cryptanalysis, when instantiated with SL-type round functions (BFN-SL). This work suggests that BFNs attain higher efficiency when the round function is defined as a composition of two substitution layers connected by a linear diffusion layer (SLS-type round function). The resulting structure is called BFN-SLS.Tight upper bounds on the differential and linear trail probabilities are proven for such constructions. When compared to BFN-SL with single-round diffusion, BFN-SLS exhibits an increase by almost 1/3 in the proportion of active S-boxes. When compared to BFN-SL with multiple-round diffusion, BFN-SLS provides the same proportion of active S-boxes, requiring, however, twice less linear operations and a single diffusion matrix for all rounds.It is argued that the cost of linear operations cannot be ignored when dealing with efficiency. Different BFNs are compared under consideration of the relative complexity of linear and nonlinear finite field operations. As a result, since BFN-SLS minimizes the number of necessary linear operations, its efficiency is higher than that of the known BFN-SL constructions.     

SCENERY: a lightweight block cipher based on Feistel structure

In this paper, we propose a new lightweight block cipher called SCENERY. The main purpose of SCENERY design applies to hardware and software platforms. SCENERY is a 64-bit block cipher supporting 80-bit keys, and its data processing consists of 28 rounds. The round function of SCENERY consists of 8 4 × 4 S-boxes in parallel and a 32 × 32 binary matrix, and we can implement SCENERY with some basic logic instructions. The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology, and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles on 8-bit microcontrollers and 364 clock cycles on 64-bit processors. Compared with other encryption algorithms, the performance of SCENERY is well balanced for both hardware and software. By the security analyses, SCENERY can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key attacks.     

一类分组密码的S盒重组算法

S盒是许多分组密码唯一的非线性部件,它的密码强度决定了整个密码算法的安全强度.足够大的S盒是安全的,但为了便于实现,分组密码多采用若干小S盒拼凑.针对一类分组密码算法,通过将S盒与密钥相关联,给出了S盒重组算法,丰富了S盒的应用模式,有效提高了分组密码的安全强度.     

Security of the SMS4 Block Cipher Against Differential Cryptanalysis

SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China.In this paper,we analyze the security of the SMS4 block cipher against differential cryptanalysis.Firstly,we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4.Next,by these relationships,we clarify the minimum number of active S-boxes in 6-,7- and 12-round SMS4 respectively.Finally,based on the above results,we present a family of about 2¹⁴ differential characteristics for 19-round SMS4,which leads to an attack on 23-round SMS4 with 2¹¹⁸ chosen plaintexts and 2^126.7 encryptions.     

基于非S盒变换的DES分组密码的改进

通过对分组密码安全性设计的分析,针对DES分组密码的不足进行改进,设计了一种基于非S盒变换的变种DES,用随机数产生S盒的排列顺序,通过对密钥和S盒顺序的交替移位,使所有的明文采用不同的密钥加密或不同的S盒处理,任意两组相同的明文加密后都会产生不同的密文,从而实现牢不可破的"一次一密"的密码体制.     

一类SP结构的不可能差分区分器证明

针对分组密码SP结构的不可能差分区分器轮数的下界进行证明,提出的方法使用线性代数的理论,对系数矩阵P及P-1进行分析,提出了系数矩阵部分子空间存在两个行向量线性相关时,可证明至少存在四轮不可能差分区分器。uBlock算法是SPN结构,提出的方法对uBlock算法进行了分析验证,说明了结论的正确性,进一步,使用该算法搜索到比uBlock算法设计文档更多的不可能差分区分器。针对SPN结构线性扩散层P,使用了本原指数的概念,使用线性扩散层P的本原指数对SPN结构不可能差分的轮数进行论证。分析结果表明,分组密码SP结构至少存在四轮不可能差分区分器。     

Using RC4 and AES Key Schedule to Generate Dynamic S-Box in AES

ABSTRACT

Advanced Encryption Standard (AES) block cipher system is widely used in cryptographic applications. Substitution boxes (S-boxes) are a keystone of modern symmetric cryptosystems which bring nonlinearity to the cryptosystems and strengthen their cryptographic security. The S-box component used in classic AES is fixed and not changeable. If the S-box is generated dynamically, the cryptographic strength of AES cipher system would be increased. In this article, we use RC4 and AES Key Expansion algorithms to generate dynamic S-box for AES. The purpose of the proposed approach is to generate more secure S-boxes. The generated S-box will have better results in security analysis. To examine the security, various tests are applied to the new S-box and the results pass all of them.     

On cross-correlation indicators of an S-box

Substitution boxes (S-boxes) are often used as the most important nonlinear components in many symmetric encryption algorithms. The cryptographic properties of an S-box directly affect the security of the whole cipher system. Recently, generalized global avalanche characteristics (GGAC) were introduced to measure the correlation between two arbitrary Boolean functions. In this paper, to better evaluate the security of an S-box, we present two cross-correlation indicators for it. In addition, by studying the related properties of the cross-correlation between two balanced Boolean functions, we propose the lower bounds on the sum-of-squares indicator related to GGAC for two balanced functions and also for an S-box.     

几类高强度密码S盒的安全性新分析

针对几类高强度密码S盒是否存在新的安全性漏洞问题,提出了一种求解S盒非线性不变函数的算法。该算法主要基于密码S盒输入和输出的代数关系来设计。利用该算法对这几类密码S盒进行测试,发现其中几类存在相同的非线性不变函数;此外,如果将这些S盒使用于分组密码Midori-64的非线性部件上,将会得到一个新的变体算法。利用非线性不变攻击对其进行安全性分析,结果表明：该Midori-64变体算法存在严重的安全漏洞,即在非线性不变攻击下,存在2⁶⁴个弱密钥,并且攻击所需的数据、时间及存储复杂度可忽略不计,因此这几类高强度密码S盒存在新的安全缺陷。     

Practical security against linear cryptanalysis for SMS4-like ciphers with SP round function

SMS4,a block cipher whose global structure adopts a special unbalanced Feistel scheme with SP round function,is accepted as the Chinese National Standard for securing Wireless LANs.In this paper,in order to evaluate the security against linear cryptanalysis,we examine the upper bound of the maximum linear characteristic probability of SMS4-like ciphers with SP round function.In the same way as for SPN ciphers,it is sufficient to consider the lower bound of the number of linear active s-boxes.We propose a formula to compute the lower bound of the number of linear active s-boxes with regard to the number of rounds.The security threshold of SMS4-like ciphers can be estimated easily with our result.Furthermore,if the number of input words in each round of SMS4-like cipher is m,we find that it is unnecessary for designers to make the linear branch number of P greater than 2 m with respect to linear cryptanalysis.     

Improved Linear Cryptanalysis of CAST-256

CAST-256, a first-round AES (Advanced Encryption Standard) candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with 128-bit block accepting 128, 160, 192, 224 ...     

An Efficient Block Encryption Cipher Based on Chaotic Maps for Secure Multimedia Applications

ABSTRACT

This paper presents an efficient chaotic-based block encryption cipher (CBBEC), which is a symmetric encryption algorithm designed with the potential of increasing security and improving performance. It is a hybrid mixture from chaos theory and cryptography. Its salient features include the use of eight working registers providing capability to handle 256-bits plaintext/ciphertext block sizes, employing a chaotic logistic map in key scheduling to generate session key used in encryption/decryption, the essential heavy use of data-dependent rotations and the inclusion of integer multiplication as an additional primitive operation. The use of multiplication with eight working registers greatly increases the diffusion achieved per round, allowing for greater security, fewer rounds and increased throughput. Comparative performance evaluation of the proposed chaotic-based block encryption cipher CBBEC with Rijndael, RC6 and RC5 is addressed. Experimental results show that the proposed CBBEC is a fast block cipher, showing its great potential in real-time encryption applications.     

Binary Galois field extensions dependent multimedia data security scheme

Finite fields are widely used in modern cryptographic architecture. The prominent finite field based symmetric and asymmetric cryptosystems are (ECC) elliptic curve cryptography, RSA, (AES) advanced encryption standard and pairing-based cryptography. The arithmetic operations of a finite field performed efficiently, that meet the design space constraints and execution speed. These aims resolve tremendous challenges, which required interdisciplinary efforts to render the best algorithms, implementations, architectures, and design practices. This study proposes convenient finite field arithmetic based symmetric key cryptosystem for multimedia data security. The scheme is comprised of diffusion and confusion. To execute the diffusion phase the random numbers generation is essential in utilizing the multiplication and inversion operations over the binary Galois field extensions. The main objective of using these operations is to establish substantial randomness with less computational exertions. In addition, a block cipher construction mechanism has been deployed for the confusion phase of the algorithm which generates multiple S-boxes with fewer rounds as compared to the customary block ciphers. Therefore, efficient creation of confusion in multimedia data and hence more security is attained. The experimental results and the time complexity manifest the efficiency of the scheme against various attacks. Also, as a result of a fast and simple implementation of the binary finite field in hardware and software, the proposed cryptosystem is more convenient to implement as compared to the prevailing schemes.     

一种基于Feistel网络的反馈式分组混沌密码的研究

近年采,将混沌理论应用到信息安全已成为研究的一个热点。本文基于Feistel网络,提出了一种新颖的反馈式分组混沌密码算法。在该算法中,当前加密分组输出将影响下一明文分组要运行的轮数,而每一轮使用的孓盒的序号与加密密钥有关,轮数及s盒的序号均由混沌映射动态生成。由于混沌的固有特性,使得加密系统变得更加复杂,更加难以分析和预测。实验结果表明,本算法具有优良的密码学特性,对明文和密钥以及混沌系统参数的细微变动都非常敏感。产生的密文随机性很好。对本算法的安全性进行了分析,结果表明它具有很高的抗穷举攻击的能力。     

基于时空混沌的S盒产生算法

置换盒又被称为S盒,是分组密码中常采用的重要部件。在分析S盒性能评价指标的基础上,提出了一种基于时空混沌的S盒产生方法。仿真测试表明根据该方法,可以产生一批具有良好性能的S盒,为开发新的分组密码算法奠定了很好的基础。     

一种基于前馈网络的分组密码体制

研究了分组密码体制及前馈神经网络的特征,构造了一种分组密码体制的数学模型,并基于二层前馈网络具体实现了该分组密码体制。在此基础上进行了仿真,结果表明该分组密码体制是可行的;针对其安全性进行了大量的实验,说明此分组密码体制具有较高的安全性,具有很好的混乱特征和扩散特征,可以用于信息安全领域的加/解密过程。