基于SM4轮函数设计的认证加密算法

认证加密算法，作为一种对称密码算法，能够同时保护数据的机密性和完整性，在信息安全领域有着重要作用.现有的认证加密算法大多是基于分组密码的工作模式设计的，底层需要调用全轮的分组密码，效率受到很大限制.本文主要考虑从基本部件出发直接设计一个高效的认证加密算法.首先结合国产分组密码标准SM4与广义Feistel结构给出了一种通用的结构设计.然后以抵抗碰撞攻击为安全性目标，利用混合整数规划（MILP）方法搜索得到了一些状态大小和效率各不相同的结构，这些结构可以被用来构造消息认证码和认证加密算法.最后，利用目前搜索得到的状态大小和效率较优的结构设计了一个认证加密算法，并进行了初步的安全性分析和软件实现，其速度约为SM4-GCM速度的10倍.

Authenticated Encryption Based on SM4 Round Function

Authenticated encryption,as a symmetric cryptographic primitive,can protect privacy and integrity simultaneously,which plays an important role in information security.Most of the existing authenticated encryption algorithms are designed based on the working mode of block cipher,which needs to call full round of block cipher.Thus the efficiency is quite limited.This paper considers to construct an efficient authenticated encryption algorithm dedicatedly using basic components.We first present a general structure by combining Chinese block cipher standard SM4 and the general Feistel structure.With the mixed integer linear programming (MILP) method,we find several secure structures against the collision attacks with different sate size and efficiency,which can be used as building blocks for MACs and authenticated encryption.Then we design an authenticated encryption using the structure with good state size and efficiency,and give the corresponding security analysis and implemention.Our benchmarks show that it runs about 10 times faster than SM4-GCM.