TANGRAM:一个基于比特切片的适合多平台的分组密码  被引量：6

作　　者：张文涛[1,2] 季福磊 丁天佑 杨博翰 赵雪锋 向泽军 包珍珍 刘雷波 ZHANG Wen-Tao;JI Fu-Lei;DING Tian-You;YANG Bo-Han;ZHAO Xue-Feng;XIANG Ze-Jun;BAO Zhen-Zhen;LIU Lei-Bo(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;Institute of Microelectronics,Tsinghua University,Beijing 100084,China;Hubei Key Laboratory of Applied Mathematics,Faculty of Mathematics and Statistics,Hubei University,Wuhan 430062,China;Nanyang Technological University,Singapore 637371,Singapore)

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [2]中国科学院大学网络空间安全学院,北京100049 [3]清华大学微电子学研究所,北京100084 [4]湖北大学数学与统计学学院应用数学湖北省重点实验室,武汉430062 [5]南洋理工大学,新加坡637371

出　　处：《密码学报》2019年第6期727-747,共21页Journal of Cryptologic Research

基　　金：国家自然科学基金(61379138);IOT安全联合研究项目(Y8HX376678)~~

摘　　要：本文提出一族新的分组密码算法TANGRAM.TANGRAM包含三个版本:TANGRAM128/128,分组长度和密钥长度均为128比特;TANGRAM 128/256,分组长度为128比特,密钥长度为256比特;TANGRAM 256/256,分组长度和密钥长度均为256比特.TANGRAM分组密码采用SP网络,我们对其S盒的选取以及线性层移位参数的选取进行了深入研究,以使TANGRAM尽可能达到最优的安全性和实现性能的性价比.我们深入分析了TANGRAM针对差分、线性、不可能差分、积分、相关密钥等重要密码分析方法的安全性,为它预留了足够的安全冗余.得益于比特切片方法,TANGRAM在多种软件和硬件平台上都具有很好的表现,可以灵活地适用于多种应用场景.This study proposes a new block cipher named TANGRAM.It has 3 different versions:TANGRAM 128/128,with block length and key length both being 128 bits;TANGRAM 128/256,with 128-bit block length and 256-bit key length;TANGRAM 256/256,with block length and key length both being 256 bits.TANGRAM uses an SP-network.To achieve the best possible securityperformance tradeoff,a deep study has been made on the selection of the TANGRAM S-box and the rotation parameters of the linear layer.An extensive and deep security analysis of TANGRAM was made against known cryptanalytic approaches,including differential,linear,impossible differential,integral,and related-key cryptanalysis,the analysis shows that TANGRAM has sufficient security redundancy.Due to its bit-slice style,TANGRAM offers great performance in both hardware and software implementations,which provides good flexibility for different application platforms.

关 键 词：分组密码 比特切片方法 安全性分析 软件实现 硬件实现 侧信道防护 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]