一种变体BISON分组密码算法及分析  

作　　者：赵海霞 韦永壮[2] 刘争红[1] ZHAO Haixia;WEI Yongzhuang;LIU Zhenghong(Key Laboratory of Cognitive Radio and Information Processing,Ministry of Education,Guilin University of Electronic Technology,Guilin 541004,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;School of Mathematics and Computational Science,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区：[1]桂林电子科技大学认知无线电与信息处理省部共建教育部重点实验室,桂林541004 [2]桂林电子科技大学广西密码学与信息安全重点实验室,桂林541004 [3]桂林电子科技大学数学与计算科学学院,桂林541004

出　　处：《电子与信息学报》2020年第7期1796-1802,共7页Journal of Electronics & Information Technology

基　　金：国家自然科学基金(61572148,61872103);广西科技计划项目基金(桂科AB18281019);广西自然科学基金(2017GXNSFBA198056);认知无线电与信息处理省部共建教育部重点实验室主任基金(CRKL180107);广西密码学与信息安全重点实验室基金(GCIS201706)。

摘　　要：该文基于Whitened Swap-or-Not(WSN)的结构特点,分析了Canteaut等人提出的Bent whItened Swap Or Not–like (BISON-like)算法的最大期望差分概率值(MEDP)及其(使用平衡函数时)抵御线性密码分析的能力;针对BISON算法迭代轮数异常高(一般为3n轮,n为数据分组长度)且密钥信息的异或操作由不平衡Bent函数决定的情况,该文采用了一类较小绝对值指标、高非线性度、较高代数次数的平衡布尔函数替换BISON算法中的Bent函数,评估了新变体BISON算法抵御差分密码分析和线性密码分析的能力。研究结果表明:新的变体BISON算法仅需迭代n轮;当n较大时(如n=128或256),其抵御差分攻击和线性攻击的能力均接近理想值。且其密钥信息的异或操作由平衡函数来决定,故具有更好的算法局部平衡性。Based on the characteristics of Whitened Swap-or-Not(WSN) construction, the maximum expected differential probability(MEDP) of Bent whItened Swap Or Not-like(BISON-like) algorithm proposed by Canteaut et al. is analyzed in this paper. In particular, the ability of BISON-like algorithm with balanced nonlinear components against linear cryptanalysis is also investigated. Notice that the number of iteration rounds of BISON algorithm is rather high(It needs usually to iterate 3 n rounds, n is the block length of data)and Bent function(unbalanced) is directly used to XOR with the secret key bits. In order to overcome these shortcomings, a kind of balanced Boolean functions that has small absolute value indicator, high nonlinearity and high algebraic degree is selected to replace the Bent functions used in BISON algorithm. Moreover, the abilities of this new variant BISON algorithm against both the differential cryptanalysis and the linear cryptanalysis are estimated. It is shown that the new variant BISON algorithm only needs to iterate n-round function operations;If n is relative large(e.g. n=128 or n=256), Its abilities against both the differential cryptanalysis and the linear cryptanalysis almost achieve ideal value. Furthermore, due to the balanced function is directly XORed with the secret key bits of the variant algorithm, it attains a better local balance indeed.

关 键 词：差分密码分析 线性密码分析 WSN结构 BISON-like分组密码算法 变体BISON分组密码算法 

分 类 号：TN918.2[电子电信—通信与信息系统] TP309[电子电信—信息与通信工程]