一种数值型的保留格式加密算法  被引量：1

作　　者：王浩 张永平 李同寒 樊林畅 Wang Hao;Zhang Yongping;Li Tonghan;Fan Linchang(School of Intelligent Policing,China People’s Police University,Langfang,Hebei 065099)

机构地区：[1]中国人民警察大学智慧警务学院,河北廊坊065099

出　　处：《信息安全研究》2023年第8期745-753,共9页Journal of Information Security Research

基　　金：河北省自然科学基金项目(A2019507002)。

摘　　要：对保留格式加密(formatpreserving encryption,FPE)进行了研究,提出一种新的数值型保留格式加密算法,未使用CycleWalking,显著提高了保留格式加密算法的性能.通过明文位数确定分组长度,包括偶数长度和奇数长度,其核心思想是通过构造加法群、有限域、S盒实现混淆和扩散,利用置换算法和跳过算法实现保留格式.密钥扩展算法按照明文的分组长度弹性输出,使用流密码的密钥生成器生成子密钥.用具体实例验证了所提出的算法能正确实现保留格式加密,且不同代数群运算和S盒的非线性变换增加了算法的安全性,安全性分析表明该算法可以达到实际安全性的要求.最后,将提出的算法和NIST提出的FPE算法标准FFX进行了比较,结果表明,对于FFX的一个128b的分组(32位十进制数字),所提出的算法比FFX快约30倍.We study FPE(format-preserving encryption)and propose a new numerical format-preserving encryption algorithm,which significantly improves the performance of the format-preserving encryption algorithm by not using Cycle-Walking.The block length is determined by decimal number of plaintext digits,including even and odd lengths.The core is to realize confusion and diffusion by constructing additive groups,finite fields,and S-box,and use permutation algorithm and skipping algorithm to realize the preservation of the format.The key expansion algorithm outputs the block length of the plaintext flexibly and uses the key generator of the stream cipher to generate sub-keys.A specific example is used to verify that the proposed algorithm can correctly implement format-preserving encryption,and different algebraic group operations and nonlinear transformation of S-box increase the security of the algorithm.Security analysis illustrates that the algorithm can meet the actual security requirements.Finally,compared with the FPE algorithm standard,FFX,which is proposed by NIST,the result shows that the proposed algorithm is about 30 times faster than FFX for a 128b block(32 decimal digits)of FFX.

关 键 词：保留格式加密 数字型 不同代数群 S盒 弹性长度分组 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]