一种大状态轻量级密码S盒的设计与分析  被引量：2

作　　者：樊婷 冯伟 韦永壮[1] FAN Ting;FENG Wei;WEI Yongzhuang(Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;Guangxi Wangxin Information Technology Co.,Ltd.,Nanning 530000,China)

机构地区：[1]桂林电子科技大学广西密码学与信息安全重点实验室,广西壮族自治区桂林541004 [2]广西网信信息技术有限公司,广西壮族自治区南宁530000

出　　处：《西安电子科技大学学报》2023年第4期170-179,共10页Journal of Xidian University

基　　金：国家自然科学基金(62162016,62062026);广西自然科学基金创新研究团队项目(2019GXNSFGA245004)。

摘　　要：Alzette是2020年美密会上提出的基于ARX结构的64比特轻量级S盒,具备软硬件性能出色、扩散性强和安全性高等诸多优点,受到了国内外的广泛关注。然而,具有杰出性能与安全性的64比特轻量级S盒极少,如何设计出一种比Alzette性能更佳的大状态轻量级S盒是目前研究的难点。基于ARX结构,设计出一种性能与安全性兼优的大状态轻量级密码S盒,提出了“层次筛选法”,通过提前设置最优差分/线性特征的界来确定最佳循环移位参数,并对新密码S盒给出了安全性评估。结果表明:新密码S盒与Alzette的软硬件实现性能相当;同时5轮新密码S盒最优差分特征(线性逼近)的概率达到2^(-17)(2^(-8)),7轮新密码S盒的最优线性逼近概率达到2^(-17);而Alzette的5轮最优差分特征(线性逼近)概率为2^(-10)>2^(-17)(2^(-5)>2^(-8)),7轮最优线性逼近概率为2^(-13)>2^(-17)。新密码S盒表现出更强的抗差分/线性密码分析的能力。Alzette is a 64 bit lightweight S-box based on the ARX structure proposed at the CRYPTO 2020.It has many advantages such as excellent hardware and software performance,strong diffusion and high security,so that it receives wide attention domestically and internationally.However,64-bit lightweight S-boxes with execllent performance and security are rare.Whether it is possible to design the large state lightweight S-box with better performance than Alzette is difficult in current research.In this paper,a large state lightweight cryptographic S-box based on the ARX structure with an excellent performance and security is designed.A“hierarchy filtering method”is proposed to determine the optimal rotation parameters by setting the best differential/linear characteristic bounds in advance,and the security evaluation for the new S-box is given.It is shown that the software and hardware implementation performance of the new S-box is equivalent to that of the Alzette.For the new S-box,the probability of 5-round best differential characteristic(linear approximation)up to 2^(-17)(2^(-8)),and the probability of 7-round best linear approximation reaches 2^(-17).But for the Alzette,the 5-round best differential characteristic(linear approximation)with probability of 2^(-10)>2^(-17)(2^(-5)>2^(-8)),and the 7-round best linear approximation with probability of 2^(-13)>2^(-17).The new S-box shows a stronger resistance against differential cryptanalysis and linear cryptanalysis.

关 键 词：轻量级分组密码 密码S盒 差分密码分析 线性密码分析 

分 类 号：TN918.4[电子电信—通信与信息系统]