一种灵活性高的16比特S盒设计方法  

作　　者：闫庆文 郭影 刘文芬 陈文[1] 陆永灿 YAN Qing-wen;GUO Ying;LIU Wen-fen;CHEN Wen;LU Yong-can(Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区：[1]桂林电子科技大学、广西密码学与信息安全重点实验室,广西桂林541004

出　　处：《计算机技术与发展》2025年第3期91-98,共8页Computer Technology and Development

基　　金：国家自然科学基金(61862011);广西自然科学基金创新研究团队项目(2019GXNSFGA245004);广西研究生教育创新计划项目(YCSW2024351,YCBZ2023128,YCBZ2024168)。

摘　　要：S盒作为分组密码的主要非线性部件,是决定算法整体安全性的关键。当前,基于代换-置换-代换(SPS)结构和非线性反馈移位寄存器(NFSR)构造16比特S盒是两种主流方法,但存在差分/线性性质弱、迭代轮数多的问题。基于此,提出了一种密码学性质良好、迭代轮数较少的S盒设计方法。此外,现有的S盒设计较少关注灵活性。该文提出的16比特S盒设计方案在整体架构及核心部件的选择上具有高度灵活的特点,可以充分满足这一需求。进一步地,为解决16比特S盒安全评估效率低的问题,采用预存储优化算法及GPU技术加速求解,显著降低了计算的时间复杂度。实验结果表明,新构造的S盒密码学性质表现良好。最优S盒的代数次数为14,差分均匀度为20,非线性度为32000,透明阶值为15.9817,严格雪崩准则度为0.4980。将该S盒应用于NBC和Piccolo算法时,降低了两者抵抗经典攻击的最小安全界轮数,验证了S盒具有较高的安全级别,可以为密码算法的设计提供非线性部件支持。As the main nonlinear component of block cipher,the S-box is key to determining the algorithm's security.At present,constructing 16-bit S-boxes based on SPS structure and NFSR are two mainstream methods,but they suffer from weak differential/linear properties and multiple iteration rounds.Based on this,a design method of 16-bit S-boxes with better cryptographic properties and fewer iteration rounds is proposed.In addition,existing S-box designs focus less on flexibility.The proposed 16-bit S-box design is highly flexible in terms of architecture and the selection of core components,which can fully meet this demand.Furthermore,to address the inefficiency of 16-bit S-boxes security evaluation,a pre-storage optimization algorithm,and GPU parallel technology are adopted to accelerate the solution,which significantly reduces the time complexity of calculation.Experimental results indicate that the newly constructed S-boxes exhibit robust cryptographic properties.The optimal S-box has an algebraic degree of 14,the differential uniformity is 20,the nonlinearity is 32000,the transparency order value is 15.9817,and the strict avalanche criterion degree is 0.4980.When the S-box is applied to NBC and Piccolo algorithms,the minimum number of security rounds for both to resist classical attacks is reduced,which verifies that the S-box has a high-security level and can provide nonlinear component support for the design of cryptographic algorithms.

关 键 词：S盒 灵活性 仿射等价 GPU技术 差分均匀度 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]