CN112636899B - Lightweight S box design method - Google Patents

Lightweight S box design method Download PDF

Info

Publication number
CN112636899B
CN112636899B CN202010994280.8A CN202010994280A CN112636899B CN 112636899 B CN112636899 B CN 112636899B CN 202010994280 A CN202010994280 A CN 202010994280A CN 112636899 B CN112636899 B CN 112636899B
Authority
CN
China
Prior art keywords
box
round
bit
transformation
intermediate variable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010994280.8A
Other languages
Chinese (zh)
Other versions
CN112636899A (en
Inventor
董新锋
张文政
周宇
苗旭东
胡建勇
李枫
申兵
王金波
韩羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202010994280.8A priority Critical patent/CN112636899B/en
Publication of CN112636899A publication Critical patent/CN112636899A/en
Application granted granted Critical
Publication of CN112636899B publication Critical patent/CN112636899B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Abstract

The invention discloses a design method of a lightweight S box. The invention can generate a light-weight 8-bit S box with good password property, the single-round logic operation of the box only involves 4-bit AND operation and 4-bit XOR operation, the difference uniformity is 16 after 4 rounds of iteration, the nonlinearity is 96, and the whole box is balanced (nonlinear replacement); compared with the prior art, the light-weight 8-bit S box obtained by the invention achieves known optimal cryptology indexes such as difference uniformity, nonlinearity and the like under the condition of low hardware resources, and solves the problem that the prior light-weight 8-bit S box is poor in cryptology properties such as difference uniformity, nonlinearity and the like.

Description

Lightweight S box design method
Technical Field
The invention relates to the technical field of communication encryption, in particular to a lightweight S box design method.
Background
The existing symmetric cryptographic algorithm design at home and abroad still adopts the ideas of confusion and diffusion proposed in Shannon 1949, and the relations among the plaintext, the ciphertext and the key are extremely complex through confusion and diffusion parts of the symmetric cryptographic algorithm, so that an attacker cannot obtain any information of the plaintext from the ciphertext or obtain any information of the key from a plaintext-ciphertext pair.
The "confusion" component commonly employs a nonlinear replacement S-Box (stasis Box). The S-box appears for the first time in the block cipher algorithm Lucifer and is widely popular with the use of the data Encryption algorithm Standard des (data Encryption Standard) published in 1977 by the national Institute of Standard technology, nist. The S box is the only nonlinear component in most cryptographic algorithms, the cryptographic property of the S box almost determines the security strength of the whole cryptographic algorithm, and the confusion effect of the whole cryptographic algorithm is greatly influenced.
An S-box of n-bit input m-bit output (abbreviated as n × m S-box) is defined as follows:
Figure GDA0002926558350000011
wherein f isi(X) is
Figure GDA0002926558350000012
1,2, …, m, F2Representing a binary domain set consisting of 0 and 1,
Figure GDA0002926558350000013
is represented by F2Constructed n-dimensional vector space, i.e. F2={0,1},
Figure GDA0002926558350000014
Algebraic normality, number of terms, and algebraic degree of the boolean function: each n-ary Boolean function f can be uniquely represented as
Figure GDA0002926558350000015
Above with respect to n arguments x1,x2,…,xnI.e.:
Figure GDA0002926558350000016
the above formula is called an algebraic normalization of Boolean function f, where a0,ai,aij,…,a12…n∈F2
Figure GDA0002926558350000017
Is F2The above addition operation. The number of nonzero monomials in the algebraic normal form of f is called the number of terms of f, and the maximum value of the algebraic degrees of all nonzero monomials is called the algebraic degree of the Boolean function f.
Hamming Weight (Hamming Weight): the Hamming weight wt (c) of a vector c is defined as the number of non-zero elements in the vector.
S Box balance:
Figure GDA0002926558350000021
if S is taken
Figure GDA0002926558350000022
Each value in (1) is the same as 2n-mNext, S is called the balance function.
S-box nonlinearity:
Figure GDA0002926558350000023
for any purpose
Figure GDA0002926558350000024
The number of solutions of the equation α · x ═ β · s (x), i.e. expressed by the notation M (α, β), i.e.
Figure GDA0002926558350000025
The non-linearity of S is 2n-1-maxα,β≠0M(α,β)/2。
S box difference uniformity:
Figure GDA0002926558350000026
for any purpose
Figure GDA0002926558350000027
By symbolsN (a, b) represents the equation
Figure GDA0002926558350000028
Number of solutions, i.e.
Figure GDA0002926558350000029
Difference uniformity of S is maxa≠0,bN(a,b)。
CCZ Equivalence (CCZ-equivalance): two S boxes
Figure GDA00029265583500000210
If present
Figure GDA00029265583500000211
By affine substitution of A such that
Figure GDA00029265583500000212
For any purpose
Figure GDA00029265583500000213
This is true.
The S box is generally stored in a table form, calling is realized by looking up the table, if the parameters n and m are too large, the design of the S box and the realization of a cryptographic algorithm are difficult, and currently, most cryptographic algorithms adopt 8 multiplied by 8S boxes. The cryptographic properties of the S-box mainly include: balance, nonlinearity, difference uniformity, algebraic times and term distribution, algebraic immune order, branch number and the like, aiming at the analysis and evaluation method of difference attack and linear attack, and a cipher algorithm designer mainly considers cipher properties such as the difference uniformity, the nonlinearity and the like of an S box.
Since 2004, aiming at the security and confidentiality requirements of RFID resource-limited equipment in the Internet of things, not only the security of a cryptographic algorithm and parts but also the resource indexes such as the number of hardware realized by the algorithm need to be considered during the design of the cryptographic algorithm. The hardware realization equivalent gate of the existing lightweight cryptographic algorithm suitable for RFID resource-limited equipment is generally not more than 2500 gates, and an S box realized by using a traditional table look-up mode is difficult to meet the hardware resource lightweight requirement of the cryptographic algorithm.
At present, researches such as design of a hardware resource lightweight S box and optimization realization of the S box based on an algebraic structure are also research hotspots and research focuses of scientific researchers in the field of domestic and foreign passwords, and some progress is made in some aspects, such as: the complete division of 16 equivalence classes is completed for 4 × 4S boxes with optimal cryptography properties, and such S boxes are widely applied to the design of light-weight block cipher algorithms such as PRINCE, MIDORI, SKINNY, and the like; the NBC, SPRING and other packet cryptographic algorithms provide 16 × 16, 32 × 32S-box lightweight design ideas, but the S-box based on the design ideas needs 20 or 32 iterations, the implementation mode has large time delay, and the 32 × 32S-box cannot completely describe the cryptographic properties such as difference uniformity, nonlinearity and the like at present; in the SKINNY-128 block cipher algorithm, a designer provides a design idea of designing 1 new 8 × 8S-boxes based on juxtaposition of 24 × 4S-boxes, but the 8 × 8S-boxes based on the design idea have weak cipher properties such as difference uniformity and nonlinearity, and only reach the optimal cipher property of 4 × 4S-boxes, and cannot reach the average value of the difference uniformity and nonlinearity of 8 × 8S-boxes generated in a random manner.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a design method of a light-weight S-box, which can generate a light-weight 8-bit S-box with good password property and solve the problem that the password property of the light-weight 8 x 8S-box, such as difference uniformity, nonlinearity and the like, is weak.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a design method of a lightweight S-box comprises the following steps:
s1, randomly selecting the selected S box specification n
Figure GDA0002926558350000031
Of the boolean function f1And f2
S2, n-bit input data (x) to S-box0,x1,x2,…,xn-2,xn-1) Traversal of {0,1, …,2 in turnn-1 all integer values corresponding to n-bit binary vector { (0,0,0, …,0,0), (0,0,0, …,0,1), …, (1,1,1, …,1)1), n-bit binary vector (x) corresponding to any integer value i0,x1,x2,…,xn-2,xn-1) According to a Boolean function f1And f2Carrying out 3 rounds of n-branch generalized Feistel structure round transformation and 1 round of nonlinear transformation to obtain n-bit intermediate variables, and carrying out bit combination on the n-bit intermediate variables to obtain the value Sbox (i) of the S box Sbox with the specification of n multiplied by n in the integer i, wherein i belongs to {0,1, …,2 ∈ [ ] [ ({ 0 [, ] 1, … [ ], 2 [ ])n-1};
S3, outputting an S box Sbox with n multiplied by n specification.
Further: boolean function f in the step S11And f2The number of iterations of (1) is not less than 2, and the algebraic normal form does not contain a 1-degree term and a constant term.
Further: boolean function f in the step S11And f2All comprise 2UA non-zero boolean function, where U is an intermediate parameter.
Further: the calculation formula of the intermediate parameter U is as follows:
U=2n-2-n+1。
further: the specific steps in step S2 are:
s21, inputting n-bit binary vector (x)0,x1,x2,…,xn-2,xn-1) Calculating the 1 st round of n round generalized Feistel structure round transformations, i.e.
Figure GDA0002926558350000041
Figure GDA0002926558350000042
t01=x2,t11=x3,t21=x4,…,t(n-4)1=xn-2,t(n-3)1=xn-1,(t01,t11,t21,…,t(n-2)1,t(n-1)1) N bits of intermediate variable after the first round of transformation;
s22, for n-bit intermediate variable (t)01,t11,t21,…,t(n-2)1,t(n-1)1) Calculate round 2Wheel transformations of n generalized Feistel structures, i.e.
Figure GDA0002926558350000043
t02=t21,t12=t31,t22=t41,…,t(n-4)2=t(n-2)1,t(n-3)2=t(n-1)1,t(n-2)2=T01,t(n-1)2=T11,(t02,t12,t22,…,t(n-2)2,t(n-1)2) The n-bit intermediate variable after the second round of transformation is obtained;
s23, for n-bit intermediate variable (t)02,t12,t22,…,t(n-2)2,t(n-1)2) Computing the round transformation of the 3 rd round n generalized Feistel structure, i.e.
Figure GDA0002926558350000044
t03=t22,t13=t32,t23=t42,…,t(n-4)3=t(n-2)2,t(n-3)3=t(n-1)2,t(n-2)3=T02,t(n-1)3=T12,(t03,t13,t23,…,t(n-2)3,t(n-1)3) N bits of intermediate variable after the third round of transformation;
s24, for n-bit intermediate variable (t)03,t13,t23,…,t(n-2)3,t(n-1)3) Computing the 4 th round nonlinear transformation, i.e.
Figure GDA0002926558350000051
(T03,T13,t23,…,t(n-2)3,t(n-1)3) N bits of intermediate variable after the fourth round of conversion;
s25, and applying n-bit intermediate variable (T)03,T13,t23,…,t(n-2)3,t(n-1)3) Bit combination is carried out to obtain the value of the S box Sbox with the specification of nxn at an integer i, namely y0=T03,y1=T13,y2=t23,y3=t33,…,yn-2=t(n-2)3,yn-1=t(n-1)3,Sbox(i)=y0||y1||y2||y3||…||yn-1,(y0,y1,y2,…,yn-2,yn-1) Data is output for S-box n bits.
Further: the n × n box S in step S3 has a size of 22UWherein U is an intermediate parameter.
The invention has the beneficial effects that: the invention designs a light weight S box generation method, which can generate a light weight 8-bit S box with good password property, wherein single round of logic operation only involves 4-bit AND operation and 4-bit XOR operation, after 4 rounds of iteration, the difference uniformity is 16, the nonlinearity is 96, and the whole is balanced (nonlinear replacement); compared with the prior art, the method achieves known optimal cryptology indexes such as difference uniformity, nonlinearity and the like while realizing low hardware resources, and solves the problem that the prior light-weight 8 x 8S-box has weak cryptology properties such as difference uniformity, nonlinearity and the like.
The method achieves the optimal difference uniformity and nonlinearity of the known light-weight S box under the condition of low hardware equivalent gate number resources, is simultaneously suitable for the operation modes of BitSlice and the like, has good compatibility and easy portability on different implementation platforms of 8 bits, 16 bits, 32 bits, 64 bits and the like, can be widely applied to the design of a symmetric cryptographic algorithm, and is particularly suitable for designing a light-weight cryptographic algorithm with high safety strength.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
As shown in fig. 1, a method for designing a lightweight S-box includes the steps of:
s1, randomly selecting the selected S box specification n
Figure GDA0002926558350000061
Of the boolean function f1And f2
S2, n-bit input data (x) to S-box0,x1,x2,…,xn-2,xn-1) Traversal of {0,1, …,2 in turnn-1} an n-bit binary vector { (0,0,0, …,0,0), (0,0,0, …,0,1), …, (1,1,1, …,1,1) } for all integer values, i, an n-bit binary vector (x) for any integer value, i0,x1,x2,…,xn-2,xn-1) According to a Boolean function f1And f2Carrying out 3 rounds of n-branch generalized Feistel structure round transformation and 1 round of nonlinear transformation to obtain n-bit intermediate variables, and carrying out bit combination on the n-bit intermediate variables to obtain the value Sbox (i) of the S box Sbox with the specification of n multiplied by n in the integer i, wherein i belongs to {0,1, …,2 ∈ [ ] [ ({ 0 [, ] 1, … [ ], 2 [ ])n-1};
S3, outputting an S box Sbox with n multiplied by n specification.
Wherein f involved in steps S1 to S31、f2Is composed of
Figure GDA0002926558350000062
Boolean functions of (2), logical operation symbols "&"denotes a bit AND operation, a logical operation symbol
Figure GDA0002926558350000063
Representing a bit XOR operation, f1、f2The algebraic degree of (2) or more and the algebraic normative form thereof does not include a 1-degree term and a constant term. f. of1Contains 2U kinds of non-zero Boolean functions (U is 2)n-2-n+1),f2Contains 2U kinds of non-zero Boolean functions (U is 2)n-2-n+1),f1And f2The S boxes of n × n size generated in accordance with steps S1 to S3 have a total of 22UAnd (4) seed preparation.
Taking n as 8, the steps S1 to S3 in the embodiment of the present invention obtain an 8-bit S-box parameterized example commonly used in an actual algorithm, so as to obtain a new light-weight 8 × 8S-box design method.
Considering the resource lightweight requirement of hardware realization equivalent gate of the lightweight cryptographic algorithm suitable for RFID resource-constrained equipment, f is further limited1And f2The algebraic degree of the method is 2, the algebraic normal type term number is less than 3, and the light-weight 8-bit S box with good cryptographic property can be obtained by the method provided by the embodiment of the invention. In particular, f1And f2Has the following form:
Figure GDA0002926558350000071
Figure GDA0002926558350000072
the single round of logical operation only involves 4 AND operations (single bit) and 4 XOR operations (single bit), and the difference uniformity of the new 8-bit S box obtained after 4 rounds of iteration is 16, and the nonlinearity is 96.

Claims (5)

1. A method for designing a lightweight S-box is characterized by comprising the following steps:
s1, randomly selecting F according to the selected S box specification n2 n-2→F2Of the boolean function f1And f2
S2, n-bit input data (x) to S-box0,x1,x2,…,xn-2,xn-1) Traversal of {0,1, …,2 in turnn-1} an n-bit binary vector { (0,0,0, …,0,0), (0,0,0, …,0,1), …, (1,1,1, …,1,1) } for all integer values, i, an n-bit binary vector (x) for any integer value, i0,x1,x2,…,xn-2,xn-1) According to a Boolean function f1And f2Carrying out 3 rounds of n generalized Feistel structure round transformation and 1 round of nonlinear transformation to obtain n-bit intermediate variablesAnd combining the n-bit intermediate variables to obtain the value Sbox (i) of the S-box Sbox with the n multiplied by n specification in the integer i, wherein i belongs to {0,1, …,2n-1};
The specific steps of step S2 are:
s21, inputting n-bit binary vector (x)0,x1,x2,…,xn-2,xn-1) Calculating the 1 st round of n round generalized Feistel structure round transformations, i.e.
Figure FDA0003363339050000011
Figure FDA0003363339050000012
t01=x2,t11=x3,t21=x4,…,t(n-4)1=xn-2,t(n-3)1=xn-1,(t01,t11,t21,…,t(n-2)1,t(n-1)1) N bits of intermediate variable after the first round of transformation;
s22, for n-bit intermediate variable (t)01,t11,t21,…,t(n-2)1,t(n-1)1) Computing the 2 nd round n generalized Feistel structure round transformations, i.e.
Figure FDA0003363339050000013
t02=t21,t12=t31,t22=t41,…,t(n-4)2=t(n-2)1,t(n-3)2=t(n-1)1,t(n-2)2=T01,t(n-1)2=T11,(t02,t12,t22,…,t(n-2)2,t(n-1)2) The n-bit intermediate variable after the second round of transformation is obtained;
s23, for n-bit intermediate variable (t)02,t12,t22,…,t(n-2)2,t(n-1)2) Computing the round transformation of the 3 rd round n generalized Feistel structure, i.e.
Figure FDA0003363339050000014
t03=t22,t13=t32,t23=t42,…,t(n-4)3=t(n-2)2,t(n-3)3=t(n-1)2,t(n-2)3=T02,t(n-1)3=T12,(t03,t13,t23,…,t(n-2)3,t(n-1)3) N bits of intermediate variable after the third round of transformation;
s24, for n-bit intermediate variable (t)03,t13,t23,…,t(n-2)3,t(n-1)3) Computing the 4 th round nonlinear transformation, i.e.
Figure FDA0003363339050000021
(T03,T13,t23,…,t(n-2)3,t(n-1)3) N bits of intermediate variable after the fourth round of conversion;
s25, and applying n-bit intermediate variable (T)03,T13,t23,…,t(n-2)3,t(n-1)3) Bit combination is carried out to obtain the value of the S box Sbox with the specification of nxn at an integer i, namely y0=T03,y1=T13,y2=t23,y3=t33,…,yn-2=t(n-2)3,yn-1=t(n-1)3,Sbox(i)=y0||y1||y2||y3||…||yn-1,(y0,y1,y2,…,yn-2,yn-1) Outputting data for n bits of the S-box;
s3, outputting an S box Sbox with n multiplied by n specification.
2. The method of designing a light-weight S-box according to claim 1, wherein the boolean function f in step S11And f2The algebraic degree of (2) is not less than 2, and the algebraic normal form does not contain 1-degree term and constant term.
3. According toThe method of designing a light-weight S-box according to claim 1, wherein the Boolean function f is set in step S11And f2All comprise 2UA non-zero boolean function, where U is an intermediate parameter.
4. The method for designing a light-weight S-box according to claim 3, wherein the intermediate parameter U is calculated by the formula:
U=2n-2-n+1。
5. the method of designing a lightweight S-box according to claim 1, wherein in step S3, the n × n S-box has a size of 22UWherein U is an intermediate parameter.
CN202010994280.8A 2020-09-21 2020-09-21 Lightweight S box design method Active CN112636899B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010994280.8A CN112636899B (en) 2020-09-21 2020-09-21 Lightweight S box design method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010994280.8A CN112636899B (en) 2020-09-21 2020-09-21 Lightweight S box design method

Publications (2)

Publication Number Publication Date
CN112636899A CN112636899A (en) 2021-04-09
CN112636899B true CN112636899B (en) 2022-03-18

Family

ID=75300168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010994280.8A Active CN112636899B (en) 2020-09-21 2020-09-21 Lightweight S box design method

Country Status (1)

Country Link
CN (1) CN112636899B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343175B (en) * 2021-05-31 2022-05-27 中国电子科技集团公司第三十研究所 Rapid method for automatically searching SPN type lightweight block cipher active S box
CN113783684B (en) * 2021-09-15 2023-07-18 桂林电子科技大学 Construction method of 16-bit S box based on NFSR and Feistel structures
CN114124351B (en) * 2021-11-15 2023-06-27 中国电子科技集团公司第三十研究所 Rapid calculation method of nonlinear invariant
CN115037485B (en) * 2022-08-12 2022-11-08 北京智芯微电子科技有限公司 Method, device and equipment for realizing lightweight authentication encryption algorithm

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999008411A2 (en) * 1997-08-08 1999-02-18 Jonathan Stiebel New operation for key insertion with folding
CN1558587A (en) * 2004-01-20 2004-12-29 海信集团有限公司 Method for designing reconfigurable S cassette module of reconfigurable cipher code coprocessor
EP2058781A1 (en) * 2006-09-01 2009-05-13 Sony Corporation Encryption device, encryption method, and computer program
CN101764686A (en) * 2010-01-11 2010-06-30 石家庄开发区冀科双实科技有限公司 Encryption method for network and information security
CN101848081A (en) * 2010-06-11 2010-09-29 中国科学院软件研究所 S box and construction method thereof
CN101938352A (en) * 2010-09-23 2011-01-05 北京航空航天大学 Block cipher software encrypting method
CN105681026A (en) * 2016-03-10 2016-06-15 中国科学院计算技术研究所 Dynamic S-box construction method and system suitable for lightweight encryption algorithm
CN109921899A (en) * 2019-04-18 2019-06-21 衡阳师范学院 A kind of S box implementation method of complete snowslide 4 × 4
CN110266470A (en) * 2019-06-24 2019-09-20 清华大学 The make of novel block cipher round function
CN110572255A (en) * 2019-09-26 2019-12-13 衡阳师范学院 Lightweight block cipher algorithm Shadow implementation method, device and computer readable medium
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4622807B2 (en) * 2005-03-25 2011-02-02 ソニー株式会社 Cryptographic processing apparatus, cryptographic processing method, and computer program

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999008411A2 (en) * 1997-08-08 1999-02-18 Jonathan Stiebel New operation for key insertion with folding
CN1558587A (en) * 2004-01-20 2004-12-29 海信集团有限公司 Method for designing reconfigurable S cassette module of reconfigurable cipher code coprocessor
EP2058781A1 (en) * 2006-09-01 2009-05-13 Sony Corporation Encryption device, encryption method, and computer program
CN101764686A (en) * 2010-01-11 2010-06-30 石家庄开发区冀科双实科技有限公司 Encryption method for network and information security
CN101848081A (en) * 2010-06-11 2010-09-29 中国科学院软件研究所 S box and construction method thereof
CN101938352A (en) * 2010-09-23 2011-01-05 北京航空航天大学 Block cipher software encrypting method
CN105681026A (en) * 2016-03-10 2016-06-15 中国科学院计算技术研究所 Dynamic S-box construction method and system suitable for lightweight encryption algorithm
CN109921899A (en) * 2019-04-18 2019-06-21 衡阳师范学院 A kind of S box implementation method of complete snowslide 4 × 4
CN110266470A (en) * 2019-06-24 2019-09-20 清华大学 The make of novel block cipher round function
CN110572255A (en) * 2019-09-26 2019-12-13 衡阳师范学院 Lightweight block cipher algorithm Shadow implementation method, device and computer readable medium
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Design and analysis of dynamic S-box based on Feistel;Zhou-quan Du 等;《 2015 IEEE Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)》;20160310;全文 *
Piccolo算法的差分故障分析;赵光耀 等;《计算机学报》;20121119;第35卷(第9期);全文 *
轻量S盒密码性质研究;贾平 等;《密码学报》;20151215;全文 *

Also Published As

Publication number Publication date
CN112636899A (en) 2021-04-09

Similar Documents

Publication Publication Date Title
CN112636899B (en) Lightweight S box design method
Rijmen et al. The cipher SHARK
Noura et al. A new efficient lightweight and secure image cipher scheme
CN107147487B (en) Symmetric key random block cipher
Liu et al. An AES S-box to increase complexity and cryptographic analysis
Noura et al. Overview of efficient symmetric cryptography: dynamic vs static approaches
Yan et al. DBST: a lightweight block cipher based on dynamic S-box
Lu Cryptanalysis of block ciphers
CN109981247B (en) Dynamic S box generation method based on integer chaotic mapping
Aboshosha et al. Energy efficient encryption algorithm for low resources devices
CN116980194A (en) Safe and efficient data transmission method and system based on cloud edge end cooperation
CN112511293B (en) S-box parameterization design method based on bit sum operation and storage medium
Srisakthi et al. Towards the design of a stronger AES: AES with key dependent shift rows (KDSR)
Kumar et al. A novel approach for enciphering data of smaller bytes
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
CN107437990A (en) Encryption method, decryption method, encryption device and decryption device
CN112507357B (en) Multi-stage interface design method based on key generator
CN113783684A (en) 16-bit S box construction method based on NFSR and Feistel structures
Wang et al. Differential-algebraic cryptanalysis of reduced-round of Serpent-256
Zhang et al. Research on improvement of des encryption algorithm
CN106712925A (en) S-box acquisition method and acquisition apparatus based on Logistic mapping
CN111614456A (en) Multi-party cooperative encryption/decryption method and medium for SM4 algorithm
Wei et al. Related-key impossible differential cryptanalysis on crypton and crypton v1. 0
CN114337993B (en) White box SM4 encryption and decryption method and system applied to edge Internet of things proxy
Wang et al. Quantum Demiric-Selcuk Meet-in-the-Middle Attacks on Reduced-Round AES

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant