A Variant BISON Block Cipher Algorithm and Its Analysis
-
摘要:
该文基于Whitened Swap−or−Not(WSN)的结构特点,分析了Canteaut 等人提出的Bent whItened Swap Or Not –like (BISON-like) 算法的最大期望差分概率值(MEDP)及其(使用平衡函数时)抵御线性密码分析的能力;针对BISON算法迭代轮数异常高(一般为3n轮,n为数据分组长度)且密钥信息的异或操作由不平衡Bent函数决定的情况,该文采用了一类较小绝对值指标、高非线性度、较高代数次数的平衡布尔函数替换BISON算法中的Bent函数,评估了新变体BISON算法抵御差分密码分析和线性密码分析的能力。研究结果表明:新的变体BISON算法仅需迭代n轮;当n较大时(如n=128或256),其抵御差分攻击和线性攻击的能力均接近理想值。且其密钥信息的异或操作由平衡函数来决定,故具有更好的算法局部平衡性。
-
关键词:
- 差分密码分析 /
- 线性密码分析 /
- WSN结构 /
- BISON-like分组密码算法 /
- 变体BISON分组密码算法
Abstract:Based on the characteristics of Whitened Swap−or−Not (WSN) construction, the maximum expected differential probability (MEDP) of Bent whItened Swap Or Not -like (BISON-like) algorithm proposed by Canteaut et al. is analyzed in this paper. In particular, the ability of BISON-like algorithm with balanced nonlinear components against linear cryptanalysis is also investigated. Notice that the number of iteration rounds of BISON algorithm is rather high (It needs usually to iterate 3n rounds, n is the block length of data) and Bent function (unbalanced) is directly used to XOR with the secret key bits. In order to overcome these shortcomings, a kind of balanced Boolean functions that has small absolute value indicator, high nonlinearity and high algebraic degree is selected to replace the Bent functions used in BISON algorithm. Moreover, the abilities of this new variant BISON algorithm against both the differential cryptanalysis and the linear cryptanalysis are estimated. It is shown that the new variant BISON algorithm only needs to iterate n-round function operations; If n is relative large (e.g. n=128 or n=256), Its abilities against both the differential cryptanalysis and the linear cryptanalysis almost achieve ideal value. Furthermore, due to the balanced function is directly XORed with the secret key bits of the variant algorithm, it attains a better local balance indeed.
-
表 1
${\rm{MED}}{{\rm{P}}_{{\text{变体}}{\rm{BISON}}}}$ ,${{\rm{MEDP}} _{{\rm{BISON}} }}$ 与${\rm{MED}}{{\rm{P}}_{\text{理想值}}}$ 的对比$n$ $17$ $33$ $65$ $129$ ${{\rm{MEDP}} _{{\rm{BISON}} }} = {2^{{\rm{ - }}\left( {n - 1} \right)}}$ $ = {2^{ - 16}}$ $ = {2^{ - 32}}$ $ = {2^{ - 64}}$ $ = {2^{ - 128}}$ ${\rm{MED}}{{\rm{P}}_{{\simfont\text{变体}}{\rm{BISON}}}} = {\left( {1/2 + {2^{ - \left( {n - 3} \right)}}} \right)^{n - 1}}$ $ \approx {2^{ - 15.9972}}$ $ \approx {2^{ - 32}}$ $ \approx {2^{ - 64}}$ $ \approx {2^{ - 128}}$ ${\rm{MED}}{{\rm{P}}_{\simfont\text{理想值}}}$$ = {\left( {{2^n} - 1} \right)^{ - 1}}$ $ \approx {2^{ - 17}}$ $ \approx {2^{ - 33}}$ $ \approx {2^{ - 65}}$ $ \approx {2^{ - 129}}$ 表 2
$r$ 轮($r \ge n$ )变体BISON算法与BISON算法综合安全性能对比算 法 迭代
轮数${\rm{MEDP}}$ ${\rm{MELP}}$ 局部平
衡性BISON算法 $3n$ ${2^{ - \left( {n - 1} \right)}}$ ${2^{ - \left( {n - 1} \right)}}$ 否 变体BISON算法 $n$ ${2^{ - \left( {n - 1} \right)} }{\left( {1 + \dfrac{1}{ { {2^{n - 4} } } }} \right)^n}$ ${2^{ - \left( {n - 2} \right)}}$ 是 -
National Institute of Standards and Technology (NIST). FIPS PUB 197 Advanced encryption standard (AES)[S]. U.S. Department of Commerce, 2001. DAEMEN J and RIJMEN V. The wide trail design strategy[C]. The 8th IMA International Conference on Cryptography and Coding, Cirencester, UK, 2001: 222–238. doi: 10.1007/3-540-45325-3_20. DAEMEN J and RIJMEN V. The Design of Rijndael: AES-The Advanced Encryption Standard. Information Security and Cryptography[M]. Berlin Heidelberg: Springer, 2002: 35–79. doi: 10.1007/978-3-662-04722-4. EVEN S and MANSOUR Y. A construction of a cipher from a single pseudorandom permutation[J]. Journal of Cryptology, 1997, 10(3): 151–161. doi: 10.1007/s001459900025 CHEN Shan, LAMPE R, LEE J, et al. Minimizing the two-round EVEN-MANSOUR cipher[J]. Journal of Cryptology, 2018, 31(4): 1064–1119. doi: 10.1007/s00145-018-9295-y CHEN Shan and STEINBERGER J. Tight security bounds for key-alternating ciphers[C]. The 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, 2014: 327–350. doi: 10.1007/978-3-642-55220-5_19. GRASSI L, RECHBERGER C, and RØNJOM S. Subspace trail cryptanalysis and its applications to AES[J]. IACR Transactions on Symmetric Cryptology, 2016, 2016(2): 192–225. doi: 10.13154/tosc.v2016.i2.192-225 GRASSI L, RECHBERGER C, and RØNJOM S. A new structural-differential property of 5-Round AES[C]. The 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, 2017: 289–317. doi: 10.1007/978-3-319-56614-6_10. TESSARO S. Optimally secure block ciphers from ideal primitives[C]. The 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, 2015: 437–462. doi: 10.1007/978-3-662-48800-3_18. HOANG V T, MORRIS B, and ROGAWAY P. An enciphering scheme based on a card shuffle[C]. The 32nd Annual Cryptology Conference, Santa Barbara, US, 2012: 1–13. doi: 10.1007/978-3-642-32009-5_1. VAUDENAY S. The end of encryption based on card shuffling[EB/OL]. https://crypto.2012.rump.cr.yp.to/9f3046f7f8235f99aabca5d4ad7946b2.pdf, 2012. CANTEAUT A, LALLEMAND V, LEANDER G, et al. BISON instantiating the Whitened Swap-Or-Not construction[C]. The 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, 2019: 585–616. doi: 10.1007/978-3-030-17659-4_20. CUSICK T W and STĂNICĂ P. Cryptographic Boolean Functions and Applications[M]. Amsterdam: Elsevier, 2009: 7–16. ZHANG Xianmo and ZHENG Yuliang. GAC — the Criterion for Global Avalanche Characteristics of Cryptographic Functions[M]. MAURER H, CALUDE C, and SALOMAA A. J.UCS the Journal of Universal Computer Science. Berlin, Heidelberg: Springer, 1996: 320–337. doi: 10.1007/978-3-642-80350-5_30. ZHOU Yu, ZHANG Weiguo, LI Juan, et al. The autocorrelation distribution of balanced Boolean function[J]. Frontiers of Computer Science, 2013, 7(2): 272–278. doi: 10.1007/s11704-013-2013-x 李超, 孙兵, 李瑞林. 分组密码的攻击方法与实例分析[M]. 北京: 科学出版社, 2010: 64–116.LI Chao, SUN Bing, and LI Ruilin. Attack Methods and Case Analysis of Block Cipher[M]. Beijing: Science Press, 2010: 64–116. KRANZ T, LEANDER G, and WIEMER F. Linear cryptanalysis: Key schedules and tweakable block ciphers[J]. IACR Transactions on Symmetric Cryptology, 2017(1): 474–505.
计量
- 文章访问数: 2980
- HTML全文浏览量: 964
- PDF下载量: 71
- 被引次数: 0