高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于状态位索引方法的小状态流密码算法Draco-F

张润莲 范欣 赵昊 武小年 韦永壮

张润莲, 范欣, 赵昊, 武小年, 韦永壮. 基于状态位索引方法的小状态流密码算法Draco-F[J]. 电子与信息学报. doi: 10.11999/JEIT240524
引用本文: 张润莲, 范欣, 赵昊, 武小年, 韦永壮. 基于状态位索引方法的小状态流密码算法Draco-F[J]. 电子与信息学报. doi: 10.11999/JEIT240524
ZHANG Runlian, FAN Xin, ZHAO Hao, WU Xiaonian, WEI Yongzhuang. The Small-state Stream Cipher Algorithm Draco-F Based on State-bit Indexing Method[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT240524
Citation: ZHANG Runlian, FAN Xin, ZHAO Hao, WU Xiaonian, WEI Yongzhuang. The Small-state Stream Cipher Algorithm Draco-F Based on State-bit Indexing Method[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT240524

基于状态位索引方法的小状态流密码算法Draco-F

doi: 10.11999/JEIT240524
基金项目: 国家自然科学基金(62062026),广西重点研发计划(桂科AB23026131),广西研究生教育创新计划(YCSW2024347)
详细信息
    作者简介:

    张润莲:女,副教授,研究方向为信息安全与分布式计算

    范欣:男,硕士生,研究方向为信息安全

    赵昊:男,硕士生,研究方向为信息安全

    武小年:男,教授,研究方向为信息安全与分布式计算

    韦永壮:男,教授,研究方向为分组密码算法设计与分析

    通讯作者:

    张润莲 zhangrl@guet.edu.cn

  • 中图分类号: TN918.1

The Small-state Stream Cipher Algorithm Draco-F Based on State-bit Indexing Method

Funds: The National Natural Science Foundation of China (62062026), The Key Research and Development Program of Guangxi (guike AB23026131), The Innovation Project of Guangxi Graduate Education (YCSW2024347)
  • 摘要: Draco算法是首次基于初始向量和密钥前缀组合(CIVK)方案构造的一个流密码设计实例,其声称对于时空数据折中(TMDTO)攻击具有完全可证明的安全性。但因Draco算法的选择函数存在周期小的结构缺陷,攻击者给出了突破其安全界限的分析结果。针对Draco算法存在的安全缺陷等问题,该文提出一种基于状态位索引和动态初始化的改进算法Draco-F算法。首先,Draco-F算法通过使用状态位索引的方法增加了选择函数的周期并降低硬件成本;其次,在保障非线性反馈移位寄存器(NFSR)状态位使用均匀性的前提下,Draco-F算法通过简化输出函数进一步降低算法的硬件成本;最后,Draco-F算法引入动态初始化技术以防止密钥回溯。对Draco-F算法的安全性分析和软硬件测试结果表明:相对于Draco算法,Draco-F算法避免了Draco算法的安全漏洞,可以以128 bit的实际内部状态提供128 bit的安全级别;同时,Draco-F算法具有更高的密钥流吞吐率和更小的电路面积。
  • 图  1  Draco算法结构图

    图  2  Draco-F算法结构图

    表  1  Draco-F算法随机性检验结果

    编号测试统计项P-value值通过率检测结果
    1Frequency0.048 7160.99Pass
    2BlockFrequency0.851 3830.99Pass
    3CumulativeSums0.488 5090.99Pass
    4Runs0.383 8270.98Pass
    5LongestRun0.798 1391.00Pass
    6Rank0.955 8351.00Pass
    7FFT0.275 7091.00Pass
    8NonOverlapingTemplate0.543 2580.989Pass
    9OverlappinTemplate0.122 3251.00Pass
    10Universal0.419 0210.99Pass
    11ApproximteEntropy0.514 1241.00Pass
    12RandomExcursions0.531 5230.996Pass
    13RandomExcursionsVariant0.454 2310.996Pass
    14Serial0.498 6090.995Pass
    15LinearComplexity0.236 8101.00Pass
    下载: 导出CSV

    表  2  两种算法的软件实现性能

    算法 初始化轮数 非易失性内部
    状态长度(bit)
    密钥流吞吐率
    (kbit/s)
    Draco 512 129 308
    Draco-F 动态变化 128 320
    下载: 导出CSV

    表  3  不同算法的硬件指标结果

    算法 面积 功耗
    (μm2) (GE) (mW)
    Grain-128a[1] 13214.51 2911.33 0.479
    Atom[10] 14070.26 3099.86 0.383
    Draco[11] 10127.22 2231.15 0.309
    Draco-F 10083.37 2221.49 0.315
    下载: 导出CSV
  • [1] ÅGREN M, HELL M, JOHANSSON T, et al. Grain-128a: A new version of Grain-128 with optional authentication[J]. International Journal of Wireless and Mobile Computing, 2011, 5(1): 48–59. doi: 10.1504/IJWMC.2011.044106.
    [2] EKDAHL P, JOHANSSON T, MAXIMOV A, et al. A new SNOW stream cipher called SNOW-V[J]. IACR Transactions on Symmetric Cryptology, 2019, 2019(3): 1–42. doi: 10.13154/tosc.v2019.i3.1-42.
    [3] AMIN GHAFARI V and HU Honggang. Fruit-80: A secure ultra-lightweight stream cipher for constrained environments[J]. Entropy, 2018, 20(3): 180. doi: 10.3390/e20030180.
    [4] ZIDARIČ N, MANDAL K, GONG G, et al. The welch-gong stream cipher-evolutionary path[J]. Cryptography and Communications, 2024, 16(1): 129–165. doi: 10.1007/s12095-023-00656-0.
    [5] 冯秀涛. 3GPP LTE国际加密标准ZUC算法[J]. 信息安全与通信保密, 2011, 9(12): 45–46. doi: 10.3969/j.issn.1009-8054.2011.12.033.

    FENG Xiutao. ZUC algorithm: 3GPP LTE international encryption standard[J]. Information Security and Communications Privacy, 2011, 9(12): 45–46. doi: 10.3969/j.issn.1009-8054.2011.12.033.
    [6] KUMAR S and SARKAR S. Conditional TMDTO as a MILP instance[J]. IEEE Transactions on Information Theory, 2023, 69(5): 3330–3346. doi: 10.1109/TIT.2022.3230910.
    [7] ARMKNECHT F and MIKHALEV V. On lightweight stream ciphers with shorter internal states[C]. The 22nd International Workshop on Fast Software Encryption, Istanbul, Turkey, 2015: 451–470. doi: 10.1007/978-3-662-48116-5_22.
    [8] HAMANN M, KRAUSE M, and MEIER W. LIZARD-A lightweight stream cipher for power-constrained devices[J]. IACR Transactions on Symmetric Cryptology, 2017, 2017(1): 45–79. doi: 10.13154/tosc.v2017.i1.45-79.
    [9] MIKHALEV V, ARMKNECHT F, and MÜLLER C. On ciphers that continuously access the non-volatile key[J]. IACR Transactions on Symmetric Cryptology, 2017, 2017(2): 52–79. doi: 10.13154/tosc.v2016.i2.52-79.
    [10] BANIK S, CAFORIO A, ISOBE T, et al. Atom: A stream cipher with double key filter[J]. IACR Transactions on Symmetric Cryptology, 2021, 2021(1): 5–36. doi: 10.46586/tosc.v2021.i1.5-36.
    [11] HAMANN M, MOCH A, KRAUSE M, et al. The DRACO stream cipher: A power-efficient small-state stream cipher with full provable security against TMDTO attacks[J]. IACR Transactions on Symmetric Cryptology, 2022, 2022(2): 1–42. doi: 10.46586/tosc.v2022.i2.1-42.
    [12] HAMANN M and KRAUSE M. On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks[J]. Cryptography and Communications, 2018, 10(5): 959–1012. doi: 10.1007/s12095-018-0294-5.
    [13] HAMANN M, KRAUSE M, MEIER W, et al. Design and analysis of small-state grain-like stream ciphers[J]. Cryptography and Communications, 2018, 10(5): 803–834. doi: 10.1007/s12095-017-0261-6.
    [14] HAMANN M, KRAUSE M, and MOCH A. Tight security bounds for generic stream cipher constructions[C]. The Selected Areas in Cryptography–SAC 2019: 26th International Conference, Waterloo, Canada, 2020: 335–364. doi: 10.1007/978-3-030-38471-5_14.
    [15] GÜL Ç and KARA O. A new construction method for keystream generators[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 3735–3744. doi: 10.1109/TIFS.2023.3287412.
    [16] BANIK S. Cryptanalysis of Draco[J]. IACR Transactions on Symmetric Cryptology, 2022, 2022(4): 92–104. doi: 10.46586/tosc.v2022.i4.92-104.
    [17] GAMMEL B, GÖTTFERT R, and KNIFFLER O. Achterbahn-128/80: Design and analysis[C]. ECRYPT Network of Excellence-SASC Workshop Record, Bochum, Germany, 2007: 152–165.
  • 加载中
图(2) / 表(3)
计量
  • 文章访问数:  110
  • HTML全文浏览量:  36
  • PDF下载量:  14
  • 被引次数: 0
出版历程
  • 收稿日期:  2024-06-25
  • 修回日期:  2024-09-12
  • 网络出版日期:  2024-09-19

目录

    /

    返回文章
    返回