两类扩散结构特征向量的研究与应用

崔霆; 金晨辉

doi:10.3724/SP.J.1146.2010.00837

两类扩散结构特征向量的研究与应用

doi: 10.3724/SP.J.1146.2010.00837

崔霆^{* 金晨辉,},
金晨辉

基金项目:

河南省杰出青年科学基金(0312001800)资助课题

计量
- 文章访问数: 3224
- HTML全文浏览量: 98
- PDF下载量: 730
- 被引次数: 0
出版历程
- 收稿日期: 2010-08-09
- 修回日期: 2010-12-07
- 刊出日期: 2011-04-19

Research and Application for Characteristic Vectors of Two Kinds of Diffusion Structures

Cui Ting^{* 金晨辉
,},
Jin Chen-Hui

摘要

摘要: SP(Substitution Permutation)模型是分组密码常用模型之一。该文提出了基于扩散结构特征向量构造SP模型高概率差分传递链和线性逼近链的方法。利用该方法构造了ARIA算法6轮概率为2-168的差分传递链，并构造了仅使用一个S盒的6轮弱化ARIA算法达到概率上界2-144的差分传递链。结果表明，SP模型的设计者应当尽量选择特征向量个数较少且不含低重量特征向量的扩散结构。此外，该文还给出了准对合MDS(Maximum Distance Separable)矩阵及循环移位矩阵的特征值以及特征向量计数公式。
- SP模型 /
- ARIA密码算法 /
- 扩散结构 /
- 特征向量 /
- 计数
Abstract: SP (Substitution Permutation) structure is often used in block ciphers. This paper provides a method which could construct high probability differential trails and linear trails by using characteristic vectors of the diffusion layer. By this method some differential trails of ARIA can be constructed, these trails could reach probability2-168 for 6 rounds. And for 6 rounds reduced ARIA, who only employs a single S box, some differential trails can be got which could reach the highest probability 2-144. The results show that the SP cipher designers should choose those diffusion layers with fewer characteristic vectors as possible. And diffusion layers should never have low weight characteristic vectors. Additionally, the characteristic value as well as the count value of quasi-involution MDS matrices and cyclic shift matrices are provided.
- SP (Substitution Permutation) structure /
- ARIA cipher /
- Diffusion layer /
- Characteristic vector /
- Count value

HTML全文

参考文献(1)

Wang Nian-ping and Jin Chen-hui. Security evaluation against differential and linear cryptanalyses for Feistel ciphers. Frontiers of Computer Science in China, 2009, 3(12): 494-502.[2] Youssef A, Mister S, and Tavares S. On the design of linear transformations for substitution permutation encryption networks. Workshop on Selected Areas in Cryptography- SAC97, Ottawa, Workshop record, 1997: 40-48.[3] Kang Ju-sung, Hong Seo-khie, and Lee Sang-jin, et al..Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks. ETRI Journal, 2001, 23(4): 158-167.[4] 北京大学数学系几何与代数教研室代数小组. 高等代数(第2版). 北京: 高等教育出版社, 1988: 296-298.[5] 金晨辉, 郑浩然, 张少武等.密码学.北京:高等教育出版社,2009,11:175-176.[6] Kwon Daesung, Kim Jaesung, and Park Sangwoo, et al.. New block cipher: ARIA. ICISC 2003, 2004, LNCS 2971: 432-445.[7] Xiao L and Heys H M. Hardware design and analysis of block cipher components. Proceedings of the 5th International Conference on Information Security and Cryptology- ICISC02. 2003, LNCS 2587: 164-181.[8] Biryukov A and Nikoli? I. Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, Camellia, Khazad and Others. EUROCRYPT 2010. 2010, LNCS 6110: 322-344.[9] Biryukov A and Khovratovich D. Related-key cryptanalysis of the full AES-192 and AES-256. ASIACRYPT 2009. 2009, LNCS 5912: 1-18.[10] 王念平, 金晨辉, 余昭平. 对合型列混合变换的研究. 电子学报, 2005, 33(10): 1917-1920.Wang N P, Jin C H, and Yu Z P. Research on involution-typed mixcolumn transform. Acta Electronica Sinica, 2005, 33(10): 1917-1920.

施引文献

资源附件(0)

访问统计