摘要
轻量化S盒是轻量级密码中重要的混淆部件,在一定程度上决定了算法的安全强度和硬件实现代价。提出了一种轻量化16比特S盒的设计方法,该方法采用代换-置换-代换(Substitution-Permutation-Substitution,SPS)结构,并使用了轻量化8比特S盒和2阶极大距离可分(Maximum Distance Separable,MDS)变换,其中轻量化8比特S盒基于4轮的广义Feistel结构设计,具有优良的密码学性质,MDS变换基于正形变换和异或运算设计,实现简单、轻量。进一步,构造出2个S盒实例,硬件实现面积分别为321.00 GE和333.50 GE,最大差分特征概率分别为2^(-9.83)和2^(-10.30),最大线性特征概率分别为2^(-9.02)和2^(-8.77),代数次数均为14。与SPS结构下已有的轻量化16比特S盒相比,S盒实例的硬件实现面积相当,密码学性质有所增强,其中代数次数提升显著,达到次优。
The lightweight S-box is an important confusion component in lightweight cryptography,which to a certain extent determines the security of the algorithm and the cost of hardware implementation.A design method for lightweight 16-bit S-box is proposed,which employs a SPS(Substitution-Permutation-Substitution)structure and uses a lightweight 8-bit S-box and a simple 2-order MDS(Maximum Distance Separable)transform.The lightweight 8-bit S-box is designed based on a 4-round generalized Feistel structure,which possesses excellent cryptographic properties.The MDS transform is designed based on a shuffle and XOR operations,featuring simple and lightweight implementation.Then,two S-box instances are constructed.The hardware implementation areas of the two instances are 321.00 GE and 333.50 GE respectively,the maximum differential characteristic probabilities are 2^(-9.83) and 2^(-10.30) respectively,the maximum linear characteristic probabilities are 2^(-9.02) and 2^(-8.77) respectively,and the algebraic degrees are both 14.Compared to the existing lightweight 16-bit S-boxes under the SPS structure,the S-box instances have comparable hardware implementation area and enhanced cryptographic properties.Especially,the algebraic degree is improved significantly,which is nearly optimal.
作者
胡建勇
董新锋
周宇
吴忧
张文政
HU Jianyong;DONG Xinfeng;ZHOU Yu;WU You;ZHANG Wenzheng(No.30 Institute of CETC,Chengdu Sichuan 610041,China;National Key Laboratory of Security Communication,Chengdu Sichuan 610041,China)
出处
《通信技术》
2025年第7期777-784,共8页
Communications Technology
基金
保密通信全国重点实验室基金项目(6142103042303)。
关键词
S盒
SPS结构
轻量级密码
差分均匀度
非线性度
S-box
SPS structure
lightweight cryptography
differential uniformity
nonlinearity
