Quantum computers accelerate many algorithms based on the superposition principle of quantum mechanics.The Grover algorithm provides significant performance to malicious users attacking symmetric key systems.Since the...Quantum computers accelerate many algorithms based on the superposition principle of quantum mechanics.The Grover algorithm provides significant performance to malicious users attacking symmetric key systems.Since the performance of attacks using quantum computers depends on the efficiency of the quantum circuit of the encryption algorithms,research research on the implementation of quantum circuits is essential.This paper presents a new framework to construct quantum circuits of substitution boxes(S-boxes)using system modeling.We model the quantum circuits of S-boxes using two layers:Toffoli and linear layers.We generate vector spaces based on the values of qubits used in the linear layers and apply them to find quantum circuits.The framework finds the circuit bymatching elements of vector spaces generated fromthe input and output of a given S-box,using the forward search or themeet-in-the-middle strategy.We developed a tool to apply this framework to 4-bit S-boxes.While the 4-bit S-box quantum circuit construction tool LIGHTER-R only finds circuits that can be implemented with four qubits,the proposed tool achieves the circuits with five qubits.The proposed tool can find quantum circuits of 4-bit odd permutations based on the controlled NOT,NOT,and Toffoli gates,whereas LIGHTER-R is unable to perform this task in the same environment.We expect this technique to become a critical step toward optimizing S-box quantum circuits.展开更多
The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization...The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.展开更多
Multi-objective genetic algorithm is much suitable for solving multi-objective optimization problems. By use of Genetic algorithm, the optimization of S-boxes is explored in this paper. Results of the experiments show...Multi-objective genetic algorithm is much suitable for solving multi-objective optimization problems. By use of Genetic algorithm, the optimization of S-boxes is explored in this paper. Results of the experiments show that, with heuristic mutation strategy, the algorithm has high searching efficiency and fast convergence speed. Meanwhile, we also have take the avalanche probability of S-boxes into account, besides nonlinearity and difference uniformity. Under this method, an effective genetic algorithm for 6×6 S-boxes is provided and a number of S-boxes with good cryptographic capability can be obtained.展开更多
A new security test for the substitution boxes (S-boxes) high-order bit independence criterion (HOBIC) test, is presented. Different from the previous security tests for S-boxes, the HOBIC test can be used to meas...A new security test for the substitution boxes (S-boxes) high-order bit independence criterion (HOBIC) test, is presented. Different from the previous security tests for S-boxes, the HOBIC test can be used to measure the strength of an S-box against attacks that keep some of its input bits constant. Test results over the S-boxes of Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are given and some possible applications of the HOBIC test are analyzed. Meanwhile, the source code for a basic version of the HOBIC test is also provided, the implement process of which shows that it is very fast and efficient for practical applications .展开更多
The strict avalanche criterion(SAC)is one of the most important cryptographic criteria for substitution boxes(S-boxes)used in many symmetric encryption systems.However,there are few constructive methods for S-boxes fu...The strict avalanche criterion(SAC)is one of the most important cryptographic criteria for substitution boxes(S-boxes)used in many symmetric encryption systems.However,there are few constructive methods for S-boxes fulfilling the SAC until now.In this paper,to construct S-boxes satisfying the SAC directly,we generalize the concatenation techniques of Boolean functions to S-boxes.Using the idea of concatenating small variable S-boxes,we present a simple yet effective construction method of S-boxes satisfying the SAC.Finally,a simple example on how to construct SAC S-boxes with large input variables by small variables SAC S-boxes is given.展开更多
4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations h...4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations have been counted for all of 16 input and 16 output 4-bit bit patterns of 4-bit Crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these two cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new analysis techniques, one to search for the existing linear approximations among the input vectors (IPVs) and output Boolean functions (BFs) of a particular S-box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number of existent linear relations among all 16, 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.展开更多
Single or multiple S-boxes are widely used in image encryption schemes, and in many image encryption schemes the asynchronous encryption structure is utilized, which separates the processes of substitution and diffusi...Single or multiple S-boxes are widely used in image encryption schemes, and in many image encryption schemes the asynchronous encryption structure is utilized, which separates the processes of substitution and diffusion. In this paper, we analyze the defects of this structure based on the example of an article and crack it using a simpler method. To address the defects of the asynchronous encryption structure, a novel encryption scheme is proposed, in which the structure of synchronous substitution and diffusion based on double S-boxes is utilized, so the processes of substitution and diffusion are combined together and the attackers cannot crack the cryptosystem by any of the processes. The simulation results and security analysis show that the proposed encryption scheme is safer and more efficient to expediently use in the real-time system.展开更多
A substitution box (S-box) plays an important role in cryptographic algorithms.The design of S-box using chaotic systems has attracted a great deal of attention in recent years.A new method for obtaining cryptographic...A substitution box (S-box) plays an important role in cryptographic algorithms.The design of S-box using chaotic systems has attracted a great deal of attention in recent years.A new method for obtaining cryptographically strong S-boxes based on spatiotemporal chaotic system is proposed in this paper.The discretized Baker map and affine transformation are used orderly by an algorithm to shuffle the table generated by the spatiotemporal chaotic system.The cryptographical properties of these S-boxes such as bijection,nonlinearity,strict avalanche,output bits independence and equiprobable input /output XOR distribution are analyzed.The results of numerical analysis show that the S-box designed by this method can against several attacks and all the criteria for designing good S-box can be satisfied approximately.More strong S-boxes can be obtained by this method with the change of the original conditions or control parameters of the spatiotemporal chaos system.Furthermore,our approach is suitable for practical application in designing cryptosystem.展开更多
Substitution boxes (S-Boxes) in advanced encryption standard (AES) are vulnerable to attacks bypower analysis.The general S-Boxes masking schemes in circuit level need to adjust the design flow andlibrary databases.Th...Substitution boxes (S-Boxes) in advanced encryption standard (AES) are vulnerable to attacks bypower analysis.The general S-Boxes masking schemes in circuit level need to adjust the design flow andlibrary databases.The masking strategies in algorithm level view each S-Box as an independent moduleand mask them respectively,which are costly in size and power for non-linear characteristic of S-Boxes.The new method uses dynamic inhomogeneous S-Boxes instead of traditional homogeneous S-Boxes,andarranges the S-Boxes randomly.So the power and data path delay of substitution unit become unpre-dictable.The experimental results demonstrate that this scheme takes advantages of the circuit character-istics of various S-Box implementations to eliminate the correlation between crypto operation and power.Itneeds less extra circuits and suits resource constrained applications.展开更多
S-boxes play a central role in the design of symmetric cipher schemes.For stream cipher appli-cations,an s-box should satisfy several criteria such as high nonlinearity,balanceness,correlation immunity,and so on.In th...S-boxes play a central role in the design of symmetric cipher schemes.For stream cipher appli-cations,an s-box should satisfy several criteria such as high nonlinearity,balanceness,correlation immunity,and so on.In this paper,by using disjoint linear codes,a class of s-boxes possessing high nonlinearity and 1st-order correlation immunity is given.It is shown that the constructed correlation immune S-boxes can possess currently best known nonlinearity,which is confirmed by the example 1st-order correlation immune(12,3)s-box with nonlinearity 2000.In addition,two other frameworks concerning the criteria of balanced and resiliency are obtained respectively.展开更多
The efficient implementation of the Advanced Encryption Standard(AES)is crucial for network data security.This paper presents novel hardware implementations of the AES S-box,a core component,using tower field represen...The efficient implementation of the Advanced Encryption Standard(AES)is crucial for network data security.This paper presents novel hardware implementations of the AES S-box,a core component,using tower field representations and Boolean Satisfiability(SAT)solvers.Our research makes several significant contri-butions to the field.Firstly,we have optimized the GF(24)inversion,achieving a remarkable 31.35%area reduction(15.33 GE)compared to the best known implementations.Secondly,we have enhanced multiplication implementa-tions for transformation matrices using a SAT-method based on local solutions.This approach has yielded notable improvements,such as a 22.22%reduction in area(42.00 GE)for the top transformation matrix in GF((24)2)-type S-box implementation.Furthermore,we have proposed new implementations of GF(((22)2)2)-type and GF((24)2)-type S-boxes,with the GF(((22)2)2)-type demonstrating superior performance.This implementation offers two variants:a small area variant that sets new area records,and a fast variant that establishes new benchmarks in Area-Execution-Time(AET)and energy consumption.Our approach significantly improves upon existing S-box implementations,offering advancements in area,speed,and energy consumption.These optimizations contribute to more efficient and secure AES implementations,potentially enhancing various cryptographic applications in the field of network security.展开更多
It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an e...It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an efficient approach to reducing the AES power consumption consists in reducing the S-Boxes power consumption. Among various implementations of S-Boxes, the most energy-efficient one is the decoder-switchencoder (DSE) architecture. In this paper, we refine the DSE architecture and propose one faster, more compact S-Boxes architecture of lower power: an improved and full-balanced DSE architecture. This architecture achieves low power consumption of 68 μW at 10 MHz using 0.25 ktm 1.SV UMC CMOS technology. Compared with the original DSE S-Boxes, it further reduces the delay, gate count and power consumption by 8%, 14% and 10% respect/vely. At the sane time, simulation results show that the improved DSE S-Boxes has the best performance among various S-Boxes architectures in terms of power-area product and power-delay product, and it is optimal for implementing low power AES cryptography.展开更多
It is an important challenge to implement a lowcost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked,...It is an important challenge to implement a lowcost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts: inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation (UMC) 0.25 μm 1.8 V complementary metal-oxide-semiconductor (CMOS) standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.展开更多
Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations.In most cases,non-linear components(e.g.S-Boxes)of cryptographic algori...Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations.In most cases,non-linear components(e.g.S-Boxes)of cryptographic algorithms will be chosen as primary targets of side-channel attacks(SCAs).In order to measure side-channel resistance of S-Boxes,three theoretical metrics are proposed and they are revisited transparency order(VTO),confusion coefficients variance(CCV),and minimum confusion coefficient(MCC),respectively.However,the practical effectiveness of these metrics remains still unclear.Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples,this paper takes a comprehensive study of the applicability of these metrics.First of all,we empirically investigate the relations among three metrics for targeted S-boxes,and find that CCV is almost linearly correlated with VTO,while MCC is inconsistent with the other two.Furthermore,in order to verify which metric is more effective in which scenarios,we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks,respectively.The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks,VTO and CCV are more reliable while MCC fails.We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs.Finally,we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes.Unfortunately,all of them are invalid in this scenario.展开更多
This paper is twofold.The first is devoted to study a class of quadratic rotation symmetric S-boxes(RSSBs)which was presented by Gao G,et al.,Constructions of quadratic and cubic rotation symmetric bent functions,IEEE...This paper is twofold.The first is devoted to study a class of quadratic rotation symmetric S-boxes(RSSBs)which was presented by Gao G,et al.,Constructions of quadratic and cubic rotation symmetric bent functions,IEEE Transactions on Information Theory,vol.58,no.7,pp.4908–4913,2012,by decomposing a class of cubic rotation symmetric bent functions.The authors obtain its nonlinearity and differential uniformity of such class of S-boxes.In particular,the compositional inversion of the class of rotation symmetric S-boxes is also presented.Then the authors introduce a steepest-descent-like search algorithm for the generation of RSSBs.The algorithm finds 5,6,7,8-bit RSSBs with very good cryptographic properties which can be applied in designing cryptographical algorithms.展开更多
Highly nonlinear resilient functions play a crucial role in nonlinear combiners which are usual hardware oriented stream ciphers.During the past three decades,the main idea of construction of highly nonlinear resilien...Highly nonlinear resilient functions play a crucial role in nonlinear combiners which are usual hardware oriented stream ciphers.During the past three decades,the main idea of construction of highly nonlinear resilient functions are benefited from concatenating a large number of affine subfunctions.However,these resilient functions as core component of ciphers usually suffered from the guess and determine attack or algebraic attack since the n-variable nonlinear Boolean functions can be easily given rise to partial linear relations by fixing at most nil variables of them.How to design highly nonlinear resilient functions(S-boxes)without concatenating a large number of nil variables affine subfunctions appears to be an important task.In this article,a new construction of highly nonlinear resilient functions is proposed.These functions consist of two classes subfunctions.More specially,the first class(nonlinear part)contains both the bent functions with 2k variables and some affine subfUnctions with n/2-k variables which are attained by using[n/2-k,m,d]disjoint linear codes.The second class(linear part)includes some linear subfunctions with nil variables which are attained by using[n/2,m,d]disjoint linear codes.It is illustrated that these resilient functions have high nonlinearity and high algebraic degree.In particular,It is different from previous well-known resilient S-boxes,these new S-boxes cannot be directly decomposed into some affine subftinctions with nil variables by fixing at most nil variables.It means that the S-boxes(vectorial Boolean functions)which use these resilient functions as component functions have more favourable cryptography properties against the guess and determine attack or algebraic attacks.展开更多
The so-called selected permutations on the set of the first 16 non-negative integers are classified under the action of a certain motion group.Adata-base consisted of the class representatives has been provided.
An integrated analysis of the design criteria for the S-boxes used in the DES is made.Among others,the exclusion principle between the degree of nonlinearity and the degree of I/O—correlation immunity for partial var...An integrated analysis of the design criteria for the S-boxes used in the DES is made.Among others,the exclusion principle between the degree of nonlinearity and the degree of I/O—correlation immunity for partial variables is established.展开更多
基金supported by the MSIT(Ministry of Science and ICT),Republic of Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2022-00164800)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Quantum computers accelerate many algorithms based on the superposition principle of quantum mechanics.The Grover algorithm provides significant performance to malicious users attacking symmetric key systems.Since the performance of attacks using quantum computers depends on the efficiency of the quantum circuit of the encryption algorithms,research research on the implementation of quantum circuits is essential.This paper presents a new framework to construct quantum circuits of substitution boxes(S-boxes)using system modeling.We model the quantum circuits of S-boxes using two layers:Toffoli and linear layers.We generate vector spaces based on the values of qubits used in the linear layers and apply them to find quantum circuits.The framework finds the circuit bymatching elements of vector spaces generated fromthe input and output of a given S-box,using the forward search or themeet-in-the-middle strategy.We developed a tool to apply this framework to 4-bit S-boxes.While the 4-bit S-box quantum circuit construction tool LIGHTER-R only finds circuits that can be implemented with four qubits,the proposed tool achieves the circuits with five qubits.The proposed tool can find quantum circuits of 4-bit odd permutations based on the controlled NOT,NOT,and Toffoli gates,whereas LIGHTER-R is unable to perform this task in the same environment.We expect this technique to become a critical step toward optimizing S-box quantum circuits.
文摘The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.
基金Supported by the National Natural Science Foundation of China (60473012)
文摘Multi-objective genetic algorithm is much suitable for solving multi-objective optimization problems. By use of Genetic algorithm, the optimization of S-boxes is explored in this paper. Results of the experiments show that, with heuristic mutation strategy, the algorithm has high searching efficiency and fast convergence speed. Meanwhile, we also have take the avalanche probability of S-boxes into account, besides nonlinearity and difference uniformity. Under this method, an effective genetic algorithm for 6×6 S-boxes is provided and a number of S-boxes with good cryptographic capability can be obtained.
基金Supported by the National Science Foundation of China (61072140)the Doctoral Program Foundation of Institutions of Higher Education of China (20100203110003)+1 种基金the 111 Project (B08038)the Fundamental Research Funds for the Central Universities ( JY10000901034)
文摘A new security test for the substitution boxes (S-boxes) high-order bit independence criterion (HOBIC) test, is presented. Different from the previous security tests for S-boxes, the HOBIC test can be used to measure the strength of an S-box against attacks that keep some of its input bits constant. Test results over the S-boxes of Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are given and some possible applications of the HOBIC test are analyzed. Meanwhile, the source code for a basic version of the HOBIC test is also provided, the implement process of which shows that it is very fast and efficient for practical applications .
基金Supported by the National Science Foundation of China(No.60773002,61072140)the 111 Project(No.B08038),the Doctoral Program Foundation of Institutions of Higher Education of China(No.20100203110003)+1 种基金the Fundamental Research Funds for the Central Universities(No.JY10000901034)the Anhui Provincial Natural Science Foundation(No.1208085QF119)
文摘The strict avalanche criterion(SAC)is one of the most important cryptographic criteria for substitution boxes(S-boxes)used in many symmetric encryption systems.However,there are few constructive methods for S-boxes fulfilling the SAC until now.In this paper,to construct S-boxes satisfying the SAC directly,we generalize the concatenation techniques of Boolean functions to S-boxes.Using the idea of concatenating small variable S-boxes,we present a simple yet effective construction method of S-boxes satisfying the SAC.Finally,a simple example on how to construct SAC S-boxes with large input variables by small variables SAC S-boxes is given.
文摘4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major part of cryptanalysis of 4-bit S-boxes. Existence of all 4-bit linear relations have been counted for all of 16 input and 16 output 4-bit bit patterns of 4-bit Crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these two cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new analysis techniques, one to search for the existing linear approximations among the input vectors (IPVs) and output Boolean functions (BFs) of a particular S-box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number of existent linear relations among all 16, 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.
基金Project supported by the Natural Science Foundation of Shaanxi Province,China(Grant No.2014JM8322)
文摘Single or multiple S-boxes are widely used in image encryption schemes, and in many image encryption schemes the asynchronous encryption structure is utilized, which separates the processes of substitution and diffusion. In this paper, we analyze the defects of this structure based on the example of an article and crack it using a simpler method. To address the defects of the asynchronous encryption structure, a novel encryption scheme is proposed, in which the structure of synchronous substitution and diffusion based on double S-boxes is utilized, so the processes of substitution and diffusion are combined together and the attackers cannot crack the cryptosystem by any of the processes. The simulation results and security analysis show that the proposed encryption scheme is safer and more efficient to expediently use in the real-time system.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61074192)the Beijing Natural Science Foundation(Grant No.4092040)the Natural Science Research of Henan Province Education Department(Grant No.2011B110002)
文摘A substitution box (S-box) plays an important role in cryptographic algorithms.The design of S-box using chaotic systems has attracted a great deal of attention in recent years.A new method for obtaining cryptographically strong S-boxes based on spatiotemporal chaotic system is proposed in this paper.The discretized Baker map and affine transformation are used orderly by an algorithm to shuffle the table generated by the spatiotemporal chaotic system.The cryptographical properties of these S-boxes such as bijection,nonlinearity,strict avalanche,output bits independence and equiprobable input /output XOR distribution are analyzed.The results of numerical analysis show that the S-box designed by this method can against several attacks and all the criteria for designing good S-box can be satisfied approximately.More strong S-boxes can be obtained by this method with the change of the original conditions or control parameters of the spatiotemporal chaos system.Furthermore,our approach is suitable for practical application in designing cryptosystem.
基金the National High Technology Research and Development Programme of China(No.2006AA01Z226)
文摘Substitution boxes (S-Boxes) in advanced encryption standard (AES) are vulnerable to attacks bypower analysis.The general S-Boxes masking schemes in circuit level need to adjust the design flow andlibrary databases.The masking strategies in algorithm level view each S-Box as an independent moduleand mask them respectively,which are costly in size and power for non-linear characteristic of S-Boxes.The new method uses dynamic inhomogeneous S-Boxes instead of traditional homogeneous S-Boxes,andarranges the S-Boxes randomly.So the power and data path delay of substitution unit become unpre-dictable.The experimental results demonstrate that this scheme takes advantages of the circuit character-istics of various S-Box implementations to eliminate the correlation between crypto operation and power.Itneeds less extra circuits and suits resource constrained applications.
基金supported by the National Natural Science Foundation of China(62272360,61972303)Natural Science Basic Research Plan in Shaanxi Province of China(2023-JC-YB-570)the Key Research and Development Program of Shaanxi Province(2021GY-040).
文摘S-boxes play a central role in the design of symmetric cipher schemes.For stream cipher appli-cations,an s-box should satisfy several criteria such as high nonlinearity,balanceness,correlation immunity,and so on.In this paper,by using disjoint linear codes,a class of s-boxes possessing high nonlinearity and 1st-order correlation immunity is given.It is shown that the constructed correlation immune S-boxes can possess currently best known nonlinearity,which is confirmed by the example 1st-order correlation immune(12,3)s-box with nonlinearity 2000.In addition,two other frameworks concerning the criteria of balanced and resiliency are obtained respectively.
基金supported in part by the National Natural Science Foundation of China(No.62162016)in part by the Innovation Project of Guangxi Graduate Education(Nos.YCBZ2023132 and YCSW2023304).
文摘The efficient implementation of the Advanced Encryption Standard(AES)is crucial for network data security.This paper presents novel hardware implementations of the AES S-box,a core component,using tower field representations and Boolean Satisfiability(SAT)solvers.Our research makes several significant contri-butions to the field.Firstly,we have optimized the GF(24)inversion,achieving a remarkable 31.35%area reduction(15.33 GE)compared to the best known implementations.Secondly,we have enhanced multiplication implementa-tions for transformation matrices using a SAT-method based on local solutions.This approach has yielded notable improvements,such as a 22.22%reduction in area(42.00 GE)for the top transformation matrix in GF((24)2)-type S-box implementation.Furthermore,we have proposed new implementations of GF(((22)2)2)-type and GF((24)2)-type S-boxes,with the GF(((22)2)2)-type demonstrating superior performance.This implementation offers two variants:a small area variant that sets new area records,and a fast variant that establishes new benchmarks in Area-Execution-Time(AET)and energy consumption.Our approach significantly improves upon existing S-box implementations,offering advancements in area,speed,and energy consumption.These optimizations contribute to more efficient and secure AES implementations,potentially enhancing various cryptographic applications in the field of network security.
基金the Hi-Tech Research and Development Program of China(2006AA01Z226); HUST-SRF(2006Z011B); Program for New Century Excellent Talents in University and the Natural Science Foundation of Hubei(2006ABA080).
文摘It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an efficient approach to reducing the AES power consumption consists in reducing the S-Boxes power consumption. Among various implementations of S-Boxes, the most energy-efficient one is the decoder-switchencoder (DSE) architecture. In this paper, we refine the DSE architecture and propose one faster, more compact S-Boxes architecture of lower power: an improved and full-balanced DSE architecture. This architecture achieves low power consumption of 68 μW at 10 MHz using 0.25 ktm 1.SV UMC CMOS technology. Compared with the original DSE S-Boxes, it further reduces the delay, gate count and power consumption by 8%, 14% and 10% respect/vely. At the sane time, simulation results show that the improved DSE S-Boxes has the best performance among various S-Boxes architectures in terms of power-area product and power-delay product, and it is optimal for implementing low power AES cryptography.
基金the Hi-Tech Research and Development Program of China (2006AA01Z226)the Natural Science Foundation of Hubei (2006ABA080)+1 种基金the Scientific Research Foundation of Huazhong University of Science and Technology (2006Z011B)the Program for New Century Excellent Talents in University (NCET-07-0328)
文摘It is an important challenge to implement a lowcost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts: inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation (UMC) 0.25 μm 1.8 V complementary metal-oxide-semiconductor (CMOS) standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.
基金supported in part by National Natural Science Foundation of China(Nos.61632020,U1936209,62002353)Beijing Natural Science Foundation(No.4192067).
文摘Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations.In most cases,non-linear components(e.g.S-Boxes)of cryptographic algorithms will be chosen as primary targets of side-channel attacks(SCAs).In order to measure side-channel resistance of S-Boxes,three theoretical metrics are proposed and they are revisited transparency order(VTO),confusion coefficients variance(CCV),and minimum confusion coefficient(MCC),respectively.However,the practical effectiveness of these metrics remains still unclear.Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples,this paper takes a comprehensive study of the applicability of these metrics.First of all,we empirically investigate the relations among three metrics for targeted S-boxes,and find that CCV is almost linearly correlated with VTO,while MCC is inconsistent with the other two.Furthermore,in order to verify which metric is more effective in which scenarios,we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks,respectively.The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks,VTO and CCV are more reliable while MCC fails.We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs.Finally,we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes.Unfortunately,all of them are invalid in this scenario.
基金supported by the National Natural Science Foundation of China under Grant No.10871106
文摘For a class of generalized Feistel block ciphers, an explicit formula for the minimum numbers of linearly active S-boxes of any round r is presented.
基金supported by the National Nature Science Foundation of China under Grant Nos.61872381,61872359,61862011,and 61402522supported by Guangxi Key Laboratory of Cryptography and Information Security under Grant No.GCIS201704
文摘This paper is twofold.The first is devoted to study a class of quadratic rotation symmetric S-boxes(RSSBs)which was presented by Gao G,et al.,Constructions of quadratic and cubic rotation symmetric bent functions,IEEE Transactions on Information Theory,vol.58,no.7,pp.4908–4913,2012,by decomposing a class of cubic rotation symmetric bent functions.The authors obtain its nonlinearity and differential uniformity of such class of S-boxes.In particular,the compositional inversion of the class of rotation symmetric S-boxes is also presented.Then the authors introduce a steepest-descent-like search algorithm for the generation of RSSBs.The algorithm finds 5,6,7,8-bit RSSBs with very good cryptographic properties which can be applied in designing cryptographical algorithms.
基金The work was supported in part by the National Natural Science Foundation of China(Grant No.61872103)in part by Guangxi Science and Technology Foundation(Guike AB18281019,Guike AD18281026)+1 种基金in part by Guangxi Natural Science Foundation(2019GXNSFGA245004)in part by the Foundation of Ministry of Education Key Laboratory of Cognitive Radio and Information Processing(Guilin University of Electronic Technology)(CRKL180107).
文摘Highly nonlinear resilient functions play a crucial role in nonlinear combiners which are usual hardware oriented stream ciphers.During the past three decades,the main idea of construction of highly nonlinear resilient functions are benefited from concatenating a large number of affine subfunctions.However,these resilient functions as core component of ciphers usually suffered from the guess and determine attack or algebraic attack since the n-variable nonlinear Boolean functions can be easily given rise to partial linear relations by fixing at most nil variables of them.How to design highly nonlinear resilient functions(S-boxes)without concatenating a large number of nil variables affine subfunctions appears to be an important task.In this article,a new construction of highly nonlinear resilient functions is proposed.These functions consist of two classes subfunctions.More specially,the first class(nonlinear part)contains both the bent functions with 2k variables and some affine subfUnctions with n/2-k variables which are attained by using[n/2-k,m,d]disjoint linear codes.The second class(linear part)includes some linear subfunctions with nil variables which are attained by using[n/2,m,d]disjoint linear codes.It is illustrated that these resilient functions have high nonlinearity and high algebraic degree.In particular,It is different from previous well-known resilient S-boxes,these new S-boxes cannot be directly decomposed into some affine subftinctions with nil variables by fixing at most nil variables.It means that the S-boxes(vectorial Boolean functions)which use these resilient functions as component functions have more favourable cryptography properties against the guess and determine attack or algebraic attacks.
文摘The so-called selected permutations on the set of the first 16 non-negative integers are classified under the action of a certain motion group.Adata-base consisted of the class representatives has been provided.
基金Supported by the National Natural Science Foundation of China
文摘An integrated analysis of the design criteria for the S-boxes used in the DES is made.Among others,the exclusion principle between the degree of nonlinearity and the degree of I/O—correlation immunity for partial variables is established.
