电子学报 ›› 2018, Vol. 46 ›› Issue (6): 1294-1299.DOI: 10.3969/j.issn.0372-2112.2018.06.003

• 学术论文 • 上一篇    下一篇

基于SM4轮函数设计的认证加密算法

张建1,2, 吴文玲1,2   

  1. 1. 中国科学院软件研究所可信计算与信息保障实验室, 北京 100190;
    2. 中国科学院大学, 北京 100190
  • 收稿日期:2017-01-17 修回日期:2017-06-19 出版日期:2018-06-25
    • 作者简介:
    • 张建,男,1988年生于四川成都.现为中国科学院软件研究所博士研究生.主要研究方向为分组密码和认证加密算法.E-mail:zhangjian@tca.iscas.ac.cn;吴文玲,女,1966年生于陕西蒲城.现为中国科学院软件研究所研究员、博士生导师.主要研究方向为对称密码学.E-mail:wwl@tca.iscas.ac.cn
    • 基金资助:
    • 国家自然科学基金 (No.61672509); 国家密码学发展基金会 (No.MMJJ20170101)

Authenticated Encryption Based on SM4 Round Function

ZHANG Jian1,2, WU Wen-ling1,2   

  1. 1. Institute of Software, Chinese Academy of Sciences, TCA Lab, Beijing 100190, China;
    2. University of Chinese Academy of Sciences, Beijing 100190, China
  • Received:2017-01-17 Revised:2017-06-19 Online:2018-06-25 Published:2018-06-25
    • Supported by:
    • National Natural Science Foundation of China (No.61672509); National Cryptography Development Foundation of China (No.MMJJ20170101)

摘要: 认证加密算法,作为一种对称密码算法,能够同时保护数据的机密性和完整性,在信息安全领域有着重要作用.现有的认证加密算法大多是基于分组密码的工作模式设计的,底层需要调用全轮的分组密码,效率受到很大限制.本文主要考虑从基本部件出发直接设计一个高效的认证加密算法.首先结合国产分组密码标准SM4与广义Feistel结构给出了一种通用的结构设计.然后以抵抗碰撞攻击为安全性目标,利用混合整数规划(MILP)方法搜索得到了一些状态大小和效率各不相同的结构,这些结构可以被用来构造消息认证码和认证加密算法.最后,利用目前搜索得到的状态大小和效率较优的结构设计了一个认证加密算法,并进行了初步的安全性分析和软件实现,其速度约为SM4-GCM速度的10倍.

关键词: 认证加密算法, 算法设计, 广义Feistel结构, 混合整数规划(MILP), SM4算法, SM4-GCM

Abstract: Authenticated encryption,as a symmetric cryptographic primitive,can protect privacy and integrity simultaneously,which plays an important role in information security.Most of the existing authenticated encryption algorithms are designed based on the working mode of block cipher,which needs to call full round of block cipher.Thus the efficiency is quite limited.This paper considers to construct an efficient authenticated encryption algorithm dedicatedly using basic components.We first present a general structure by combining Chinese block cipher standard SM4 and the general Feistel structure.With the mixed integer linear programming (MILP) method,we find several secure structures against the collision attacks with different sate size and efficiency,which can be used as building blocks for MACs and authenticated encryption.Then we design an authenticated encryption using the structure with good state size and efficiency,and give the corresponding security analysis and implemention.Our benchmarks show that it runs about 10 times faster than SM4-GCM.

Key words: authenticated encryption, design, general Feistel structure, MILP, SM4 cipher, SM4-GCM

中图分类号: