基于SM4轮函数设计的认证加密算法

doi:10.3969/j.issn.0372-2112.2018.06.003

电子学报 ›› 2018, Vol. 46 ›› Issue (6): 1294-1299.DOI: 10.3969/j.issn.0372-2112.2018.06.003

基于SM4轮函数设计的认证加密算法

张建^1,2, 吴文玲^1,2

1. 中国科学院软件研究所可信计算与信息保障实验室, 北京 100190;
2. 中国科学院大学, 北京 100190

收稿日期:2017-01-17 修回日期:2017-06-19 出版日期:2018-06-25
- 作者简介:
- 张建,男,1988年生于四川成都.现为中国科学院软件研究所博士研究生.主要研究方向为分组密码和认证加密算法.E-mail:zhangjian@tca.iscas.ac.cn;吴文玲,女,1966年生于陕西蒲城.现为中国科学院软件研究所研究员、博士生导师.主要研究方向为对称密码学.E-mail:wwl@tca.iscas.ac.cn
- 基金资助:
- 国家自然科学基金 (No.61672509）; 国家密码学发展基金会 (No.MMJJ20170101）

Authenticated Encryption Based on SM4 Round Function

ZHANG Jian^1,2, WU Wen-ling^1,2

1. Institute of Software, Chinese Academy of Sciences, TCA Lab, Beijing 100190, China;
2. University of Chinese Academy of Sciences, Beijing 100190, China

Received:2017-01-17 Revised:2017-06-19 Online:2018-06-25 Published:2018-06-25
- Supported by:
- National Natural Science Foundation of China (No.61672509); National Cryptography Development Foundation of China (No.MMJJ20170101)

摘要/Abstract

摘要： 认证加密算法，作为一种对称密码算法，能够同时保护数据的机密性和完整性，在信息安全领域有着重要作用.现有的认证加密算法大多是基于分组密码的工作模式设计的，底层需要调用全轮的分组密码，效率受到很大限制.本文主要考虑从基本部件出发直接设计一个高效的认证加密算法.首先结合国产分组密码标准SM4与广义Feistel结构给出了一种通用的结构设计.然后以抵抗碰撞攻击为安全性目标，利用混合整数规划（MILP）方法搜索得到了一些状态大小和效率各不相同的结构，这些结构可以被用来构造消息认证码和认证加密算法.最后，利用目前搜索得到的状态大小和效率较优的结构设计了一个认证加密算法，并进行了初步的安全性分析和软件实现，其速度约为SM4-GCM速度的10倍.

关键词: 认证加密算法, 算法设计, 广义Feistel结构, 混合整数规划(MILP), SM4算法, SM4-GCM

Abstract: Authenticated encryption,as a symmetric cryptographic primitive,can protect privacy and integrity simultaneously,which plays an important role in information security.Most of the existing authenticated encryption algorithms are designed based on the working mode of block cipher,which needs to call full round of block cipher.Thus the efficiency is quite limited.This paper considers to construct an efficient authenticated encryption algorithm dedicatedly using basic components.We first present a general structure by combining Chinese block cipher standard SM4 and the general Feistel structure.With the mixed integer linear programming (MILP) method,we find several secure structures against the collision attacks with different sate size and efficiency,which can be used as building blocks for MACs and authenticated encryption.Then we design an authenticated encryption using the structure with good state size and efficiency,and give the corresponding security analysis and implemention.Our benchmarks show that it runs about 10 times faster than SM4-GCM.

Key words: authenticated encryption, design, general Feistel structure, MILP, SM4 cipher, SM4-GCM

中图分类号:

TP391

张建, 吴文玲. 基于SM4轮函数设计的认证加密算法[J]. 电子学报, 2018, 46(6): 1294-1299.

ZHANG Jian, WU Wen-ling . Authenticated Encryption Based on SM4 Round Function[J]. Acta Electronica Sinica, 2018, 46(6): 1294-1299.

参考文献

[1] Rogaway P,Bellare M,et al.OCB:a block-cipher mode of operation for efficient authenticated encryption[J].ACM Transactions on Information and System Security (TISSEC),2003.6(3):365-403.
[2] McGrew D,Viega J.The Galois/Counter Mode of Operation (GCM)[EB/OL].http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf,2004.
[3] Whiting D,Housley R,Ferguson N.Counter with CBC-MAC (CCM)[EB/OL].http://csrc.nist.gov/encryption/modes/proposedmodes,2003.
[4] Wub H,Preneel B.AEGIS:a fast authenticated encryption algorithm[A].Lange T.Selected Areas in Cryptography-SAC[C].Berlin:Springer,2014.185-201.
[5] Nikolic I.Tiaoxin-346[EB/OL].CAESAR Third Round Submission.http://competitions.cr.yp.to/round3/tiaoxinv21.pdf,2016.
[6] Bogdanov A,Mendel F,et al.ALE:AES-based lightweight authenticated encryption[A].Moriai S.Fast Software Encryption[C].Berlin:Springer,2013.447-466.
[7] Jean J,Nikolic I.Efficient design strategies based on the AES round function[A].Peyrin T.Fast Software Encryption[C].Berlin:Springer,2016.334-353.
[8] Ye D,Wang P,et al.PAES v1:Parallelizable Authenticated Encryption Schemes Based on AES Round Function[EB/OL].CAESAR First Round Submission.http://competitions.crypto/round1/paesv1.pdf,2014.
[9] Diffie W,Ledin G,et al.SMS4 Encryption Algorithm For Wireless Networks[EB/OL].IACR Cryptology Eprint Archive.http://eprint.iacr.org/2008/329,2008.
[10] Bellare M,Namprempre C.Authenticated encryption:relations among notions and analysis of the generic composition paradigm[A].Okamoto T.Advances in Cryptology-ASIACRYPT[C].Berlin:Springer,2000.531-545.
[11] Mouha N,Wang Q,et al.Differential and linear cryptanalysis using mixed-integer linear programming[A].Wu CK.International Conference on Information Security and Cryptology[C].Berlin:Springer,2011.57-76.
[12] Zhang J,Wu W,et al.Security of SM4 against (related-key) differential cryptanalysis[A].Bao F.Information Security Practice and Experience[C].Cham:Springer,2016.65-78.
[13] Sun S,Hu L,et al.Automatic security evaluation and (related-key) differential characteristic search:application to Simon,Present,LBlock,DES(L) and other bit-oriented block ciphers[A].Sarkar P.Advances in Cryptology-AsiaCrypt[C].Berlin:Springer,2014.158-178.
[14] Sun S,Hu L,et al.Automatic security evaluation of block ciphers with s-bp structures against related-key differential attacks[A].Lin D.Information Security and Cryptology[C].Cham:Springer,2014.39-51.
[15] Borghoff J,Knudsen L R,et al.Bivium as a mixed-integer linear programming problem[A].Parker M G.Ima International Conference on Cryptography and Coding[C].Berlin:Springer,2009.133-152.
[16] Wu S,Wu H,et al.Leaked-state-forgery attack against the authenticated encryption algorithm ale[A].Sako K.Advances in Cryptology-AsiaCrypt[C].Berlin:Springer,2013.377-404.
[17] Dinur I,Jean J.Cryptanalysis of FIDES[A].Cid C.Fast Software Encryption[C].Berlin:Springer,2014.224-240.
[18] Minaud B.Linear biases in AEGIS keystream[A].Joux A.Selected Areas in Cryptography[C].Berlin:Springer,2014.290-305.
[19] Matsui M.Linear cryptanalysis method for DES cipher[A].Helleseth T.Advances in Cryptology-EuroCrypt[C].Berlin:Springer,1994.386-397.
[20] Krovetz T,Rogaway P.The software performance of authenticated encryption modes[A].Joux A.Fast Software Encryption[C].Berlin:Springer,2011.306-327.

基于SM4轮函数设计的认证加密算法

Authenticated Encryption Based on SM4 Round Function

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics