-
-
[原创]常见对称加密算法的扩散层(P盒)及其密码学指标
-
发表于: 2024-8-15 14:25
-
常见对称加密算法的扩散层(P盒)及其密码学指标
扩散层作为对称加密算法中的线性部件,它提供了算法必需的雪崩效应,它使得输出的一个比特依赖于输入的多个比特,让输出的密文数据更加随机,从而增加了算法抵抗破解的能力。
本文列出了常见加密算法的P盒各项密码指标,以供各位参考。
(1)汉明重量
对于向量X=(x1,x2,.....,xn)∈(F),x1,x2,.....,xn中非零元的个数称为向量X的汉明重量,记为W(X)。
(2)差分分支数
线性变换θ的差分分支数定义为:
(3)线性分支数
线性变换θ的线性分支数定义为:
(4)差分分支数和线性分支数
任意的线性变换θ一般都能够用有限域上的矩阵M进行刻画,若将线性变换θ:(F)→(F)表示成矩阵形式θ(X)=M•X,那么差分分支数和线性分支数可以分别表示为:
DES的扩散层:比特置换
BYTE DES_PBOX[32] =
{
16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25
};
AES的扩散层:MDS矩阵(差分分支数和线性分支数都为5)
{
M[4][4]={{0x02,0x03,0x01,0x01},{0x01,0x02,0x03,0x01},{0x01,0x01,0x02,0x03},{0x03,0x01,0x01,0x02}};
MInv[4][4]={{0x0e,0x0b,0x0d,0x09},{0x09,0x0e,0x0b,0x0d},{0x0d,0x09,0x0e,0x0b},{0x0b,0x0d,0x09,0x0e}};
}
Serpent的扩散层:异或和移位
Serpent_PBOX:(X0,X1,X2,X3)→(Y0,Y1,Y2,Y3)
{
X0=X0<<<13
X2=X2<<<3
X1=X1⊕X0⊕X2
X3=X3⊕X2⊕(X0<<3)
X1=X1<<<1
X3=X3<<<7
X0=X0⊕X1⊕X3
X2=X2⊕X3⊕(X1<<7)
X0=X0<<<5
X2=X2<<<22
Y0=X0 Y1=X1 Y2=X2 Y3=X3
};
ARIA的扩散层:MDBL矩阵(差分分支数和线性分支数都为8)
ARIA_PBOX(x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15)→(y0,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13,y14,y15)
{
y0 = x3⊕x4⊕x6⊕x8⊕x9⊕x13⊕x14;
y1 = x2⊕x5⊕x7⊕x8⊕x9⊕x12⊕x15;
y2 = x1⊕x4⊕x6⊕x10⊕x11⊕x12⊕x15;
y3 = x0⊕x5⊕x7⊕x10⊕x11⊕x13⊕x14;
y4 = x0⊕x2⊕x5⊕x8⊕x11⊕x14⊕x15;
y5 = x1⊕x3⊕x4⊕x9⊕x10⊕x14⊕x15;
y6 = x0⊕x2⊕x7⊕x9⊕x10⊕x12⊕x13;
y7 = x1⊕x3⊕x6⊕x8⊕x11⊕x12⊕x13;
y8 = x0⊕x1⊕x4⊕x7⊕x10⊕x13⊕x15;
y9 = x0⊕x1⊕x5⊕x6⊕x11⊕x12⊕x14;
y10 = x2⊕x3⊕x5⊕x6⊕x8⊕x13⊕x15;
y11 = x2⊕x3⊕x4⊕x7⊕x9⊕x12⊕x14;
y12 = x1⊕x2⊕x6⊕x7⊕x9⊕x11⊕x12;
y13 = x0⊕x3⊕x6⊕x7⊕x8⊕x10⊕x13;
y14 = x0⊕x3⊕x4⊕x5⊕x9⊕x11⊕x14;
y15 = x1⊕x2⊕x4⊕x5⊕x8⊕x10⊕x15;
};
SM4的扩散层:异或和循环移位(差分分支数和线性分支数都为5)
SM4_PBOX:Y→Z
{
Z=L(Y)=Y⊕(Y<<<2)⊕(Y<<<10)⊕(Y<<<18)⊕(Y<<<24)
};
CLEFIA的扩散层:MDS矩阵(差分分支数和线性分支数都为5)
{
M0[4][4]={{0x01,0x02,0x04,0x06},{0x02,0x01,0x06,0x04},{0x04,0x06,0x01,0x02},{0x06,0x04,0x02,0x01}};
M1[4][4]={{0x01,0x08,0x02,0x0a},{0x08,0x01,0x0a,0x02},{0x02,0x0a,0x01,0x08},{0x0a,0x02,0x08,0x01}};
}
Camellia的扩散层:MDBL矩阵(差分分支数和线性分支数都为5)
(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)
{
y0=x0⊕x2⊕x3⊕x5⊕x6⊕x7
y1=x0⊕x1⊕x3⊕x4⊕x6⊕x7
y2=x0⊕x1⊕x2⊕x4⊕x5⊕x7
y3=x1⊕x2⊕x3⊕x4⊕x5⊕x6
y4=x0⊕x1⊕x5⊕x6⊕x7
y5=x1⊕x2⊕x4⊕x6⊕x7
y6=x2⊕x3⊕x4⊕x5⊕x7
y7=x0⊕x3⊕x4⊕x5⊕x6
}
Present的扩散层:比特置换
BYTE Present_PBOX[64] =
{
0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63
}
GIFT的扩散层:比特置换
BYTE GIFT_PBOX[64] =
{
0,17,34,51,48,1,18,35,32,49,2,19,16,33,50,3,
4,21,38,55,52,5,22,39,36,53,6,23,20,37,54,7,
8,25,42,59,56,9,26,43,40,57,10,27,24,41,58,11,
12,29,46,63,60,13,30,47,44,61,14,31,28,45,62,15
}
LBlock的扩散层:半字节置换
(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)
{
(y0,y1,y2,y3,y4,y5,y6,y7)=(x1,x3,x0,x2,x5,x7,x4,x6);
}
MIBS的扩散层:MDBL矩阵(差分分支数和线性分支数都为5)
MIBS_PBOX:(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)
{
y0=x0⊕x1⊕x3⊕x4⊕x6⊕x7
y1=x1⊕x2⊕x3⊕x4⊕x5⊕x6
y2=x0⊕x1⊕x2⊕x4⊕x5⊕x7
y3=x1⊕x2⊕x3⊕x6⊕x7
y4=x0⊕x2⊕x3⊕x4⊕x7
y5=x0⊕x1⊕x3⊕x4⊕x5
y6=x0⊕x1⊕x2⊕x5⊕x6
y7=x0⊕x2⊕x3⊕x5⊕x6⊕x7
}
KLEIN的扩散层:MDS矩阵(差分分支数和线性分支数都为5)
{
M[4][4]={{0x02,0x03,0x01,0x01},{0x01,0x02,0x03,0x01},{0x01,0x01,0x02,0x03},{0x03,0x01,0x01,0x02}};
MInv[4][4]={{0x0e,0x0b,0x0d,0x09},{0x09,0x0e,0x0b,0x0d},{0x0d,0x09,0x0e,0x0b},{0x0b,0x0d,0x09,0x0e}};
}
LED的扩散层:对合MDS矩阵(差分分支数和线性分支数都为5)
{
M[4][4]={{0x04,0x01,0x02,0x02},{0x08,0x06,0x05,0x06},{0x0b,0x0e,0x0a,0x09},{0x02,0x02,0x0f,0x0b}};
MInv[4][4]={{0x04,0x01,0x02,0x02},{0x08,0x06,0x05,0x06},{0x0b,0x0e,0x0a,0x09},{0x02,0x02,0x0f,0x0b}};
}
Midori的扩散层:Near-MDS矩阵(差分分支数和线性分支数都为4)
{
M[4][4]={{0,1,1,1},{1,0,1,1},{1,1,0,1},{1,1,1,0}};
}
FeW:异或和循环移位(差分分支数和线性分支数都为5)
FeW_PBOX:Y→Z
{
Z=L1(Y)=Y⊕(Y<<<1)⊕(Y<<<5)⊕(Y<<<9)⊕(Y<<<12)
Z=L2(Y)=Y⊕(Y<<<4)⊕(Y<<<7)⊕(Y<<<11)⊕(Y<<<15)
};
ESF的扩散层:比特置换
BYTE ESF_PBOX[32] =
{
0,8,16,24,1,9,17,25,2,10,18,26,3,11,19,27
4,12,20,28,5,13,21,29,6,14,22,30,7,15,23,31
}
AC的扩散层:异或和移位
AC_PBOX:(X0,X1,X2,X3)→(Y0,Y1,Y2,Y3)
{
X1=X1⊕(X3<<<7)
X0=X0⊕(X2<<<1)
X3=X3⊕(X0<<<5)
X2=X2⊕(X1<<<8)
X1=X1⊕(X3<<<8)
Swap(X3,X2)
Swap(X1,X0)
X1=X1⊕(X3<<<8)
X2=X2⊕(X1<<<8)
X3=X3⊕(X0<<<5)
X0=X0⊕(X2<<<1)
X1=X1⊕(X3<<<7)
Y0=X0 Y1=X1 Y2=X2 Y3=X3
}
|
|
|---|---|
