摘要
分组密码的安全性主要依赖于S盒(向量值密码函数)的各项安全性指标.分组密码S盒的最优选择就是差分均匀度为4的向量值密码函数.逆函数是最著名的差分均匀度为4各项安全性指标均优良的向量值函数.著名的AES分组密码算法、Camellia分组密码算法、CLEFIA分组密码算法和SMS4分组密码算法均采用有限域F28上与逆函数仿射等价的向量值函数作为S盒.目前对于与逆函数仿射等价S盒的研究,主要侧重于研究分组密码算法经过多轮后活跃S盒的数量.与以往的研究角度有所不同,该文要研究有限域F_(p^n)上与逆函数仿射等价向量值密码函数的计数问题.若能计算出与逆函数仿射等价密码函数的数量,在实际应用中就知道有多少个与逆函数仿射等价的S盒可供算法设计者选择.将有限域F_(2~n)上的逆函数推广成有限域F_(p^n)上的逆函数,其中p≥2是一个素数,这是一个更为一般的逆函数.首先,该文定义(T_1,R_1)和(T2,R_2)之间的运算"*"为(T2,R_2)*(T_1,R_1)··=■,其中(T_1,R_1),(T2,R_2)∈Aff_n^(-1)(F_q)×Aff_n^(-1)(F_q),Aff_n^(-1)(F_q)是有限域F_q上的n×n阶可逆仿射变换群,q=p^m,p≥2是一个素数,m≥1是一个正整数,"■"表示映射的合成.证明了Aff_n^(-1)(F_q)×Aff_n^(-1)(F_q)关于运算"*"是一个群;使得等式F=■成立的可逆仿射变换对(V,W)∈Aff_n^(-1)(F_q)×Aff_n^(-1)(F_q)关于运算"*"是Aff_n^(-1)(F_q)×Aff_n^(-1)(F_q)的一个子群.然后,利用以上结论和有限域的一些性质证明了,当p≥3且n≥2时,或者p=2且n≥4时,对于有限域F_(p^n)上的逆函数F(x)=x^(-1)=x^(p^n-2),使得等式F=■成立的可逆仿射变换μ和ν线性化多项式的形式只能是μ(x)=S_tx^(p^t)和ν(x)=S_t^(p^n-t) x^(p^n-t),0≠St∈F_(p^n),t=0,1,…,n-1.于是,使得等式F=■成立的所有可逆仿射变换对(ν,μ)的数量为n(p^n-1).利用这些可逆仿射变换对(ν,μ)所形成的子群对群Aff_n^(-1)(Fp)×Aff_n^(-1)(Fp)划分等价类,商�
The security of modern block ciphers substantially relies on the cryptographic properties of its S -boxes (vectorial cryptographic functions), which are always the only source of nonlinearity. It is optimal to choose differentially 4-uniform permutations as S -boxes of block ciphers in real applications. The inverse function is the most famous differentially 4-uniform permutation with many desirable cryptographic properties. The vectorial functions of affine equivalent to the inverse function over F2^8 are frequently selected as the S -boxes of many important block ciphers, such as AES, Camellia, CLEFIA and SMS4. Now the research on the S -boxes of affine equivalent to the inverse function focuses the counting method of the minimum number of active S -boxes for several consecutive rounds of block ciphers. Unlike the previous research works, this paper investigates the counting problem of affine equivalent to the inverse function over Fp^n . If the exact number of affine equivalent to the inverse function is calculated, the designer of cryptographic algorithm knows that how many the S -boxes of affine equivalent to the inverse function should be selected in real applications. The inverse function over finite field F2^n is generalized to the inverse function over finite field Fp^n , where p 2 is a prime number. This is a generalization of the inverse function. Firstly, the product “*” of (T1 ,R1 ) and (T2 ,R2 ) is defined as (T2 ,R2 )*(T1 ,R1 )··=(T2 T1 ,R1 R2 ), where (T1 ,R1 ),(T2 ,R2 )∈Affn^-1(Fq)×Affn^-1(Fq), Affn^-1(Fq) is the n×n invertible affine transformation group over finite field Fq, q=p^m , p 2 is a prime number, m 1 is a positive integer, and “” denotes the product of the mapping. This paper proves that Affn^-1(Fq)×Affn^-1(Fq) is a group and the pairs of invertible affine transformations (V,W)∈Affn^-1(Fq)×Affn^-1(Fq) satisfied by F=V F W form a subgroup of the group Affn^-1(Fq)× Affn^-1(Fq) with respect to the operation “*”. Secondly, when p 3 and n 2 , or p=2 and n 4 , for the
作者
袁峰
江继军
杨旸
欧海文
王敏娟
YUAN Feng;JIANG Ji-Jun;YANG Yang;OU Hai-Wen;WANG Min-Juan(Department of Cryptography Science and Technology, Beijing Electronic Science and Technology Institute, Beijing 100070;Information Security Institute, Beijing Electronic Science and Technology Institute, Beijing 100070;College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108)
出处
《计算机学报》
EI
CSCD
北大核心
2019年第5期1126-1136,共11页
Chinese Journal of Computers
基金
国家重点研发计划资助项目(2018YFB0803600)
国家自然科学基金青年科学基金(61402112)
中央高校基本科研业务费专项资金(2014XSYJ09
328201509)
北京电子科技学院科研团队项目(2014TD2-OHW)资助~~
关键词
密码学
密码函数
S盒
逆函数
等价
数量
cryptography
cryptographic functions
S-box
inverse function
equivalence
number
