摘要
T函数是由Klimov和Shamir在2002年提出的一类新的非线性函数,因其天然具有复杂的非线性结构,软硬件实现速度快,且生成序列周期能达到最大的特点,故有望代替线性反馈移位寄存器,成为新的序列密码设计的非线性驱动环节.然而,虽然单圈T函数的生成序列周期能够达到最大,但各分位序列周期仅在最高位处达到最大,且分位越低周期越短.为克服该弱点,2012年游伟等人利用特殊的比特置换结合加法运算,提出了使得各分位序列周期均达到最大的方法.本文在此基础上,结合单字单圈T函数的生成序列,拓展了比特置换的设计准则,给出了一类改进的T函数生成序列的构造方法.分析并证明由新方法生成的序列具有良好的性质,即每一分位序列的周期均能达到最大,克服了T函数较低分位序列周期较小的缺陷.进一步研究了构造方法中不同置换的个数,输出序列的平衡性和线性复杂度,结果表明,该构造方法数量多,且具有良好的0,1平衡性及较高的线性复杂度.
T-functions, proposed by Klomiv and Shamir in 2002, is a new class of nonlinear functions. For their nonlinear structure nature, fast implement in both software and hardware and longest periods, T-functions can substitute LFSR as a new driver in stream ciphers. However, except the coordinated sequence at the most significant bit position, coordinated sequences of a single-cycle T-function at other bit positions do not reach the maximum period, and the less significant is the bit position, the shorter is the period of the corresponding coordinated sequence. In 2012, YOU Wei et al combined special permutation and 'addition' to generate new sequences which each output coordinated sequences' periods can reach the maximum. In this paper, we expand the criterion of permutation and present a class of improved method to generate new sequences. It is proved that the periods of each output coordinate sequence reach the maximum which overcomes the shortcoming of T-functions. Moreover, the number of different filtering functions, balance property and linear complexity are also discussed. It turns out that sequences derived from our new method have high complexity and good 0-1 balance property.
出处
《密码学报》
2014年第6期513-524,共12页
Journal of Cryptologic Research
基金
国家自然科学基金(61272041
61202491
61272488)
关键词
T函数
单字单圈
周期
线性复杂度
T-functions
single word single cycle
period
linear complexity