CN103701584B - Method for designing binary linear diffusion structure in symmetric ciphers - Google Patents
Method for designing binary linear diffusion structure in symmetric ciphers Download PDFInfo
- Publication number
- CN103701584B CN103701584B CN201310665234.3A CN201310665234A CN103701584B CN 103701584 B CN103701584 B CN 103701584B CN 201310665234 A CN201310665234 A CN 201310665234A CN 103701584 B CN103701584 B CN 103701584B
- Authority
- CN
- China
- Prior art keywords
- matrix
- binary
- designing
- diffusion structure
- strong
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Complex Calculations (AREA)
Abstract
The invention discloses a method for designing a binary linear diffusion structure in symmetric ciphers, and relates to a method used for designing ciphers. The scheme comprises the following steps: (1) calculating the upper bound and the lower bound of a Hamming weight value of a binary matrix, and meanwhile, generating a set consisting of candidate row vectors; (2) selecting elements from the row vector set to construct a binary invertible matrix which has theoretically optimal linear branches and high Hamming weight at the same time; (3) judging whether the differential branches of the matrix are theoretically optimal; (4) constructing a strong orthomorphic matrix by exchanging rows in pairs. The invention provides the method for designing the binary linear diffusion structure which has optimal differential branches and linear branches and strong full balance by utilizing strong orthomorphic replacement. Meanwhile, by the method, the highest value of the Hamming weight of the obtained binary linear matrix can also be ensured when the differential branches and the linear branches are optimal at the same time, so that data encryption security can be improved.
Description
Technical field
The present invention relates to the method for password design, particularly to the setting of binary linear diffusion structure in a kind of symmetric cryptography
Meter method.
Background technology
C.e.shannon in 1949 proposes symmetric cryptography needs the two big design principles meeting: obscures principle and diffusion
Principle.Replacement theory is one of basic theories of field of cryptography, and replacement theory both can be used for designing obscuring of symmetric cryptography
Structure is it is also possible to be used for designing the diffusion structure of symmetric cryptography.Modern block cipher (block cipher is one kind of symmetric cryptography)
In obscure structure, typical is exactly to be made up of the s box juxtaposition of n m × m to obscure structure, and such as aes, aria are by 16 8
× 8 s box juxtaposition forms, and camellia is to be formed by the s box juxtaposition of 88 × 8.The m bit of one s box output is only defeated with it
The m bit entering is relevant, unrelated with the input of other s boxes.And the effect of linear diffusion structure is exactly to play the output of these s boxes
Disorderly so that the m bit of output is also related to the input of other s boxes as far as possible.Binary linear diffusion structure is a kind of conventional
Linear diffusion structure form, have and realize efficient advantage, but the method for designing of existing binary linear diffusion structure
The Cryptographic Properties considering are mainly differential branch number and linear branch number, without considering other Cryptographic Properties, therefore
Existing binary linear diffusion structure universal security single function is so that the cryptographic algorithm constructing is analyzed for novel cipher
" immune " scarce capacity.The building method of existing binary linear diffusion matrix is it is impossible to ensure its matrix obtaining simultaneously
While meeting differential branch number and linear branch number reaches optimum, hamming weight is also highest, and binary system diffusion square
The hamming weight of battle array is higher, and snowslide effect is better, and snowslide effect is also important Cryptographic Properties.
Orthomorphic permutation is a kind of special Boolean Permutation, is also class Complete Mappings, has complete equipilibrium etc. excellent
Cryptographic Properties, compare other common displacements and have higher diffusion property.The WLAN commercial cipher algorithm of China
The round function of sms4 is it is simply that based on orthomorphic permutation Generator Design.In the stream cipher arithmetic loiss of China scientist design
S box, is also a non-linear orthomorphic permutation.In addition, the military of China takes much count of application in cryptographic algorithm for the orthomorphic permutation, national defence
University of Science and Technology, information engineering university of PLA and Xian Electronics Science and Technology University are all persistently studied to it.
Content of the invention
Present invention aim to address current binary linear diffusion structure only has excellent differential branch number and linear
Branch's number, and lack other outstanding Cryptographic Properties;The building method of existing binary linear diffusion matrix is it is impossible to ensure it
The matrix obtaining while meeting differential branch number and linear branch number reaches optimum, also ask for highest by hamming weight
Topic and deficiency.By using strong orthomorphic permutation, provide one kind both to have optimum differential branch number and linear branch number, have strong again
The binary linear diffusion structure method for designing of the Cryptographic Properties such as complete equipilibrium, obtained by the method also ensures that simultaneously
The hamming weight of binary matrix reaches the peak under differential branch number and linear branch number all optimal conditions.
For achieving the above object, the present invention adopts following solution: the present invention is based on vector space gf (2m)nOn strong
Orthomorphic permutation designs binary linear diffusion structure, realizes by following step that (wherein 1≤n≤18, m > 1, h are equal to this and two enter
The hamming gravimetric value of matrix processed):
(1) upper bound of hamming gravimetric value of n rank (n row n row) binary linear diffusion matrix and one are calculated
Lower bound, and this upper bound is assigned to h, generate the set that candidate n ties up row vector composition simultaneously;
(2) it is expert at during vector is gathered and chooses the element such n rank binary system invertible matrix of construction: hamming gravimetric value is
H, simultaneously linear branch number reach the theoretially optimum value under the conditions of this kind.If finding such matrix, execute (3).If not depositing
In such matrix, then h, from subtracting 1, if now h is less than lower bound, program determination, otherwise continues executing with (2);
(3) calculate the differential branch number of this binary matrix, if differential branch number also reaches theoretially optimum value, execute
(4), otherwise (2) are returned;
(4) this matrix by rows is exchanged two-by-two and (n can be formed altogether!Individual matrix), often obtain a new matrix and just sentence
Breaking, whether it is gf (2m) on strong orthomorphic matrices (each linearly strong orthomorphic permutation can be write as strong orthomorphic matrices).
If strong orthomorphic matrices then output result, program determination, if this n!Individual matrix is not strong orthomorphic matrices, then return (2).
Above-mentioned one kind is based on vector space gf (2m)nOn strong orthomorphic permutation design the side of binary linear diffusion structure
Method it is characterised in that:
The method calculating the hamming gravimetric value lower bound of binary matrix in described step (1) is as follows:
Hypothesis d is the minimum distance of binary linear code [2n, n, d], and the implication of the d occurring afterwards is all with herein.
It is now assumed that this binary matrix is n rank (n row n row), then according to binary linear code [2n, n, d] and two
The corresponding relation of variable matrix, can obtain general lower bound is (d-1) n.
The method calculating the hamming gravimetric value upper bound of binary matrix in described step (1) is as follows:
One general upper bound isWhereinRepresent and be not more than (*)
Maximum integer,Represent the smallest positive integral not less than (*), occur afterwardsWithImplication is all with herein.
In described step (1) candidate row vector composition set it is characterised in that:
Generate altogether the set of (n-d+1) individual row vector, in each row vector set, the hamming weight phase of all row
Deng the row vector hamming weight value of (n-d+1) individual row vector set is followed successively by d-1, d ..., n.
Described step (2) be expert at vector set in choose element method as follows:
Assume λiIt is natural number for i(wherein i that value is equal to hamming weight in binary matrix, and d-1≤i≤n)
The quantity of row, then can obtain following Indeterminate Equation Group:
Solve equation group and obtain all of disaggregation { (λd-1,λd,…,λn), then randomly choose one of which solution
(λd-1′,λd′,…,λn'), choose λ from the row vector set that hamming weight is ii' individual different rows construct binary matrix.
Described Indeterminate Equation Group it is characterised in that:
Assume i, j, k, b are natural number.
If n ≠ 4 and n ≠ 12, then when
When,
(wherein), then
And if(wherein 0≤j≤k), then
When
When, if(wherein), then
If n=4 or n=12, now d is even number, then when
And if(wherein 0≤j≤k), then
When
When, if (wherein ), then
Described Indeterminate Equation Group it is characterised in that:
If n ≠ 4 and n ≠ 12, then whenWhen, λi0 or 1 can only be taken;And if only if d
During for even number,The number more than 1 can be taken, when d is for odd number,The nonzero integer that can take only has 1.
If n=4 or n=12, d is obtained by the knowledge of binary linear code and is even number, then whenWhen, λi0 or 1 can only be taken;The number more than 1 can be taken.
Why described method, can generate the high binary matrix of hamming weight, and its reason is as follows:
The first test high situation of hamming weight, if can not find, just by h(matrix hamming weight and) certainly subtract 1, then
Again solve Indeterminate Equation Group, again choose row structural matrix, the hamming weight this ensures that thering gained matrix is always higher
Situation.
The method constructing strong orthomorphic matrices in described step (4), its feature is as follows:
Generate the 1 all n arriving n!Plant arrangement, then to rearrange the row sequence of matrix using arrangement.The generation of arrangement can
To precalculate, then store precomputation result, directly invoke when use.When rearranging row sequence using an arrangement,
After obtaining a new matrix, then calculate this poly, then detect finite field gf (2m) (assume gf (2m)
Represent finite field gf (2m), the implication of wherein m > 1, the m occurring afterwards is all with herein) on all nonzero elements whether be this
Root of polynomial, if being not root, this matrix is strong orthomorphic matrices, and this result is exported.
In described step (2) binary matrix hamming weight lower bound it is characterised in that:
When h(matrix hamming weight and) after certainly subtract 1, if the value of h is less than lower bound, program determination, and point out this scale
Under (m and n for setting) no meet the strong orthomorphic matrices of requirement.
Compared with prior art, the invention has the beneficial effects as follows:
(1) the hamming weight of the binary matrix obtained by ensure that reaches differential branch number and linear branch number
Peak all under optimal conditions, thus reaching the snowslide effect of optimum, and prior art is it cannot be guaranteed that this point;
(2) assume to design the binary system diffusion matrix of a n rank, then if testing binary system from high to low in order
The situation of the possible hamming weight sum of matrix, due to this scope than larger (scope be (0, n2)) it is therefore desirable to reduce model
Enclose;And for a specific hamming weight and, different situations to be tested also a lot (needing to solve Indeterminate Equation Group),
So the different situations number that also will reduce for a specific hamming weight and need test.The present invention gives two
One general upper bound of the possible hamming weight sum of system matrix and a general lower bound, thus reduce and need to test
Hamming weight sum scope;The present invention is simultaneous for being in different interval binary matrix hamming weight sums not
Determining equation group, all give constraints, which reduces different situations number to be tested, thus subtracting to a great extent
Lack amount of calculation.
(3) the binary linear diffusion matrix enabling to construct has strong complete equipilibrium, and prior art structure
The binary system diffusion matrix made no this property.
Brief description
Fig. 1 is the rough flow chart of method for designing;
Fig. 2 is method for designing detail flowchart.
Specific embodiment
For making the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, to this
Invention is further elaborated.It should be appreciated that specific embodiment described herein is only in order to explain the present invention, not
For limiting the present invention.
Generally, the linear diffusion structure of block cipher can be with a gf (2m)nOn linear orthomorphism representing, and
One linear orthomorphism can be represented with an invertible matrix again, and the differential branch of linear diffusion structure therefore can be defined as below
Number and linear branch number: θ are gf (2m)nOn a linear orthomorphism, x=(x0,x1,…,xn-1)∈gf(2m)nIt is column vector, θ
X ()=mx, m are gf (2m) on n rank invertible matrix, then claim Differential branch number for θ; Linear branch number for θ.Wherein (.)tRepresent matrix transposition, x0,x1,…,xn-1In
The number being not zero is the hamming weight of x, is designated as wh(x).
One linear transformation corresponds to a liner code, if θ is gf (2m)nOn linear orthomorphism, and θ (x)=mx, then
Corresponding liner code is [2n, n, d], g=[in| m], and the differential branch number of θ is equal to the minimum distance d of liner code.And two
The bound of system liner code minimum distance has been given by document [1], therefore gives n, we can be obtained by n rank two and enter
The theoretially optimum value of matrix differential branch number processed, the theoretially optimum value then theoretially optimum value with differential branch number of linear branch number
Equal.The minimum distance d of common binary linear code [2n, n, d] is as follows:
The minimum distance d of table 1 binary linear code [2n, n, d]
n | d | n | d |
1 | 2 | 10 | 6 |
2 | 2 | 11 | 7 |
3 | 3 | 12 | 8 |
4 | 4 | 13 | 7 |
5 | 4 | 14 | 8 |
6 | 4 | 15 | 8 |
7 | 4 | 16 | 8 |
8 | 5 | 17 | 8 |
9 | 6 | 18 | 8 |
Lemma 1 [2] assumes that m is gf (2m) on n rank binary matrix, definition mappingFor gf (2m)nTo gf (2m)nReflect
Penetrate and For gf (2)nTo gf (2)nMapping andThen have
Can quickly be judged whether binary matrix differential branch number reaches the theorem of optimum by lemma 1.
Theorem 1 sets a0,a1..., an-1It is n dimension binary column vector, matrix a=(a0,a1,…,an-1) it is a reversible square
Battle array, and the maximum differential branch number of known n rank binary matrix is βd(n), then the differential branch number of matrix a is βd(n)Abundant
Necessary condition is that following inequality group is set up, wh(.) expression hamming weight:
(0≤i1,i2…,ik< n and being not mutually equal, 1≤k≤βd(n)-
2).
Following theorem can be obtained for linear branch number in the same manner.
Theorem 2 sets a0,a1,…,an-1It is n dimension binary row vector, matrix a=(a0,a1,…,an-1)tIt is a reversible square
Battle array, and the maximum linear branch number of known n rank binary matrix is βl(n), then the linear branch number of matrix a is βl(n)Abundant
Necessary condition is that following inequality group is set up:
(0≤i1,i2…,ik< n and being not mutually equal, 1≤k≤βl(n)-2).
By theorem 1 and theorem 2, we can quickly judge the correlated branch number of a n rank binary system invertible matrix
Whether reach optimum.
Known by document [3], the hamming weight of binary matrix column vector and higher, then snowslide effect is better, therefore I
In addition to considering differential branch number and linear branch number in addition it is also necessary to make the hamming weight of binary matrix as far as possible
Height.In Fig. 1 and Fig. 2, the described hamming weight involved by " determining the bound of binary matrix hamming weight " is
For this justice.
As used in this specification is gf (2m)nOn strong orthomorphic permutation, be defined as follows:
Defining 1 and setting σ is gf (2m)nOn one displacement, ifIt is still gf (2m)nOn one displacement, wherein k is
gf(2m) on arbitrary element, i be gf (2m)nOn identical permutation, then σ be gf (2m)nOn strong orthomorphic permutation.
It is gf (2 that theorem 3 sets σm)nOn one displacement, then σ correspond to a gf (2m) on n × n rank invertible matrix m.If x
∈gf(2m)nColumn vector, then σ (x)=mx.So σ is that the proper polynomial of strong orthomorphic permutation and if only if invertible matrix m exists
gf(2m) on there is no root.When σ is strong orthomorphic permutation, our m now are called strong orthomorphic matrices.
Strong orthomorphic matrices in Fig. 1 and Fig. 2 are it is simply that linear strong matrix corresponding to orthomorphic permutation.
It is followed by the definition of strong complete equipilibrium:
If defining 2 one gf (2m)nOn displacement, can be by groupAny one rank upper is 2mn-1's
It is gf (2 that the half of the element of maximal subgroup is mapped to shape such as kh(wherein km) on any nonzero element) maximal subgroup, and
Second half is mapped in the supplementary set of maximal subgroup kh, then claim this displacement to be gf (2m)nOn the displacement of strong complete equipilibrium.
Then there are following cor-responding identified theorems:
4 one gf (2 of theoremm)nOn displacement be strong orthomorphic permutation, and if only if, and it is strong complete equipilibrium.
Note: the definition of strong orthomorphic permutation is derived from document [4], but the definition in document [4] is orthomorphic permutation.Due to strong just
The form of shape displacement and common orthomorphic permutation have significantly different, so it has been re-started in this specification with definition.Theorem 4
The visible document of proof [4].
It is easy to compare, redefine gf (2 in document [4] herem)nThe related notion of upper orthomorphic permutation:
Defining 3 and setting σ is gf (2m)nOn one displacement, ifIt is still gf (2m)nOn one displacement, wherein i is
gf(2m)nOn identical permutation, then σ be gf (2m)nOn orthomorphic permutation.
If defining 4 one gf (2m)nOn displacement, can be by groupAny one rank upper is 2mn-1's
The half of the element of maximal subgroup is mapped to this maximal subgroup, and second half is mapped in the supplementary set of this maximal subgroup, then claiming should
Displacement is gf (2m)nOn complete equipilibrium displacement.
5 one gf (2 of theoremm)nOn displacement be orthomorphic permutation, and if only if, and it is complete equipilibrium.
Can see, the balance of strong orthomorphic permutation is more higher than common orthomorphic permutation, property is more excellent.
The principle of this method to be described with reference to specific sample, the method generates a differential branch number and linear point
Number is all theoretical optimum, the strong orthomorphic matrices of hamming weight highest simultaneously, and this matrix can make as linear diffusion structure
With.
Take m=8, n=8, be according to the differential branch number learning binary matrix in table 1 and linear branch number maximum
5, that is, d=5, according to Fig. 1 and Fig. 2, implement step as follows:
Step 1: using general Lower Bound Formula (d-1) n, calculating a lower bound is (5-1) × 8=32, on general
Boundary's formulaCalculating a upper bound is
H is set to 49.
Then the set that our generation (n-d+1)=(8-5+1)=4 are made up of n=8 dimension binary row vector, first
The hamming weight of set row vector is all d-1=4, and the hamming weight of second set is all d=5, the 3rd set
Hamming weight be all d+1=6, the hamming weight of the 4th set be all d+2=7, and hamming weight is for n=8
Row vector only one of which (i.e. binary vector 11111111), without being individually created.
Step 2: assume that binary matrix to be generated includes the row that hamming weight is i and has λiIndividual (d-1≤i≤n,
I.e. 4≤i≤8), then obtain following Indeterminate Equation Group:
According to the versatility conclusion of Summary, bring parameter n=8, d=5 into, obtain:
When 43 < h≤49, λ8=0;
When 32≤h≤43,
If λ8≠ 0, then λ6=λ7=0,
If λ7≠ 0, then λ8=0;
λ7And λ8The nonzero integer that can take can only be 1.
The initial value of h is 49 now, then λ8=0, λ70 or 1 can only be taken.Which reduces different situations to be tested
Number.Solve equation now, obtain all of disaggregation { (λ4,λ5,λ6,λ7,λ8=0) }
For each group of solution, from the row vector set that hamming weight is i, choose λiIndividual row, obtains 8 ranks two and enters
Producing linear diffusion matrix (unrelated with row sequence), then judges using theorem 2 whether the linear branch number of this matrix reaches optimum,
Reach optimum and then detect whether this matrix is that invertible matrix (can pass through to calculate this determinant of a matrix, it is can that determinant is not 0
Inverse matrix), it is that invertible matrix then continues executing with next step, if linear branch number is not reaching to optimum or is not invertible matrix
Then select other row.If it is invalid that this group solution is certified as, continue to take other solutions that solution is concentrated to be detected.If disaggregation is demonstrate,proved
Bright then h is subtracted 1 for invalid, if now h is less than 32, program determination, otherwise continue executing with step 2.
Calculate by this step, work as h=49, when 48,47,46,45, all there is not linear branch number optimum and may be used simultaneously
Inverse binary matrix.Work as h=44, meet the row vector requiring with the presence of two groups of solutions and combine:
{(λ4=0, λ5=4, λ6=4, λ7=0, λ8=0) } and { (λ4=1, λ5=3, λ6=3, λ7=1, λ8=0) }.
Step 3: whether the differential branch number using theorem 1 judgment matrix reaches optimum, if then continue executing with next step
Suddenly, if otherwise returning execution step 2.
After tested, { (λ4=1, λ5=3, λ6=3, λ7=1, λ8=0) the row vector combination } solving is all no in this step
It is fixed,
{(λ4=0, λ5=4, λ6=4, λ7=0, λ8=0) the row vector combination } solving is detected by differential branch number, enters
Next step.
Step 4: this matrix by rows is exchanged two-by-two, often obtains new matrix computations and go out its proper polynomial,
Then according to theorem 3, detect gf (2 successively8) whether upper all nonzero elements are the roots of this feature value (is that root then represents this matrix
It is not strong orthomorphic matrices), if not being root, this matrix is gf (28) on strong orthomorphic matrices, output result, program determination.If
It is that root then continues to attempt to the exchange combination of other row, if all 8!Individual matrix is not strong orthomorphic matrices, then return execution step
2.
By executing above step, as h=44, by { (λ4=0, λ5=4, λ6=4, λ7=0, λ8=0) row } solving to
The strong orthomorphic matrices of one 8 rank binary system of amount combination producing are following (can be generated much strong orthomorphic matrices, only select a conduct to show
Example):
The differential branch number of this matrix and linear branch number are all theoretially optimum value 5,44 also for possible maximum hamming
Weight, also has strong complete equipilibrium simultaneously.
Above-mentioned specific embodiment is described the present invention with preferred embodiments, but this is only to facilitate understanding and lifting
Visualization example, be not considered as the restriction of the scope of the invention.Equally, all within the spirit and principles in the present invention,
Any modification, equivalent substitution and improvement made etc., should be included within the scope of the present invention.
Bibliography
[1]brouwer a e,verhoeff t.an updated table of minimum-distance bounds
for binary linear codes[j].information theory,ieee transactions on,1993,39
(2):662-677.
[2] Cui Ting, Chen Heshan, Jin Chenhui. some annotation [j] of block cipher binary diffusion structure. Journal of Software,
2012,23(9):2430-2437.
[3]kanda m,takashima y,matsumoto t,aoki k,ohta k.a strategy for
constructing fast round functions with practical security against
Differential and linear cryptanalysis [a] .in:tavares s, meijer h.proceedings of
the selected areas in cryptography[c].berlin/heidelberg:springer,1999,1556:
264-279.
[4] virgin speech, the clear .gf of Zhang Huanguo, Han Hai (2n)mOn linear orthomorphic permutation [j]. Wuhan University Journal (Edition),
2010,56(2):235-239.
Claims (9)
1. in a kind of symmetric cryptography the method for designing of binary linear diffusion structure it is characterised in that methods described includes:
(1) upper bound of the hamming gravimetric value of n rank binary linear diffusion matrix and a lower bound are calculated, and should
The upper bound is assigned to h, generates the set that candidate n ties up row vector composition simultaneously;
(2) it is expert at during vector is gathered and chooses element construction n rank binary system invertible matrix: hamming gravimetric value is h, linearly simultaneously
Branch's number reaches the theoretially optimum value under the conditions of this kind, if finding such matrix, execution step (3), if do not exist so
Matrix, then h from subtracting 1, if now h is less than lower bound, program determination, otherwise continue executing with step (2);
(3) calculate the differential branch number of this binary matrix, if differential branch number also reaches theoretially optimum value, execution step
(4), otherwise return to step (2);
(4) this matrix by rows is exchanged two-by-two, often obtain a new matrix and be judged as whether it is gf (2m) on strong conformality
Matrix, if strong orthomorphic matrices then output result, program determination, if this n!Individual matrix is not strong orthomorphic matrices, then return step
Suddenly (2);
Wherein, m > 1, the scale of n representing matrix, and 1≤n≤18, d is the minimum distance of binary linear code [2n, n, d],
Assume that this binary matrix is n rank, then according to the corresponding relation of binary linear code [2n, n, d] and binary matrix, permissible
Obtaining general lower bound is (d-1) n, and binary matrix is the matrix that matrix element is 0 or 1, binary matrix here
Hamming gravimetric value is equal to the number that element in this matrix is 1.
2. in a kind of symmetric cryptography according to claim 1 binary linear diffusion structure method for designing, its feature exists
In:
One general upper bound isWhereinRepresent the maximum being not more than (*)
Integer,Represent the smallest positive integral not less than (*), occur afterwardsWithImplication is all with herein.
3. in a kind of symmetric cryptography according to claim 1 binary linear diffusion structure method for designing, its feature exists
In:
Generate altogether (n-d+1) individual n dimension row vector set, in each row vector set, the hamming weight phase of all row
Deng the row vector hamming weight value of (n-d+1) individual row vector set is followed successively by d-1, d ..., n.
4. in a kind of symmetric cryptography according to claim 1 binary linear diffusion structure method for designing, its feature exists
In:
Assume that h is equal to the hamming gravimetric value of this binary matrix, λiIt is i's that value is equal to hamming weight in binary matrix
The quantity of row, then can obtain following Indeterminate Equation Group:
Solve equation group and obtain all of disaggregation { (λd-1,λd,…,λn), then randomly choose one of which solution (λd-1′,
λd′,…,λn'), choose λ from the row vector set that hamming weight is ii' individual different rows construct binary matrix.
5. in a kind of symmetric cryptography according to claim 4 binary linear diffusion structure method for designing, its feature exists
In:
Assume i, j, k, b are natural number,Represent the maximum integer being not more than (*),Represent not less than (*)
Small integer;
If n ≠ 4 and n ≠ 12, then when
When, whereinThen
λi=0,
And ifWherein 0≤j≤k, then
λb=0,
WhenWhen,
IfWhereinThen
λj=0,
If n=4 or n=12, now d is even number, then when
When, whereinThen
λi=0,
And ifWherein 0≤j≤k, then
λb=0,
When
When, ifWhereinThen
λj=0,
6. in a kind of symmetric cryptography according to claim 5 binary linear diffusion structure method for designing, its feature exists
In:
If n ≠ 4 and n ≠ 12, then whenWhen, λi0 or 1 can only be taken;And if only if, and d is even number
When,The number more than 1 can be taken, when d is for odd number,The nonzero integer that can take only has 1;
If n=4 or n=12, d is obtained by the knowledge of binary linear code and is even number, then whenWhen, λi0 or 1 can only be taken;The number more than 1 can be taken.
7. in a kind of symmetric cryptography according to claim 4 binary linear diffusion structure method for designing, its feature exists
In:
The first high situation of test hamming weight, if can not find, just by h from subtracting 1, then again indefinite in solution claim 4
Equation, chooses row structural matrix again.
8. in a kind of symmetric cryptography according to claim 1 binary linear diffusion structure method for designing, its feature exists
In:
Generate the 1 all n arriving n!Plant arrangement, then to rearrange the row sequence of matrix using arrangement, the generation of arrangement can be pre-
First calculate, then store precomputation result, directly invoke when use, when rearranging row sequence using an arrangement, obtain
After one new matrix, then calculate this poly, then detect finite field gf (2m) on all non-zero entry
Whether element is this root of polynomial, if being not root, this matrix is strong orthomorphic matrices, and this result is exported.
9. in a kind of symmetric cryptography according to claim 8 binary linear diffusion structure method for designing, its feature exists
In:
After h subtracts 1 certainly, if the value of h is less than lower bound, program determination, and point out no to meet the strong conformality square of requirement under this scale
Battle array.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310665234.3A CN103701584B (en) | 2013-12-10 | 2013-12-10 | Method for designing binary linear diffusion structure in symmetric ciphers |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310665234.3A CN103701584B (en) | 2013-12-10 | 2013-12-10 | Method for designing binary linear diffusion structure in symmetric ciphers |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103701584A CN103701584A (en) | 2014-04-02 |
CN103701584B true CN103701584B (en) | 2017-01-18 |
Family
ID=50362990
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310665234.3A Active CN103701584B (en) | 2013-12-10 | 2013-12-10 | Method for designing binary linear diffusion structure in symmetric ciphers |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103701584B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311777B (en) * | 2019-07-03 | 2021-08-31 | 华中农业大学 | Random password generation method and system based on one-class cryptography permutation |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013938A (en) * | 2007-01-12 | 2007-08-08 | 广州市诚毅科技软件开发有限公司 | Encryption method of block cipher |
CN101944991A (en) * | 2010-09-27 | 2011-01-12 | 北京航空航天大学 | Binary linear transformation method for diffusion layer in substitution-permutation network block encryption |
CN101951314A (en) * | 2010-10-12 | 2011-01-19 | 北京航空航天大学 | Design method of S-box in symmetric password encryption |
WO2011010068A1 (en) * | 2009-07-23 | 2011-01-27 | France Telecom | Method for converting a first digit into a second digit |
CN102142957A (en) * | 2010-09-17 | 2011-08-03 | 华为技术有限公司 | Data encryption method and device, and communication facility with data encryption function |
CN102412960A (en) * | 2011-11-21 | 2012-04-11 | 东北大学 | Chaos based Enigma encryption method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4561252B2 (en) * | 2004-09-03 | 2010-10-13 | ソニー株式会社 | Cryptographic processing apparatus, cryptographic processing method, and computer program |
-
2013
- 2013-12-10 CN CN201310665234.3A patent/CN103701584B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013938A (en) * | 2007-01-12 | 2007-08-08 | 广州市诚毅科技软件开发有限公司 | Encryption method of block cipher |
WO2011010068A1 (en) * | 2009-07-23 | 2011-01-27 | France Telecom | Method for converting a first digit into a second digit |
CN102142957A (en) * | 2010-09-17 | 2011-08-03 | 华为技术有限公司 | Data encryption method and device, and communication facility with data encryption function |
CN101944991A (en) * | 2010-09-27 | 2011-01-12 | 北京航空航天大学 | Binary linear transformation method for diffusion layer in substitution-permutation network block encryption |
CN101951314A (en) * | 2010-10-12 | 2011-01-19 | 北京航空航天大学 | Design method of S-box in symmetric password encryption |
CN102412960A (en) * | 2011-11-21 | 2012-04-11 | 东北大学 | Chaos based Enigma encryption method |
Non-Patent Citations (3)
Title |
---|
Hybrid Strategy of Particle Swarm Optimization and Simulated Annealing for Optimizing Orthomorphisms;Tong Yan, Zhang Huanguo;《INFORMATION THEORY AND CODING》;20120131;全文 * |
Matrix Characterization of Generalized Hamming Weights;G.Viswanath, B.Sundar Rajan;《ISIT2001》;20010629;全文 * |
雪崩布尔函数的构造方法及个数估计_;王庆平;《计算机工程与应用》;20130326;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN103701584A (en) | 2014-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101741560B (en) | Integral nonlinear mapping-based hash function constructing method | |
CN107070630A (en) | A kind of fast and safely hardware configuration of aes algorithm | |
CN109921899B (en) | A kind of S box implementation method of complete snowslide 4 × 4 | |
CN103501227A (en) | Improved multi-variable public key cryptogram encryption and decryption scheme | |
Li et al. | Constructing S-boxes for lightweight cryptography with Feistel structure | |
CN104751065A (en) | Encryption method for geographic information product file | |
CN103780382A (en) | Multivariable public-key encryption/decryption system and method based on hypersphere | |
CN101951314A (en) | Design method of S-box in symmetric password encryption | |
CN101977109A (en) | Linear mixed high ordered equation public key algorithm | |
Wang et al. | A power analysis on SMS4 using the chosen plaintext method | |
Liu et al. | Algebraic attacks on round-reduced keccak/xoodoo | |
CN103701584B (en) | Method for designing binary linear diffusion structure in symmetric ciphers | |
CN106656470A (en) | Data encryption method based on improved AES (Advanced Encryption Standard) algorithm | |
Du et al. | A Lightweight Blockchain‐based Public‐Key Authenticated Encryption with Multi‐Keyword Search for Cloud Computing | |
CN108449169A (en) | A kind of chaos grouping encryption method for wireless sensor and actor networks | |
Zheng et al. | Restriction, terms and nonlinearity of Boolean functions | |
Yan et al. | New ternary power mapping with differential uniformity Δ f≤ 3 and related optimal cyclic codes | |
Sakallı et al. | On the construction of 20× 20 and 24× 24 binary matrices with good implementation properties for lightweight block ciphers and hash functions | |
CN102006167A (en) | Ring signature method for anonymizing information based on algebra | |
CN113691364A (en) | Encryption and decryption method of dynamic S-box block cipher based on bit slice technology | |
Chen et al. | A Multinode Collaborative Decision-Making Scheme for Privacy Protection in IIoT | |
Akleylek et al. | Efficient methods to generate cryptographically significant binary diffusion layers | |
Rodwald et al. | How to create” good “S-boxes?” | |
Jie et al. | Improved related-key attack on 7-round AES-128/256 | |
Han | Enumeration and Generation to Linear Orthomorphisms on I (n) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |