基于多态性密码的S-盒安全机制研究
|
摘要
S盒是分组密码中重要的非线性组成部分,需要混淆和扩散性能好,高度非线性的算法来构造,和大多数通常已知的对称性加密算法(包括AES的代表算法例如Rijndael和Twofish)相比较,C.B.Roellgen提出的多态密码理论能够有效抵抗差分攻击,主要用于磁盘文件的加密,本文对多态密码理论原有机制进行了改进,提出了构造安全快速S盒的新思路,并且从满足严格雪崩准则、高度非线性以及位独立性准则三个方面进行分析。本文的工作包括以下四个方面:
1.基于多态性密码理论,结合P2P网络特点提出对多态性密码的输入序列的信号源进行改进,利用随机迭代单向布尔函数的方法构造满足密码学安全的提出了多态性PRNG的构造方案,为通信双方提供大量安全的会话密钥。并用相关理论和实验数据对其进行了安全性分析。
2.提出了多态性Diffie-Hellman密钥交换协议设计方案:本文在C.B.Roellgen的多态性密码理论的基础上,提出16个候选单向函数,利用Hash函数优良特性和自编译系统的不可读特性,对原有的类似Diffie-Hellman存储介质密钥交换协议进行改进,设计出网络通信双方共同构造的多态性Diffie-Hellman密钥交换协议方案,并且弥补了在身份认证、阻塞性拒绝服务攻击和假冒攻击三个方面的不足。
3.我们基于多态性Diffie-Hellman密钥交换协议,提出更加安全的半S-盒密钥交换协议设计方案,在交换协议中附加了通信双方的身份信息,可以由通信双方各自的伪随机序列产生器来共同设计快速S-盒,这种多态性S-盒在非正规的场景中可以得到广泛应用。
4.我们按照满足严格雪崩准则、高度非线性和输出位独立性三个准则对所构造的多态性S-盒进行安全分析,工作重点在依据严格雪崩准则对改进算法进行安全性分析和性能评价,保证多态性S-盒中的伪随机序列产生器满足严格雪崩准则,保证通信双方利用多态性S-盒所产生大量协商密钥的安全性。
An S-box is the important nonlinear component of block cipher algorithms. In f-act, the algorithm of S-box construction enjoys extremely highly nonlinear and h-igh level of confusion and diffusion. In contrast to most or all commonly known symmetric encryption algorithm designs (including the AES candidates such as Rijndael and Twofish), the Polymorphic Cipher (PMC) proposed by C.B.Roellgen can be made immune to Differential Power Attack. The algorithm is mostly us-ed to encrypt disk files. We propose a new method for constructing a Pseudora-ndom Number Generator (PRNG) to construct the security fast S-box. In this di-ssertation, we analyze the security of the S-box with cryptographic test methods such as strict avalanche criteria, high nonlinearity and bit independence criteria. It consists of the following four aspects.
1. By combining the characteristics of P2P network with the improved Polymo-rphic Cipher (PMC) theory, we improve on the signal generator to construct the security Polymorphic PRNG with some pseudorandom iterative one-way Boolean functions. The PRNG provides mass-produced session keys for two parties across a communication channel. The security of the function is anal-yzed by some experiment al results and correlated theories.
2. We propose a self-compiling-based Polymorphic Diffie-Hellman key excha-nge algorithm. We propose sixteen candidate one-way Boolean functions ba-sed on the Polymorphic Cipher (PMC) proposed by C.B.Roellgen. By combi-ning the characteristics of a perfect hash function and unobtainable self-com-pile system, we improve on the original memory medium oriented Diffie-He-llman key exchange algorithm. We propose the scheme that both commun-ication parties construct a new polymorphic Diffie-Hellman key exchange algorithm. The scheme can plug up the leaks in identity authentication, block DOS and impersonation attack.
3. We propose a much more secure scheme of semi-S-box key exchange agree-ment based on the Diffie-Hellman key exchange algorithm. The identity i-nformation of two parties can be appended to the agreement. Its security is dependent upon the length of pseudorandom numbers generated by two com-munication parties. The polymorphic S-box becomes a broad agreement in ir- regular scenes.
4. To satisfy a variety of cryptographic test methods, such as strict avalanche criterion (SAC), bit independence criterion (BIC), and nonlinearity, we apply polymorphic cipher (PMC) theory to the permutation function construction. Correlations among the test criteria in a real network environment are also evaluated. The most important work is to optimize the polymorphic ciphers combinational functions. Given that we are able to construct a polymorphic S-box design for a large amount of fast keys between two communication parties.
1.基于多态性密码理论,结合P2P网络特点提出对多态性密码的输入序列的信号源进行改进,利用随机迭代单向布尔函数的方法构造满足密码学安全的提出了多态性PRNG的构造方案,为通信双方提供大量安全的会话密钥。并用相关理论和实验数据对其进行了安全性分析。
2.提出了多态性Diffie-Hellman密钥交换协议设计方案:本文在C.B.Roellgen的多态性密码理论的基础上,提出16个候选单向函数,利用Hash函数优良特性和自编译系统的不可读特性,对原有的类似Diffie-Hellman存储介质密钥交换协议进行改进,设计出网络通信双方共同构造的多态性Diffie-Hellman密钥交换协议方案,并且弥补了在身份认证、阻塞性拒绝服务攻击和假冒攻击三个方面的不足。
3.我们基于多态性Diffie-Hellman密钥交换协议,提出更加安全的半S-盒密钥交换协议设计方案,在交换协议中附加了通信双方的身份信息,可以由通信双方各自的伪随机序列产生器来共同设计快速S-盒,这种多态性S-盒在非正规的场景中可以得到广泛应用。
4.我们按照满足严格雪崩准则、高度非线性和输出位独立性三个准则对所构造的多态性S-盒进行安全分析,工作重点在依据严格雪崩准则对改进算法进行安全性分析和性能评价,保证多态性S-盒中的伪随机序列产生器满足严格雪崩准则,保证通信双方利用多态性S-盒所产生大量协商密钥的安全性。
An S-box is the important nonlinear component of block cipher algorithms. In f-act, the algorithm of S-box construction enjoys extremely highly nonlinear and h-igh level of confusion and diffusion. In contrast to most or all commonly known symmetric encryption algorithm designs (including the AES candidates such as Rijndael and Twofish), the Polymorphic Cipher (PMC) proposed by C.B.Roellgen can be made immune to Differential Power Attack. The algorithm is mostly us-ed to encrypt disk files. We propose a new method for constructing a Pseudora-ndom Number Generator (PRNG) to construct the security fast S-box. In this di-ssertation, we analyze the security of the S-box with cryptographic test methods such as strict avalanche criteria, high nonlinearity and bit independence criteria. It consists of the following four aspects.
1. By combining the characteristics of P2P network with the improved Polymo-rphic Cipher (PMC) theory, we improve on the signal generator to construct the security Polymorphic PRNG with some pseudorandom iterative one-way Boolean functions. The PRNG provides mass-produced session keys for two parties across a communication channel. The security of the function is anal-yzed by some experiment al results and correlated theories.
2. We propose a self-compiling-based Polymorphic Diffie-Hellman key excha-nge algorithm. We propose sixteen candidate one-way Boolean functions ba-sed on the Polymorphic Cipher (PMC) proposed by C.B.Roellgen. By combi-ning the characteristics of a perfect hash function and unobtainable self-com-pile system, we improve on the original memory medium oriented Diffie-He-llman key exchange algorithm. We propose the scheme that both commun-ication parties construct a new polymorphic Diffie-Hellman key exchange algorithm. The scheme can plug up the leaks in identity authentication, block DOS and impersonation attack.
3. We propose a much more secure scheme of semi-S-box key exchange agree-ment based on the Diffie-Hellman key exchange algorithm. The identity i-nformation of two parties can be appended to the agreement. Its security is dependent upon the length of pseudorandom numbers generated by two com-munication parties. The polymorphic S-box becomes a broad agreement in ir- regular scenes.
4. To satisfy a variety of cryptographic test methods, such as strict avalanche criterion (SAC), bit independence criterion (BIC), and nonlinearity, we apply polymorphic cipher (PMC) theory to the permutation function construction. Correlations among the test criteria in a real network environment are also evaluated. The most important work is to optimize the polymorphic ciphers combinational functions. Given that we are able to construct a polymorphic S-box design for a large amount of fast keys between two communication parties.
引文
[1] C.B.Roellgen.Polymorphic Cipher Theory [OL]. http://www.pmc-ciphers.com/eng/content/Backround-Info/PMC-Explained.html.2007
[2] J.H. Reynolds Bootstrapping a self-compiling compiler from machine X tomachine Y Journal of Computing Sciences in Colleges archive Volume19. Issue 2 December 2003.175-181
[3] Antoine Joux.Multicollisions in iterated hash functions.application to cascadedconstructions - Crypto 04.LNCS 3152. 306– 316
[4] N.Courtois and J.Pieprzyk.Cryptanalysis of Block Ciphers with OverdefinedSystems of Equations. Advances in Cryptology. Asiacrypt LNCS 2501 Springer-Verlag. 2002. 267-287
[5] Uri Feige, Joe Kilian, Moni Naor.A minimal model for secure computation (extended abstract).In Proc. 26th STOC.ACM.1994.554–563.
[6] P.Feldman and S. Micali. An Optimal Algorithm for Synchronous ByzantineAgreement. SIAM. J.Computing. 26(2) 1997 . 873–933
[7] R. Gennaro, Y. Ishai, E. Kushilevitz.etc.The Round Complexity of VerifiableSecret Sharing and Secure Multicast.In Proceedings of the 33rd ACM Symp.on Theory of Computing (STOC’01). 2001 . 580-589
[8] Y. Lindell, A.Lysyanskaya, and T.Rabin. Sequential composition of protocolswithout simultaneous termination. In Proc. PODC 2002 203-212.
[9] M. Naor,K. Nissim.Communication preserving protocols for secure function evaluation. In Proc.STOC 2001. 590-599.
[10] M.Matsui.Linear cryptanalysis method for DES cipher.Advances in Cryptolo-gy. Proceedings Eurocrypt'93. LNCS 765. T. Helleseth.Ed.Springer-Verlag. 1994.386-397.
[11] S. Vaudenay. An experiment on DES statistical cryptanalysis. Proceedings of 3rd ACM Conference on Computer and Communications Security. ACMPress. 1996. 139-147
[12] M.Matsui,Linear Cryptanalysis Method for DES cipher. Eurocrypt’93. Sprin-ger-Verlag. Berlin.1993. 386-397.
[13] A.M. Youssef, S.E. Tavares, H. Heys. A New Class of Substitution-Permut-ation Networks. in the proceedings of SAC 1996. 1996. 132-147
[14] M.Mori1 Mixing property and pseudo random sequences IMS Lecture Notes–Monograph Series Dynamics & Stochastics Vol. 48. 2006.189–197
[15] Sumio Morioka , Akashi Satoh. A 10-Gbps full-AES crypto design with atwisted BDD S-box architecture. IEEE Transactions on Very Large Scale Integration (VLSI) Systems. v.12 n.7. July 2004. 686-691 [doi>10.1109/TVLSI.2004.830936]
[16] Tillich, S.Feldhofer, M.and Gro J. Area. Delay.and power characteristics ofstandard-cell implementations of the AES S-box. In Embedded Computer Systems: Architectures.Modeling.and Simulation--SAMOS Springer.vol. 4017of Lecture Notes in Computer Science.2006. 457-466
[17] J.Daemen, V.Rijmen.The Design of Rijndael:AES-The Advanced EncryptionStandard. ISBN 3-540-42580-2.Springer-Verlag Berlin Heidelberg. 2002.
[18] S. Murphy and M. Robshaw. Essential Algebraic Structure within the AES.Advances in Cryptology. Crypto 2002. LNCS 2442. Springer-Verlag. 2002.1-16
[19] Canright.D. A very compact S-Box for AES. in Cryptographic Hardware and Embedded Systems-CHES Springer. vol. 3659 of Lecture Notes in Computer Science 2005. 441-455
[20] S. Murphy and M. Robshaw. Comments on the Security of the AES andthe XSL Technique. http://www.isg.rhul.ac.uk/~mrobshaw/rijndael/xslnote.pdf
[21]刘连浩,崔杰,刘上力等.一种AES S盒改进方案的设计.中南大学学报(自然科学版) . 2007,4.第38卷第2期.339-344
[22] J.A.Haldermany,S. D. Schoenz, etc.Lest We Remember: Cold Boot Attackson Encryption Keys.http://citp.princeton.edu.nyud.net/pub/coldboot.pdf.2008
[23] E. Aras and M. D. Yucel. Examination of Substitution Boxes of SAFER.Proc. ELECO'99 Int. Conf. on Electrical & Electronics Engineering. Bursa. Turkiye. December 1999 . 418-422
[24] Mori,M.Construction of two dimensional low discrepancy sequences.Monte-Carlo methods and Appl. 8, 2, 2002 . 159-170.
[25]罗平,宋涛.随机分组密码算法框架及实现.计算机应用研究. 2008,5.第25卷.第5期.1556-1559
[26]胡予濮,张玉清,肖国镇.对称密码学[M].北京:机械工业出版社.2002.155-156
[27]刘尊全.刘氏高强度公开加密算法设计原理与装置.北京.清华大学出版社.1996
[28] W.Stallings. Network Security Essentials: Applications and Standards [M]. Pearson Education. New Jersey. 2004.164-166.
[29]殷新春,杨洁.高级加密标准Rijndael算法中S盒的替换方案.计算机工程.第32卷.第21期.2006,11.173-176
[30] Yifeng Yin , Xinshe Li , Yupu Hu.Fast S-box security mechanism researchbased on the polymorphic cipher.Information Sciences. Volume 178.Issue 6.15 March (2008). 1603-1610
[31] O.Goldreich.Foundations of Cryptography Basic Tools [M].Press Syndicateof the University of Cambridge.2001.75-89.
[32] A.Menezes,P.Oorschot and S.Vanstone.Handbook of Applied Cryptography [M]. CRC. 1996 . 169-190.
[33] Douglas R.Stinson著冯登国译密码学原理与实践第二版北京:电子工业出版社,2003 . 65-78.
[34] D.R.Stinson.Cryptography Theory and Practice. the second edition BeiJing:CRC Press .2002.65-78.
[35] G.Piret, J.J.Quisquater. A Differential Fault Attack Technique against SPN Structures. with Application to the AES and KHAZAD.C.D.Walter et al. (Eds.): CHES 2003.LNCS 2779.Springer-Verlag Berlin Heidelberg 2003.77-88
[36]胡廉民,张九华.分组密码算法的测试方法研究.电子科技大学学报.2007,8.第36卷.第4期.720-723
[37] Langford, S.K and Hellman, M.E. Different–linear cryptanalysis. Advanced in Cryptology-CRYOTO`94(LNCS839) Heidelberg .Berlin:Springer-Verlag.1994.5-12
[38] E. Biham,A. Shamir.Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology. Vol.4. No.1. 1991.3-72.
[39] M. Bucci,R. Luzzi.Design of Testable Random Bit Generators.CHES 2005.Edinburgh.UK: Springer-Verlag. 2005 . 147-156.
[40] B.Schneier.Applied Cryptography protocols,algorithms,and source code in c[M]. John Wiley & Sons. 1996 . 283-305.
[41] Zvi Gutterman,Benny Pinkas and Tzachy Reinman. Analysis of the LinuxRandom Number Generator. Proceedings of the 2006 IEEE Symposium onSecurity and Privacy. May 21-24,2006.371-385 [doi>10.1109/SP.2006.5]
[42] J. Katz, R. Ostrovsky, and A. Smith. Round Efficiency of Multi-party Co-mputation with a Dishonest Majority. In EUROCRYPT 2003.578-595.
[42] A. Biryukov and C. De Canniere.Block Ciphers and Systems of Quadratic Equations. Fast Software Encryption.FSE 2003. LNCS 2887. Springer-Verlag.2003.274-289.
[43] E. Aras and M. D. Yucel. Examination of Substitution Boxes of SAFER .Proc. ELECO'99 Int. Conf. on Electrical & Electronics Engineering. Bursa.Turkiye. December ,1999.418-422
[44] J.Hastad,R.Impagliazzo,L.Levin,and M.Luby.A pseudorandom generator fromany one-way function.SIAM Journal on Computing.28(4).19991364–1396.
[45] M.Bucci,R.Luzzi.Design of Testable Random Bit Generators in CryptographicHardware and Embedded Systems[C].CHES Berlin:Springer-Verlag.2005.147-156
[46] M.Falcioni, L.Palatella, and S.Pigolotti.Properties making a chaotic system a good pseudo random number generator.PHYSICAL REVIEW E 72.016220.2005.016220(1)-016220(10)
[47] M. Luby, C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions.SIAM Journal on Computing.Vol. 17, No. 2. 1988. 373-376.
[48] U. M. Maurer. A simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generators. EuroCrypt‘92. Springer LNCS v.658.1992.239-255
[49] A. Satoh,et al.Hardware-Focused Performance Comparison for the Standard Block Ciphers AES,Camellia,and Triple-DES.Information Security Conference- ISC 2003. LNCS 2851. Oct,2003.252-266.
[50] Ichikawa,Y.and Mori.M.Discrepancy of van der Corput sequences generatedby piecewise linear transformations.Monte Carlo Methods and Appl.10.12, 2004.107–116.
[51] A.F.Webster,S.E.Tavars.On the design of s-boxes,Advances in Cryptology.Proc.CRYPTO'85.Springer- Verlag.Berlin.1986.523-534.
[52] K.Chmiel.Distribution of the best nonzero differential and linear approxima-tions of s-box functions.journal of telecommunications and information technology .2006(3).8-13.
[53] K.Chmiel. Fast computation of approximation tables, in Information Proces-sing and Security Systems. K. Saeed and J. Peja?. Eds.New York: Springer.2005.125–134.
[54]刘怡文,李伟琴,冯登国.密码协议的一种安全模型.软件学报.Vol.14.No.6.2003.1148-1156
[55] S. Mister,C.M. Adams. Practical S-Box Design. SAC'96. Queen's University. Kingston. Ontario. 1996.61-76.
[56] B.Schneier.Applied Cryptography Second Edition: protocols,algorithms, andsource code in c. John Wiley & Sons. New York.1996.201-206
[57] V. Digalakis and H. Murveit. Genones: Optimizing the Degree of Mixture Tying in a Large Vocabulary Hidden Markov Model Based Speech Recogn-izer. IEEE Trans.Speech Audio.July,1996.281-289
[58] S. Murphy. The Independence of Linear Approximations in Symmetric Cryptology.IEEE Transactions on Information Theory.Vol.52.2006.5510-5518.
[59] W.Mao.Modern Cryptography Theory and Practice.Pearson Education. NewJersey. 2004.231-244.
[60] A. F. Webster and S. E. Tavares. On the design of S-boxes. Advances in Cryptology: Proc. CRYPTO‘85 Springer-Verlag. Berlin. 1986. 523-534
[61] Muxiang Zhang,Agnes Chan.Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers.CRYPTO 2000.Springer-Verlag.Berlin Heidelberg.2000.501–514
[62]陈华,吴文玲,冯登国.提高S盒非线性度的有效算法.计算机科学.Vo132.No10.2005.68-70
[63] Gupta, Kishan C, and Sarkar. Palash.Improved Construction of Non-Linear Resilient S-Boxes. IEEE Transactions on InformationTheory. Vol.51. No.1. January 2005.339-348.
[64] Gupta, K.C.; Sarkar, P.Improved construction of nonlinear resilient S-boxesInformation Theory. IEEE Transactions on Volume 51. Issue 1. Jan. 2005 339 -348
[65] R.Cramer, I.Damgard,and U.Maurer. General secure multi-party computationfrom secret-sharing scheme. In Proc. of EUROCRYPT’00. LNCS 1807. 2000.316-334
[66] R.Cramer,I. Damgard, and J. Nielsen.Multiparty computation from thresholdencryption.In Proc. of EUROCRYPT’01.LNCS 2045.2001.280-299.
[68] Rogaway P.and Coppersmith D.A Software-Optimized Encryption AlgorithmFast Software Encryption.Cambridge Security Workshop Proceedings.Springer-Verlag.1994. 56-63.
[69] Li Shujun, Li Qi, Li Wenmin, et al. Statistical Properties of Digital Piecewise Linear Chaotic Maps and Their Roles in Cryptography and Pseudo-random Coding[C] // Proc. of the 8th International Conf. on IMA. Berlin: Springer-Verlag. 2001 . 323-329.
[70]佟晓筠,崔明根.复合非线性混沌系统伪随机数发生器产生算法.计算机工程.2007,10.第33第20期.139-141
[71] E.Biham and A.Shamir.Differential cryptanalysis of DES-like cryptosystems.Journal of Cryptology.Vol. 4. No.1.1991.3-72.
[72] Langford, S.K,Hellman M.E.Different–linear cryptanalysis, Advanced in Cryptology ---CRYOTO`94 (LNCS839). Berlin: Springer-Verlag. 1994. 5-12
[73] Amy Glen.On the Period Length of Pseudorandom Number [OL]Sequences.http://www.maths.adelaide.edu.au/people/aglen/thesis2002_pdf.pdf. 2002
[74] M. Luby, C.Rackoff. How to construct pseudorandom permutations from pseudorandom functions.SIAM Journal on Computing.Vol.17. No.2.1988.373-376
[75] M. Naor, O. Reingold. On the construction of pseudo-random permutations:Luby-Rackoff revisited.Journal of Cryptology. Vol.12.1999.29-66
[76] J. Hastad, R. Impagliazzo, L. A. Levin.etc.A pseudorandom generator fromany one-way function. SIAM J. Comput.. 28(4) 1999.1364–1396
[77] Y. Ishai and E. Kushilevitz. Randomizing polynomials:A new representationwith applications to round-efficient secure computation. In Proc. 41st FOCS. 2000. 294–304
[78] O.Goldreich.Foundations of Cryptography Basic Tools. Press Syndicate of the University of Cambridge. 2001.75-89.
[79] I.VERGīILīI, M.D.YüCEL. Avalanche and Bit Independence Properties forthe Ensembles of Randomly Chosen n×n S-Boxes.Turk J Elec Engin.VOL.9. NO.2.2001.137-145.
[80] E.S.Abuelyman , A.A. S. Alsehibani. An Optimized Implementation of the S-Box using Residues of Prime Numbers. International Journal of ComputerScience and Network Security. VOL.8 No.4. April 2008.304-309
[81] T. Jacobsen and L.R.Knudsen. The Interpolation Attack on Block Ciphers. Fast Software Encryption.LNCS 1267.E.Biham.Ed.Springer-Verlag.1997.28-40.
[82] C.Henke,C. Schmoll,T. Zseby. Empirical Evaluation of Hash Functions for PacketID Generation in Sampled Multipoint Measurements. S.B. Moon et al.(Eds.): PAM 2009. LNCS 5448. 197–206
[83] REN Kui,PARK Jaemin2, KIM Kwangjo.On the construction of cryptograp-hically strong Boolean functions with desirable trade-off.Journal of ZhejiangUniversity SCIENCE.2005 6A(5):358-364
[84] A.M.Youssef, S.E. Tavares.On the avalanche characteristics of substitution permutation networks. Proceedings of PRAGOCRYPT’96. 1996. 18-29
[85] F.Sano, K.Ohkuma,etc.On the security of nested cipher against the differe-ntial and linear cryptanalysis. IEICE Transactions on Fundamentals of Elec-tronics. Communications and Computer Sciences.Vol.E86-A.No.1.2003.37–46
[86] Stanica,P,Sung, S.H.Improving the nonlinearity of certain balanced Booleanfunctions with good local and global avalanche characteristics. InformationProcessing Letters. 79(4): 2001 167-172
[87] Meier.W,Staffelbach.O.Nonlinearity Criteria for Cryptographic Functions. Advances in Cryptology EUROCRYPT’89. LNCS 434. Springer-Verlag 1989.549-562
[88] S. Park, S.H. Sung,etc. On the security of Rijndael-like structures against differential and linear cryptanalysis. Advances in Cryptology—ASIACRYPT 2002. LNCS 2501.Springer-Verlag.2002. 176–191
[89] L.Keliher, H. Meijer, and S. Tavares. Toward the true random cipher: On expected linear probability values for SPNs with randomly selected s-boxes.Chapter in Communications.Information and Network Security.V.Bhargava. H.Poor.V.Tarokh.and S.Yoon (Eds.)Kluwer Academic Publishers.2003.123-146
[90] P.Junod.On the complexity of Matsui’s attack. Eighth Annual International Workshop on Selected Areas in Cryptography (SAC 2001). LNCS 2259. Springer-Verlag. 2001. 199–211
[91] C.E.Shannon.Communication theory of secrecy systems.Bell System Techni-cal Journal.Vol.28.no.4.1949. 656–715.
[92] Zhang,X,Zheng,Y.L.GAC–the criterion of global avalanche characteristics ofcryptographic functions. Journal of Universal Computer Science. 1(5) 1995.316-333
[93] H.M.Heys and S.E. Tavares. Avalanche characteristics of substitution perm-utation encryption networks. IEEE Transactions on Computers. Vol. 44.No. 9. September 1995. 1131–1139
[94] H. Brunner,A.Curiger. M. Hofstetter. On computing multiplicative inversesin GF(2m). IEEE Transactions on Computers.Vol. 42. No.8,August 1993.1010-1015.
[95] E.ARAS, Melek D.YUCEL. Performance Evaluation of Safer K-64 and S-Boxes of the Safer Family.Turk J Elec Engin.VOL.9. NO.2 2001.161-175
[96] R.Pass.Bounded-concurrent secure multi-party computation with a dishonestmajority. In Proc. STOC 2004 232-241.
[97] A. Shamir, J. Patarin, N. Courtois and A. Klimov. Efficient Algorithms forsolving Overdefined Systems of Multivariate Polynomial Equations. Adva-nces in Cryptology. Eurocrypt 2000. LNCS 1807. Springer-Verlag Berlin Heilderberg 2000. 392-407
[98] E.Biham, A.Shamir. Differential Cryptanalysis of DES-like Cryptosystems . Journal of Cryptology. Vol.4. No.1. 1991. 3-72.
[99] I.Vergili.Statistics on Satisfaction of Security Criteria For Randomly Gener-ated S-Boxes. M.S. Thesis. Middle East Technical University. Turkey. June 2000.60-64
[100] I. Vergili and M. D. Yucel.On Satisfaction of Some Security Criteria for Randomly Chosen S-Boxes. Proc 20th Biennial Symp. on Communications. Kingston. Canada. May 2000. 64-68
[101] R. Forre. The strict avalanche criterion : Spectral properties of Boolean fu-nctions and an extended definition. In Advances in Cryptology -CRYPTO'88. Lecture Notes in Computer Science Springer-Verlag. 1990.450-468
[102] K. Kurosawa,T. Satoh. Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria. In Advances in Cryptology-EUROCR-YPT'97. Lecture Notes in Computer Science. Springer-Verlag.1997.434-449
[2] J.H. Reynolds Bootstrapping a self-compiling compiler from machine X tomachine Y Journal of Computing Sciences in Colleges archive Volume19. Issue 2 December 2003.175-181
[3] Antoine Joux.Multicollisions in iterated hash functions.application to cascadedconstructions - Crypto 04.LNCS 3152. 306– 316
[4] N.Courtois and J.Pieprzyk.Cryptanalysis of Block Ciphers with OverdefinedSystems of Equations. Advances in Cryptology. Asiacrypt LNCS 2501 Springer-Verlag. 2002. 267-287
[5] Uri Feige, Joe Kilian, Moni Naor.A minimal model for secure computation (extended abstract).In Proc. 26th STOC.ACM.1994.554–563.
[6] P.Feldman and S. Micali. An Optimal Algorithm for Synchronous ByzantineAgreement. SIAM. J.Computing. 26(2) 1997 . 873–933
[7] R. Gennaro, Y. Ishai, E. Kushilevitz.etc.The Round Complexity of VerifiableSecret Sharing and Secure Multicast.In Proceedings of the 33rd ACM Symp.on Theory of Computing (STOC’01). 2001 . 580-589
[8] Y. Lindell, A.Lysyanskaya, and T.Rabin. Sequential composition of protocolswithout simultaneous termination. In Proc. PODC 2002 203-212.
[9] M. Naor,K. Nissim.Communication preserving protocols for secure function evaluation. In Proc.STOC 2001. 590-599.
[10] M.Matsui.Linear cryptanalysis method for DES cipher.Advances in Cryptolo-gy. Proceedings Eurocrypt'93. LNCS 765. T. Helleseth.Ed.Springer-Verlag. 1994.386-397.
[11] S. Vaudenay. An experiment on DES statistical cryptanalysis. Proceedings of 3rd ACM Conference on Computer and Communications Security. ACMPress. 1996. 139-147
[12] M.Matsui,Linear Cryptanalysis Method for DES cipher. Eurocrypt’93. Sprin-ger-Verlag. Berlin.1993. 386-397.
[13] A.M. Youssef, S.E. Tavares, H. Heys. A New Class of Substitution-Permut-ation Networks. in the proceedings of SAC 1996. 1996. 132-147
[14] M.Mori1 Mixing property and pseudo random sequences IMS Lecture Notes–Monograph Series Dynamics & Stochastics Vol. 48. 2006.189–197
[15] Sumio Morioka , Akashi Satoh. A 10-Gbps full-AES crypto design with atwisted BDD S-box architecture. IEEE Transactions on Very Large Scale Integration (VLSI) Systems. v.12 n.7. July 2004. 686-691 [doi>10.1109/TVLSI.2004.830936]
[16] Tillich, S.Feldhofer, M.and Gro J. Area. Delay.and power characteristics ofstandard-cell implementations of the AES S-box. In Embedded Computer Systems: Architectures.Modeling.and Simulation--SAMOS Springer.vol. 4017of Lecture Notes in Computer Science.2006. 457-466
[17] J.Daemen, V.Rijmen.The Design of Rijndael:AES-The Advanced EncryptionStandard. ISBN 3-540-42580-2.Springer-Verlag Berlin Heidelberg. 2002.
[18] S. Murphy and M. Robshaw. Essential Algebraic Structure within the AES.Advances in Cryptology. Crypto 2002. LNCS 2442. Springer-Verlag. 2002.1-16
[19] Canright.D. A very compact S-Box for AES. in Cryptographic Hardware and Embedded Systems-CHES Springer. vol. 3659 of Lecture Notes in Computer Science 2005. 441-455
[20] S. Murphy and M. Robshaw. Comments on the Security of the AES andthe XSL Technique. http://www.isg.rhul.ac.uk/~mrobshaw/rijndael/xslnote.pdf
[21]刘连浩,崔杰,刘上力等.一种AES S盒改进方案的设计.中南大学学报(自然科学版) . 2007,4.第38卷第2期.339-344
[22] J.A.Haldermany,S. D. Schoenz, etc.Lest We Remember: Cold Boot Attackson Encryption Keys.http://citp.princeton.edu.nyud.net/pub/coldboot.pdf.2008
[23] E. Aras and M. D. Yucel. Examination of Substitution Boxes of SAFER.Proc. ELECO'99 Int. Conf. on Electrical & Electronics Engineering. Bursa. Turkiye. December 1999 . 418-422
[24] Mori,M.Construction of two dimensional low discrepancy sequences.Monte-Carlo methods and Appl. 8, 2, 2002 . 159-170.
[25]罗平,宋涛.随机分组密码算法框架及实现.计算机应用研究. 2008,5.第25卷.第5期.1556-1559
[26]胡予濮,张玉清,肖国镇.对称密码学[M].北京:机械工业出版社.2002.155-156
[27]刘尊全.刘氏高强度公开加密算法设计原理与装置.北京.清华大学出版社.1996
[28] W.Stallings. Network Security Essentials: Applications and Standards [M]. Pearson Education. New Jersey. 2004.164-166.
[29]殷新春,杨洁.高级加密标准Rijndael算法中S盒的替换方案.计算机工程.第32卷.第21期.2006,11.173-176
[30] Yifeng Yin , Xinshe Li , Yupu Hu.Fast S-box security mechanism researchbased on the polymorphic cipher.Information Sciences. Volume 178.Issue 6.15 March (2008). 1603-1610
[31] O.Goldreich.Foundations of Cryptography Basic Tools [M].Press Syndicateof the University of Cambridge.2001.75-89.
[32] A.Menezes,P.Oorschot and S.Vanstone.Handbook of Applied Cryptography [M]. CRC. 1996 . 169-190.
[33] Douglas R.Stinson著冯登国译密码学原理与实践第二版北京:电子工业出版社,2003 . 65-78.
[34] D.R.Stinson.Cryptography Theory and Practice. the second edition BeiJing:CRC Press .2002.65-78.
[35] G.Piret, J.J.Quisquater. A Differential Fault Attack Technique against SPN Structures. with Application to the AES and KHAZAD.C.D.Walter et al. (Eds.): CHES 2003.LNCS 2779.Springer-Verlag Berlin Heidelberg 2003.77-88
[36]胡廉民,张九华.分组密码算法的测试方法研究.电子科技大学学报.2007,8.第36卷.第4期.720-723
[37] Langford, S.K and Hellman, M.E. Different–linear cryptanalysis. Advanced in Cryptology-CRYOTO`94(LNCS839) Heidelberg .Berlin:Springer-Verlag.1994.5-12
[38] E. Biham,A. Shamir.Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology. Vol.4. No.1. 1991.3-72.
[39] M. Bucci,R. Luzzi.Design of Testable Random Bit Generators.CHES 2005.Edinburgh.UK: Springer-Verlag. 2005 . 147-156.
[40] B.Schneier.Applied Cryptography protocols,algorithms,and source code in c[M]. John Wiley & Sons. 1996 . 283-305.
[41] Zvi Gutterman,Benny Pinkas and Tzachy Reinman. Analysis of the LinuxRandom Number Generator. Proceedings of the 2006 IEEE Symposium onSecurity and Privacy. May 21-24,2006.371-385 [doi>10.1109/SP.2006.5]
[42] J. Katz, R. Ostrovsky, and A. Smith. Round Efficiency of Multi-party Co-mputation with a Dishonest Majority. In EUROCRYPT 2003.578-595.
[42] A. Biryukov and C. De Canniere.Block Ciphers and Systems of Quadratic Equations. Fast Software Encryption.FSE 2003. LNCS 2887. Springer-Verlag.2003.274-289.
[43] E. Aras and M. D. Yucel. Examination of Substitution Boxes of SAFER .Proc. ELECO'99 Int. Conf. on Electrical & Electronics Engineering. Bursa.Turkiye. December ,1999.418-422
[44] J.Hastad,R.Impagliazzo,L.Levin,and M.Luby.A pseudorandom generator fromany one-way function.SIAM Journal on Computing.28(4).19991364–1396.
[45] M.Bucci,R.Luzzi.Design of Testable Random Bit Generators in CryptographicHardware and Embedded Systems[C].CHES Berlin:Springer-Verlag.2005.147-156
[46] M.Falcioni, L.Palatella, and S.Pigolotti.Properties making a chaotic system a good pseudo random number generator.PHYSICAL REVIEW E 72.016220.2005.016220(1)-016220(10)
[47] M. Luby, C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions.SIAM Journal on Computing.Vol. 17, No. 2. 1988. 373-376.
[48] U. M. Maurer. A simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generators. EuroCrypt‘92. Springer LNCS v.658.1992.239-255
[49] A. Satoh,et al.Hardware-Focused Performance Comparison for the Standard Block Ciphers AES,Camellia,and Triple-DES.Information Security Conference- ISC 2003. LNCS 2851. Oct,2003.252-266.
[50] Ichikawa,Y.and Mori.M.Discrepancy of van der Corput sequences generatedby piecewise linear transformations.Monte Carlo Methods and Appl.10.12, 2004.107–116.
[51] A.F.Webster,S.E.Tavars.On the design of s-boxes,Advances in Cryptology.Proc.CRYPTO'85.Springer- Verlag.Berlin.1986.523-534.
[52] K.Chmiel.Distribution of the best nonzero differential and linear approxima-tions of s-box functions.journal of telecommunications and information technology .2006(3).8-13.
[53] K.Chmiel. Fast computation of approximation tables, in Information Proces-sing and Security Systems. K. Saeed and J. Peja?. Eds.New York: Springer.2005.125–134.
[54]刘怡文,李伟琴,冯登国.密码协议的一种安全模型.软件学报.Vol.14.No.6.2003.1148-1156
[55] S. Mister,C.M. Adams. Practical S-Box Design. SAC'96. Queen's University. Kingston. Ontario. 1996.61-76.
[56] B.Schneier.Applied Cryptography Second Edition: protocols,algorithms, andsource code in c. John Wiley & Sons. New York.1996.201-206
[57] V. Digalakis and H. Murveit. Genones: Optimizing the Degree of Mixture Tying in a Large Vocabulary Hidden Markov Model Based Speech Recogn-izer. IEEE Trans.Speech Audio.July,1996.281-289
[58] S. Murphy. The Independence of Linear Approximations in Symmetric Cryptology.IEEE Transactions on Information Theory.Vol.52.2006.5510-5518.
[59] W.Mao.Modern Cryptography Theory and Practice.Pearson Education. NewJersey. 2004.231-244.
[60] A. F. Webster and S. E. Tavares. On the design of S-boxes. Advances in Cryptology: Proc. CRYPTO‘85 Springer-Verlag. Berlin. 1986. 523-534
[61] Muxiang Zhang,Agnes Chan.Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers.CRYPTO 2000.Springer-Verlag.Berlin Heidelberg.2000.501–514
[62]陈华,吴文玲,冯登国.提高S盒非线性度的有效算法.计算机科学.Vo132.No10.2005.68-70
[63] Gupta, Kishan C, and Sarkar. Palash.Improved Construction of Non-Linear Resilient S-Boxes. IEEE Transactions on InformationTheory. Vol.51. No.1. January 2005.339-348.
[64] Gupta, K.C.; Sarkar, P.Improved construction of nonlinear resilient S-boxesInformation Theory. IEEE Transactions on Volume 51. Issue 1. Jan. 2005 339 -348
[65] R.Cramer, I.Damgard,and U.Maurer. General secure multi-party computationfrom secret-sharing scheme. In Proc. of EUROCRYPT’00. LNCS 1807. 2000.316-334
[66] R.Cramer,I. Damgard, and J. Nielsen.Multiparty computation from thresholdencryption.In Proc. of EUROCRYPT’01.LNCS 2045.2001.280-299.
[68] Rogaway P.and Coppersmith D.A Software-Optimized Encryption AlgorithmFast Software Encryption.Cambridge Security Workshop Proceedings.Springer-Verlag.1994. 56-63.
[69] Li Shujun, Li Qi, Li Wenmin, et al. Statistical Properties of Digital Piecewise Linear Chaotic Maps and Their Roles in Cryptography and Pseudo-random Coding[C] // Proc. of the 8th International Conf. on IMA. Berlin: Springer-Verlag. 2001 . 323-329.
[70]佟晓筠,崔明根.复合非线性混沌系统伪随机数发生器产生算法.计算机工程.2007,10.第33第20期.139-141
[71] E.Biham and A.Shamir.Differential cryptanalysis of DES-like cryptosystems.Journal of Cryptology.Vol. 4. No.1.1991.3-72.
[72] Langford, S.K,Hellman M.E.Different–linear cryptanalysis, Advanced in Cryptology ---CRYOTO`94 (LNCS839). Berlin: Springer-Verlag. 1994. 5-12
[73] Amy Glen.On the Period Length of Pseudorandom Number [OL]Sequences.http://www.maths.adelaide.edu.au/people/aglen/thesis2002_pdf.pdf. 2002
[74] M. Luby, C.Rackoff. How to construct pseudorandom permutations from pseudorandom functions.SIAM Journal on Computing.Vol.17. No.2.1988.373-376
[75] M. Naor, O. Reingold. On the construction of pseudo-random permutations:Luby-Rackoff revisited.Journal of Cryptology. Vol.12.1999.29-66
[76] J. Hastad, R. Impagliazzo, L. A. Levin.etc.A pseudorandom generator fromany one-way function. SIAM J. Comput.. 28(4) 1999.1364–1396
[77] Y. Ishai and E. Kushilevitz. Randomizing polynomials:A new representationwith applications to round-efficient secure computation. In Proc. 41st FOCS. 2000. 294–304
[78] O.Goldreich.Foundations of Cryptography Basic Tools. Press Syndicate of the University of Cambridge. 2001.75-89.
[79] I.VERGīILīI, M.D.YüCEL. Avalanche and Bit Independence Properties forthe Ensembles of Randomly Chosen n×n S-Boxes.Turk J Elec Engin.VOL.9. NO.2.2001.137-145.
[80] E.S.Abuelyman , A.A. S. Alsehibani. An Optimized Implementation of the S-Box using Residues of Prime Numbers. International Journal of ComputerScience and Network Security. VOL.8 No.4. April 2008.304-309
[81] T. Jacobsen and L.R.Knudsen. The Interpolation Attack on Block Ciphers. Fast Software Encryption.LNCS 1267.E.Biham.Ed.Springer-Verlag.1997.28-40.
[82] C.Henke,C. Schmoll,T. Zseby. Empirical Evaluation of Hash Functions for PacketID Generation in Sampled Multipoint Measurements. S.B. Moon et al.(Eds.): PAM 2009. LNCS 5448. 197–206
[83] REN Kui,PARK Jaemin2, KIM Kwangjo.On the construction of cryptograp-hically strong Boolean functions with desirable trade-off.Journal of ZhejiangUniversity SCIENCE.2005 6A(5):358-364
[84] A.M.Youssef, S.E. Tavares.On the avalanche characteristics of substitution permutation networks. Proceedings of PRAGOCRYPT’96. 1996. 18-29
[85] F.Sano, K.Ohkuma,etc.On the security of nested cipher against the differe-ntial and linear cryptanalysis. IEICE Transactions on Fundamentals of Elec-tronics. Communications and Computer Sciences.Vol.E86-A.No.1.2003.37–46
[86] Stanica,P,Sung, S.H.Improving the nonlinearity of certain balanced Booleanfunctions with good local and global avalanche characteristics. InformationProcessing Letters. 79(4): 2001 167-172
[87] Meier.W,Staffelbach.O.Nonlinearity Criteria for Cryptographic Functions. Advances in Cryptology EUROCRYPT’89. LNCS 434. Springer-Verlag 1989.549-562
[88] S. Park, S.H. Sung,etc. On the security of Rijndael-like structures against differential and linear cryptanalysis. Advances in Cryptology—ASIACRYPT 2002. LNCS 2501.Springer-Verlag.2002. 176–191
[89] L.Keliher, H. Meijer, and S. Tavares. Toward the true random cipher: On expected linear probability values for SPNs with randomly selected s-boxes.Chapter in Communications.Information and Network Security.V.Bhargava. H.Poor.V.Tarokh.and S.Yoon (Eds.)Kluwer Academic Publishers.2003.123-146
[90] P.Junod.On the complexity of Matsui’s attack. Eighth Annual International Workshop on Selected Areas in Cryptography (SAC 2001). LNCS 2259. Springer-Verlag. 2001. 199–211
[91] C.E.Shannon.Communication theory of secrecy systems.Bell System Techni-cal Journal.Vol.28.no.4.1949. 656–715.
[92] Zhang,X,Zheng,Y.L.GAC–the criterion of global avalanche characteristics ofcryptographic functions. Journal of Universal Computer Science. 1(5) 1995.316-333
[93] H.M.Heys and S.E. Tavares. Avalanche characteristics of substitution perm-utation encryption networks. IEEE Transactions on Computers. Vol. 44.No. 9. September 1995. 1131–1139
[94] H. Brunner,A.Curiger. M. Hofstetter. On computing multiplicative inversesin GF(2m). IEEE Transactions on Computers.Vol. 42. No.8,August 1993.1010-1015.
[95] E.ARAS, Melek D.YUCEL. Performance Evaluation of Safer K-64 and S-Boxes of the Safer Family.Turk J Elec Engin.VOL.9. NO.2 2001.161-175
[96] R.Pass.Bounded-concurrent secure multi-party computation with a dishonestmajority. In Proc. STOC 2004 232-241.
[97] A. Shamir, J. Patarin, N. Courtois and A. Klimov. Efficient Algorithms forsolving Overdefined Systems of Multivariate Polynomial Equations. Adva-nces in Cryptology. Eurocrypt 2000. LNCS 1807. Springer-Verlag Berlin Heilderberg 2000. 392-407
[98] E.Biham, A.Shamir. Differential Cryptanalysis of DES-like Cryptosystems . Journal of Cryptology. Vol.4. No.1. 1991. 3-72.
[99] I.Vergili.Statistics on Satisfaction of Security Criteria For Randomly Gener-ated S-Boxes. M.S. Thesis. Middle East Technical University. Turkey. June 2000.60-64
[100] I. Vergili and M. D. Yucel.On Satisfaction of Some Security Criteria for Randomly Chosen S-Boxes. Proc 20th Biennial Symp. on Communications. Kingston. Canada. May 2000. 64-68
[101] R. Forre. The strict avalanche criterion : Spectral properties of Boolean fu-nctions and an extended definition. In Advances in Cryptology -CRYPTO'88. Lecture Notes in Computer Science Springer-Verlag. 1990.450-468
[102] K. Kurosawa,T. Satoh. Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria. In Advances in Cryptology-EUROCR-YPT'97. Lecture Notes in Computer Science. Springer-Verlag.1997.434-449