混沌分组密码的设计与应用
|
摘要
密码是信息安全技术的基础。分组密码以其速度快、易于标准化和和便于软硬件实现等特点成为信息与网络安全中实现数据加密、数字签名、认证及密钥管理的核心体制。随着AES活动的开展,分组密码成为近几年密码学研究中非常活跃的一个课题。自主性是信息安全的一个重要特点,依靠自己的力量并汲取现有的先进经验进行分组密码的研究、设计和开发显得非常必要。
在分析了各种混沌分组密码和基于混沌映射设计S盒的基本原理的基础上,针对传统的基于混沌映射构造S盒的方法具有较大随机性、较难搜索到具有良好密码学特性的S盒的缺点,根据混沌映射的特点和密码学特性要求构造了基于混沌的变异算子和适应函数,并提出了基于混沌遗传算法构造S盒的算法。算法首先利用混沌映射生成初始种群,然后对初始种群采用遗传算法中的选择,交叉,变异等操作,其中变异操作采用离散Baker混沌映射对其置乱的方法。仿真实验进一步表明,此方法设计的S盒满足较好的密码学特性,如双射性,高非线性度,严格雪崩效应,输出位独立,等概率异或分布等等,保证了所设计的S盒能够有效地抵抗多种攻击。此方法具有很好的可扩展性,通过改变混沌映射还可以找到其他满足密码特性好的S盒。根据现存的分组密码的各类结构的优缺点,采用Feistel结构设计了混沌分组密码系统。并对此混沌分组密码进行了密码学特性分析,实验证明此密码系统具有较好的密码学特性。
通过一个加密数据库系统,来详细说明如何将混沌分组密码应用到实际中。采用J2EE平台实现加密数据库系统,增强了数据库系统的保密性。
With the rapid development and extensive applications of information and communication technology, the security and protection of network information are becoming increasingly a key problem that must be solved urgently. Block cipher has many attractive features so that they are usually core components in information and Internet security for data encryption, data signature, authentication, and so on. Along with the launch of AES process, block cipher has become a very active subject in recent years. Autonomy is a notable feature of information security. Thus, it's very necessary to conduct block cipher research, design and development relying on our own ability.
The basic principles of various chaotic ciphers based on the chaotic map and methods for designing S-boxes are analyzed in this paper at first. According to the shortcomings that the traditional methods for designing S-boxes by using chaotic maps can not find good S-boxes easily, this paper proposed a method for designing S-boxes by genetic algorithm based on the chaotic map, which design the fitness function and mutation operator on the basis of characteristics of cryptology. The method is composed of two steps. The first step is generating some S-boxes by using a chaotic map, by this way; an initial data pool can be obtained. Secondly, selection crossover and mutation would be operated on the initial data pool. The mutation is applying a Bake map several times to shuffle the table nonlinearly. In addition, the cryptographic properties such as the bijective property, the strict avalanche criterion, the nonlinearity, the output bits independence criterion and the equiprobable input/output XOR distribution are analyzed in detail for the S-box produced by the method which the paper proposed. The results of numerical analysis show that the S-box has approximately fulfilled the criteria for a cryptographically strong S-box and can resist several attacks, effectively. Based on careful analysis on the properties of the structure of various block cipher, a method combining the chaotic system and the Feistel structure is proposed to design chaotic block cipher, and the performance of this cipher is analyzed in details and is proved to have good performance of cryptology.
Finally, a new database encryption scheme based on J2EE platform is discussed and implemented. The result shows that the idea of the encryption is feasible.
在分析了各种混沌分组密码和基于混沌映射设计S盒的基本原理的基础上,针对传统的基于混沌映射构造S盒的方法具有较大随机性、较难搜索到具有良好密码学特性的S盒的缺点,根据混沌映射的特点和密码学特性要求构造了基于混沌的变异算子和适应函数,并提出了基于混沌遗传算法构造S盒的算法。算法首先利用混沌映射生成初始种群,然后对初始种群采用遗传算法中的选择,交叉,变异等操作,其中变异操作采用离散Baker混沌映射对其置乱的方法。仿真实验进一步表明,此方法设计的S盒满足较好的密码学特性,如双射性,高非线性度,严格雪崩效应,输出位独立,等概率异或分布等等,保证了所设计的S盒能够有效地抵抗多种攻击。此方法具有很好的可扩展性,通过改变混沌映射还可以找到其他满足密码特性好的S盒。根据现存的分组密码的各类结构的优缺点,采用Feistel结构设计了混沌分组密码系统。并对此混沌分组密码进行了密码学特性分析,实验证明此密码系统具有较好的密码学特性。
通过一个加密数据库系统,来详细说明如何将混沌分组密码应用到实际中。采用J2EE平台实现加密数据库系统,增强了数据库系统的保密性。
With the rapid development and extensive applications of information and communication technology, the security and protection of network information are becoming increasingly a key problem that must be solved urgently. Block cipher has many attractive features so that they are usually core components in information and Internet security for data encryption, data signature, authentication, and so on. Along with the launch of AES process, block cipher has become a very active subject in recent years. Autonomy is a notable feature of information security. Thus, it's very necessary to conduct block cipher research, design and development relying on our own ability.
The basic principles of various chaotic ciphers based on the chaotic map and methods for designing S-boxes are analyzed in this paper at first. According to the shortcomings that the traditional methods for designing S-boxes by using chaotic maps can not find good S-boxes easily, this paper proposed a method for designing S-boxes by genetic algorithm based on the chaotic map, which design the fitness function and mutation operator on the basis of characteristics of cryptology. The method is composed of two steps. The first step is generating some S-boxes by using a chaotic map, by this way; an initial data pool can be obtained. Secondly, selection crossover and mutation would be operated on the initial data pool. The mutation is applying a Bake map several times to shuffle the table nonlinearly. In addition, the cryptographic properties such as the bijective property, the strict avalanche criterion, the nonlinearity, the output bits independence criterion and the equiprobable input/output XOR distribution are analyzed in detail for the S-box produced by the method which the paper proposed. The results of numerical analysis show that the S-box has approximately fulfilled the criteria for a cryptographically strong S-box and can resist several attacks, effectively. Based on careful analysis on the properties of the structure of various block cipher, a method combining the chaotic system and the Feistel structure is proposed to design chaotic block cipher, and the performance of this cipher is analyzed in details and is proved to have good performance of cryptology.
Finally, a new database encryption scheme based on J2EE platform is discussed and implemented. The result shows that the idea of the encryption is feasible.
引文
[1]杨义先,钮心忻,任金强.信息安全新技术.(第一版).北京:北京邮电大学出版社. 2002. 167~183
[2] D. E. Denning, M. Smid. Key escrowing today. IEEE Communications Magazine, 1994, 32(9): 58~68.
[3]赵剑,杜钦生,王冰冰.分组密码发展现状.长春大学学报, 2006, 16(6): 96~99
[4]王衍波,薛通.应用密码学. (第一版).北京:机械工业出版社, 2003. 66~76
[5]冯登国,吴文玲.分组密码的设计与分析. (第一版).北京:清华大学出版社, 2000. 21~50
[6]王育民,刘建伟.通信网的安全——理论与技术. (第一版).西安:西安电子科技大学出版. 1999. 156~170
[7] G.. Jakimoski, L. Kocarev. Differential and Linear Probabilities of a Block -Encryption Cipher. IEEE Transactions on Circuits and Systems, 2003, 50(1): 121~123
[8] L. O’Conaor. A Differential Cryptanalysis of Tree Structured Substitution -Permutation Network, IEEE Transactions on Computers, 1995, 44(9): 1150~1152
[9] H. M. Heys, S. E. Tavares. Avalanche Characteristics of Substitution-Permutation Encryption Networks. IEEE Transactions on Computers, 1995, 44(9): 1131~ 1139
[10] H. M. Heys, S. E. Tavares. Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis. Journal of Cryptology, 1996, 9(1): l~19
[11] J. B. Kam, G. L. Davide. Structured Design of Substitution-Permutation Encryption Networks. IEEE Transactions on Computer, 1979, 28(10): 747~753.
[12] S. Chee, S. Lee, C. Park. Developments in generalized Feistel networks. Electronics Letters, 1999, 35(9): 707~708
[13] G. R. Chen, Y. B. Mao, C. K. Chui. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons and Fractals. 2004, 21(3): 749~761
[14] B. Schneier.应用密码学—协议、算法与C源程序. (第三版).吴世忠,祝世雄,张文政等译.北京:机械工业出版社. 2000. 245~248
[15] A. M. Youssef, S. E. Tavares. Number of nonlinear regular S-boxes. Electronics Letters. 1995, 31(19): 1643~1644
[16] C. E. Shannon. Communication Theory of Secrecy Systems. Bell System Technology Journal, 1949, 28(4): 656~715
[17] J. M. Amigó, L. Kocarev, J. Szczepanski. Theory and practice of chaotic cryptography. Physics Letters A, 2007, 366(3): 211~216
[18]刘晓晨,冯登国.满足若干密码学性质的S盒的构造.软件学报, 2000, 11(10): 1299~1302
[19] S. E. Tavares, S. Mister, C. Adams. Linear approximation of injective s-boxes. Electronics Letters. 1995, 31(25): 2165 ~ 2166
[20] K. C. Gupta, P. Sarkar. Improved construction of nonlinear resilient S-boxes Information IEEE Transactions on Theory, 2005, 51(1): 339 ~ 348
[21] H. Chen, D. G. Feng. An effective evolutionary strategy for bijective S-boxes. Evolutionary Computation, 2004, 2(19): 2120~2123
[22]冯登国,裴定一.密码学导引(第一版).北京:科学出版社, 1999. 56~107
[23] J. A. Gonzalez, R. Pino. Chaotic and stochastic functions. Physica A, 2000, 276(3): 425~440
[24]丁存生,肖国镇.流密码学及其应用. (第一版).北京:国防工业出版社, 1994. 39~160
[25]唐东明,刘玉君. Berlekamp-Massey算法和基本迭代算法求错位多项式.信息工程大学学报, 2004, 5(4): 80~81
[26] T. Habutsu, Y. Nishio, I. Sasase. A secret key cryptosystem by iterating a chaotic map. In: D. W. Davies. Advance in cryptology-EOROCRYPT′91. Berlin: Springer-Verlag, 1991. 127~136.
[27] K. W. Wong. A fast chaotic cryptographic scheme with dynamic look-up table. Physics Letters A, 2002, 298(4): 238~242
[28] M. S. Baptista, Cryptography with chaos. Phys Letter A, 1998, 240(1): 50~54
[29]李树钧,牟轩沁,纪震.一类混沌流密码的分析.电子与信息学报, 2003, 25(4): 473~475
[30] J. Fridrich. Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcation and Chaos, 1998, 8(6): 1259~1284.
[31] J. Scharinger. Fast encryption of image data using chaotic Kolmogrov flows. J Electronic Imaging, 1998, 7(2): 318~325.
[32] M. Miyamoto, S. Martínez, E. Tirapegui. The Baker Transformation as a Nonlinear Combination of Pointwise Mean Expected Value Operators and thePointwise Convergence to Equilibrium. Chaos, Solitons and Fractals, 1999, 10(11): 1843~1853
[33] K. Yano, K. Tanaka. Image encryption scheme based on a truncated Baker transformation. IEICE Trans. Fundamentals, 2002, E85-A(9): 2025~2035.
[34] R. Terry. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia, 1990, 14(4): 289~303
[35] K. W. Wong, S. W. Ho, C. K. Yung. A chaotic cryptography scheme for generating short cipher text. Physics Letters A, 2003, 310(1): 67~73.
[36] J. Uis, E. Ugalde, G. Salazar. A cryptosystem based on cellular automata. Chaos, 1998, 8(4): 819~822.
[37]郭东辉,何小娟,陈彩生.基于神经网络混沌加密算法的专用芯片设计.计算机学报, 2000, 23(11): 1230~1232.
[38] D. H. Guo, L. M. Cheng, L. L. Cheng. A new symmetric probabilistic encryption scheme based on chaotic attractors of neural networks. Applied Intelligence, 1999, 10(1): 71~84.
[39] X. Yi, C. H. Tan, C. K. Siew. A new block cipher based on chaotic tent maps. IEEE Transactions on Circuits and Systems-I, 2002, 49(12): 1826~1829.
[40] N. K. Pareek, V. Patidar, K. K. Sud. Image encryption using chaotic logistic map. Image and Vision Computing, 2006, 24(9): 926~934
[41] J. A. Vasconcelos, J. A. Ramirez, Takahashi. Improvements in genetic algorithms. IEEE Transactions on Magnetics, 2001, 37(5): 3414~3417
[42]周明,孙树栋.遗传算法原理及应用. (第一版).北京:国防工业出版社, 1999.
[43] G,. Jakimoski, L. Kocarev. Chaos and cryptography: block encryption ciphers. IEEE Transactions on Circuits Syst–I, 2001, 48(2): 163–170
[44] G. P. Tang, X. F. Liao, Chen Yong. A novel method for designing S-boxes based on chaotic maps, Chaos, Solitons and Fractals, 2005, 23(2): 413~419
[45] G. Chen, Y. Chen, X. F. Liao. An extended method for obtaining S-boxes based on three-dimensional chaotic Baker maps, Chaos, Solitons and Fractals, 2007, 31(3): 571~579
[46] L. Buttyan, I. Vajda. Searching for the best linear approximation of DES-like cryptosystems. Electronics Letters, 1995, 31(11): 873~874
[47] H. S. Kwok, W. K. S. Tang. A fast image encryption system based on chaotic maps with finite precision representation. Chaos, Solitons and Fractals, 2007, 32(4): 1518~1529
[48] S. Behnia, A. Akhshani, S. Ahadpour. A fast chaotic encryption scheme based on piecewise nonlinear chaotic maps. Physics Letters A, 2007, 366(4):391~396
[49] N. Galbreath. Internet和数据库加密. (第一版).曾振宇,白克壮,尹喆等译.北京:电子工业出版社, 2003. 23~40
[50]张敏,徐震,冯登国.数据库安全. (第一版).北京:科学出版社, 2005. 45~68
[51]卢开澄.计算机密码学―计算机网络中的数据安全与保密. (第一版).北京:清华大学出版社. 1998. 37~40
[2] D. E. Denning, M. Smid. Key escrowing today. IEEE Communications Magazine, 1994, 32(9): 58~68.
[3]赵剑,杜钦生,王冰冰.分组密码发展现状.长春大学学报, 2006, 16(6): 96~99
[4]王衍波,薛通.应用密码学. (第一版).北京:机械工业出版社, 2003. 66~76
[5]冯登国,吴文玲.分组密码的设计与分析. (第一版).北京:清华大学出版社, 2000. 21~50
[6]王育民,刘建伟.通信网的安全——理论与技术. (第一版).西安:西安电子科技大学出版. 1999. 156~170
[7] G.. Jakimoski, L. Kocarev. Differential and Linear Probabilities of a Block -Encryption Cipher. IEEE Transactions on Circuits and Systems, 2003, 50(1): 121~123
[8] L. O’Conaor. A Differential Cryptanalysis of Tree Structured Substitution -Permutation Network, IEEE Transactions on Computers, 1995, 44(9): 1150~1152
[9] H. M. Heys, S. E. Tavares. Avalanche Characteristics of Substitution-Permutation Encryption Networks. IEEE Transactions on Computers, 1995, 44(9): 1131~ 1139
[10] H. M. Heys, S. E. Tavares. Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis. Journal of Cryptology, 1996, 9(1): l~19
[11] J. B. Kam, G. L. Davide. Structured Design of Substitution-Permutation Encryption Networks. IEEE Transactions on Computer, 1979, 28(10): 747~753.
[12] S. Chee, S. Lee, C. Park. Developments in generalized Feistel networks. Electronics Letters, 1999, 35(9): 707~708
[13] G. R. Chen, Y. B. Mao, C. K. Chui. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons and Fractals. 2004, 21(3): 749~761
[14] B. Schneier.应用密码学—协议、算法与C源程序. (第三版).吴世忠,祝世雄,张文政等译.北京:机械工业出版社. 2000. 245~248
[15] A. M. Youssef, S. E. Tavares. Number of nonlinear regular S-boxes. Electronics Letters. 1995, 31(19): 1643~1644
[16] C. E. Shannon. Communication Theory of Secrecy Systems. Bell System Technology Journal, 1949, 28(4): 656~715
[17] J. M. Amigó, L. Kocarev, J. Szczepanski. Theory and practice of chaotic cryptography. Physics Letters A, 2007, 366(3): 211~216
[18]刘晓晨,冯登国.满足若干密码学性质的S盒的构造.软件学报, 2000, 11(10): 1299~1302
[19] S. E. Tavares, S. Mister, C. Adams. Linear approximation of injective s-boxes. Electronics Letters. 1995, 31(25): 2165 ~ 2166
[20] K. C. Gupta, P. Sarkar. Improved construction of nonlinear resilient S-boxes Information IEEE Transactions on Theory, 2005, 51(1): 339 ~ 348
[21] H. Chen, D. G. Feng. An effective evolutionary strategy for bijective S-boxes. Evolutionary Computation, 2004, 2(19): 2120~2123
[22]冯登国,裴定一.密码学导引(第一版).北京:科学出版社, 1999. 56~107
[23] J. A. Gonzalez, R. Pino. Chaotic and stochastic functions. Physica A, 2000, 276(3): 425~440
[24]丁存生,肖国镇.流密码学及其应用. (第一版).北京:国防工业出版社, 1994. 39~160
[25]唐东明,刘玉君. Berlekamp-Massey算法和基本迭代算法求错位多项式.信息工程大学学报, 2004, 5(4): 80~81
[26] T. Habutsu, Y. Nishio, I. Sasase. A secret key cryptosystem by iterating a chaotic map. In: D. W. Davies. Advance in cryptology-EOROCRYPT′91. Berlin: Springer-Verlag, 1991. 127~136.
[27] K. W. Wong. A fast chaotic cryptographic scheme with dynamic look-up table. Physics Letters A, 2002, 298(4): 238~242
[28] M. S. Baptista, Cryptography with chaos. Phys Letter A, 1998, 240(1): 50~54
[29]李树钧,牟轩沁,纪震.一类混沌流密码的分析.电子与信息学报, 2003, 25(4): 473~475
[30] J. Fridrich. Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcation and Chaos, 1998, 8(6): 1259~1284.
[31] J. Scharinger. Fast encryption of image data using chaotic Kolmogrov flows. J Electronic Imaging, 1998, 7(2): 318~325.
[32] M. Miyamoto, S. Martínez, E. Tirapegui. The Baker Transformation as a Nonlinear Combination of Pointwise Mean Expected Value Operators and thePointwise Convergence to Equilibrium. Chaos, Solitons and Fractals, 1999, 10(11): 1843~1853
[33] K. Yano, K. Tanaka. Image encryption scheme based on a truncated Baker transformation. IEICE Trans. Fundamentals, 2002, E85-A(9): 2025~2035.
[34] R. Terry. Substitution Cipher with Pseudo-Random Shuffling: The Dynamic Substitution Combiner. Cryptologia, 1990, 14(4): 289~303
[35] K. W. Wong, S. W. Ho, C. K. Yung. A chaotic cryptography scheme for generating short cipher text. Physics Letters A, 2003, 310(1): 67~73.
[36] J. Uis, E. Ugalde, G. Salazar. A cryptosystem based on cellular automata. Chaos, 1998, 8(4): 819~822.
[37]郭东辉,何小娟,陈彩生.基于神经网络混沌加密算法的专用芯片设计.计算机学报, 2000, 23(11): 1230~1232.
[38] D. H. Guo, L. M. Cheng, L. L. Cheng. A new symmetric probabilistic encryption scheme based on chaotic attractors of neural networks. Applied Intelligence, 1999, 10(1): 71~84.
[39] X. Yi, C. H. Tan, C. K. Siew. A new block cipher based on chaotic tent maps. IEEE Transactions on Circuits and Systems-I, 2002, 49(12): 1826~1829.
[40] N. K. Pareek, V. Patidar, K. K. Sud. Image encryption using chaotic logistic map. Image and Vision Computing, 2006, 24(9): 926~934
[41] J. A. Vasconcelos, J. A. Ramirez, Takahashi. Improvements in genetic algorithms. IEEE Transactions on Magnetics, 2001, 37(5): 3414~3417
[42]周明,孙树栋.遗传算法原理及应用. (第一版).北京:国防工业出版社, 1999.
[43] G,. Jakimoski, L. Kocarev. Chaos and cryptography: block encryption ciphers. IEEE Transactions on Circuits Syst–I, 2001, 48(2): 163–170
[44] G. P. Tang, X. F. Liao, Chen Yong. A novel method for designing S-boxes based on chaotic maps, Chaos, Solitons and Fractals, 2005, 23(2): 413~419
[45] G. Chen, Y. Chen, X. F. Liao. An extended method for obtaining S-boxes based on three-dimensional chaotic Baker maps, Chaos, Solitons and Fractals, 2007, 31(3): 571~579
[46] L. Buttyan, I. Vajda. Searching for the best linear approximation of DES-like cryptosystems. Electronics Letters, 1995, 31(11): 873~874
[47] H. S. Kwok, W. K. S. Tang. A fast image encryption system based on chaotic maps with finite precision representation. Chaos, Solitons and Fractals, 2007, 32(4): 1518~1529
[48] S. Behnia, A. Akhshani, S. Ahadpour. A fast chaotic encryption scheme based on piecewise nonlinear chaotic maps. Physics Letters A, 2007, 366(4):391~396
[49] N. Galbreath. Internet和数据库加密. (第一版).曾振宇,白克壮,尹喆等译.北京:电子工业出版社, 2003. 23~40
[50]张敏,徐震,冯登国.数据库安全. (第一版).北京:科学出版社, 2005. 45~68
[51]卢开澄.计算机密码学―计算机网络中的数据安全与保密. (第一版).北京:清华大学出版社. 1998. 37~40