AEUR：基于uBlock轮函数的认证加密算法设计

doi:10.11959/j.issn.1000-436x.2023159

通信学报 ›› 2023, Vol. 44 ›› Issue (8): 168-178.doi: 10.11959/j.issn.1000-436x.2023159

• 学术论文 • 上一篇

AEUR：基于uBlock轮函数的认证加密算法设计

杨亚涛¹^,², 董辉¹, 刘建韬¹, 张艳硕¹

¹ 北京电子科技学院电子与通信工程系，北京 100070
² 西安电子科技大学通信工程学院，陕西西安 710071

修回日期:2023-08-14 出版日期:2023-08-01 发布日期:2023-08-01
作者简介:杨亚涛（1978- ），男，河南平顶山人，博士，北京电子科技学院教授、博士生导师，西安电子科技大学硕士生导师，主要研究方向为信息安全、抗量子密码、白盒密码、密码协议和算法
董辉（1997- ），男，山东济南人，北京电子科技学院硕士生，主要研究方向为认证加密和白盒密码
刘建韬（1998- ），男，山东潍坊人，北京电子科技学院硕士生，主要研究方向为认证加密和分组密码
张艳硕（1979- ），男，陕西宝鸡人，博士，北京电子科技学院副教授、硕士生导师，主要研究方向为密码学理论及应用
基金资助:
北京市自然科学基金资助项目(4232034);中央高校基本科研业务费专项资金资助项目(328202222);“通信工程”“电子信息工程”国家级一流本科专业建设点基金资助项目

AEUR: authenticated encryption algorithm design based on uBlock round function

Yatao YANG¹^,², Hui DONG¹, Jiantao LIU¹, Yanshuo ZHANG¹

¹ Department of Electronic and Communication Engineering, Beijing Electronic Science and Technology Institute, Beijing 100070, China
² School of Telecommunication Engineering, Xidian University, Xi’an 710071, China

Revised:2023-08-14 Online:2023-08-01 Published:2023-08-01
Supported by:
Beijing Natural Science Foundation(4232034);The Fundamental Research Funds for the Central Universities(328202222);National First-Class Under Graduate Dicipline Construction of “Communication Engineering” and “Electronic Information Engineering”

摘要/Abstract

摘要：

为了提升认证加密算法的实现效率，同时不降低算法的安全性，基于uBlock算法设计了一种新型认证加密算法AEUR。首先，在分组密码算法uBlock轮函数的基础上，将抵抗内部碰撞攻击作为安全性目标，利用混合整数线性规划方法，搜索设计符合安全性目标的通用迭代算法结构 R(t,s)。其次，利用该结构设计了认证加密算法AEUR，AEUR由认证加密和解密验证两部分构成，两部分执行过程相同，不需要额外设计操作环节，从而减少算法的资源消耗。再次，通过对比轮数状态值来验证算法的正确性，采用线性攻击、滑动攻击等多种方法分析了算法的安全性。最后，采用C语言对算法进行了软件实现，证明所提算法具有良好的软件实现性能。结果表明，以软件运行时间计算，所提算法相比AEGIS和ALE，效率分别提升了3%和46%；相比AES-GCM和ACORN，效率分别提升了74%和92%，具有较好的综合性能。

关键词: 认证加密, 分组密码uBlock, 安全性分析, 软件实现

Abstract:

In order to improve the efficiency of the implementation of the authenticated encryption algorithm without compromising the security of the algorithm, a new authenticated encryption algorithm AEUR was designed.Firstly, based on the uBlock round function, with resistance to internal collision attacks as the security objective, a mixed integer linear programming approach was used to search for generic iterative component R(t,s) to meet the security objective.Secondly, the authenticated encryption algorithm AEUR was designed by using this component.AEUR consisted of two parts: authenticated encryption and decrypted verification, both of which performed the same process without the need to design additional operational sessions, reducing the algorithm’s resource consumption.In addition, the correctness of the algorithm was verified by comparing the corresponding round state values, and the security of the algorithm was analyzed using various analysis methods such as linear attacks and sliding attacks.Finally, the algorithm was implemented in C language to prove the AEUR has good performance.The results show that the proposed algorithm has a better overall performance in terms of software runtime, with efficiency improvements of 3% and 46% compared to AEGIS and ALE, and 74% and 92% compared to AES-GCM and ACORN, respectively.

Key words: authenticated encryption, block cipher uBlock, security analysis, software implementation

中图分类号:

TN92

杨亚涛, 董辉, 刘建韬, 张艳硕. AEUR：基于uBlock轮函数的认证加密算法设计[J]. 通信学报, 2023, 44(8): 168-178.

Yatao YANG, Hui DONG, Jiantao LIU, Yanshuo ZHANG. AEUR: authenticated encryption algorithm design based on uBlock round function[J]. Journal on Communications, 2023, 44(8): 168-178.

图/表 15

表1

图1

表2

表3

图2

表4

表5

图3

图4

表6

表7

表8

图5

表9

图6

参考文献 31

[1]	ROGAWAY P , BELLARE M , BLACK J . OCB[J]. ACM Transactions on Information and System Security, 2003,6(3): 365-403.
[2]	BELLARE M , ROGAWAY P , WAGNER D . The EAX mode of operation[C]// International Workshop on Fast Software Encryption. Berlin:Springer, 2004: 389-407.
[3]	MCGREW D A , VIEGA J . The security and performance of the galois/counter mode (GCM) of operation[C]// Proceedings of International Conference on Cryptology in India. Berlin:Springer, 2004: 343-355.
[4]	WU H J , PRENEEL B . AEGIS:a fast authenticated encryption algorithm[C]// International Conference on Selected Areas in Cryptography. Berlin:Springer, 2014: 185-201.
[5]	BOGDANOV A , MENDEL F , REGAZZONI F ,et al. ALE:AES-based lightweight authenticated encryption[C]// International Workshop on Fast Software Encryption. Berlin:Springer, 2014: 447-466.
[6]	HOANG V T , KROVETZ T , ROGAWAY P . Robust authenticated-encryption AEZ and the problem that it solves[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2015: 15-44.
[7]	吴文玲, 张蕾, 郑雅菲 ,等. 分组密码 uBlock[J]. 密码学报, 2019,6(6): 690-703.
	WU W L , ZHANG L , ZHENG Y F ,et al. The block cipher uBlock[J]. Journal of Cryptologic Research, 2019,6(6): 690-703.
[8]	MOUHA N , WANG Q J , GU D W ,et al. Differential and linear cryptanalysis using mixed-integer linear programming[C]// International Conference on Information Security and Cryptology. Berlin:Springer, 2012: 57-76.
[9]	ZABUNOV S . Digital signal processing in RadioSolariz project using SSE2[J]. Aerospace Research in Bulgaria, 2022,34: 66-71.
[10]	BELLARE M , NAMPREMPRE C . Authenticated encryption:relations among notions and analysis of the generic composition paradigm[C]// Advances in Cryptology - ASIACRYPT 2000. Berlin:Springer, 2000: 531-545.
[11]	ROGAWAY P . Authenticated-encryption with associated-data[C]// Proceedings of the 9th ACM Conference on Computer and Communications Security. New York:ACM Press, 2002: 98-107.
[12]	IWATA T . Authenticated encryption mode for beyond the birthday bound security[C]// International Conference on Cryptology in Africa. Berlin:Springer, 2008: 125-142.
[13]	SARKAR P . Pseudo-random functions and parallelizable modes of operations of a block cipher[J]. IEEE Transactions on Information Theory, 2010,56(8): 4025-4037.
[14]	GRUBER M , PROBST M , TEMPELMEIER M . Persistent fault analysis of OCB,DEOXYS and COLM[C]// Proceedings of 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). Piscataway:IEEE Press, 2019: 17-24.
[15]	DOBRAUNIG C , EICHLSEDER M , MENDEL F ,et al. ASCON v1.2(submission to the CAESAR competition)[EB]. 2016.
[16]	WU H J . ACORN:a lightweight authenticated cipher (v3)[EB]. 2016.
[17]	张建, 吴文玲 . 基于 SM4 轮函数设计的认证加密算法[J]. 电子学报, 2018,46(6): 1294-1299.
	ZHANG J , WU W L . Authenticated encryption based on SM4 round function[J]. Acta Electronica Sinica, 2018,46(6): 1294-1299.
[18]	高国强, 李子臣 . 基于AES轮函数认证加密算法研究与设计[J]. 网络与信息安全学报, 2020,6(2): 106-115.
	GAO G Q , LI Z C . Research and design of authenticated encryption algorithm based on AES round function[J]. Chinese Journal of Network and Information Security, 2020,6(2): 106-115.
[19]	BORGHOFF J , KNUDSEN L R , STOLPE M . Bivium as a mixed-integer linear programming problem[C]// International Conference on Cryptography and Coding. Berlin:Springer, 2009: 133-152.
[20]	TOLBA A M R . Trust-based distributed authentication method for collision attack avoidance in VANETs[J]. IEEE Access, 2018,6: 62747-62755.
[21]	刘帅, 关杰, 胡斌 ,等. 基于MILP的轻量级密码算法ACE的差分分析[J]. 通信学报, 2023,44(1): 39-48.
	LIU S , GUAN J , HU B ,et al. Differential analysis of lightweight cipher algorithm ACE based on MILP[J]. Journal on Communications, 2023,44(1): 39-48.
[22]	吴文玲 . 认证加密算法研究进展[J]. 密码学报, 2018,5(1): 70-82.
	WU W L . Research advances on authenticated encryption algorithms[J]. Journal of Cryptologic Research, 2018,5(1): 70-82.
[23]	BEYNE T . A geometric approach to linear cryptanalysis[C]// International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2021: 36-66.
[24]	DUNKELMAN O , KELLER N , LASRY N ,et al. New slide attacks on almost self-similar ciphers[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2020: 250-279.
[25]	MINAUD B . Linear biases in AEGIS keystream[C]// International Conference on Selected Areas in Cryptography. Berlin:Springer, 2014: 290-305.
[26]	YUAN Z , WANG W , JIA K T ,et al. New birthday attacks on some MACs based on block ciphers[C]// Annual International Cryptology Conference. Berlin:Springer, 2009: 209-230.
[27]	GOUDARZI D , JEAN J , K?LBL S , ,et al. Pyjamask:block cipher and authenticated encryption with highly efficient masked implementation[J]. IACR Transactions on Symmetric Cryptology, 2020,2020: 31-59.
[28]	贺水喻, 魏悦川, 潘峰 ,等. 对认证加密算法Pyjamask的伪造攻击[J]. 计算机工程与科学, 2022,44(12): 2140-2145.
	HE S Y , WEI Y C , PAN F ,et al. Forgery attack on the authenticated encryption algorithm Pyjamask[J]. Computer Engineering and Science, 2022,44(12): 2140-2145.
[29]	张国双, 陈晓, 王安 ,等. 面向ACORN v3消息认证码的随机差分故障分析[J]. 密码学报, 2021,8(3): 498-520.
	ZHANG G S , CHEN X , WANG A ,et al. Random differential fault attack for ACORN v3 message authentication code[J]. Journal of Cryptologic Research, 2021,8(3): 498-520.
[30]	WANG D , CHENG H B , WANG P ,et al. Zipf’s law in passwords[J]. IEEE Transactions on Information Forensics and Security, 2017,12(11): 2776-2791.
[31]	王平, 汪定, 黄欣沂 . 口令安全研究进展[J]. 计算机研究与发展, 2016,53(10): 2173-2188.
	WANG P , WANG D , HUANG X Y . Advances in password security[J]. Journal of Computer Research and Development, 2016,53(10): 2173-2188.

算法	算法类型	算法特点
AEGIS^[4]	直接设计	整体采用序列密码框架，由初始化、加密、标签生成过程构成，底层算法采用 AES算法的轮函数，能够使用AES指令集
DEOXYS^[14]	直接设计	利用可调分组密码算法Deoxys-BC作为底层算法，以AES算法为基础来设计可调分组密码，进一步结合工作方式来设计认证加密算法
ASCON^[15]	直接设计	采用Sponge结构中的Duplex结构来设计，置换为SP结构中的迭代函数，轮函数包含常数加、替换层和扩散层
ACORN^[16]	直接设计	采用序列密码来设计，面向比特，包含LFSR（linear feedback shift register），具有轻量级硬件实现优势，软件实现性能较好
OCB^[1]	分组密码工作模式	OCB 算法并行运算性好，安全性可以得到证明；但 OCB 不能抵抗初始向量值（Nonce）重用，没有超越生日攻击的安全界
COLM/AES-COPA/ELMD^[14]	分组密码工作模式	利用AES分组密码算法来构造，可以通过AES指令集实现软件优化

x	S(x)	x	S(x)	x	S(x)	x	S(x)
0	7	4	b	8	f	c	0
1	4	5	a	9	e	d	3
2	9	6	d	a	1	e	2
3	c	7	8	b	6	f	5

向量置换	变换参数
PL₁₂₈	{1,3,4,6,0,2,7,5}
PR₁₂₈	{2,7,5,0,1,6,4,3}

序号	置换P	活跃S盒个数
P₀	11,5,7,9,14,8,12,1,15,0,3,2,10,6,13,4	67
P₁	6,0,8,13,1,15,5,10,4,9,12,2,11,3,7,14	67
P₂	9,7,4,11,6,0,3,8,14,5,2,13,1,15,10,12	66
P₃	0,15,11,8,12,9,6,3,13,1,2,4,10,7,5,14	66
P₄	7,2,12,5,8,4,6,11,14,9,1,15,13,3,10,0	68
P₅	6,11,12,9,10,2,15,3,0,13,1,4,7,14,8,5	66

轮数	差分路径概率
6	2^-72
7	2^-97
8	2^-123
9	2^-152

AEUR：基于uBlock轮函数的认证加密算法设计

AEUR: authenticated encryption algorithm design based on uBlock round function

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 31

相关文章 9

Metrics

推荐阅读 0

算法	线性攻击	伪造攻击	猜测确定攻击	状态恢复攻击	滑动攻击
SMAE	√	√	√	—	—
AEGIS	√	√	√	√	—
AEUR	√	√	√	√	√

算法	时间复杂度	空间复杂度
SMAE	O(logn)	O (n)
AMRAE	O (n)	O(logn)
AEUR	O(logn)	O (n)

算法	运行1 MB消息所需字节周期/（cycle·MB^-1）
AEGIS	0.80
AES-GCM	3.05
ALE	1.44
ACORN	9.70
AEUR	0.78

[1]	李玮, 刘春, 谷大武, 孙文倩, 高建宁, 秦梦洋. Saturnin-Short轻量级认证加密算法的统计无效故障分析[J]. 通信学报, 2023, 44(4): 167-175.
[2]	吴铤, 胡程楠, 陈庆南, 陈安邦, 郑秋华. 基于执行体划分的防御增强型动态异构冗余架构[J]. 通信学报, 2021, 42(3): 122-134.
[3]	张国双,陈晓,林东岱,刘凤梅. 基于Nonce重用的ACORN v3状态恢复攻击[J]. 通信学报, 2020, 41(8): 11-21.
[4]	杨骁,向广利,魏江宏,孙瑞宗. 对2个属性基签名方案安全性的分析和改进[J]. 通信学报, 2016, 37(Z1): 168-173.
[5]	许艳，黄刘生，田苗苗，仲红. 可证安全的高效无证书有序多重签名方案[J]. 通信学报, 2014, 35(11): 14-126.
[6]	许艳,黄刘生,田苗苗,仲红. 可证安全的高效无证书有序多重签名方案[J]. 通信学报, 2014, 35(11): 126-131.
[7]	桂荆京,张毓森. 基于串空间的ad hoc路由协议安全性分析新方法[J]. 通信学报, 2010, 31(9A): 217-222.
[8]	鲁荣波,宣恒农,何大可. 对一种高效群签名方案的安全性分析[J]. 通信学报, 2007, 28(4): 9-12.
[9]	彭华熹,冯登国. 匿名无线认证协议的匿名性缺陷和改进[J]. 通信学报, 2006, 27(9): 78-85.

轮数	S盒个数
2	8
3	16
4	26
5	31
6	37
7	48
8	52
9	60
10	71