AEUR：基于uBlock轮函数的认证加密算法设计

doi:10.11959/j.issn.1000-436x.2023159

Abstract

Abstract:

In order to improve the efficiency of the implementation of the authenticated encryption algorithm without compromising the security of the algorithm, a new authenticated encryption algorithm AEUR was designed.Firstly, based on the uBlock round function, with resistance to internal collision attacks as the security objective, a mixed integer linear programming approach was used to search for generic iterative component R(t,s) to meet the security objective.Secondly, the authenticated encryption algorithm AEUR was designed by using this component.AEUR consisted of two parts: authenticated encryption and decrypted verification, both of which performed the same process without the need to design additional operational sessions, reducing the algorithm’s resource consumption.In addition, the correctness of the algorithm was verified by comparing the corresponding round state values, and the security of the algorithm was analyzed using various analysis methods such as linear attacks and sliding attacks.Finally, the algorithm was implemented in C language to prove the AEUR has good performance.The results show that the proposed algorithm has a better overall performance in terms of software runtime, with efficiency improvements of 3% and 46% compared to AEGIS and ALE, and 74% and 92% compared to AES-GCM and ACORN, respectively.

Key words: authenticated encryption, block cipher uBlock, security analysis, software implementation

CLC Number:

TN92

Yatao YANG, Hui DONG, Jiantao LIU, Yanshuo ZHANG. AEUR: authenticated encryption algorithm design based on uBlock round function[J]. Journal on Communications, 2023, 44(8): 168-178.

Figures/Tables 15

References 31

[1]	ROGAWAY P , BELLARE M , BLACK J . OCB[J]. ACM Transactions on Information and System Security, 2003,6(3): 365-403.
[2]	BELLARE M , ROGAWAY P , WAGNER D . The EAX mode of operation[C]// International Workshop on Fast Software Encryption. Berlin:Springer, 2004: 389-407.
[3]	MCGREW D A , VIEGA J . The security and performance of the galois/counter mode (GCM) of operation[C]// Proceedings of International Conference on Cryptology in India. Berlin:Springer, 2004: 343-355.
[4]	WU H J , PRENEEL B . AEGIS:a fast authenticated encryption algorithm[C]// International Conference on Selected Areas in Cryptography. Berlin:Springer, 2014: 185-201.
[5]	BOGDANOV A , MENDEL F , REGAZZONI F ,et al. ALE:AES-based lightweight authenticated encryption[C]// International Workshop on Fast Software Encryption. Berlin:Springer, 2014: 447-466.
[6]	HOANG V T , KROVETZ T , ROGAWAY P . Robust authenticated-encryption AEZ and the problem that it solves[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2015: 15-44.
[7]	吴文玲, 张蕾, 郑雅菲 ,等. 分组密码 uBlock[J]. 密码学报, 2019,6(6): 690-703.
	WU W L , ZHANG L , ZHENG Y F ,et al. The block cipher uBlock[J]. Journal of Cryptologic Research, 2019,6(6): 690-703.
[8]	MOUHA N , WANG Q J , GU D W ,et al. Differential and linear cryptanalysis using mixed-integer linear programming[C]// International Conference on Information Security and Cryptology. Berlin:Springer, 2012: 57-76.
[9]	ZABUNOV S . Digital signal processing in RadioSolariz project using SSE2[J]. Aerospace Research in Bulgaria, 2022,34: 66-71.
[10]	BELLARE M , NAMPREMPRE C . Authenticated encryption:relations among notions and analysis of the generic composition paradigm[C]// Advances in Cryptology - ASIACRYPT 2000. Berlin:Springer, 2000: 531-545.
[11]	ROGAWAY P . Authenticated-encryption with associated-data[C]// Proceedings of the 9th ACM Conference on Computer and Communications Security. New York:ACM Press, 2002: 98-107.
[12]	IWATA T . Authenticated encryption mode for beyond the birthday bound security[C]// International Conference on Cryptology in Africa. Berlin:Springer, 2008: 125-142.
[13]	SARKAR P . Pseudo-random functions and parallelizable modes of operations of a block cipher[J]. IEEE Transactions on Information Theory, 2010,56(8): 4025-4037.
[14]	GRUBER M , PROBST M , TEMPELMEIER M . Persistent fault analysis of OCB,DEOXYS and COLM[C]// Proceedings of 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). Piscataway:IEEE Press, 2019: 17-24.
[15]	DOBRAUNIG C , EICHLSEDER M , MENDEL F ,et al. ASCON v1.2(submission to the CAESAR competition)[EB]. 2016.
[16]	WU H J . ACORN:a lightweight authenticated cipher (v3)[EB]. 2016.
[17]	张建, 吴文玲 . 基于 SM4 轮函数设计的认证加密算法[J]. 电子学报, 2018,46(6): 1294-1299.
	ZHANG J , WU W L . Authenticated encryption based on SM4 round function[J]. Acta Electronica Sinica, 2018,46(6): 1294-1299.
[18]	高国强, 李子臣 . 基于AES轮函数认证加密算法研究与设计[J]. 网络与信息安全学报, 2020,6(2): 106-115.
	GAO G Q , LI Z C . Research and design of authenticated encryption algorithm based on AES round function[J]. Chinese Journal of Network and Information Security, 2020,6(2): 106-115.
[19]	BORGHOFF J , KNUDSEN L R , STOLPE M . Bivium as a mixed-integer linear programming problem[C]// International Conference on Cryptography and Coding. Berlin:Springer, 2009: 133-152.
[20]	TOLBA A M R . Trust-based distributed authentication method for collision attack avoidance in VANETs[J]. IEEE Access, 2018,6: 62747-62755.
[21]	刘帅, 关杰, 胡斌 ,等. 基于MILP的轻量级密码算法ACE的差分分析[J]. 通信学报, 2023,44(1): 39-48.
	LIU S , GUAN J , HU B ,et al. Differential analysis of lightweight cipher algorithm ACE based on MILP[J]. Journal on Communications, 2023,44(1): 39-48.
[22]	吴文玲 . 认证加密算法研究进展[J]. 密码学报, 2018,5(1): 70-82.
	WU W L . Research advances on authenticated encryption algorithms[J]. Journal of Cryptologic Research, 2018,5(1): 70-82.
[23]	BEYNE T . A geometric approach to linear cryptanalysis[C]// International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2021: 36-66.
[24]	DUNKELMAN O , KELLER N , LASRY N ,et al. New slide attacks on almost self-similar ciphers[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2020: 250-279.
[25]	MINAUD B . Linear biases in AEGIS keystream[C]// International Conference on Selected Areas in Cryptography. Berlin:Springer, 2014: 290-305.
[26]	YUAN Z , WANG W , JIA K T ,et al. New birthday attacks on some MACs based on block ciphers[C]// Annual International Cryptology Conference. Berlin:Springer, 2009: 209-230.
[27]	GOUDARZI D , JEAN J , K?LBL S , ,et al. Pyjamask:block cipher and authenticated encryption with highly efficient masked implementation[J]. IACR Transactions on Symmetric Cryptology, 2020,2020: 31-59.
[28]	贺水喻, 魏悦川, 潘峰 ,等. 对认证加密算法Pyjamask的伪造攻击[J]. 计算机工程与科学, 2022,44(12): 2140-2145.
	HE S Y , WEI Y C , PAN F ,et al. Forgery attack on the authenticated encryption algorithm Pyjamask[J]. Computer Engineering and Science, 2022,44(12): 2140-2145.
[29]	张国双, 陈晓, 王安 ,等. 面向ACORN v3消息认证码的随机差分故障分析[J]. 密码学报, 2021,8(3): 498-520.
	ZHANG G S , CHEN X , WANG A ,et al. Random differential fault attack for ACORN v3 message authentication code[J]. Journal of Cryptologic Research, 2021,8(3): 498-520.
[30]	WANG D , CHENG H B , WANG P ,et al. Zipf’s law in passwords[J]. IEEE Transactions on Information Forensics and Security, 2017,12(11): 2776-2791.
[31]	王平, 汪定, 黄欣沂 . 口令安全研究进展[J]. 计算机研究与发展, 2016,53(10): 2173-2188.
	WANG P , WANG D , HUANG X Y . Advances in password security[J]. Journal of Computer Research and Development, 2016,53(10): 2173-2188.

Metrics

Recommended 0

No Suggested Reading articles found!

算法	算法类型	算法特点
AEGIS^[4]	直接设计	整体采用序列密码框架，由初始化、加密、标签生成过程构成，底层算法采用 AES算法的轮函数，能够使用AES指令集
DEOXYS^[14]	直接设计	利用可调分组密码算法Deoxys-BC作为底层算法，以AES算法为基础来设计可调分组密码，进一步结合工作方式来设计认证加密算法
ASCON^[15]	直接设计	采用Sponge结构中的Duplex结构来设计，置换为SP结构中的迭代函数，轮函数包含常数加、替换层和扩散层
ACORN^[16]	直接设计	采用序列密码来设计，面向比特，包含LFSR（linear feedback shift register），具有轻量级硬件实现优势，软件实现性能较好
OCB^[1]	分组密码工作模式	OCB 算法并行运算性好，安全性可以得到证明；但 OCB 不能抵抗初始向量值（Nonce）重用，没有超越生日攻击的安全界
COLM/AES-COPA/ELMD^[14]	分组密码工作模式	利用AES分组密码算法来构造，可以通过AES指令集实现软件优化

x	S(x)	x	S(x)	x	S(x)	x	S(x)
0	7	4	b	8	f	c	0
1	4	5	a	9	e	d	3
2	9	6	d	a	1	e	2
3	c	7	8	b	6	f	5

向量置换	变换参数
PL₁₂₈	{1,3,4,6,0,2,7,5}
PR₁₂₈	{2,7,5,0,1,6,4,3}

序号	置换P	活跃S盒个数
P₀	11,5,7,9,14,8,12,1,15,0,3,2,10,6,13,4	67
P₁	6,0,8,13,1,15,5,10,4,9,12,2,11,3,7,14	67
P₂	9,7,4,11,6,0,3,8,14,5,2,13,1,15,10,12	66
P₃	0,15,11,8,12,9,6,3,13,1,2,4,10,7,5,14	66
P₄	7,2,12,5,8,4,6,11,14,9,1,15,13,3,10,0	68
P₅	6,11,12,9,10,2,15,3,0,13,1,4,7,14,8,5	66

轮数	差分路径概率
6	2^-72
7	2^-97
8	2^-123
9	2^-152

AEUR: authenticated encryption algorithm design based on uBlock round function

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 31

Related Articles 8

Metrics

Recommended 0

算法	线性攻击	伪造攻击	猜测确定攻击	状态恢复攻击	滑动攻击
SMAE	√	√	√	—	—
AEGIS	√	√	√	√	—
AEUR	√	√	√	√	√

算法	时间复杂度	空间复杂度
SMAE	O(logn)	O (n)
AMRAE	O (n)	O(logn)
AEUR	O(logn)	O (n)

算法	运行1 MB消息所需字节周期/（cycle·MB^-1）
AEGIS	0.80
AES-GCM	3.05
ALE	1.44
ACORN	9.70
AEUR	0.78

[1]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[2]	Ting WU, Chengnan HU, Qingnan CHEN, Anbang CHEN, Qiuhua ZHENG. Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition [J]. Journal on Communications, 2021, 42(3): 122-134.
[3]	Xiao YANG,Guang-li XIANG,Jiang-hong WEI,Rui-zong SUN. Security analysis and improvement of two attribute-based signature schemes [J]. Journal on Communications, 2016, 37(Z1): 168-173.
[4]	Yan XU,Liu-sheng HUANG,Miao-miao TIAN,Hong ZHONG. Provably secure and efficient certificateless sequential multi-signature scheme in random oracle model [J]. Journal on Communications, 2014, 35(11): 126-131.
[5]	. Provably secure and efficient certificateless sequential multi-signature scheme in random oracle model [J]. Journal on Communications, 2014, 35(11): 14-126.
[6]	Jun-fang XIAO,Jian LIAO,Gui-hua ZENG. Threshold ring signature for wireless sensor networks [J]. Journal on Communications, 2012, 33(3): 75-81.
[7]	Jing-jing GUI,Yu-sen ZHANG. New approach to security analysis of ad hoc routing protocols based on strand space model [J]. Journal on Communications, 2010, 31(9A): 217-222.
[8]	Hua-xi PENG,Deng-guo FENG. Security flaws and improvement to a wireless authentication protocol with anonymity [J]. Journal on Communications, 2006, 27(9): 78-85.

轮数	S盒个数
2	8
3	16
4	26
5	31
6	37
7	48
8	52
9	60
10	71