【作者】 张鹏；

【导师】 李超；

【作者基本信息】 国防科学技术大学 ， 数学， 2011， 博士

【摘要】 密码算法的组件设计与安全性分析,作为密码学领域的热点问题,在序列密码、分组密码和Hash函数的设计与分析中具有十分重要的意义。本文首先研究了作为密码算法重要组件的布尔函数的设计理论,主要研究了满足特定密码学指标的旋转对称布尔函数的构造与计数问题;而后讨论了密码算法的分析方法,对一些常见的分组密码算法,以及Hash函数中的分组密码组件进行了安全性分析。在布尔函数设计理论的研究方面,取得的主要成果有:(1)研究了具有最大代数免疫度(MAI)的偶数元旋转对称布尔函数的构造问题。给出了一个包含n/2 - 1个不同构造的一般构造类和一个高非线性度的偶数元旋转对称MAI函数的具体构造。(2)研究了偶数元平衡旋转对称MAI函数的构造问题。给出了一个偶数元平衡旋转对称MAI函数的一般性构造,并以2m元平衡旋转对称MAI函数为例,得到了一类非线性度较高的2m元平衡旋转对称MAI函数的具体构造。(3)研究了平衡旋转对称布尔函数的计数问题。通过对相关方程组解的优化和分析,不仅改进了已有的关于pr(p为素数)元平衡旋转对称布尔函数的计数下界,并首次给出了一般奇数元平衡旋转对称布尔函数的计数下界。在密码算法的安全性分析方面,取得主要成果有:(1)对完整轮数ARIRANG加密模式抵抗相关密钥矩形攻击的能力进行了评估。利用初始密钥的一个线性变换和轮函数的全1差分特性,首次给出了完整轮数ARIRANG加密模式的相关密钥矩形攻击。结果表明:ARIRANG加密模式作为分组密码使用是不安全的,它不能抵抗相关密钥矩形攻击。(2)对完整轮数HAS-V加密模式抵抗相关密钥矩形攻击的能力进行了评估。通过对HAS-V加密模式中双管加密结构和密钥扩展算法的分析,给出了一个完整100轮HAS-V加密模式的相关密钥矩形区分器。结果表明:HAS-V加密模式是不能抵抗相关密钥矩形攻击的。(3)对HIGHT算法抵抗积分攻击的能力进行了研究。通过理论推导和实验模拟,将HIGHT算法设计者给出的两个12轮积分区分器进行了更正,同时推导出两个新的17轮高阶积分区分器,并详细给出了22轮HIGHT算法基于高阶积分区分器的积分攻击。(4)对Zodiac算法抵抗积分攻击的能力进行了深入的研究。已有结果显示,Zodiac算法存在两个8轮积分区分器,本文首先通过对Zodiac算法的等价结构,以及算法概率为1的截断差分的研究,构造了Zodiac算法形式上完全一致的两个新的9轮积分区分器。并对不同轮数的Zodiac算法,特别对完整轮数的Zodiac-192,实施了积分攻击。此外,本文还将Zodiac算法的9轮积分区分器扩展成高阶积分区分器,特别得到了完整16轮Zodiac算法的高阶积分区分器,并以15轮高阶积分区分器为例,给出了完整轮数Zodiac算法的高阶积分攻击。更多还原

【Abstract】 As a hot topic in the cryptology, component design and security analysis of crypto-graphicalgorithmsplay significantroles inthedesign andanalysis ofsteamciphers, blockciphers and Hash functions. This thesis firstly investigates the design theory of Booleanfunctions,whichisanimportantcomponentofcryptographicalgorithms. Asamainstudy,the constructions and counts of rotation symmetric Boolean functions(RSBFs) with somecryptographic criteria are investigated. Then we discuss the analysis methods of crypto-graphic algorithms. Furthermore, the security of some familiar block ciphers includingsome block cipher components of Hash functions is evaluated.In the domain of the design theory of Boolean functions, the main contents and fruitsof this thesis are outlined as follows:(1) The constructions of even-variable RSBFs with maximum algebraic immunity(MAI) are studied. Firstly, we present a new construction class of even-variable RSBFswith MAI, which has totally n/2 ? 1 different constructions. And then an improved con-struction which achieves both MAI and high nonlinearity is proposed.(2)Someconstructionsofeven-variablebalancedRSBFswithMAIaregiven. Firstly,we present a new general construction of even-variable balanced RSBFs with MAI. Thenas an example, an improved construction of 2m-variable balanced RSBFs with both MAIand high nonlinearity is proposed.(3) The enumeration of the balanced RSBFs is discussed. Based on some improve-ment and analysis of the solutions of the correlative equation system, the lower bound onthe number of pr-variable balanced RSBFs is improved, where p is a prime. And then fora general odd n, a lower bound on the number of n-variable balanced RSBFs is providedfor the first time.In the domain of the security analysis of cryptographic algorithms, the main contentsand fruits of this thesis are outlined as follows:(1) The security of the full round ARIRANG encryption mode against related-keyrectangle attack is evaluated. Based on a linear transformation of the master key andthe all-one differential of the round function, a related-key rectangle attack of the full40-round ARIRANG encryption mode is presented. The result shows that the ARIRANG encryption mode as a block cipher is not safe, it is not immune to the related-key rectangleattack.(2)ThesecurityofthefullroundHAS-Vencryptionmodeagainstrelated-keyrectan-gle attack is evaluated. Through the analysis of the two parallel-line encryption structureandthekeyscheduleoftheHAS-Vencryptionmode, arelated-keyrectangledistinguisherof the full 100-round HAS-V encryption mode is presented. The result shows that theHAS-V encryption mode is not immune to the related-key rectangle attack.(3) The resistance of HIGHT against integral attack is discussed. Through the the-oretic deducibility and computer simulation, we point out and correct an error in the 12-round integral distinguishers given by the HIGHT proposers. And then two new 17-roundhigher order integral distinguishers are described. Based on which, we present an integralattack on 22-round HIGHT in detail.(4) The resistance of Zodiac against integral attack is investigated deeply. Knownresults show that there are two 8-round integral distinguishers of Zodiac. Firstly, by theanalysis of the equivalent structures and truncated differential with probability being 1,two new 9-round integral distinguishers which are accordant formally are proposed. Thenthe integral attacks are applied to Zodiac with different rounds. Particularly, an integralattack on the full 16-round Zodiac-192 is presented. Additionally, the 9-round integraldistinguishers of Zodiac are extended to the higher order integral distinguishers. Espe-cially, a full 16-round higher order integral distinguisher of Zodiac is obtained. Based onthe 15-round higher order integral distinguishers, the higher order integral attacks on thefull round Zodiac are presented.更多还原