【作者】 李璇；

【导师】 张国基；

【作者基本信息】 华南理工大学 ， 计算机应用技术， 2012， 博士

【摘要】 随着计算机和通信技术的发展，信息作为一种重要的战略资源，其安全保障能力已成为一个国家综合国力的重要组成部分。信息加密是现今保障信息安全的关键技术和重要手段，在政治、军事、商务、金融等应用领域中起着举足轻重的作用。世界许多国家都研制了自己的加密体制，我国也将开发新的国有化密码技术列为信息领域的优先课题。对称密码由于其高速便捷的优点，被广泛应用于各个领域，其研究的关键问题之一是密钥流发生器的设计。本文的研究工作主要包括两个方面：1.提出了一种基于广义信息域离散轨迹变换的三元组密钥流发生器。广义信息域(GID)是指所有可表示为二进制编码的数据构成的空间。三元组密钥流发生器引入广义信息域作为熵源空间，用户选择的广义信息作为真随机熵源。由于用户选择熵源的真随机性和任意性，消除用户选择熵源中存在的统计缺陷是必要的。我们设计了多轮重构的方法对熵源进行预处理，采用多重关键技术得到满足规模和统计特性需要的背景。在此基础上，使用时变不重复、随机性和个性化的初始随机动态因子，采用空间映射、约束判断和周期性变轨控制等方法，通过迭代反馈机制实现背景上的离散轨迹变换，生成任意长度的性能优良的密钥流。三元组密钥流发生器中，初始随机动态因子作为初值，广义信息、重构参数和轨迹变换参数作为密钥空间，共同构成了密钥流生成算法、初值和密钥空间的三元结构。三元组密钥流发生器有很大的密钥空间，通过了严格的NIST SP800-22随机性测试，具有初值敏感、周期不重复等混沌特性，构成一个用户选择真随机熵源的离散混沌动力系统，可长期提供不重复的密钥流。2.基于三元组密钥流发生器的特点，研究其在密码体系中的应用，提出了三元组动态加密算法。三元组动态加密算法包括动态分组加密、轨迹地址轮换及流加密三个模块。动态分组加密模块通过明文扩展分组、对偶地址变换等环节完成组内的混淆扩散，轨迹地址轮换及流加密模块完成整体的置乱混淆，最终实现了理想的加解密效果，能够很好地隐藏明文的统计特性如直方图、熵值、相邻像素点分布等，具有初值敏感性。三元组动态加密算法中，密文长度和加密细节由密钥流和轨迹地址序列动态确定，隐藏了明文长度，实现了算法的动态可变性。结合三元组密钥流发生器的混沌特性，三元组动态加密算法从技术上确保随机不重复产生密钥流及加密算法，实现“一次一密文”的加密效果。实际使用时，密钥空间由用户封装使用，无需安全信道传送，初值和密文可以通过公开信道实现传输。基于广义信息域离散轨迹变换的三元组密钥流发生器及三元组动态密码算法是课题小组自主提出的密码体系。该密码体系的思路及技术实现方法均具有创新意义，已通过国家安全检测，授权4项国家发明专利，开发了多个加密产品，特别适用于保障国防等重要领域的信息安全。更多还原

【Abstract】 With the development of computer and communication technologies, information hasbeen considered as an important strategic resource, and the capability of protectinginformation security has become an important part of a country’s comprehensive nationalstrength. Information encryption is the key technology and important method of protectinginformation security at present, which plays an important role in the politics, military,business, finance and other applications. Many countries around the world have developedtheir own encryption systems, and China has also put the development of new state-ownedcryptography as a priority research project in the information field. Symmetric cryptographyhas been widely used in various fields because of its fast and convenient advantages, and oneof the key issues in symmetric cryptography is the design of the key stream generator.The main research work in this paper includes two aspects:1. Propose a ternary key stream generator based on discrete trajectory transform ingeneralized information domain.Generalized information domain (GID) is the space of all digital information that can beexpressed by binary code. The ternary key stream generator introduces GID as the space ofentropy source and the generalized information that user chooses as true random entropysource. Since user’s choice is random and arbitrary, it’s necessary to eliminate the statisticaldefects existing in the entropy source. We design a multi-round reconstruction method topretreat the entropy source, and use multiple crucial technologies to obtain a backgroundwhich satisfies the requirements of size and statistical properties. On this basis, we employ aninitial random dynamic element which is time-varying, random and personal, and use somemethods such as space mapping, constraint judgment and periodic orbit-changed control torealize the discrete trajectory transform on the background by iteration-feedback mechanismand generate a key stream of any length which has good properties.The ternary key stream generator takes the initial random dynamic element as the initialvalue, and the generalized information, reconstruction parameters, trajectory transformparameters as the key space, which form the ternary structure together with the key streamgeneration algorithm. The ternary key stream generator has a large key space, passes the strictrandomness test NIST SP800-22, and shows good chaotic properties such as sensitivity toinitial value and avoidance of repeated period. The ternary key stream generator constructs adiscrete chaotic dynamical system with true random entropy source user chooses and is ableto provide no-repeat key streams for a long time. 2. Based on the characteristics of the ternary key stream generator, we study itsapplication in cryptography and propose a ternary dynamic encryption algorithm.The ternary dynamic encryption algorithm consists of three parts: dynamic blockencryption, trajectory address permutation and stream encryption. In dynamic blockencryption, the plaintext is expanded and devided to groups, and the bytes at the symmetricaddresses are transformed to finish the confusion and diffusion process in each group. Thenwe use the trajectory address permutation and stream encryption to finish the overallpermutation and confusion process. The ternary dynamic cryptographic algorithm showssatisfactory encryption and decryption performances. It is able to well hide the statisticalcharacters of plaintext such as histogram, entropy value and distribution of neighboring pixels;moreover, it shows good sensitivity to initial value. In the ternary dynamic encryptionalgorithm, the length of ciphertext and the details of encryption algorithm are dynamicallydetermined by the key stream and trajectory address sequence, which hides the length ofplaintext and realizes the changeability of the encryption algorithm. With chaotic properties ofthe ternary key stream generator, the ternary dynamic encryption algorithm technicallyensures that the generated key streams and encryption algorithms do not repeat, which helpsto achieve the result of “One time ciphertext”. In practical use, the key space is encapsulatedfor users and do not need transmission through secure information channels, while the initialvalue can be transmitted together with the ciphertext through public information channels.The ternary key stream generator and the ternary dynamic encryption algorithm based ondiscrete trajectory transform in generalized information domain are independently proposedby our research team. The idea and implementation method of this cryptosystem are bothinnovative. The cryptosystem has passed the national secure test and been authorized fournational invention patents; moreover, several cryptographic products are developed based onit. The cryptosystem proposed in this paper is quite suitable for guaranteeing informationsecurity in some important fields such as national defense.更多还原