WO2009104827A1 - Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box - Google Patents
Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box Download PDFInfo
- Publication number
- WO2009104827A1 WO2009104827A1 PCT/KR2008/000996 KR2008000996W WO2009104827A1 WO 2009104827 A1 WO2009104827 A1 WO 2009104827A1 KR 2008000996 W KR2008000996 W KR 2008000996W WO 2009104827 A1 WO2009104827 A1 WO 2009104827A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vector
- finite field
- key stream
- outputting
- stream
- Prior art date
Links
- 239000013598 vector Substances 0.000 title claims abstract description 161
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000036039 immunity Effects 0.000 abstract description 12
- 238000010586 diagram Methods 0.000 description 6
- 239000000047 product Substances 0.000 description 6
- 238000006467 substitution reaction Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000470 constituent Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
Definitions
- the present invention relates to an encryption of data security, and more particularly to a method and apparatus for generating a key stream for a stream cipher, an S-box for a block cipher and a method for substituting an input vector using the S-box.
- the stream cipher is a method to accomplish a cipher text by generating a key stream having a length such as a plain text and by XOR-operating the plain text with the key stream in bits.
- a linear feedback shift register (LFSR) is mainly used in order to generate the key stream. If the LFSR is used, a key stream having a maximum period that can be accomplished by a finite state machine can be easily obtained and a mathematical analysis can be easily performed. However, if the LFSR is used in single, it is easily decrypted so that a key stream is commonly generated by nonlinearly coupling the state values of each state of the LFSR or by nonlinearly coupling the output of the plurality of LFSR.
- a nonlinear Boolean function As a function for nonlinear coupling in the stream cipher or a function for correspondence to the input or output in the S-box, a nonlinear Boolean function is used.
- the nonlinear Boolean function preferably has high nonlinearity.
- Boolean power function As the nonlinear Boolean function, Boolean power function is currently used and a Boolean inverse function, which is the sort of the Boolean power function is mainly used.
- the Boolean inverse function means a function that outputs the inverse of multiplication over a finite field rather than a predetermined input.
- the Boolean inverse function is known to have high nonlinearity.
- a method for generating a key stream for a stream encryption comprising: receiving a vector x that represents each state value of n(2 ⁇ n ⁇ N) stages from an N-stage linear feedback shift register (LFSR) that generates a pseudo-random binary sequence; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field
- LFSR linear feedback shift register
- ⁇ represents the primitive element
- x represents an element of the finite field F 2 , corresponding to the vector x
- w represents an element of the vector space
- the output of the key stream comprises outputting the result values of log ⁇ ( *) according to the following equation as the key stream: [16]
- ⁇ represents addition in the vector space.
- the outputting the key stream comprises outputting the result values of a function combined log ⁇ ( x) that has primitive elements, different from each other, of the finite field
- a method for generating a key stream for a stream cipher comprising: receiving a vector x that has the output values of each of n linear feedback shift register (LFSR)s that generate a pseudo-random binary sequence as components; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field
- LFSR linear feedback shift register
- a method for substituting an input vector for a block cipher using a S-box comprising: receiving a vector x having n components: and outputting a vector for which the vector x is substituted using a logarithmic function over a finite field having a primitive element of the finite field
- w represents an element of the vector space
- ⁇ represents addition in the vector space.
- outputting the substituted vector comprises outputting the result values of the function combined that has primitive elements, different from each other, of the finite field
- w represents an element of the vector space F" 2 corresponding to w .
- ⁇ represents addition in the vector space.
- the outputting the substituted vector comprises outputting the substituted vector using a lookup table corresponding to a vector to be substituted for the vector x according to the logarithmic function.
- a key stream generation apparatus for a stream cipher, comprising: an N-stage linear feedback shift register (LFSR) that generates a pseudorandom binary sequence; and an nonlinear module that receives a vector KK that represents each state value of n (2 ⁇ n ⁇ N) stages from the N-stage linear feedback shift register (LFSR) and outputs a key stream using a logarithmic function over a finite field having a primitive element of the finite field
- LFSR linear feedback shift register
- a S -box for a block cipher which receives a vector x having n components and outputs a vector for which the vector KK is substituted using a logarithmic function over a finite field having a primitive element of the finite field r 2 " corresponding to a vector space
- FIG. 1 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention
- FIG. 2 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention
- FIG. 3 is a schematic block diagram of a block encryption apparatus including an S- box for a block cipher according to an embodiment of the present invention.
- FIG. 1 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention.
- the stream encryption apparatus according to the present invention includes an N-stage linear feedback shift register (LFSR) 11, an nonlinear module 12, and an XOR operator 13.
- LFSR 11 and the nonlinear module 12 form a key stream generation apparatus for a stream cipher according to the present embodiment.
- the nonlinear module 12 may be an nonlinear filter generator.
- the LFSR 11 has N stages, that is, N registers, and generates a pseudo-random binary sequence in synchronization with a clock given from the external, having a predetermined period.
- a vector x that has the respective stage values
- X V ' " ' X n of a predetermed n(2 ⁇ n ⁇ N) stage of stages of LFSR 11 as components is input to the nonlinear module 12 described to be later in synchronization with the clock.
- the respective stage values xv ' " ⁇ > x n have 0 or 1.
- the nonlinear module 12 receives the vector x to output a key stream value z, in synchronization with the clock, using the nonlinear Boolean function.
- the XOR operator 13 outputs a cipher text
- log ⁇ ( * ) according to the following equation is input as a key stream.
- (T) in the vector space is to output a certain components of the output vector of as the key stream.
- an nonlinear module 12 may output values of a function combined with a Boolean function that has primitive elements, different from each other, of a finite field
- the values of the function in which log ⁇ ( *) is linearly combined with log l" ⁇ x) may be output as a key stream.
- FIG. 2 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention.
- the stream encryption apparatus according to the present invention includes n linear feedback shift register (LFSR)s 21-1, 21-2, ..., and 21-n, an nonlinear module 22, and an XOR operator 23.
- the n LFSRs 21-1, 21-2, ..., and 21-n and the nonlinear module 22 form a key stream generation apparatus for a stream cipher according to the present embodiment.
- the nonlinear module 22 may be a nonlinear combination generator.
- each of the n LFSRs 21-1, 21-2, ..., and 21-n generates a pseudo-random binary sequence in synchronization with a clock given from the outside, having a predetermined period, and inputs the pseudo-random binary sequence to the nonlinear module 22.
- a vector X having bit values
- FIG. 3 is a schematic block diagram of a block encryption apparatus including an S- box for a block cipher according to an embodiment of the present invention.
- the block encryption apparatus according to the present invention is based on the Advanced Encryption Standard (AES), wherein a permutation of several rounds and a substitution using a S-box are applied to a plain text block.
- AES Advanced Encryption Standard
- FIG. 3 With the present embodiment, a block is divided into s sub-blocks for a substitution and thus a substation is applied to each sub-block using a S-box.
- the S-box according to the present embodiment is not limited to the block encryption apparatus according to the structure shown in FIG. 3, but may also be applied to any block encryption to which a substitution in block unit is applied.
- one plain text block has n X s bits, and the vectors
- — z, l — z, s are input to a first S-box, ..., and s S-box 32-1, ..., and 32-s, respectively.
- the first S- box, ..., and the s S-box 32-1, ..., and 32-s use a nonlinear Boolean function for the vectors input to output the substituted vectors
- the S-box 32 uses the nonlinear Boolean function to output a vector w for which the vector x is substituted.
- the S-box 32 uses a logarithmic function over a finite field having a primitive element of the finite field
- the S-box 32 outputs the vector w that is substituted according to a one-to-one correspondence function
- the S-box 32 stores a lookup table provided in order that the vector
- the table 3 may be used as a lookup table in the S-box 32.
- the S-box 32 may output values of a function combined with a Boolean function that has primitive elements, different from each other, of a finite field
Abstract
The present invention discloses a method and an apparatus for generating a key stream for a stream cipher, an S-box for a block cipher and a method for substituting an input vector using the S-box. According to the present invention, there is provided a method for generating a key stream for a stream encryption, comprising: receiving a vector that represents each state value of n(2≤n≤N) stages from an N-stage linear feedback shift register (LFSR) that generates a pseudo¬ random binary sequence; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field corresponding to a vector space that represents the vector as a base. With the present invention, high nonlinearity and optimal algebraic immunity can be obtained.
Description
Description
METHOD AND APPARATUS FOR GENERATING KEY
STREAM FOR STREAM CIPHER, S-BOX FOR BLOCK CIPHER
AND METHOD FOR SUBSTITUTING INPUT VECTOR USING
THE S-BOX Technical Field
[1] The present invention relates to an encryption of data security, and more particularly to a method and apparatus for generating a key stream for a stream cipher, an S-box for a block cipher and a method for substituting an input vector using the S-box. Background Art
[2] As the necessity for data security grows with the development in science and technology, the importance of a stream cipher increased every day. As the representative method for the encryption, there are a stream cipher and a block cipher.
[3] The stream cipher is a method to accomplish a cipher text by generating a key stream having a length such as a plain text and by XOR-operating the plain text with the key stream in bits. In the stream cipher, a linear feedback shift register (LFSR) is mainly used in order to generate the key stream. If the LFSR is used, a key stream having a maximum period that can be accomplished by a finite state machine can be easily obtained and a mathematical analysis can be easily performed. However, if the LFSR is used in single, it is easily decrypted so that a key stream is commonly generated by nonlinearly coupling the state values of each state of the LFSR or by nonlinearly coupling the output of the plurality of LFSR.
[4] The block cipher is a method to accomplish a cipher text in a block unit by dividing a plain text in predetermined units in order to make a cipher text and by performing an encryption process for each unit. As standards for the block cipher, there are Data Encryption Standard (DES) and Advanced Encryption Standard (AES), etc. The block cipher is developed as a process forming a function not easily decrypted by mainly repeatedly applying a simple function, and such a repetition is represented by a round. In a block encryption, a process of substituting a block having a predetermined bit is generally performed for each round, and a module performing such a substitution is named as an S-box.
[5] As a function for nonlinear coupling in the stream cipher or a function for correspondence to the input or output in the S-box, a nonlinear Boolean function is used. The nonlinear Boolean function preferably has high nonlinearity. As the nonlinear Boolean function, Boolean power function is currently used and a Boolean inverse
function, which is the sort of the Boolean power function is mainly used. The Boolean inverse function means a function that outputs the inverse of multiplication over a finite field rather than a predetermined input. The Boolean inverse function is known to have high nonlinearity.
[6] A cryptoanalysis means a process to find a plain text from a cipher text by finding an encryption key used in the encryption or supplement information, and may also be named as a cipher attack. In various cipher attack methods, as an algorithm that solves a multivariate high-order simultaneous equation known as a NP-complete problem has been known. A study on an algebraic attack has started. The algebraic attack is a method to use a basic algebraic equation of an inner algorithm with the known input/ output pairs and is a method to obtain variable values using the overdefined multivariate simultaneous equation and to restore a key using thereof.
[7] The degree strong against the algebraic attack is referred to as an algebraic immunity.
In the document [N. Courtois and W. Meier, "Algebraic Attacks on Stream Ciphers with Linear Feedback," EUROCRYPT 2003, LNCS 2656, pp. 346-359. Springer- Verlag, 2003.], it is known that the algebraic immunity against random Boolean function is equal to or less than the half of the number of an input vector, that is, n ~2
. In other document [Y. Nassir, G. Gong, and K.C. Gupta, "Upper Bounds on Algebraic Immunity of Boolean Power Functions," LNCS 4047, pp. 375-389, Springer- Verlag, 2006], it is known that the upper limit of the algebraic immunity, the Boolean power function can be increased in proportion to the square root of the number of an input vector. As n becomes larger, the square root of the number of the input vector has values smaller than the half of the number of the input vector. Therefore, when the number of the input vector becomes large, if the key stream is generated or the S-box is designed using the Boolean power function, a problem arises in that the algebraic immunity doen not increase in correspondece thereto. Disclosure of Invention Technical Problem
[8] An object of the present invention is to provide a method and an apparatus for generating a key stream for a stream cipher that has high nonlinearity and optimal algebraic immunity, an S-box for a block cipher and a method for substituting an input vector using the S-box. Technical Solution
[9] In order to accomplish the above object, according to an embodiment of the present invention, there is provided a method for generating a key stream for a stream
encryption, comprising: receiving a vector x that represents each state value of n(2≤n≤N) stages from an N-stage linear feedback shift register (LFSR) that generates a pseudo-random binary sequence; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field
F. corresponding to a vector space
, which represents the vector x as a base. [10] The outputting the key stream comprises outputting a predetermined component of the vector that is the result value of the logarithmic function as the key stream. [11] The logarithmic function is represented by the following equation:
[12] [13]
LlUs # — oft i n other case
[14] where α represents the primitive element, x represents an element of the finite field F2, corresponding to the vector x , and w represents an element of the vector space
F"2 corresponding to w
[15] At this time, the output of the key stream comprises outputting the result values of log Λ ( *) according to the following equation as the key stream: [16]
1171 iog )= (ϊ) - zoG-ω&ΦΪ)
[18] where
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[19] Also, the outputting the key stream comprises outputting the result values of a function combined log Λ ( x) that has primitive elements, different from each other, of the finite field
[22] where
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[23] In order to accomplish the above object, according to an embodiment of the present invention, there is provided a method for generating a key stream for a stream cipher, comprising: receiving a vector x that has the output values of each of n linear feedback shift register (LFSR)s that generate a pseudo-random binary sequence as components; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field
Fl
corresponding to a vector space
*V that represents the vector x as a base.
[24] In order to accomplish the above object, according to an embodiment of the present embodiment, there is provided a method for substituting an input vector for a block cipher using a S-box, comprising: receiving a vector x having n components: and outputting a vector for which the vector x is substituted using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
that represents the vector x as a base.
[25] The logarithmic function is represented by the following equation:
[28] wherein the outputting the substituted vector comprises outputting the result values of
as the substituted vector, [29] where
(X represents the primitive element, x represents an element of the finite field
^2"
corresponding to the vector
w represents an element of the vector space
corresponding to w
, and
Θ represents addition in the vector space.
[30] The logarithmic function is represented by the following equation:
[31] [32]
{Wi a? — cfi i n other case
[33] wherein the outputting the substituted vector comprises outputting the result values of the function combined
that has primitive elements, different from each other, of the finite field
*V as bases, as the substituted vector, [34] where
(X represents the primitive element, x represents an element of the finite field
*V corresponding to the vector
w represents an element of the vector space
F"2 corresponding to w , and
Θ represents addition in the vector space.
[35] The outputting the substituted vector comprises outputting the substituted vector using a lookup table corresponding to a vector to be substituted for the vector x according to the logarithmic function.
[36] In order to accomplish the above object, according to an embodiment of the present embodiment, there is provided a key stream generation apparatus for a stream cipher, comprising: an N-stage linear feedback shift register (LFSR) that generates a pseudorandom binary sequence; and an nonlinear module that receives a vector KK that represents each state value of n (2<n≤N) stages from the N-stage linear feedback shift register (LFSR) and outputs a key stream using a logarithmic function over a finite field having a primitive element of the finite field
^2" corresponding to a vector space
that represents the vector x as a base.
[37] In order to accomplish the above object, according to an embodiment of the present embodiment, there is provided a key stream generation apparatus for a stream cipher, comprising: n linear feedback shift register (LFSR)s that generate a pseudo-random binary sequence as components; and an nonlinear module that receives a vector x that has the output values of each of the n linear feedback shift register (LFSR)s as components and outputs a key stream using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
Fl
that represents the vector x as a base.
[38] In order to accomplish the above object, according to an embodiment of the present embodiment, there is provided a S -box for a block cipher which receives a vector x having n components and outputs a vector for which the vector KK is substituted using a logarithmic function over a finite field having a primitive element of the finite field r 2 " corresponding to a vector space
that represents the vector x as a base.
Advantageous Effects
[39] With the present invention as described above, a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
that represents an input vector x as a base, making it possible to obtain high nonlinearity and optimal algebraic immunity. Brief Description of Drawings
[40] FIG. 1 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention; [41] FIG. 2 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention; and [42] FIG. 3 is a schematic block diagram of a block encryption apparatus including an S- box for a block cipher according to an embodiment of the present invention.
Best Mode for Carrying out the Invention [43] Hereinafter, the preferred embodiments of the present invention will be described in
detail with reference to the accompanying drawings. The respective constituents substantially the same as in the description and the drawings hereinbelow are indicated using the same reference numerals and thus the overlapped explanation thereof will be omitted. Also, when explaining the present invention, if it is judged that the specific explanation on the related well-known constitution or function may make the gist of the present invention obscure, the detailed explanation thereof will be omitted.
[44] FIG. 1 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention. The stream encryption apparatus according to the present invention includes an N-stage linear feedback shift register (LFSR) 11, an nonlinear module 12, and an XOR operator 13. The LFSR 11 and the nonlinear module 12 form a key stream generation apparatus for a stream cipher according to the present embodiment. In the present invention, the nonlinear module 12 may be an nonlinear filter generator.
[45] The LFSR 11 has N stages, that is, N registers, and generates a pseudo-random binary sequence in synchronization with a clock given from the external, having a predetermined period. A vector x that has the respective stage values
XV ' " 'Xn of a predetermed n(2≤n≤N) stage of stages of LFSR 11 as components is input to the nonlinear module 12 described to be later in synchronization with the clock. The respective stage values xv ' " ~>xn have 0 or 1. [46] The nonlinear module 12 receives the vector x to output a key stream value z, in synchronization with the clock, using the nonlinear Boolean function. [47] The XOR operator 13 outputs a cipher text
C 1 by XOR-operating a plain text
with the key stream
[48] In the nonlinear module 12, a logarithmic function over a finite field having a primitive element α of the finite field
corresponding to a vector space
that represents the vector x as a base is used as the nonlinear Boolean function. [49] Hereinafter, the logarithmic function over the finite field used in the nonlinear module 12 will be described in more detail. [50] The vector x= (xv- -,xn) is an element of the vector space
that represents a binary variable. If the primitive element of the finite field
corresponding to the vector space
is α
, the element of the finite field
corresponding to the vector
is represented by the following equation.
[51] [Equation 1]
[52] n
corresponding to a non-negative integer
ΛV smaller than
2 "- l is w= (wv - - ,wn)
, the following equation is made.
[55] [Equation 2]
[57] At this time, the logarithmic function
over the finite field having the primitive element α as the base, having the input vector as
and the output as w
, may be defined by the following equation.
[58] [Equation 3] [59]
1,«;, a? — Of1", in other case
[60] In the logarithmic function
which is a
Boolean function, there exists a one-to-one correspondence between n bit input and n
bit output. [61] For example, in case of n=3 and primitive polynomial of x
, the binary vectors corresponding to the element over the finite field
is represented by the following table.
[62] [Table 1]
[63] ϋ O O ϋ
O O 1
A1 O 1 O
1 (J O o3 O 1 1
1 1 O a' 1 1 1
1 O 1
[64] At this time, in case of x=(l, 1,0) in equation 3, the corresponding element of the finite field
is
4 X=(X so that the non-negative integer w =4 and the corresponding element of the vector space
^=(1,0,0) are obtained.
, there also exist a one-to-one correspondence. In the present embodiment, logΛ ( *) according to the following equation is input as a key stream.
represents an inner product in the vector space, and
Θ represents addition in the vector space. [69] The reason why the inner product is performed on
and
(T) in the vector space is to output a certain components of the output vector of
as the key stream. [70] If the inner product is performed on
and
(T) in the vector space, left-most component of the output vector of
is obtained. Other component of the output vector of
may also be obtained as the key stream and in this case, the vector on which the inner product is performed uses a proper vector other than
(T)
[71] It can be appreciated that the output values according to Equation 4 have the same number of 0 and 1 for all input vectors
[72] Also, in a modified embodiment of the present invention, an nonlinear module 12 may output values of a function combined with a Boolean function that has primitive elements, different from each other, of a finite field
corresponding to a vector space
that represents an input vector x as bases, respectively, according to Equation 4, as a key stream. For example, if the primitive elements, different from each other, of the finite field
*V are α and β
, the values of the function in which log Λ ( *) is linearly combined with log l"\ x) may be output as a key stream. Assuming that
is a linearly combined random function, the values of the key stream output will be represented as
/(log^x
[73] FIG. 2 is a schematic block diagram of a stream encryption apparatus including a key stream generation apparatus according to an embodiment of the present invention. The stream encryption apparatus according to the present invention includes n linear feedback shift register (LFSR)s 21-1, 21-2, ..., and 21-n, an nonlinear module 22, and an XOR operator 23. The n LFSRs 21-1, 21-2, ..., and 21-n and the nonlinear module 22 form a key stream generation apparatus for a stream cipher according to the present embodiment. In the present invention, the nonlinear module 22 may be a nonlinear combination generator.
[74] Differently from the stream encryption apparatus in FIG. 1, in the stream encryption apparatus according to the present embodiment, each of the n LFSRs 21-1, 21-2, ..., and 21-n generates a pseudo-random binary sequence in synchronization with a clock given from the outside, having a predetermined period, and inputs the pseudo-random binary sequence to the nonlinear module 22. In other words, a vector
X having bit values
output from each of the n LFSRs 21-1, 21-2,..., and 21-n for each clock as components are input to the nonlinear module 22. Other operations of the nonlinear module 22 and the XOR operation 23 are the same as those of the nonlinear module 12 and the XOR operation 13 in FIG. 1, such that the detailed explanation thereof will be omitted.
[75] FIG. 3 is a schematic block diagram of a block encryption apparatus including an S- box for a block cipher according to an embodiment of the present invention. The block encryption apparatus according to the present invention is based on the Advanced Encryption Standard (AES), wherein a permutation of several rounds and a substitution using a S-box are applied to a plain text block. For convenience, only i round permutation and substitution and i+lst round permutation are shown in FIG. 3. With the present embodiment, a block is divided into s sub-blocks for a substitution and thus a substation is applied to each sub-block using a S-box. The S-box according to the present embodiment is not limited to the block encryption apparatus according to the structure shown in FIG. 3, but may also be applied to any block encryption to which a substitution in block unit is applied.
[76] Vectors
— (Ϊ— I)5 I —(z- l), s
W , m " i w corresponding to each of the s sub-blocks are input to the ith permutation 31 from the i-lst round. The i permutation 31 applies permutation to the s sub-blocks to output the vectors
— z, l — z, s
. In the present embodiment, one plain text block has n X s bits, and the vectors
-(Z- I)5 I -Cz- I)5 S S
W , • - - , W and
— z, l — z, s
X , ' - ' , X each have n components. [77] The vectors
— z, l — z, s
are input to a first S-box, ..., and s S-box 32-1, ..., and 32-s, respectively. The first S- box, ..., and the s S-box 32-1, ..., and 32-s use a nonlinear Boolean function for the vectors input to output the substituted vectors
— i, 1 — i, s w ,• - - , w
[78] The vectors
— i, 1 — i, s w ,- - - , w are input to the i+lst permutation 33, and the i+lst permutation 31 outputs vectors
— (i+ l), l —(ι+ l),s by applying the permutation thereto, in the same manner as the i permutation 31. [79] The operations of the first S-box, ..., and the s S-box 32-1, ..., and 32-s are all the same and the forms of the input vectors, that is,
— i, 1 — i,s
Jb 5 " " " 5 "^ and
— i, 1 — i, s w , ■ ■ • , »
, has the n components. Therfore, the first S-box, ..., and the s S-box 32-1, ..., and 32-s will be called S-box 32, x and w below. [80] For the vector x input, the S-box 32 uses the nonlinear Boolean function to output a vector w for which the vector x is substituted. In particular, as the nonlinear Boolean function, the S-box 32 uses a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
Fl
that represents the vector x as a base. Here, as the logarithmic function,
LOG^{ {x) according to equations 1 to 3 described above is used and in the present embodiment, the S-box 32 outputs the vector w that is substituted according to a one-to-one correspondence function
[81] For example, if n=4, a primitive polynomial is x H-Jf -I- 1 , and a primitive element is α
, binary vectors corresponding to an element over the finite field
*V are represented by the following table. [82] [Table 2]
[83]
[84] At this time, the result values of the function
for the binary vectors are represented by the following table.
[85] [Table 3]
[86] 0000 0000(0) 0100 1000(8) lϋOO 1110(14) 1 100 1101(13)
0001 1111(15) 0101 0010(2) 1001 0011 C3) 1 101 0110(6)
0010 0100(4) 0110 1010(10) 1010 0111(7) 1 110 1100(12)
0011 0001(1) 0111 0101(5) 1011 1001(9) 1 111 1011(11)
[87] In the present embodiment, the S-box 32 stores a lookup table provided in order that the vector
input corresponds to a vector to be substituted according to the function
LOG^KxΦΪ
, and outputs the vector for which the vector x is substituted using the lookup table. In this case, if there are 4 bit-input and 4-bit output, the table 3 may be used as a lookup table in the S-box 32.
[88] Also, in a modified embodiment of the present invention, the S-box 32 may output values of a function combined with a Boolean function that has primitive elements, different from each other, of a finite field
corresponding to a vector space
that represents an input vector x as bases, respectively, according to the function
LOGtKxΦΪ) . For example, if the primitive elements, different from each other, of the finite field
*V are α and β , the values of the function in which
is linearly combined with
may be output as a key stream. Assuming that
[89] Regarding n of 4<n<19 in the embodiments as described above, after comparing nonlinearity between the function
log Λ { *) according to equation 4 and the Boolean inverse function, it can be appreciated that the nonlinearity of the function log i"\ x) is equal to or higher than that of the Boolean inverse function. [90] Regarding n of 6<n<18, after comparing algebraic immunity between the function log : ( \~χ) according to equation 4 and the Boolean inverse function, it can be appreciated that the algebraic immunity of the function log in\ x) is more excellent than that of the Boolean inverse function and furthermore, it matches with the maximum algebraic immunity
Tl
~2 that a random Boolean function can have
[91] With the present invention as described above, a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
that represents an input vector x as a base, making it possible to obtain high nonlinearity and optimal algebraic immunity.
[92] Although the preferred embodiment of the present invention is described, it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the inventions. Thus, it is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
Claims
[1] A method for generating a key stream for a stream encryption, comprising: receiving a vector x that represents each state value of n(2=n=N) stages from an N-stage linear feedback shift register (LFSR) that generates a pseudo-random binary sequence; and outputting a key stream using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
that represents the vector x as a base.
[2] The method according to claim 1, wherein the output of the key stream comprises outputting a certain component of the vector that is the result value of the logarithmic function as the key stream.
[3] The method according to claim 1, wherein the logarithmic function is represented by the following equation:
in other case where
(X represents the primitive element, x represents an element of the finite field
[4] The method according to claim 3, wherein the outputting the key stream comprises outputting the result values of log : ( \~χ) according to the following equation as the key stream:
where
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[5] The method according to claim 3, wherein the outputting the key stream comprises outputting the result values of a function combined log i"\ x) that has primitive elements, different from each other, of the finite field
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[6] A method for generating a key stream for a stream cipher, comprising: receiving a vector x that has the output values of each of n linear feedback shift register (LFSR)s that generates a pseudo-random binary sequence as components; and outputting a key stream using a logarithmic function over a finite field having a
primitive element of the finite field
corresponding to a vector space
that represents the vector x as a base.
[7] The method according to claim 6, wherein the outputting the key stream comprises outputting a certain component of the vector that is the result value of the logarithmic function as the key stream.
[8] The method according to claim 6, wherein the logarithmic function is represented by the following equation:
i n other case where
OC represents the primitive element, x represents an element of the finite field
[9] The method according to claim 8, wherein the outputting the key stream comprises outputting the result values of _ according to the following equation as the key stream:
where
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[10] The method according to claim 8, wherein the outputting the key stream comprises outputting the result values of a function combined log i"\ x) that has primitive elements, different from each other, of the finite field
represents an inner product in the vector space, and
Θ represents addition in the vector space.
[11] A method for substituting an input vector for a block cipher using a S-box, comprising: receiving a vector x having n components: and outputting a vector for which the vector x is substituted using a logarithmic function over a finite field having a primitive element of the finite field
[12] The method according to claim 11, wherein the logarithmic function is represented by the following equation:
wherein the outputting the substituted vector comprises outputting the result values of
LOGJ aTKXΘΪ as the substituted vector, where α represents the primitive element,
X represents an element of the finite field
corresponding to the vector
w represents an element of the vector space F"2 corresponding to w , and
Θ represents addition in the vector space.
[13] The method according to claim 11, wherein the logarithmic function is represented by the following equation:
{Wi SC — Of1", i n other case wherein the outputting the substituted vector comprises outputting the result values of the function combined
LOG^Kxθϊ
that has primitive elements, different from each other, of the finite field
*V as bases, as the substituted vector, where
OC represents the primitive element, x represents an element of the finite field
^2" corresponding to the vector
ΛV
, and
Θ represents addition in the vector space.
[14] The method according to claim 11, wherein the outputting the substituted vector comprises outputting the substituted vector using a lookup table corresponding to a vector to be substituted for the vector x according to the logarithmic function. [15] A key stream generation apparatus for a stream cipher, comprising: an N-stage linear feedback shift register (LFSR) that generates a pseudo-random binary sequence; and a nonlinear module that receives a vector x that represents each state value of n(2≤n≤N) stages from the N-stage linear feedback shift register (LFSR) and outputs a key stream using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
that represents the vector x as a base. [16] A key stream generation apparatus for a stream cipher, comprising: n linear feedback shift register (LFSR)s that generate a pseudo-random binary sequence as components; and a nonlinear module that receives a vector x that has the output values of each of the n linear feedback shift register (LFSR)s as components and outputs a key stream using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
F\ that represents the vector x as a base. [17] An S-box for a block cipher which receives a vector x having n components and outputs a vector for which the vector x is substituted using a logarithmic function over a finite field having a primitive element of the finite field
corresponding to a vector space
F"2 that represents the vector x as a base.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020107018455A KR101131167B1 (en) | 2008-02-20 | 2008-02-20 | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box |
PCT/KR2008/000996 WO2009104827A1 (en) | 2008-02-20 | 2008-02-20 | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/KR2008/000996 WO2009104827A1 (en) | 2008-02-20 | 2008-02-20 | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009104827A1 true WO2009104827A1 (en) | 2009-08-27 |
Family
ID=40985687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2008/000996 WO2009104827A1 (en) | 2008-02-20 | 2008-02-20 | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101131167B1 (en) |
WO (1) | WO2009104827A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011153666A1 (en) * | 2010-06-11 | 2011-12-15 | 中国科学院软件研究所 | Method for constructing s-box and s-box |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101649996B1 (en) | 2015-07-07 | 2016-08-23 | 동서대학교산학협력단 | threshold clock controlled random password generator |
KR101975800B1 (en) * | 2017-08-23 | 2019-05-08 | 다운정보통신(주) | Parallel Processing Method and Parallelization System for High Speed Stream Cipher Implementation |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473693A (en) * | 1993-12-21 | 1995-12-05 | Gi Corporation | Apparatus for avoiding complementarity in an encryption algorithm |
KR20020081885A (en) * | 2001-04-20 | 2002-10-30 | 한국전자통신연구원 | Nonlinear Random Numbers Generator using FCSR and Substitution-BOX |
US20030190041A1 (en) * | 2002-04-03 | 2003-10-09 | Kaoru Yokota | Expansion key generating device, encryption device and encryption system |
US7194090B2 (en) * | 2000-07-12 | 2007-03-20 | Kabushiki Kaisha Toshiba | Encryption apparatus, decryption apparatus, expanded key generating apparatus and method therefor, and recording medium |
-
2008
- 2008-02-20 KR KR1020107018455A patent/KR101131167B1/en not_active IP Right Cessation
- 2008-02-20 WO PCT/KR2008/000996 patent/WO2009104827A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473693A (en) * | 1993-12-21 | 1995-12-05 | Gi Corporation | Apparatus for avoiding complementarity in an encryption algorithm |
US7194090B2 (en) * | 2000-07-12 | 2007-03-20 | Kabushiki Kaisha Toshiba | Encryption apparatus, decryption apparatus, expanded key generating apparatus and method therefor, and recording medium |
KR20020081885A (en) * | 2001-04-20 | 2002-10-30 | 한국전자통신연구원 | Nonlinear Random Numbers Generator using FCSR and Substitution-BOX |
US20030190041A1 (en) * | 2002-04-03 | 2003-10-09 | Kaoru Yokota | Expansion key generating device, encryption device and encryption system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011153666A1 (en) * | 2010-06-11 | 2011-12-15 | 中国科学院软件研究所 | Method for constructing s-box and s-box |
Also Published As
Publication number | Publication date |
---|---|
KR101131167B1 (en) | 2012-04-12 |
KR20100115769A (en) | 2010-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ekdahl et al. | A new version of the stream cipher SNOW | |
Brown et al. | Improving resistance to differential cryptanalysis and the redesign of LOKI | |
US7295671B2 (en) | Advanced encryption standard (AES) hardware cryptographic engine | |
JP4052480B2 (en) | Pseudorandom number generation method, pseudorandom number generator, and pseudorandom number generation program | |
CA2497935C (en) | Stream cipher design with revolving buffers | |
US20120170739A1 (en) | Method of diversification of a round function of an encryption algorithm | |
JPH11509940A (en) | Cryptographic method and apparatus for non-linearly combining data blocks and keys | |
Lamba | Design and analysis of stream cipher for network security | |
KR20050078271A (en) | Hardware cryptographic engine and method improving power consumption and operation speed | |
WO2009104827A1 (en) | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box | |
KR20060119716A (en) | Method for generating pseudo-random sequence | |
Chandrasekaran et al. | A chaos based approach for improving non linearity in S box design of symmetric key cryptosystems | |
Mohan et al. | Revised aes and its modes of operation | |
Subramanian et al. | Adaptive counter clock gated S-Box transformation based AES algorithm of low power consumption and dissipation in VLSI system design | |
JP5268001B2 (en) | Pseudorandom number generator for stream cipher, program and method | |
Singh et al. | Enhancing AES using novel block key generation algorithm and key dependent S-boxes | |
Abdulwahed | Chaos-Based Advanced Encryption Standard | |
Reddy et al. | A new symmetric probabilistic encryption scheme based on random numbers | |
Cook et al. | Elastic block ciphers: the basic design | |
Sharma et al. | Comparative analysis of block key encryption algorithms | |
Narayanaswamy et al. | HIDE: Hybrid symmetric key algorithm for integrity check, dynamic key generation and encryption | |
Mahdi | Design and implementation of proposed BR encryption algorithm | |
Salman | New method for encryption using mixing advanced encryption standard and blowfish algorithms | |
Naik et al. | Comparison of Different Encryption Algorithm and Proposing an Encryption Algorithm | |
Akhila et al. | Implementation of Modified Dual-Coupled Linear Congruential Generator in Data Encryption Standard Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08723034 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20107018455 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08723034 Country of ref document: EP Kind code of ref document: A1 |