常见对称加密算法的扩散层(P盒)及其密码学指标

常见对称加密算法的扩散层(P盒)及其密码学指标

引用

CSDN

1.

https://blog.csdn.net/HuangJinLong2/article/details/141221122

扩散层作为对称加密算法中的线性部件，它提供了算法必需的雪崩效应，它使得输出的一个比特依赖于输入的多个比特，让输出的密文数据更加随机，从而增加了算法抵抗破解的能力。本文列出了常见加密算法的P盒各项密码指标，以供各位参考。

密码学指标

（1）汉明重量

对于向量X=(x1,x2,.....,xn)∈(F2m)n，x1,x2,.....,xn中非零元的个数称为向量X的汉明重量，记为Wb(X)。

（2）差分分支数

线性变换θ的差分分支数定义为：

（3）线性分支数

线性变换θ的线性分支数定义为：

（4）差分分支数和线性分支数

任意的线性变换θ一般都能够用有限域上的矩阵M进行刻画，若将线性变换θ：(F2m)n→(F2m)n表示成矩阵形式θ(X)=M•X，那么差分分支数和线性分支数可以分别表示为：

常见对称加密算法的扩散层

DES的扩散层：比特置换

BYTE DES_PBOX[32] =  
{  
16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25  
};

AES的扩散层：MDS矩阵（差分分支数和线性分支数都为5）

M[4][4]={{0x02,0x03,0x01,0x01},{0x01,0x02,0x03,0x01},{0x01,0x01,0x02,0x03},{0x03,0x01,0x01,0x02}};
MInv[4][4]={{0x0e,0x0b,0x0d,0x09},{0x09,0x0e,0x0b,0x0d},{0x0d,0x09,0x0e,0x0b},{0x0b,0x0d,0x09,0x0e}};

Serpent的扩散层：异或和移位

Serpent_PBOX：(X0,X1,X2,X3)→(Y0,Y1,Y2,Y3)  
{  
X0=X0<<<13  
X2=X2<<<3  
X1=X1⊕X0⊕X2  
X3=X3⊕X2⊕(X0<<3)  
X1=X1<<<1  
X3=X3<<<7  
X0=X0⊕X1⊕X3  
X2=X2⊕X3⊕(X1<<7)  
X0=X0<<<5  
X2=X2<<<22  
Y0=X0 Y1=X1 Y2=X2 Y3=X3  
}

ARIA的扩散层：MDBL矩阵（差分分支数和线性分支数都为8）

ARIA_PBOX(x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15)→(y0,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13,y14,y15)  
{  
y0 = x3⊕x4⊕x6⊕x8⊕x9⊕x13⊕x14;  
y1 = x2⊕x5⊕x7⊕x8⊕x9⊕x12⊕x15;  
y2 = x1⊕x4⊕x6⊕x10⊕x11⊕x12⊕x15;  
y3 = x0⊕x5⊕x7⊕x10⊕x11⊕x13⊕x14;  
y4 = x0⊕x2⊕x5⊕x8⊕x11⊕x14⊕x15;  
y5 = x1⊕x3⊕x4⊕x9⊕x10⊕x14⊕x15;  
y6 = x0⊕x2⊕x7⊕x9⊕x10⊕x12⊕x13;  
y7 = x1⊕x3⊕x6⊕x8⊕x11⊕x12⊕x13;  
y8 = x0⊕x1⊕x4⊕x7⊕x10⊕x13⊕x15;  
y9 = x0⊕x1⊕x5⊕x6⊕x11⊕x12⊕x14;  
y10 = x2⊕x3⊕x5⊕x6⊕x8⊕x13⊕x15;  
y11 = x2⊕x3⊕x4⊕x7⊕x9⊕x12⊕x14;  
y12 = x1⊕x2⊕x6⊕x7⊕x9⊕x11⊕x12;  
y13 = x0⊕x3⊕x6⊕x7⊕x8⊕x10⊕x13;  
y14 = x0⊕x3⊕x4⊕x5⊕x9⊕x11⊕x14;  
y15 = x1⊕x2⊕x4⊕x5⊕x8⊕x10⊕x15;  
}

SM4的扩散层：异或和循环移位（差分分支数和线性分支数都为5）

SM4_PBOX：Y→Z  
{  
Z=L(Y)=Y⊕(Y<<<2)⊕(Y<<<10)⊕(Y<<<18)⊕(Y<<<24)  
}

CLEFIA的扩散层：MDS矩阵（差分分支数和线性分支数都为5）

M0[4][4]={{0x01,0x02,0x04,0x06},{0x02,0x01,0x06,0x04},{0x04,0x06,0x01,0x02},{0x06,0x04,0x02,0x01}}；  
M1[4][4]={{0x01,0x08,0x02,0x0a},{0x08,0x01,0x0a,0x02},{0x02,0x0a,0x01,0x08},{0x0a,0x02,0x08,0x01}}；

Camellia的扩散层：MDBL矩阵（差分分支数和线性分支数都为5）

(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)  
{  
y0=x0⊕x2⊕x3⊕x5⊕x6⊕x7  
y1=x0⊕x1⊕x3⊕x4⊕x6⊕x7  
y2=x0⊕x1⊕x2⊕x4⊕x5⊕x7  
y3=x1⊕x2⊕x3⊕x4⊕x5⊕x6  
y4=x0⊕x1⊕x5⊕x6⊕x7  
y5=x1⊕x2⊕x4⊕x6⊕x7  
y6=x2⊕x3⊕x4⊕x5⊕x7  
y7=x0⊕x3⊕x4⊕x5⊕x6  
}

Present的扩散层：比特置换

BYTE Present_PBOX[64] =  
{  
0,16,32,48,1,17,33,49,2,18,34,50,3,19,35,51,  
4,20,36,52,5,21,37,53,6,22,38,54,7,23,39,55,  
8,24,40,56,9,25,41,57,10,26,42,58,11,27,43,59,  
12,28,44,60,13,29,45,61,14,30,46,62,15,31,47,63  
}

GIFT的扩散层：比特置换

BYTE GIFT_PBOX[64] =  
{  
0,17,34,51,48,1,18,35,32,49,2,19,16,33,50,3,  
4,21,38,55,52,5,22,39,36,53,6,23,20,37,54,7,  
8,25,42,59,56,9,26,43,40,57,10,27,24,41,58,11,  
12,29,46,63,60,13,30,47,44,61,14,31,28,45,62,15  
}

LBlock的扩散层：半字节置换

(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)  
{  
(y0,y1,y2,y3,y4,y5,y6,y7)=(x1,x3,x0,x2,x5,x7,x4,x6);  
}

MIBS的扩散层：MDBL矩阵（差分分支数和线性分支数都为5）

MIBS_PBOX：(x0,x1,x2,x3,x4,x5,x6,x7)→(y0,y1,y2,y3,y4,y5,y6,y7)  
{  
y0=x0⊕x1⊕x3⊕x4⊕x6⊕x7  
y1=x1⊕x2⊕x3⊕x4⊕x5⊕x6  
y2=x0⊕x1⊕x2⊕x4⊕x5⊕x7  
y3=x1⊕x2⊕x3⊕x6⊕x7  
y4=x0⊕x2⊕x3⊕x4⊕x7  
y5=x0⊕x1⊕x3⊕x4⊕x5  
y6=x0⊕x1⊕x2⊕x5⊕x6  
y7=x0⊕x2⊕x3⊕x5⊕x6⊕x7  
}

KLEIN的扩散层：MDS矩阵（差分分支数和线性分支数都为5）

M[4][4]={{0x02,0x03,0x01,0x01},{0x01,0x02,0x03,0x01},{0x01,0x01,0x02,0x03},{0x03,0x01,0x01,0x02}}；  
MInv[4][4]={{0x0e,0x0b,0x0d,0x09},{0x09,0x0e,0x0b,0x0d},{0x0d,0x09,0x0e,0x0b},{0x0b,0x0d,0x09,0x0e}}；  

LED的扩散层：对合MDS矩阵（差分分支数和线性分支数都为5）

M[4][4]={{0x04,0x01,0x02,0x02},{0x08,0x06,0x05,0x06},{0x0b,0x0e,0x0a,0x09},{0x02,0x02,0x0f,0x0b}}；  
MInv[4][4]={{0x04,0x01,0x02,0x02},{0x08,0x06,0x05,0x06},{0x0b,0x0e,0x0a,0x09},{0x02,0x02,0x0f,0x0b}}；  

Midori的扩散层：Near-MDS矩阵（差分分支数和线性分支数都为4）

M[4][4]={{0,1,1,1},{1,0,1,1},{1,1,0,1},{1,1,1,0}}；  

FeW：异或和循环移位（差分分支数和线性分支数都为5）

FeW_PBOX：Y→Z  
{  
Z=L1(Y)=Y⊕(Y<<<1)⊕(Y<<<5)⊕(Y<<<9)⊕(Y<<<12)  
Z=L2(Y)=Y⊕(Y<<<4)⊕(Y<<<7)⊕(Y<<<11)⊕(Y<<<15)  
}

ESF的扩散层：比特置换

BYTE ESF_PBOX[32] =  
{  
0,8,16,24,1,9,17,25,2,10,18,26,3,11,19,27  
4,12,20,28,5,13,21,29,6,14,22,30,7,15,23,31  
}

AC的扩散层：异或和移位

AC_PBOX：(X0,X1,X2,X3)→(Y0,Y1,Y2,Y3)  
{  
X1=X1⊕(X3<<<7)  
X0=X0⊕(X2<<<1)  
X3=X3⊕(X0<<<5)  
X2=X2⊕(X1<<<8)  
X1=X1⊕(X3<<<8)  
Swap(X3,X2)  
Swap(X1,X0)  
X1=X1⊕(X3<<<8)  
X2=X2⊕(X1<<<8)  
X3=X3⊕(X0<<<5)  
X0=X0⊕(X2<<<1)  
X1=X1⊕(X3<<<7)  
Y0=X0 Y1=X1 Y2=X2 Y3=X3  
}