èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽSATçš„å·®åˆ†å’Œçº¿æ€§æ´»è·ƒSç›’æœç´¢æ–¹æ³•

Sat-Based Differential and Linear Active S-box Search Method

æŽ¨è CAJä¸‹è½½
PDFä¸‹è½½
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ è‹—æ—ä¸œï¼› è‘£æ–°é”‹ï¼› éŸ©ç¾½ï¼› ç©†é“å…‰ï¼› å¼ æ–‡æ”¿ï¼›

ã€Authorã€‘ MIAO Xudong;DONG Xinfeng;HAN Yu;MU Daoguang;ZHANG Wenzheng;No.30 Institute of CETC;Science and Technology on Communication Security Laboratory;

ã€æœºæž„ã€‘ ä¸å›½ç”µåç§‘æŠ€é›†å›¢å…¬å¸ç¬¬ä¸‰åç ”ç©¶æ‰€ï¼› ä¿å¯†é€šä¿¡é‡ç‚¹å®žéªŒå®¤ï¼›

ã€æ‘˜è¦ã€‘ æ··åˆæ•´æ•°çº¿æ€§è§„åˆ’å’Œå¸ƒå°”å¯æ»¡è¶³æ€§é—®é¢˜ï¼ˆBoolean Satisfiability Problem,SATï¼‰ä¸¤ç§çº¦æŸè§„åˆ’æŠ€æœ¯å·²è¢«å¹¿æ³›åº”ç”¨åˆ°å¯†ç è‡ªåŠ¨åŒ–å®‰å…¨æ€§åˆ†æžä¸ï¼Œä½†ç›®å‰å¹¶æ²¡æœ‰åŸºäºŽSATçš„å·®åˆ†å’Œçº¿æ€§æ´»è·ƒSç›’åˆ†æžæ–¹æ³•ã€‚ä¸ºäº†ä½¿SATæˆä¸ºå¯†ç ç®—æ³•å®‰å…¨æ€§åˆ†æžå’Œè¯„ä¼°çš„ä¸€ç§æ›´ä¸ºé€šç”¨çš„æ–¹æ³•ï¼Œé¦–æ¬¡å»ºç«‹äº†å—èŠ‚çº§åˆ†æ”¯ã€å¼‚æˆ–ã€MDSçš„SATæ¨¡åž‹ï¼Œæå‡ºäº†ä¸€ç§é€šç”¨çš„åŸºäºŽSATçš„å·®åˆ†å’Œçº¿æ€§æ´»è·ƒSç›’æœç´¢æ–¹æ³•ï¼Œèƒ½å¤Ÿæœç´¢ç»å…¸åˆ†ç»„å¯†ç ç®—æ³•çš„æ´»è·ƒSç›’ä¸ªæ•°ã€‚ä¸ºäº†æ£€éªŒæœ¬æ–¹æ³•çš„å®žé™…åº”ç”¨æ•ˆæžœï¼Œåˆ©ç”¨æœ¬æ–¹æ³•æˆåŠŸæœç´¢å‡ºAESã€Dblockç³»åˆ—åˆ†ç»„å¯†ç ç®—æ³•çš„å·®åˆ†æ´»è·ƒSç›’ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ Two constraint programming techniques, namely mixed integer linear programming and SAT(Boolean Satisfiability Problem), have been widely used in cryptographic automation security analysis.However, there is currently no SAT-based differential and linear active S-box analysis method. In order to make SAT a more general method for security analysis and evaluation of cryptographic algorithms,the SAT model of byte-level branch, XOR, MDS is established for the first time. A general SAT-based differential and linear active S-box search method is proposed, which can search the number of active S-boxes of classical block cipher algorithms. The practical application effect indicates that the differential active S-box of AES and Dblock series block cipher can be successfully searched by using this method.æ›´å¤š è¿˜åŽŸ