Rijndael S-box - Rijndael S-box

The Rijndael S-box a almashtirish qutisi (qidiruv jadvali ) Rijndael shifrida ishlatiladi, qaysi Kengaytirilgan shifrlash standarti (AES) kriptografik algoritm ga asoslangan.^[1]

Oldinga S-box

AES S-qutisi
	00	01	02	03	04	05	06	07	08	09	0a	0b	0c	0d	0e	0f
00	63	7c	77	7b	f2	6b	6f	c5	30	01	67	2b	fe	d7	ab	76
10	taxminan	82	c9	7d	fa	59	47	f0	reklama	d4	a2	af	9c	a4	72	c0
20	b7	fd	93	26	36	3f	f7	cc	34	a5	e5	f1	71	d8	31	15
30	04	c7	23	c3	18	96	05	9a	07	12	80	e2	eb	27	b2	75
40	09	83	2c	1a	1b	6e	5a	a0	52	3b	d6	b3	29	e3	2f	84
50	53	d1	00	tahrir	20	fc	b1	5b	6a	cb	bo'lishi	39	4a	4c	58	cf
60	d0	ef	aa	fb	43	4d	33	85	45	f9	02	7f	50	3c	9f	a8
70	51	a3	40	8f	92	9d	38	f5	mil	b6	da	21	10	ff	f3	d2
80	CD	0c	13	ec	5f	97	44	17	c4	a7	7e	3d	64	5d	19	73
90	60	81	4f	DC	22	2a	90	88	46	ee	b8	14	de	5e	0b	db
a0	e0	32	3a	0a	49	06	24	5c	c2	d3	ak	62	91	95	e4	79
b0	e7	c8	37	6d	8d	d5	4e	a9	6c	56	f4	ea	65	7a	ae	08
c0	ba	78	25	2e	1c	a6	b4	c6	e8	dd	74	1f	4b	bd	8b	8a
d0	70	3e	b5	66	48	03	f6	0e	61	35	57	b9	86	c1	1d	9e
e0	e1	f8	98	11	69	d9	8e	94	9b	1e	87	e9	ce	55	28	df
f0	8c	a1	89	0d	bf	e6	42	68	41	99	2d	0f	b0	54	bb	16
Ustun eng kam ahamiyatga ega tomonidan belgilanadi tishlamoq va eng muhim nibble qatori. Masalan, 9a qiymati₁₆ b8 ga aylantiriladi₁₆.

S-box 8-bitli kirishni aks ettiradi, $v$ , 8-bitli chiqishga, $s = S (v)$ . Ham kirish, ham chiqish tugallangan polinomlar sifatida talqin etiladi $GF (2)$ . Birinchidan, kirish unga moslashtiriladi multiplikativ teskari yilda $GF (2 8) = GF (2) [x]/(x 8 + x 4 + x 3 + x + 1)$ , Rijndaelning cheklangan maydoni. Nol, identifikator sifatida, o'z-o'zidan belgilanadi. Ushbu o'zgarish Nyberg S-box uning ixtirochisidan keyin Kaisa Nayberg.^[2] Keyin ko'paytma teskari quyidagilar yordamida o'zgartiriladi afinaning o'zgarishi:

{ displaystyle { begin {bmatrix} s_ {0} s_ {1} s_ {2} s_ {3} s_ {4} s_ {5} s_ {6} s_ {7} end {bmatrix}} = {boshlanadi {bmatrix} 1 & 0 & 0 & 0 & 1 & 1 & 1 & 1 1 & 1 & 0 & 0 & 0 & 1 & 1 & 1 1 & 1 & 1 & 0 & 0 & 0 & 1 & 1 1 & 1 & 1 & 1 & 0 & 0 & 0 & 1 1 & 1 & 1 & 1 & 1 & 0 & 0 & 0 0 & 1 & 1 & 1 & 1 & 1 & 0 & 0 0 & 0 & 1 & 1 & 1 & 1 & 1 & 0 0 & 0 & 0 & 1 & 1 & 1 & 1 & 1 end {bmatrix}} {{boshlanadi bmatrix} b_ {0} b_ {1} b_ {2} b_ {3} b_ {4} b_ {5} b_ {6} b_ {7} end {bmatrix}} + { begin {bmatrix} 1 1 0 0 0 1 1 0 end {bmatrix}}}

qayerda $[s 7, \dots, s 0]$ bu S-box chiqishi va $[b 7, \dots, b 0]$ vektor sifatida multiplikativ teskari.

Ushbu afinaviy transformatsiya baytning vektor sifatida ko'p marta aylanishining yig'indisidir, bu erda qo'shilish XOR operatsiyasi hisoblanadi:

{ displaystyle s = b oplus (b lll 1) oplus (b lll 2) oplus (b lll 3) oplus (b lll 4) oplus 63_ {16}}

qayerda $b$ multiplikativ teskari, ${ displaystyle oplus}$ bo'ladi bitli XOR operator, ${ displaystyle lll}$ chap tomoni bittadan dumaloq siljish va doimiy $6316 = 01100011 2$ ichida berilgan o'n oltinchi.

Afinaviy transformatsiyaning ekvivalent formulasi

{ displaystyle s_ {i} = b_ {i} oplus b _ {(i + 4) operator nomi {mod} 8} oplus b _ {(i + 5) operator nomi {mod} 8} oplus b _ {(i +6) operator nomi {mod} 8} oplus b _ {(i + 7) operator nomi {mod} 8} oplus c_ {i}}

qayerda $s$ , $b$ va $v$ 8 bitli massivlar, $v$ 01100011 hisoblanadi₂, va pastki yozuvlar indekslangan bitga havolani bildiradi.^[3]

Boshqa tenglama:

{ displaystyle s = left (b times 31_ {10} mod {257_ {10}} right) oplus 99_ {10}}

^[4]^[5]

qayerda ${ displaystyle times}$ ning polinom ko'paytmasi ${ displaystyle b}$ va ${ displaystyle 31_ {10}}$ bit massivlari sifatida olingan.

Teskari S-quti

Teskari S-quti
	00	01	02	03	04	05	06	07	08	09	0a	0b	0c	0d	0e	0f
00	52	09	6a	d5	30	36	a5	38	bf	40	a3	9e	81	f3	d7	fb
10	7c	e3	39	82	9b	2f	ff	87	34	8e	43	44	c4	de	e9	cb
20	54	7b	94	32	a6	c2	23	3d	ee	4c	95	0b	42	fa	c3	4e
30	08	2e	a1	66	28	d9	24	b2	76	5b	a2	49	6d	8b	d1	25
40	72	f8	f6	64	86	68	98	16	d4	a4	5c	cc	5d	65	b6	92
50	6c	70	48	50	fd	tahrir	b9	da	5e	15	46	57	a7	8d	9d	84
60	90	d8	ab	00	8c	mil	d3	0a	f7	e4	58	05	b8	b3	45	06
70	d0	2c	1e	8f	taxminan	3f	0f	02	c1	af	bd	03	01	13	8a	6b
80	3a	91	11	41	4f	67	DC	ea	97	f2	cf	ce	f0	b4	e6	73
90	96	ak	74	22	e7	reklama	35	85	e2	f9	37	e8	1c	75	df	6e
a0	47	f1	1a	71	1d	29	c5	89	6f	b7	62	0e	aa	18	bo'lishi	1b
b0	fc	56	3e	4b	c6	d2	79	20	9a	db	c0	fe	78	CD	5a	f4
c0	1f	dd	a8	33	88	07	c7	31	b1	12	10	59	27	80	ec	5f
d0	60	51	7f	a9	19	b5	4a	0d	2d	e5	7a	9f	93	c9	9c	ef
e0	a0	e0	3b	4d	ae	2a	f5	b0	c8	eb	bb	3c	83	53	99	61
f0	17	2b	04	7e	ba	77	d6	26	e1	69	14	63	55	21	0c	7d

Teskari S-quti shunchaki teskari yo'naltirilgan S-quti. Masalan, b8 ning teskari S-qutisi₁₆ 9a₁₆. Dastlab u kirish qiymatining teskari afinaviy transformatsiyasini, so'ngra multiplikativ teskari hisoblash bilan hisoblanadi. Teskari afinaviy transformatsiya quyidagicha:

{ displaystyle { begin {bmatrix} b_ {0} b_ {1} b_ {2} b_ {3} b_ {4} b_ {5} b_ {6} b_ {7} end {bmatrix}} = {boshlanadi {bmatrix} 0 & 0 & 1 & 0 & 0 & 1 & 0 & 1 1 & 0 & 0 & 1 & 0 & 0 & 1 & 0 0 & 1 & 0 & 0 & 1 & 0 & 0 & 1 1 & 0 & 1 & 0 & 0 & 1 & 0 & 0 0 & 1 & 0 & 1 & 0 & 0 & 1 & 0 0 & 0 & 1 & 0 & 1 & 0 & 0 & 1 1 & 0 & 0 & 1 & 0 & 1 & 0 & 0 0 & 1 & 0 & 0 & 1 & 0 & 1 & 0 end {bmatrix}} {boshlanadi { bmatrix} s_ {0} s_ {1} s_ {2} s_ {3} s_ {4} s_ {5} s_ {6} s_ {7} end {bmatrix}} + { begin {bmatrix} 1 0 1 0 0 0 0 0 end {bmatrix}}}

Teskari afinaviy transformatsiya, shuningdek, Vektor sifatida baytning bir nechta aylanishlari yig'indisini ifodalaydi, bu erda qo'shilish XOR operatsiyasi hisoblanadi:

{ displaystyle b = (s lll 1) oplus (s lll 3) oplus (s lll 6) oplus 5_ {16}}

qayerda ${ displaystyle oplus}$ bo'ladi bitli XOR operator, ${ displaystyle lll}$ chap tomoni bittadan dumaloq siljish va doimiy $516 = 00000101 2$ ichida berilgan o'n oltinchi.

Dizayn mezonlari

Rijndael S-box maxsus chidamli bo'lishi uchun ishlab chiqilgan chiziqli va differentsial kriptanaliz. Bu kirish / chiqish bitlarining chiziqli konvertatsiyalari o'rtasidagi o'zaro bog'liqlikni minimallashtirish va shu bilan birga farqning tarqalish ehtimolligini minimallashtirish orqali amalga oshirildi.

Rijndael S-qutisini Rijndael shifrida almashtirish mumkin,^[1] bu statik S-qutini ishlatadigan shifrga o'rnatilgan orqa eshik shubhasini engib chiqadi. Mualliflarning ta'kidlashicha, Rijndael shifrlash strukturasi differentsial va chiziqli kriptanalizga nisbatan etarli qarshilik ko'rsatishi kerak, agar "o'rtacha" korrelyatsiya / farqning tarqalish xususiyatlariga ega S-quti ishlatilsa.

C tilida misolni amalga oshirish

Quyidagi C kod S qutisini hisoblaydi:

# shu jumladan <stdint.h># ROTL8 (x, shift) ((uint8_t) ((x) << (shift)) | ((x) >> (8 - (shift)))) ni aniqlangbekor ishga tushirish_aes_sbox(uint8_t quti[256]) {	uint8_t p = 1, q = 1;		/ * loop invariant: Galois maydonida p * q == 1 * /	qil {		/ * p ni 3 ga ko'paytiring * /		p = p ^ (p << 1) ^ (p & 0x80 ? 0x11B : 0);		/ * q ni 3 ga bo'ling (0xf6 ga ko'paytishga teng) * /		q ^= q << 1;		q ^= q << 2;		q ^= q << 4;		q ^= q & 0x80 ? 0x09 : 0;		/ * afine transformatsiyasini hisoblash * /		uint8_t xformed = q ^ ROTL8(q, 1) ^ ROTL8(q, 2) ^ ROTL8(q, 3) ^ ROTL8(q, 4);		quti[p] = xformed ^ 0x63;	} esa (p != 1);	/ * 0 - bu alohida holat, chunki unda teskari * / yo'q	quti[0] = 0x63;}

Adabiyotlar

^ ^a ^b "Rijndael blokirovkalash shifrlari" (PDF). Olingan 2013-11-11.
^ Nyberg K. (1991) Mukammal chiziqsiz S-qutilar. In: Devies D.W. (tahrir) Kriptologiya sohasidagi yutuqlar - EUROCRYPT '91. EUROCRYPT 1991. Kompyuter fanidan ma'ruza matnlari, jild 547. Springer, Berlin, Heidelberg
^ "Kengaytirilgan shifrlash standarti" (PDF). FIPS PUB 197: rasmiy AES standarti. Federal Axborotni qayta ishlash standarti. 2001-11-26. Olingan 2010-04-29.
^ Yorg J.Buxholz (2001-12-19). "Kengaytirilgan shifrlash standartining Matlab dasturi" (PDF).
^ Jie Cui; Liusheng Xuang; Hong Zhong; Chinchen Chang; Vey Yang (2011 yil may). "AES takomillashtirilgan qutisi va uning samaradorligini tahlil qilish" (PDF).

[rijndael_cipher-1] "Rijndael blokirovkalash shifrlari" (PDF). Olingan 2013-11-11.

[2] Nyberg K. (1991) Mukammal chiziqsiz S-qutilar. In: Devies D.W. (tahrir) Kriptologiya sohasidagi yutuqlar - EUROCRYPT '91. EUROCRYPT 1991. Kompyuter fanidan ma'ruza matnlari, jild 547. Springer, Berlin, Heidelberg

[fips197-3] "Kengaytirilgan shifrlash standarti" (PDF). FIPS PUB 197: rasmiy AES standarti. Federal Axborotni qayta ishlash standarti. 2001-11-26. Olingan 2010-04-29.

[4] Yorg J.Buxholz (2001-12-19). "Kengaytirilgan shifrlash standartining Matlab dasturi" (PDF).

[5] Jie Cui; Liusheng Xuang; Hong Zhong; Chinchen Chang; Vey Yang (2011 yil may). "AES takomillashtirilgan qutisi va uning samaradorligini tahlil qilish" (PDF).

[1]

[2]

[3]

[4]

[5]