[go: up one dir, main page]

CN114124351B - Rapid calculation method of nonlinear invariant - Google Patents

Rapid calculation method of nonlinear invariant Download PDF

Info

Publication number
CN114124351B
CN114124351B CN202111369458.0A CN202111369458A CN114124351B CN 114124351 B CN114124351 B CN 114124351B CN 202111369458 A CN202111369458 A CN 202111369458A CN 114124351 B CN114124351 B CN 114124351B
Authority
CN
China
Prior art keywords
matrix
algebraic
invariant
coefficient
boolean
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111369458.0A
Other languages
Chinese (zh)
Other versions
CN114124351A (en
Inventor
胡建勇
张文政
申兵
周宇
董新锋
王金波
苗旭东
穆道光
韩羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202111369458.0A priority Critical patent/CN114124351B/en
Publication of CN114124351A publication Critical patent/CN114124351A/en
Application granted granted Critical
Publication of CN114124351B publication Critical patent/CN114124351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

The invention provides a quick calculation method of a nonlinear invariant, which is based on a computer program to execute a calculation process and comprises the following steps: step 1, setting algebraic times of an effective nonlinear invariant; step 2, calculating the Boolean expression of each component function according to the truth table of the Boolean function; step 3, calculating positive integers with the weight of all the hamming weights not exceeding algebraic times, and acquiring a coefficient matrix according to the positive integers; step 4, introducing an auxiliary matrix to expand the coefficient matrix to obtain an expansion matrix, and performing Gaussian elimination on the expansion matrix; step 5, judging row vectors of the matrix after the cells are eliminated, and converting corresponding partial row vectors into Boolean expressions according to judging results; and 6, all the non-zero linear combinations of the calculated Boolean expression are output as non-linear invariant sub-if the algebraic number of the non-zero linear combinations is the set algebraic number. The scheme provided by the invention avoids the waste of computing resources and storage resources, and simultaneously greatly improves the computing efficiency.

Description

Rapid calculation method of nonlinear invariant
Technical Field
The invention relates to the field of passwords, in particular to a quick calculation method of a nonlinear invariant.
Background
The design technology and the analysis technology of the symmetric cipher are two branches in the field of symmetric ciphers, which complement each other and are promoted together. A secure symmetric cryptographic algorithm often requires repeated iterations of algorithm design, analysis, improvement optimization, and ultimately is able to resist all known attacks. The nonlinear invariant analysis is a novel attack method proposed in 2016, and a discriminator about the plaintext is constructed by calculating nonlinear invariant with the algebraic number of S-box of 2, so that the discrimination attack with the success probability of 1 is realized. Since the existence of a weak key needs to be ensured in the nonlinear invariant analysis, which requires that the algorithm key arrangement algorithm is simple and the round constant is set sparse, the nonlinear invariant analysis is mainly used for analyzing the lightweight block cipher algorithm. Currently, nonlinear invariant analysis has successfully analyzed Midori algorithm, screen algorithm and iScreen algorithm, and the precondition for attack is that nonlinear invariant with the algebraic number of S-boxes of 2 is calculated first.
Considering S-boxes as boolean functions of n-bit input n-bit output, then for arbitrary input x= (X) n-1 ,x n-2 ,…,x 0 ) With output y= (Y) n-1 ,y n-2 ,…,y 0 ) Y=s (X) is satisfied. If a nonlinear boolean function g is present, so that for any input X, the formula g (S (X))=g (X) +c is constant, where c e F 2 ,F 2 Representing a binary field set consisting of 0 and 1, the boolean function g is called the nonlinear invariant of the S-box.
Essentially nonlinear invariants are an n-ary Boolean function, and any one of the n-ary Boolean functions f can be written in algebraic formal form, i.e.
Figure BDA0003354875140000011
Wherein a is u ∈F 2 Called single-item X u Coefficient of (a), single item X u The specific form of (2) is as follows: when u=0, X u =1; otherwise, converting the positive integer u into an n-bit binary number u n-1 u n-2 ...u 0 ,u 0 Called least significant bits, u n-1 Called the most significant bit, at this time
Figure BDA0003354875140000012
Extracting all coefficient components 2 n Dimension vector->
Figure BDA0003354875140000013
The coefficient vector of f, called the boolean function. The number of the non-zero single-term of the coefficient in the algebraic normal type of f is called the term number of f, and the maximum value of the algebraic times of all the non-zero single-term of the coefficient is called the algebraic times of the Boolean function f. The hamming weight of a non-negative integer is defined as the number of non-zero bits in its binary representation.
Calculating the nonlinear invariant with the algebraic number of S-boxes of 2 is the key to successfully implement nonlinear invariant analysis. The traditional calculation method mainly comprises three steps: calculating a Boolean expression of the component function, calculating a coefficient matrix, and eliminating Gaussian elements of the matrix. Because algebraic times cannot be specified, the conventional calculation method needs to calculate X for all non-negative integers k when calculating coefficient matrixes k +Y k Count up to 2 n And as the hamming weight of k increases, Y k The computational complexity of (a) increases dramatically. When the Gaussian matrix is eliminated, the size of the matrix is 2 n Line 2 n+1 Columns.
The traditional calculation method can calculate all nonlinear invariants of the S box, and then the nonlinear invariants with algebraic frequency of 2 are screened out. However, the number of non-linear invariants tends to be exponential, for example, the number of non-linear invariants of an 8-bit S-box of the iScaram algorithm reaches 2 136 -1, whereas the number of algebraic non-linear invariants of number 2 often represents only a small fraction. This renders the computed non-linear invariants mostly ineffective, resulting in serious waste of computing resources and storage resources, and quite low computing efficiency.
Disclosure of Invention
Aiming at the problems existing in the prior art, the rapid calculation method of the nonlinear invariant is provided, the nonlinear invariant with the algebraic number of S-box being 2 can be rapidly calculated, the waste of calculation resources and storage resources is avoided, and the calculation efficiency is greatly improved.
The technical scheme adopted by the invention is as follows: a method for fast computation of non-linear invariants, based on a computer program, performing a computation process, comprising:
step 1, setting algebraic times of an effective nonlinear invariant;
step 2, boolean function F of n-bit input and n-bit output to be calculated satisfies (y n-1 ,y n-2 ,...,y 0 )=F(x n-1 ,x n-2 ,...,x 0 ) Calculating the Boolean expression of each component function according to the truth table of the Boolean function F;
step 3, obtaining positive integers with the weight of all the hamming weights not exceeding algebraic times, and obtaining a coefficient matrix M according to the positive integers F
Step 4, introducing an auxiliary matrix E F To coefficient matrix M F Expansion to obtain an expansion matrix [ M ] F ,E F ]For the expansion matrix [ M ] F ,E F ]Gaussian elimination is carried out to obtain a matrix [ M ] 1 ,M 2 ];
Step 5, traversing the matrix M 1 If the row vector in (a) takes the value of [0, …,0]Or [1,0, …,0 ]]Then M is 2 The line vector at the same position in the row is regarded as a coefficient vector and is converted into a Boolean expression;
and 6, all the non-zero linear combinations of the calculated Boolean expression are output as non-linear invariant sub-if the algebraic number of the non-zero linear combinations is the set algebraic number.
Further, in the step 3, the positive integer is k i Satisfies the following conditions
Figure BDA0003354875140000031
Wherein,,
Figure BDA0003354875140000032
d is the set algebraic number.
Further, the acquisition coefficient matrix M F The method comprises the following steps:
step 3.1 according to positive integer k i Calculation of
Figure BDA0003354875140000033
Step 3.2, extracting coefficient vector according to the calculation result of step 3.1
Figure BDA0003354875140000034
Construction of coefficient matrix from coefficient vector
Figure BDA0003354875140000035
Further, the specific process of the step 3.1 is as follows:
step 3.1.1, let k be i Binary number k converted into n bits i,n-1 k i,n-2 ...k i,0
Step 3.1.2, calculating
Figure BDA0003354875140000036
Step 3.1.3, substituting the Boolean expression of each component function obtained in the step 2 into the calculation formula of the step 3.1.2 respectively, and eliminating all variables y j And simplifying and outputting a calculation result.
Further, in the step 3.2, the coefficient vector
Figure BDA0003354875140000037
Wherein->
Figure BDA0003354875140000038
Is either 0 or 1, j=0, 1,..2 n -1;
When single item X j Occurs at
Figure BDA0003354875140000039
In the simplified Boolean expression, < >>
Figure BDA00033548751400000310
Otherwise, go (L)>
Figure BDA00033548751400000311
Wherein the single item X j The method comprises the following steps: converting j to n-bit binary number j n-1 j n-2 …j 0 ,/>
Figure BDA00033548751400000312
When j=0, X j =1。
Further, the auxiliary matrix E F From 2 n Dimension unit vector
Figure BDA00033548751400000313
The composition specifically comprises:
Figure BDA0003354875140000041
wherein 2 is n Dimension unit vector
Figure BDA0003354875140000042
Refers to the kth i The +1 element having a value of 1, i.e. a unit vector
Figure BDA0003354875140000043
Wherein->
Figure BDA0003354875140000044
The specific values are as follows: when j=k i When (I)>
Figure BDA0003354875140000045
Otherwise, go (L)>
Figure BDA0003354875140000046
Further, M in the step S4 1 And M 2 Is that
Figure BDA0003354875140000047
Line 2 n A matrix of columns.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows: the method provided by the invention saves the computing resource and the storage resource to a great extent, effectively reduces the complexity of computation and screening, and remarkably improves the computing efficiency.
Drawings
FIG. 1 is a flow chart of a fast calculation of a nonlinear invariant proposed by the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the present embodiment provides a fast calculation method of a nonlinear invariant, and a computer executes a calculation process, which specifically includes:
s1, limiting algebraic times d of effective nonlinear invariants;
s2, a Boolean function F of n-bit output is input to the selected n bits to satisfy (y n-1 ,y n-2 ,...,y 0 )=F(x n-1 ,x n-2 ,...,x 0 ) Calculating the Boolean expression of each component function according to the truth table;
s3, obtaining positive integers k with the hamming weight not exceeding d i
Figure BDA0003354875140000048
Satisfy the following requirements
Figure BDA0003354875140000049
Separately calculate->
Figure BDA00033548751400000410
Extracting coefficient vector->
Figure BDA00033548751400000411
Obtaining coefficient matrix M F The method comprises the steps of carrying out a first treatment on the surface of the The hamming weight of a positive integer refers to the number of non-zero bits in its corresponding binary number.
S4, introducing an auxiliary matrix E F To coefficient matrix M F Expansion to obtain an expansion matrix [ M ] F ,E F ]For the expansion matrix [ M ] F ,E F ]Gaussian elimination is carried out to obtain a matrix [ M ] 1 ,M 2 ]The method comprises the steps of carrying out a first treatment on the surface of the Wherein M is 1 And M 2 Du Shi
Figure BDA00033548751400000412
Line 2 n A matrix of columns.
S5, traversing the matrix M 1 If the row vector in (a) takes a value of [0, …,0 ]]Or [1,0, …,0 ]]Then M is 2 The line vector at the same position in the row is regarded as a coefficient vector and is converted into a Boolean expression;
s6, calculating all nonzero linear combinations of the Boolean expressions, and outputting the nonlinearly invariant sub-output if the algebraic degree is d.
In particular in the step S3
Figure BDA0003354875140000051
The calculation process of (1) is as follows:
s31, let k i Binary number k converted into n bits i,n-1 k i,n-2 ...k i,0
S32, calculating
Figure BDA0003354875140000052
k i,j Is used to determine whether a certain input variable or output variable is present in the product term.
S33, substituting the Boolean expression of each component function obtained in the step S2 into the calculation formula of the step S32, and simplifying and outputting the Boolean expression.
Specifically, the boolean expression of each component is calculated in step S2, and the form is as follows: y is 0 =f 0 (x 0 ,x 1 ,...,x n-1 ),y 1 =f 1 (x 0 ,x 1 ,...,x n-1 ),...,y n-1 =f n-1 (x 0 ,x 1 ,...,x n-1 ) Substituting these n-in 1-out Boolean function expressions into the formula y of step S32 j Thereby eliminating the output variable y 0 ,y 1 ,...,y n-1 Finally, the method is simplified to obtain
Figure BDA0003354875140000053
With respect to input variable x 0 ,x 1 ,...,x n-1 Is a boolean function of (c).
After the simplified Boolean expression is obtained, a coefficient vector can be calculated; the coefficient vector
Figure BDA0003354875140000054
Wherein->
Figure BDA0003354875140000055
Is either 0 or 1, j=0, 1,..2 n -1;
The coefficient vector value method comprises the following steps: when single item X j Occurs at
Figure BDA0003354875140000056
In the simplified boolean expression,
Figure BDA0003354875140000057
otherwise, go (L)>
Figure BDA0003354875140000058
Wherein the single formula X j Is as follows: converting j to n-bit binary number j n-1 j n-2 ...j 0
Figure BDA0003354875140000059
In particular, when j=0, X j =1。
Finally, the obtained coefficient vectors are arranged to obtain a coefficient matrix M F In particular to
Figure BDA00033548751400000510
In this embodiment, the auxiliary matrix E introduced in S4 F From 2 n Dimension unit vector
Figure BDA00033548751400000511
The constitution is specifically that
Figure BDA0003354875140000061
Wherein 2 is n Dimension unit vector
Figure BDA0003354875140000062
Refers to the kth i The +1 element having a value of 1, i.e. a unit vector
Figure BDA0003354875140000063
Wherein->
Figure BDA0003354875140000064
The specific values of (2) are as follows: when j=k i When (I)>
Figure BDA0003354875140000065
Otherwise, go (L)>
Figure BDA0003354875140000066
In this embodiment, a fast calculation method of a nonlinear invariant with algebraic frequency of 2 is also provided for verification.
The algebraic number d=2 of the effective non-linear invariant is defined, taking the 4-bit S-box of the lightweight cryptographic algorithm Midori64 algorithm as an example, S e F, and the non-linear invariant with algebraic number 2 is calculated by using a fast calculation method. The truth table for the S-box is shown in table 1.
Table 1S box truth table
Figure BDA0003354875140000067
The calculation process is as follows:
s1, inputting 4 bits to the selected 4 bits and outputting an S box, wherein (y) is satisfied 3 ,y 2 ,y 1 ,y 0 )=S(x 3 ,x 2 ,x 1 ,x 0 ) The boolean expression for each component function is calculated according to the truth table, with the following results:
y 0 =x 1 +x 0 x 2 +x 0 x 1 x 2 +x 0 x 3 +x 0 x 1 x 3 +x 1 x 2 x 3
y 1 =x 0 +x 2 +x 0 x 2 +x 0 x 3 +x 2 x 3
y 2 =1+x 0 +x 0 x 1 x 2 +x 3 +x 0 x 3 +x 0 x 1 x 3 +x 1 x 2 x 3
y 3 =1+x 0 x 1 +x 1 x 3 +x 0 x 1 x 3 +x 2 x 3 +x 1 x 2 x 3
s2, positive integer k with weight not exceeding 2 for all Hamming i I=0, 1, 9; in the present embodiment, k 0 =1,k 1 =2,k 2 =3,k 3 =4,k 4 =5,k 5 =6,k 6 =8,k 7 =9,k 8 =10,k 9 =12, the specific description is as follows:
4-bit S-boxes, according to positive integer k i Value range 0 of (2)<k i <16, the hamming weight is not more than 2, and 1, 2, 3, 4, 5, 6, 8, 9, 10 and 12 are all 10 positive integers. Wherein the number of binary non-zero bits corresponding to 1, 2, 4 and 8 is 1, the hamming weights thereof are 1,3, 5, 6, 9, 10 and 12, the number of binary non-zero bits corresponding to 2, and the hamming weights thereof are 2. Thus, according to the value rule k 0 <k 1 <…<k 9 It can be seen that k 0 =1,k 1 =2,k 2 =3,k 3 =4,k 4 =5,k 5 =6,k 6 =8,k 7 =9,k 8 =10,k 9 =12。
Separately calculate
Figure BDA0003354875140000071
Extracting coefficient vector->
Figure BDA0003354875140000072
Obtaining coefficient matrix M F The results were as follows:
Figure BDA0003354875140000073
s3, introducing an auxiliary matrix E F Obtain an expansion matrix [ M ] F ,E F ]Wherein
Figure BDA0003354875140000074
For the expansion matrix [ M ] F ,E F ]Gaussian elimination is carried out to obtain a matrix [ M ] 1 ,M 2 ]The results were as follows:
Figure BDA0003354875140000075
s4, traversing the matrix M 1 The row vector in (a) takes the value of [0, …,0 ]]Is 4 in total, M 2 The co-located row vectors in (a) are considered as coefficient vectors, and are converted to boolean expressions, with the following results:
x 0 +x 3 +x 0 x 3 +x 2 x 3
x 2 +x 0 x 1 +x 1 x 2 +x 2 x 3
x 0 +x 1 +x 2 +x 2 x 3
x 0 x 2 +x 0 x 3
s5, calculating all non-zero linear combinations of the Boolean expressions, wherein the total number of the non-zero linear combinations is 15, and the algebraic times are all 2, so that 15 non-linear invariant sub-groups with the algebraic times of 2 of the S box can be obtained, and the method specifically comprises the following steps:
g 0 =x 0 +x 3 +x 0 x 3 +x 2 x 3
g 1 =x 2 +x 0 x 1 +x 1 x 2 +x 2 x 3
g 2 =x 0 +x 2 +x 3 +x 0 x 3 +x 0 x 1 +x 1 x 2
g 3 =x 0 +x 1 +x 2 +x 2 x 3
g 4 =x 1 +x 2 +x 3 +x 0 x 3
g 5 =x 0 +x 1 +x 0 x 1 +x 1 x 2
g 6 =x 1 +x 3 +x 0 x 3 +x 0 x 1 +x 1 x 2 +x 2 x 3
g 7 =x 0 x 2 +x 0 x 3
g 8 =x 0 +x 3 +x 2 x 3 +x 0 x 2
g 9 =x 2 +x 0 x 1 +x 1 x 2 +x 2 x 3 +x 0 x 2 +x 0 x 3
g 10 =x 0 +x 2 +x 3 +x 0 x 1 +x 1 x 2 +x 0 x 2
g 11 =x 0 +x 1 +x 2 +x 2 x 3 +x 0 x 2 +x 0 x 3
g 12 =x 1 +x 2 +x 3 +x 0 x 2
g 13 =x 0 +x 1 +x 0 x 1 +x 1 x 2 +x 0 x 2 +x 0 x 3
g 14 =x 1 +x 3 +x 0 x 1 +x 1 x 2 +x 2 x 3 +x 0 x 2
in the embodiment, the method provided by the invention can rapidly calculate the nonlinear invariant with the algebraic number of S-box of 2; by defining the algebraic number d=2 of the effective nonlinear invariant, X is calculated by considering only the positive integer k of 1 by Hamming weight and 2 by Hamming weight k +Y k The number of times of calculation of (2) n The next most significant reduction to
Figure BDA0003354875140000081
Second, at the same time avoid Y corresponding to Gao Hanming weight k k Is calculated by (a), the coefficient matrix M is greatly reduced F The dimension of the expansion matrix is also 2 n Line 2 n+1 Column is reduced to +.>
Figure BDA0003354875140000091
Line 2 n+1 And the complexity of the Gaussian elimination of the matrix is reduced.
The invention is not limited to the specific embodiments described above. The invention extends to any novel one, or any novel combination, of the features disclosed in this specification, as well as to any novel one, or any novel combination, of the steps of the method or process disclosed. It is intended that insubstantial changes or modifications from the invention as described herein be covered by the claims below, as viewed by a person skilled in the art, without departing from the true spirit of the invention.
All of the features disclosed in this specification, or all of the steps in a method or process disclosed, may be combined in any combination, except for mutually exclusive features and/or steps.
Any feature disclosed in this specification may be replaced by alternative features serving the same or equivalent purpose, unless expressly stated otherwise. That is, each feature is one example only of a generic series of equivalent or similar features, unless expressly stated otherwise.

Claims (1)

1. A method for fast computation of non-linear invariants, which performs a computation process based on a computer program, comprising:
step 1, setting algebraic times of an effective nonlinear invariant;
step 2, boolean function F of n-bit input and n-bit output to be calculated satisfies (y n-1 ,y n-2 ,...,y 0 )=F(x n-1 ,x n-2 ,...,x 0 ) Calculating the Boolean expression of each component function according to the truth table of the Boolean function F;
step 3, obtaining positive integers with the weight of all the hamming weights not exceeding algebraic times, and obtaining a coefficient matrix M according to the positive integers F
Step 4, introducing an auxiliary matrix E F To coefficient matrix M F Expansion to obtain an expansion matrix [ M ] F ,E F ]For the expansion matrix [ M ] F ,E F ]Gaussian elimination is carried out to obtain a matrix [ M ] 1 ,M 2 ];
Step 5, traversing the matrix M 1 If the row vector in (a) takes the value of [0, …,0]Or [1,0, …,0 ]]Then M is 2 The line vector at the same position in the row is regarded as a coefficient vector and is converted into a Boolean expression;
step 6, all the non-zero linear combinations of the calculated Boolean expression are output as non-linear invariant sub-if the algebraic number of the non-zero linear combinations is the set algebraic number;
in the step 3, the positive integer is k i Satisfies the following conditions
Figure QLYQS_1
Wherein,,
Figure QLYQS_2
d is the set algebraic times;
the acquisition coefficient matrix M F Is the step of (a)The method comprises the following steps:
step 3.1 according to positive integer k i Calculation of
Figure QLYQS_3
Step 3.2, extracting coefficient vector according to the calculation result of step 3.1
Figure QLYQS_4
Construction of coefficient matrix from coefficient vector
Figure QLYQS_5
The specific process of the step 3.1 is as follows:
step 3.1.1, let k be i Binary number k converted into n bits i,n-1 k i,n-2 ...k i,0
Step 3.1.2, calculating
Figure QLYQS_6
Step 3.1.3, substituting the Boolean expression of each component function obtained in the step 2 into the calculation formula obtained in the step 3.1.2 respectively, and eliminating all variables y j Simplifying and outputting a calculation result;
in the step 3.2, the coefficient vector
Figure QLYQS_7
Wherein->
Figure QLYQS_8
Is 0 or 1, j=0, 1.,. 2 n -1;
When single item X j Occurs at
Figure QLYQS_9
In the simplified Boolean expression, < >>
Figure QLYQS_10
Otherwise, go (L)>
Figure QLYQS_11
Wherein the single item X j The method comprises the following steps: converting j to n-bit binary number j n-1 j n-2 ...j 0 ,/>
Figure QLYQS_12
When j=0, X j =1;
The auxiliary matrix E F From 2 n Dimension unit vector
Figure QLYQS_13
The composition specifically comprises:
Figure QLYQS_14
wherein 2 is n Dimension unit vector
Figure QLYQS_15
Refers to the kth i The +1 elements take a value of 1, i.e. +.>
Figure QLYQS_16
Wherein->
Figure QLYQS_17
The specific values are as follows: when j=k i When (I)>
Figure QLYQS_18
Otherwise->
Figure QLYQS_19
M in the step 4 1 And M 2 Is that
Figure QLYQS_20
Line 2 n A matrix of columns.
CN202111369458.0A 2021-11-15 2021-11-15 Rapid calculation method of nonlinear invariant Active CN114124351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111369458.0A CN114124351B (en) 2021-11-15 2021-11-15 Rapid calculation method of nonlinear invariant

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111369458.0A CN114124351B (en) 2021-11-15 2021-11-15 Rapid calculation method of nonlinear invariant

Publications (2)

Publication Number Publication Date
CN114124351A CN114124351A (en) 2022-03-01
CN114124351B true CN114124351B (en) 2023-06-27

Family

ID=80397535

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111369458.0A Active CN114124351B (en) 2021-11-15 2021-11-15 Rapid calculation method of nonlinear invariant

Country Status (1)

Country Link
CN (1) CN114124351B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002027655A1 (en) * 2000-09-27 2002-04-04 Levin David N Self-referential method and apparatus for creating stimulus representations that are invariant under systematic transformations of sensor states
CN102013974A (en) * 2010-11-30 2011-04-13 北京航空航天大学 Randomly varying nonlinear step-based encryption method
CN105681026A (en) * 2016-03-10 2016-06-15 中国科学院计算技术研究所 Dynamic S-box construction method and system suitable for lightweight encryption algorithm
CN109709793A (en) * 2018-11-29 2019-05-03 南京邮电大学 Fractional PD Controller Design Method Based on N-W Small World Network Model
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 A construction method of S-box with excellent DPA resistance
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070147682A1 (en) * 2005-12-07 2007-06-28 Siemens Corporate Research, Inc. System and Method For Feature Detection In Image Sequences

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002027655A1 (en) * 2000-09-27 2002-04-04 Levin David N Self-referential method and apparatus for creating stimulus representations that are invariant under systematic transformations of sensor states
CN102013974A (en) * 2010-11-30 2011-04-13 北京航空航天大学 Randomly varying nonlinear step-based encryption method
CN105681026A (en) * 2016-03-10 2016-06-15 中国科学院计算技术研究所 Dynamic S-box construction method and system suitable for lightweight encryption algorithm
CN109709793A (en) * 2018-11-29 2019-05-03 南京邮电大学 Fractional PD Controller Design Method Based on N-W Small World Network Model
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 A construction method of S-box with excellent DPA resistance
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Christof Beierle."Nonlinear approximations in cryptanalysis revisited".《IACR Transactions on Symmetric Cryptology》.2018,全文. *
几类高强度密码S盒的安全性新分析;赵颖;叶涛;韦永壮;;计算机应用(09);全文 *
多变量时间序列最大李雅普诺夫指数的计算;卢山;王海燕;;物理学报(02);全文 *

Also Published As

Publication number Publication date
CN114124351A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN111105339B (en) Image encryption method based on multidimensional chaotic system and Joseph scrambling
CN103457719B (en) A kind of side channel energy to SM3 cryptographic algorithm HMAC pattern analyzes method
Kasiviswanathan et al. The power of linear reconstruction attacks
CN106330424A (en) Anti-attack method and device of password module based on SM3 algorithm
CN112260818A (en) Side channel curve enhancement method, side channel attack method and side channel attack device
CN113630091A (en) Power amplifier and predistortion model generation method and device thereof
Hu et al. Single-shot black-box adversarial attacks against malware detectors: A causal language model approach
CN111339577B (en) A construction method of S-box with excellent DPA resistance
CN114124351B (en) Rapid calculation method of nonlinear invariant
Kaushik et al. Multi-class SVM based network intrusion detection with attribute selection using infinite feature selection technique
Cabarcas et al. Improved attacks for SNOVA by exploiting stability under a group action
CN104717058B (en) Password traversal method and device
Bhingarkar et al. FLNL: Fuzzy entropy and lion neural learner for EDoS attack mitigation in cloud computing
Cotofana et al. Low weight and fan-in neural networks for basic arithmetic operations
CN106201435A (en) Pseudo-random number generation method based on cell neural network
CN110730062B (en) A chaotic block encryption analysis method based on template attack
CN118432911A (en) Large-scale network traffic anomaly detection method, system, equipment and storage medium based on multi-modal incremental tensor decomposition
CN113922990A (en) A strong PUF anti-machine learning attack method based on matrix encryption
CN114157411B (en) LeNet 5-SVM-based packet encryption identification method
CN107943754B (en) Heterogeneous redundancy system optimization method based on genetic algorithm
WO2020136142A1 (en) Device and method for testing a sequence generated by a random number generator
Yang et al. NIDS-CNNRF Integrating CNN and random forest for efficient network intrusion detection model
CN108632033A (en) A kind of homomorphic cryptography method based on random weighting unitary matrice during outsourcing calculates
CN112134679B (en) Combined high-order side channel attack method, device, equipment and medium for SM4
Chen et al. Rasp-boost: Confidential boosting-model learning with perturbed data in the cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant