Research And Improvement Of The Construction Method Of Block Cipher Diffusion Layer

In the block cipher,the linear diffusion layer is the core component to realizing the function of diffusion for encryption system,and it plays a key role in the security of encryption system.It is one of focus directions in the filed of cryptography.In Crypt2016,Sun etc.al.observed that if there are two identical elements in a row of the MixColumns operation,then the adversary can construct a zero correlation linear hull for 5-round AES-like SPN structure,it is a security risk to the cipher.In order to make the designed cryptographic algorithm more secure,the diffusion matrix for an SPN structure cryptographic algorithm should avoid two entries are equal in one row.Base on the above security guidelines for design of cryptographic algorithm,we design a new diffusion layer and improved the diffusion layer of classic encryption algorithms.The main work is as follows:Firstly,we analyze the method of constructing the AES's diffusion layer and study the conditions that 4 × 4 cyclic matrix needs to satisfy if it is MDS matrix.Further,according to the warning that the same element in one row of the diffusion layer matrix may cause linear attack,some new cyclic matrix with different elements in each row is constructed.In addition,a new method of searching for lightweight elements is given,and a lightweight MDS diffusion matrix is constructed by searching for lightweight elements to ensure software and hardware efficiency of the matrix.Secondly,we analyze the method of constructing the LED's diffusion layer.The construction of the diffusion layer based on the linear feedback shift register is studied.We find out the diffusion matrix with higher efficiency than the LED diffusion layer.Finally,the characteristics of the diffusion layer of lightweight tweakable block cipher QARMA are analyzed and studied.Then,we analyze the security of QARMA algorithm.We achieve a 10-round impossible differential attack.The time complexity and memory complexity are better than the existing analysis results.To the best of our knowledge,this is the first time to analyze the security of the QARMA algorithm by using impossible differential analysis.