基于流密码架构的认证加密方案设计

Authenticated encryption schemes, which provide both privacy and integrity, have wide range of applications. The CAESAR competition beginning at 2013 gives an international platform for the research of the authenticated encryption. We will take this opportunity and conduct a study of the authenticated encryption. This project will focus on the design, implementation and analysis of the authenticated encryption scheme respectively. In order to promote the implementation efficiency and facilitate the security argument, we will adopt the framework of stream cipher and the modular design method for the authenticated encryption scheme. In particular, we shall reduce the provable security argument of the scheme with respect to classical attacks such as the linear attack and the differential attack to the problem of estimating the number of active S-box. Furthermore we will investigate the implementation techniques such as the bit-slice skill and the AES-NI instructions based solution, and consider the security in practical applications as well as the resistance to the birthday attack of our scheme. Meantime we will analysis other proposed schemes in the CAESAR competition and explore new attack methods. The research project aims to make a breakthrough in the design philosophy and the security argument methodology, and propose one authenticated encryption scheme which is efficient, secure and applicable in the most practical environments.

认证加密方案同时提供保密性和完整性两大安全功能，具有极其广泛的应用前景。2013年启动的CAESAR竞赛为认证加密的研究提供了一个很好的国际性平台。本项目以CAESAR竞赛为直接目标，进行认证加密方案的研究。研究内容分为方案设计、方案实现与方案分析三个部分。本项目确定了流密码架构下的模块化的设计路线，以保证方案在实现效率上的优势和安全性论证上的便利；确定了以活跃S盒个数估计为主线的安全性论证路线，以保证方案对线性攻击、差分攻击等经典攻击的可证明安全性；同时研究方案的bit-slice实现和利用AES-NI指令的实现，以及方案的应用安全和抗生日攻击能力；本项目也将分析CAESAR竞赛中出现的其他认证加密方案，探索未知攻击方法。通过本项目的研究，我们旨在认证加密方案的设计方法和论证方法上有所突破，提出若干设计和分析的创新方法，设计出若干高效、安全、适用于各种应用环境的认证加密方案。

本项目围绕 CAESAR 竞赛，进行认证加密方案的研究。我们参加 CAESAR 竞赛，设计了两套方案；在认证加密部件研究方面，重点研究了泛哈希函数的相 关密钥性质和弱密钥问题，首次提出了相关密钥泛哈希（RKA-AU）的概念；对 国家标准 GB/T 17964-2008 中的 OFBNL 和 BC 两种工作模式进行了分析，给出了证明或者改进；发展了基于 MILP 建模的自动化密码分析技术，改进了一系列密码算法的分析结果；对 Sponge 结构的密码算法进行了分析，取得国际标准 Keccak 算法碰撞挑战赛最佳记录，得到带密钥 Keccak 算法最佳恢复密钥攻击。本项目合计发表论文 30 篇，部分论文发表在 Crypto、EuroCrypt、AisaCrypt 三大密码学年会和 FSE 等专题密码会议上。