Specific Authenticated Encryption Algorithm Based on SM4 Under Framework of Stream Cipher

doi:10.3778/j.issn.1002-8331.2210-0261

Abstract

Abstract: As a symmetric cryptographic primitive, authenticated encryption algorithm can satisfy data privacy and integrity simultaneously, which is widely used in the field of data security. Aiming at the security and efficiency requirements of the authenticated encryption algorithm based on block cipher, a specific authenticated encryption algorithm SMRAE based on SM4 is designed. The algorithm adopts the idea of stream cipher, starts from the bottom part of SM4, and combines the Feistel structure to design the state update function for round transformation. It only needs to call four SM4 round function instructions to process 256 bit messages. First, in the initialization phase, the initial vector and key are iterated for 16 rounds to fully randomize the difference. Second, the generated ciphertext by SM4 is involved in the round transformation to realize the state update and encryption parallel. Finally, the message authentication is performed before decryption to reduce the time consumption and improve the security of the algorithm. The security analysis and experimental results show that SMRAE can resist the mainstream attacks such as forgery attack, differential attack and guess attack. The efficiency of SMRAE is higher than AES-GCM, and it is equivalent to SM4, so SMRAE has certain practicability.

Key words: SM4, authenticated encryption, block cipher, Feistel structure, stream cipher

摘要： 认证加密算法是能同时满足数据机密性与完整性的对称密码算法，在数据安全领域具有广泛应用。针对基于分组密码的认证加密算法的安全性以及效率需求，提出一种基于SM4轮函数的专用认证加密算法SMRAE。算法采用流密码思想，从SM4底层部件出发，结合Feistel结构设计状态更新函数用于轮变换，处理256?bit消息只需调用4个SM4轮函数指令。在初始化阶段将初始向量和密钥经过16轮迭代，使差分充分随机化；利用SM4加密消息，将生成的密文参与轮变换，实现状态更新和加密并行；解密时先进行消息认证，降低时间消耗，提高算法安全性。安全性分析与实验结果表明SMRAE能够抵抗伪造攻击、差分攻击和猜测攻击等主流攻击，效率高于AES-GCM，与SM4效率相当，具备一定的实用性。

关键词: SM4, 认证加密, 分组密码, Feistel结构, 流密码

LI Hu, PENG Changgen, HOU Jinqiu. Specific Authenticated Encryption Algorithm Based on SM4 Under Framework of Stream Cipher[J]. Computer Engineering and Applications, 2024, 60(2): 272-278.

李胡, 彭长根, 侯金秋. 流密码框架下的SM4专用认证加密算法[J]. 计算机工程与应用, 2024, 60(2): 272-278.

References

[1] BELLARE M, NAMPREMPRE C. Authenticated encryption: relations among notions and analysis of the generic composition paradigm[C]//International Conference on the Theory and Application of Cryptology and Information Security, 2000: 531-545.
[2] ROGAWAY P. Authenticated-encryption with associated-data[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002: 98-107.
[3] ROGAWAY P, BELLARE M, BLACK J. OCB: a block-cipher mode of operation for efficient authenticated encryption[J]. ACM Transactions on Information and System Security (TISSEC), 2003, 6(3): 365-403.
[4] MCGREW D, VIEGA J. The Galois/counter mode of operation (GCM)[J]. Submission to NIST Modes of Operation Process, 2005: 6053538.
[5] WHITING D, HOUSLEY R, FERGUSON N. Counter with CBC-MAC (CCM)[R]. 2003: 1-26.
[6] ZHANG F, LIANG Z, YANG B, et al. Survey of design and security evaluation of authenticated encryption algorithms in the CAESAR competition[J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19(12): 1475-1499.
[7] 吴文玲. 认证加密算法研究进展[J]. 密码学报, 2018, 5(1): 70-82.
WU W L. Research advances on authenticated encryption algorithms[J]. Journal of Cryptologic Research, 2018, 5(1): 70-82.
[8] JIMALE M A, Z’ABA M R, KIAH M L M, et al. Authenticated encryption schemes: a systematic review[J]. IEEE Access, 2022, 10: 14739-14766.
[9] 吕述望, 李大为, 张超, 等. SM4分组密码算法: GM/T 0002-2012[S]. 北京: 中国标准出版社, 2012.
LV S W, LI D W, ZHANG C, et al. SM4 block cipher algorithm: GM/T 0002-2012[S]. Beijing: Standards Press of China, 2012.
[10] 翟嘉琪, 李斌, 周清雷, 等. 基于FPGA的高性能可扩展SM4-GCM算法实现[J]. 计算机科学, 2022, 49(10): 74-82.
ZHAI J Q, LI B, ZHOU Q L, et al. Implementation of FPGA-based high-performance and scalable SM4-GCM algorithm[J]. Computer Science, 2022, 49(10): 74-82.
[11] 张建, 吴文玲. 基于SM4轮函数设计的认证加密算法[J]. 电子学报, 2018, 46(6): 1294-1299.
ZHANG J, WU W L. Authenticated encryption based on SM4 round function[J]. Acta Electonica Sinica, 2018, 46(6): 1294-1299.
[12] MATSUI M. Linear cryptanalysis method for DES cipher[C]//Workshop on the Theory and Application of Cryptographic Techniques, 1993: 386-397.
[13] LIU F, JI W, HU L, et al. Analysis of the SMS4 block cipher[C]//Australasian Conference on Information Security and Privacy, 2007: 158-170.
[14] SU B Z, WU W L, ZHANG W T. Security of the SMS4 block cipher against differential cryptanalysis[J]. Journal of Computer Science and Technology, 2011, 26(1): 130-138.
[15] KONG X, WANG W, XU Q. Improved rectangle attack on SMS4 reduced to 18 rounds[C]//2013 Ninth International Conference on Computational Intelligence and Security, 2013: 575-578.
[16] ETROG J, ROBSHAW M J B. The cryptanalysis of reduced-round SMS4[C]//International Workshop on Selected Areas in Cryptography, 2008: 51-65.
[17] 赵艳敏, 刘瑜, 王美琴. 对SMS4密码算法改进的差分攻击[J]. 软件学报, 2018, 29(9): 2821-2828.
ZHAO Y M, LIU Y, WANG M Q. Improved differential attack on 23-round SMS4[J]. Journal of Software, 2018, 29(9): 2821-2828.
[18] JIAO L, LI Y, DU S. Guess-and-determine attacks on AEGIS[J]. The Computer Journal, 2022, 65(8): 2221-2230.
[19] PRENEEL B, VAN OORSCHOT P C. On the security of iterated message authentication codes[J]. IEEE Transactions on Information Theory, 1999, 45(1): 188-199.
[20] BIRYUKOV A, SHAMIR A. Cryptanalytic time/memory/data tradeoffs for stream ciphers[C]//Advances in Cryptology—ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security Kyoto, Japan, December 3-7, 2000: 1-13.
[21] 李雪松, 彭长根, 张弘. SMAE: 一种新型认证加密算法[J]. 计算机工程与应用, 2018, 54(14): 107-114.
LI X S, PENG C G, ZHANG H. SMAE: new authenticated encryption algorithm[J]. Computer Engineering and Applications, 2018, 54(14): 107-114.