On the basis of the known S-box output truth table, the vector representation of the algebraic polynomial of y1 can be obtained by XORing the corresponding items in the minimum term of the y1 minimum logical expression in the above table. The optimized method needs to store a table of 22m bits in advance, and the time complexity of calculating the output algebra polynomial of the S box is O(n22m). Polynomial interpolation For a function f, if for every possible variable value xi, a polynomial fi can be found such that the function value at that point is 1 and the function value at other points is 0, then the function can be expressed as Polynomial: f(x)=∑f(xi)fi(x). Therefore, this method can also be used for Boolean functions.
The specific method is: for any possible value of the m input of the S box (2m in total), respectively find a polynomial so that its function value for the input is 1 and the function value for other inputs is 0. For the input x1x2... Xm=a1a2...am, the polynomial that satisfies the requirement is (x1-a1-1)(x2-a2-1)...(xm-am-1). Therefore, for any output bit of the S box, its polynomial expression is ∑f(a1, a2,..., am)(x1-a1-1)(x2-a2-1)...(xm-am-1), right It is expanded and merged to get the desired polynomial.
The implementation of the polynomial interpolation method is consistent with the minimum term logical expression conversion method. Similarly, <3> uses the Lagrangian interpolation method to calculate the Boolean expression of the S box. Algebraic polynomial item-by-item accumulation method based on the minimum item logical expression conversion method, after the minimum item logic expression can be expressed as an algebraic expression on domain 2, the algebraic expression of each minimum item may not be expanded, but Whether the term of each m-th m-algebraic polynomial is judged in the expansion polynomial of a minimum term algebraic expression, if it is in the expansion polynomial of the odd-numbered minimum term algebraic expression, then the m-m-algebraic polynomial must be generated in the final m-element In, otherwise not. Therefore, by the above method, it is possible to know all possible 2m items, whether they are in the m-ary m-th order algebra polynomial, thereby obtaining the m-element m-th order algebra polynomial of the S-box.
The time complexity of each output algebraic polynomial of the S-box is calculated by the algebraic polynomial item-by-item accumulation method to be O(n22m). The cumulative count of the algebraic polynomial item by item accumulation method can be replaced by XOR. Since the CPU usually supports at least 16-bit parallel bit-OR operation, and the output of the existing S-box does not exceed 16 bits, the output of each of the S-boxes can be calculated in parallel during implementation, so only O(22m) operations are required. .
The minimum term accumulation method is based on the minimum term logical expression conversion method. After the minimum term logical expression can be expressed as an algebraic expression on the domain 2, each possible minimum algebra expression can be applied to all possible 2m items. Counts, if the item is included in the polynomial of the minimum term algebra expression expansion, then 1 is added, otherwise it is not added. In this way, each minimum term algebra expression needs to be counted 2m times, and a total of 2m minimum item algebra expressions are used. Therefore, after up to 22m counting operations, the m-element m-order algebraic polynomial of the S-box can be obtained (the count value is The odd term coefficient is 1, and the count value of the even value is 0).
In fact, the algebraic polynomial item-by-item accumulation method is similar to the minimum item accumulation method. For an S-box output, they are all counted 22m times, only in a different way. The accumulation method can be found by analyzing the algebraic polynomial item-by-item accumulation method for the term x1a1x2a2...xmam of a m-ary m-algebraic polynomial (a1, a2,...,am has a value of 0 or 1, where ai1, ai2, ..., aiu The value is 1), only those algebraic expressions that satisfy the smallest term of xi1xi2...xiu may contain the item, so there is no need to judge 2m minimum item algebra expressions in turn.
The number of minimum algebraic expressions to be judged is 2t, and t is the number of variables contained in the item (ie, the number of 1 in a1, a2, ..., am). Therefore, this method requires n3m operations and the time complexity is O(n3m). The method proposed by Wei Baodian <2> is similar to this, and the mobius transformation adopted by Liu Jia et al. is also the same as this method <6>.
Epoxy Chips,Vinyl Chips Flakes,Rock Flake Chips,Color Flakes Chip
Jiangxi Tiansheng New Materials Co.,Ltd , http://www.jx-tis.com