一种变体BISON分组密码算法及分析

该文基于Whitened Swap?or?Not(WSN)的结构特点，分析了Canteaut 等人提出的Bent whItened Swap Or Not –like (BISON-like) 算法的最大期望差分概率值(MEDP)及其(使用平衡函数时)抵御线性密码分析的能力；针对BISON算法迭代轮数异常高(一般为3n轮，n为数据分组长度)且密钥信息的异或操作由不平衡Bent函数决定的情况，该文采用了一类较小绝对值指标、高非线性度、较高代数次数的平衡布尔函数替换BISON算法中的Bent函数，评估了新变体BISON算法抵御差分密码分析和线性密码分析的能力。研究结果表明:新的变体BISON算法仅需迭代n轮；当n较大时(如n=128或256)，其抵御差分攻击和线性攻击的能力均接近理想值。且其密钥信息的异或操作由平衡函数来决定，故具有更好的算法局部平衡性。

A Variant BISON Block Cipher Algorithm and Its Analysis

Based on the characteristics of Whitened Swap?or?Not (WSN) construction, the maximum expected differential probability (MEDP) of Bent whItened Swap Or Not -like (BISON-like) algorithm proposed by Canteaut et al. is analyzed in this paper. In particular, the ability of BISON-like algorithm with balanced nonlinear components against linear cryptanalysis is also investigated. Notice that the number of iteration rounds of BISON algorithm is rather high (It needs usually to iterate 3n rounds, n is the block length of data) and Bent function (unbalanced) is directly used to XOR with the secret key bits. In order to overcome these shortcomings, a kind of balanced Boolean functions that has small absolute value indicator, high nonlinearity and high algebraic degree is selected to replace the Bent functions used in BISON algorithm. Moreover, the abilities of this new variant BISON algorithm against both the differential cryptanalysis and the linear cryptanalysis are estimated. It is shown that the new variant BISON algorithm only needs to iterate n-round function operations; If n is relative large (e.g. n=128 or n=256), Its abilities against both the differential  cryptanalysis and the linear cryptanalysis almost achieve ideal value. Furthermore, due to the balanced function is directly XORed with the secret key bits of the variant algorithm, it attains a better local balance indeed.