一种类自同步ZUC算法的认证加密方案

Authenticated Encryption Scheme of Self-synchronous-like ZUC Algorithm

针对国密ZUC算法的认证加密的安全性、效率以及轻量化需求,提出了一种类自同步ZUC的关联数据认证加密方案ZUCAE。该方案通过改进祖冲之流密码算法(ZUC-256)的LFSR层算法,设计实现了一种类似自同步流密码的ZUC-SSL算法,利用该算法使密文参与到状态更新函数中,用于认证码的生成。ZUC-256算法进行消息加密,通过优化初始化模块,将关联数据嵌入到初始化过程中,实现了密钥流生成和加密并行进行,解密前进行消息认证,减少计算消耗时间,提高方案的安全性。安全性分析结果表明该算法能够抵抗当前主流的基于LFSR设计的流密码相关攻击,且类自同步流密码的设计能增强认证码的安全性。与AES-CGM和AEGIS的效率实验对比表明,在数据规模大的环境下,所提算法的效率高于AES-CGM,与AEGIS的效率相当,具备一定的实用性。

Aiming at the security,efficiency and lightweight requirements of authentication encryption of ZUC algorithm,this paper proposes a kind of self-synchronous-like ZUC algorithm for associated data authentication encryption scheme ZUCAE.By improving the LFSR layer algorithm of ZUC stream cipher algorithm(ZUC-256),the scheme designs and implements a ZUC-SSL algorithm similar to self synchronous stream cipher,and uses this algorithm to make the ciphertext participate in the state update function for the generation of authentication code.This scheme encrypts the message through ZUC-256 algorithm,optimizes the initialization module,embeds the associated data into the initialization process,realizes the parallel generation of keystream and encryption,and authenticates the message before decryption,which reduces the calculation time and increases the security of the scheme.Security analysis results show that the algorithm can resist the current mainstream stream cipher related attacks based on LFSR design,and the design of self-synchronous-like stream cipher can enhance the security of authentication code.Compared with the efficiency experiments of AES-CGM and AEGIS,the results show that in the environment of large data scale,the efficiency is higher than that of AES-CGM,and is equivalent to AEGIS,so it has certain practicality.