4842                                                      软件学报  2025  年第  36  卷第  10  期


                 优化的空间, 在指令集的使用上可以进一步优化. 本文在设计优化方法时选择了两个处理器平台                              (x86  和  ARM) 都
                 兼容的指令运算, 但这两个平台都有自己特有的指令. 例如, x86                  平台的   AVX512  指令集有    3  操作数逻辑指令
                 vpternlogq, 可更快地计算逻辑函数; ARM      平台的   NEON  指令集支持数据交织存取的操作, 可更快地完成数据编
                 排. 后续可以考虑基于本文提出的比特切片优化方法                 FBS-uBlock, 针对某一具体处理器平台对        uBlock  算法进行进
                 一步优化. 此外, 针对     CBC  加密、OFB  等具有分组间数据依赖的工作模式, Bogdanov            等人  [50] 提出了基于前瞻策
                 略的调度器    Comb Scheduler, 利用多个独立消息流填充       AES-NI 指令集的指令流水. 后续可以考虑将本文的优化
                 方法与   Comb Scheduler 结合, 加速  CBC  加密等具有分组间数据依赖的工作模式.


                 References:
                  [1]   Wu WL, Zhang L, Zheng YF, Li LC. The block cipher uBlock. Journal of Cryptologic Research, 2019, 6(6): 690–703 (in Chinese with
                     English abstract). [doi: 10.13868/j.cnki.jcr.000334]
                  [2]   Li XD, Wu WL, Zhang L. Efficient search for optimal vector permutations of uBlock-like structures. Journal of Computer Research and
                     Development, 2022, 59(10): 2275–2285 (in Chinese with English abstract). [doi: 10.7544/issn1000-1239.20220485]
                  [3]   Yang YT, Dong H, Liu JT, Zhang YS. AEUR: Authenticated encryption algorithm design based on uBlock round function. Journal on
                     Communications, 2023, 44(8): 168–178 (in Chinese with English abstract). [doi: 10.11959/j.issn.1000-436x.2023159]
                  [4]   Jiao ZP, Chen H, Yao F, Fan LM. The low cost threshold implementation method of uBlock algorithm against side channel attacks.
                     Chinese Journal of Computers, 2023, 46(3): 657–670 (in Chinese with English abstract). [doi: 10.11897/SP.J.1016.2023.00657]
                  [5]   Liu CJ, Zhang YW, Xu JJ, Zhao J, Xiang SH. Ensuring the security and performance of IoT communication by improving encryption and
                     decryption with the lightweight cipher uBlock. IEEE Systems Journal, 2022, 16(4): 5489–5500. [doi: 10.1109/JSYST.2022.3140850]
                  [6]   Tian WQ, Hu B. Integral cryptanalysis on two block ciphers Pyjamask and uBlock. IET Information Security, 2020, 14(5): 572–579. [doi:
                     10.1049/iet-ifs.2019.0624]
                  [7]   Wang QL, Lu JQ. Fault analysis of the ARIA and uBlock block ciphers. In: Proc. of the 2021 IEEE Int’l Conf. on Service Operations and
                     Logistics, and Informatics (SOLI). Singapore: IEEE, 2021. 1–6. [doi: 10.1109/SOLI54607.2021.9672378]
                  [8]   Zhang L, Zhang Y, Wu WL, Mao YX, Zheng YF. Explicit upper bound of impossible differentials for AES-like ciphers: Application to
                     uBlock and Midori. The Computer Journal, 2024, 67(2): 674–687. [doi: 10.1093/comjnl/bxad009]
                  [9]   Xin JY, Du ZB. Template attack based on uBlock cipher algorithm. Frontiers in Computing and Intelligent Systems, 2023, 3(1): 90–93.
                     [doi: 10.54097/fcis.v3i1.6031]
                 [10]   Huang M, Zhang SS, Hong CL, Zeng L, Xiang ZJ. MILP modeling of division property propagation for block ciphers with complex
                     linear layers. Ruan Jian Xue Bao/Journal of Software, 2024, 35(4): 1980–1992 (in Chinese with English abstract). http://www.jos.org.cn/
                     1000-9825/6839.htm [doi: 10.13328/j.cnki.jos.006839]
                 [11]   Biham E. A fast new DES implementation in software. In: Proc. of the 4th Int’l Workshop on Fast Software Encryption. Haifa: Springer,
                     1997. 260–272. [doi: 10.1007/BFb0052352]
                 [12]   Könighofer  R.  A  fast  and  cache-timing  resistant  implementation  of  the  AES.  In:  Topics  in  Cryptology—CT-RSA  2008,  The
                     Cryptographer’s Track at the RSA Conf. 2008. San Francisco: Springer, 2008. 187–202. [doi: 10.1007/978-3-540-79263-5_12]
                 [13]   Käsper  E,  Schwabe  P.  Faster  and  timing-attack  resistant  AES-GCM.  In:  Proc.  of  the 11th  Int’l  Workshop  Lausanne  Cryptographic
                     Hardware and Embedded Systems (CHES 2009). Springer, 2009. 1–17. [doi: 10.1007/978-3-642-04138-9_1]
                 [14]   Chen C, Guo H, Liu YH, Gong ZR, Zhang YX. Optimization implementation method of SM4 based on register. Journal of Cryptologic
                     Research, 2024, 11(2): 427–440 (in Chinese with English abstract). [doi: 10.13868/j.cnki.jcr.000686]
                 [15]   Jean  J,  Peyrin  T,  Sim  SM,  Tourteaux  J.  Optimizing  implementations  of  lightweight  building  blocks.  IACR  Trans.  on  Symmetric
                     Cryptology, 2017, 2017(4): 130–168. [doi: 10.13154/tosc.v2017.i4.130-168]
                 [16]   Kwan M. Reducing the gate count of bitslice DES. Cryptology ePrint Archive, 2000/051, 2000.
                                                                         TM
                 [17]   May L, Penna L, Clark A. An implementation of bitsliced DES on the pentium MMX  processor. In: Proc. of the 5th Australasian Conf.
                     on Information Security and Privacy. Brisbane: Springer, 2000. 112–122. [doi: 10.1007/10718964_10]
                 [18]   Schaumüller-Bichl I. Cryptanalysis of the data encryption standard by the method of formal coding. In: Proc. of the 1983 Workshop on
                     Cryptography. Burg Feuerstein: Springer, 1983. 235–255. [doi: 10.1007/3-540-39466-4_17]
                 [19]   Matsuda S, Moriai S. Lightweight cryptography for the cloud: Exploit the power of bitslice implementation. In: Proc. of the 14th Int’l
                     Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012). Leuven: Springer, 2012. 408–425. [doi: 10.1007/978-3-
                     642-33027-8_24]