Focusing on the issue of low efficiency of SKINNY encryption algorithm in Central Processing Unit(CPU), a fast implementation method was proposed based on Graphic Processing Unit(GPU). In the first place, an optimization scheme was proposed by combining the structural characteristics of SKINNY algorithm, and one whole calculation, where the whole calculation was integrated by 5 step-by-step operations. Moreover, the characteristics of the Electronic CodeBook(ECB) mode and counter(CTR) mode of this algorithm were analyzed, and the parallel design schemes such as parallel granularity and memory allocation were given. Experimental results illustrate that the efficiency and throughput of SKINNY algorithm implemented by Computing Unified Device Architecture(CUDA) are significantly improved, when compared to the algorithm with the traditional CPU implementation. More specifically, for data size of 16 MB or large size, the SKINNY algorithm implementation with ECB mode achieves maximum efficiency improvement of 99.85% and maximum speedup ratio of 671. On the other hand, the SKINNY algorithm implementation with CTR mode achieves maximum efficiency improvement of 99.87% and maximum speedup ratio of 765. In particular, the throughput of the proposed SKINNY-256(ECB) parallel algorithm has 1.29 times and 2.55 times of those of the existing AES-256(ECB) and SKINNY_ECB parallel algorithms, respectively.

Focused on the low analysis efficiency of Correlation Power Analysis (CPA) interfered by noise, a stepwise CPA scheme was proposed. Firstly, the utilization of information in CPA was improved by constructing a new stepwise scheme. Secondly, the problem that the accuracies of previous analyses were not guaranteed was solved by introducing the confidence index to improve the accuracy of each analysis. Finally, a stepwise CPA scheme was proposed based on the structure of SM4 cryptographic algorithm. The results of simulation experiments show that, on the premise of the success rate up to 90%, stepwise CPA reduces the demand of power traces by 25% compared to classic CPA. Field Programmable Gate Array (FPGA) based experiments indicate that the ability of stepwise CPA to recover the whole round key is very close to the limit of expanding the search space to the maximum. Stepwise CPA can reduce the interference of noise and improve the efficiency of analysis with a small amount of calculation.

Focusing on the linear decomposition of the S-box layer in Keccak algorithm, a new linear structure construction method was proposed based on the algebraic properties of the S-box. Firstly, to ensure the state data was still linear with that after this linear structure, some constraints about input bits of S-box needed to be fixed. Then, as an application of this technique, some new zero-sum distinguishers of round-reduced Keccak were constructed by combining the idea of meet-in-the-middle attack. The results show that a new 15-round distinguisher of Keccak is found, which extends 1-round forward and 1-round backward. This work is consistent with the best known ones and its complexity is reduced to 2 ²⁵⁷. The new distinguisher, which extends 1-round forward and 2-round backward, has the advantages of more free variables and richer distinging attack combinations.

Focusing on the problem whether there are new security flaws of several kinds of high-level cryptographic S-boxes, an algorithm for solving the nonlinear invariant function of S-boxes was proposed, which is mainly based on the algebraic relationship between the input and output of the cryptographic S-boxes. Using the proposed algorithm, several kinds of S-boxes were tested and it was found that several of them had the same nonlinear invariant function. In addition, if these S-boxes were used to non-linear parts of the block cipher Midori-64, a new variant algorithm would be obtained. The security analysis was carried out by non-linear invariant attack. The analytical results show that the Midori-64 variant is faced with serious secure vulnerability. In other words, there exist 2 ⁶⁴ weak keys when nonlinear invariant attack is applied to the Midori-64 variant, meanwhile data, time and storage complexity can be neglected, consequently some high-level cryptographic S-boxes have security flaws.

Focusing on the safety analysis of the 3D block cipher, a new method on this algorithm against the meet-in-the-middle attack was proposed. Based on the structure of the 3D algorithm and the differential properties of the S-box, the research reduced the number of required bytes during structuring the multiple sets in this attack and constructed a new 6-round meet-in-the-middle distinguisher. According to extending the distinguisher 2-round forward and 3-round backward, an 11-round meet-in-the-middle attack of the 3D algorithm was finally achieved. The experimental results show that:the number of required bytes on constructed the distinguisher is 42, the attack requires a data complexity of about 2⁴⁹⁷ chosen plaintexts, a time complexity of about 2^325.3 11-round 3D algorithm encryption and a memory complexity of about 2³⁴² bytes. The new attack shows that the 11-round of the 3D algorithm is not immune to the meet-in-the-middle attack.