摘要: 本文使用两种方法对S盒的可分性质进行了分析。主要针对MISTY1，Camellia，AES，SMS4，DES，GIFT，Gost，KLEIN，LED，LBlock，MISBS，mCRYPTON，Midori64，RESENT，PRINCE，PRIDE，Piccolo，PUFFIN，RECTANGLE，SKINNY，SPONGENT，Serpent，TWINE等分组密码算法中的S盒，以及16个最优S盒。第一种方法基于代数次数，利用汉明重量与代数次数的对应关系，分析S盒的可分性质，即得实验结果。根据可分性质传播规则，可得可分性质理论推导值。将实验结果与理论推导值相比较并进行分析，发现少部分有区别。由于第一种方法中同一个汉明重量对应多种情况，猜测有些可分性质可能被隐藏，于是采取第二种方法——基于比特级即细化的可分性质，针对每一种情况分析对应的可分性质，得到了比第一种方法更好的结果。轻量级4比特S盒具有可以使用的可分性质。基于有限域逆的8比特S盒没有平衡比特，具有高安全性。这将有助于分组密码算法的安全性分析，在降低时间复杂度与数据复杂度方面均有帮助。

Abstract: This paper uses two methods to analyze the division property of the S-boxes, mainly for the S-boxes of MISTY1, Camellia, AES, SMS4, DES, GIFT, Gost, KLEIN, LED, LBlock, MIBS, mCRYPTON, Midori64, RESENT, PRINCE, PRIDE, Piccolo, PUFFIN, RECTANGLE, SKINNY, SPONGENT, Serpent, TWINE, as well as 16 optimal S-boxes. The first method is based on algebraic degree, using the correspondence between Hamming weight and algebraic degree to find the division property of the S-boxes. The experimental results are obtained. According to the rules of division property propagation, we can obtain the theoretical derivation values of division property, compare and analyze experimental results with theoretical derivation values. It shows that there are a few differences. Since the same Hamming weight contains multiple cases, it may be hidden, so the second method, that is, the detailed division property, based on bit level, is adopted to analyze division property for each case. As a result, there are better results found than the first method. Lightweight 4-bit S-boxes have division property that can be utilized. 8-bit S-boxes based on finite field inverse have high security without balanced bits. This will facilitate the security analysis of block cipher algorithms and help to reduce time complexity and data complexity.