分组密码算法具有高安全性、易于标准化、加解密速度快、适用于软硬件实现等优点，在数据加密领域起着至关重要的作用。本文从分组密码的组件密码学性质、分析理论等方面研究其安全性。本文研究了旋转对称函数的数学性质、非线性变换的差分分支数、SMS4 型和 MARS 型 Feistel 结构的量子分析法、NBC 算法的量子分析法和活跃 S 盒个数的自动化搜索等。基于上述理论研究，设计了一种新的轻量化分组密码算法。分组密码组件的密码学性质研究 分组密码基本组件包括非线性混淆层和线性扩散层。非线性层通常采用 S 盒替换表，S 盒一般采用高次布尔函数设计，研究该类函数的数学特征是 S 盒选取与安全性评估的重要基础。本文对非线性置换的差分分支数进行了分析，找到一般性上界，并将该界与 Griesmer 界、Sarkar 界进行比较，说明所得到的界是好的，并在 ? = 8 这一常用场景下通过 Nordstrom-Robinson码说明了 8 比特 S 盒存在差分分支数达到上界 6 的情况，并讨论了这类 S 盒所具有的密码学性质。分组密码的分析理论 在后量子时代，分组密码的量子安全性分析是密码学领域研究热点。本文对两类广义 Feistel 结构以及第二类 Feistel 结构的代表算法 NBC 进行了安全性评估。给出了 ? 分支 SMS4 型结构的 (2? − 2) 轮量子区分攻击、(3? − 2)轮量子密钥恢复攻击；NBC-128 的 6 轮量子区分攻击、11 轮量子密钥恢复攻击；NBC-256 的 10 轮量子区分攻击、16 轮量子密钥恢复攻击；? 分支 MARS 型结构在量子选择明文下的 ? 轮量子区分攻击、2? 轮量子密钥恢复攻击，在量子选择密文下的 ? + 1 轮量子区分攻击、2? + 1 轮量子密钥恢复攻击。在分组密码评估方面，本文以 Simpira 算法为例，基于 MILP 自动化搜索技术给出 Simpira 算法的差分和线性截断路线，改进了原文给出的安全界。一种新的轻量化分组密码算法 本文设计了一种新的轻量化分组密码算法 SimptSPN。该算法采用平衡的 Feistel 结构，轮函数采用 SP 结构，非线性层采用轻量的4 比特 S 盒，线性层采用半字节的循环移位以及最大距离可分码（MDS 码）。算法无密钥编排方案，128 比特密钥分成两个 64 比特密钥按轮交替使用，共 20 轮。算法在 10 轮即达到差分和线性区分器的轮数上界，适用于资源受限的环境且满足轻量化密码算法需求。

Block cipher algorithms play a vital role in the field of data encryption due to their high security, simple design, easy standardization, fast encryption and decryption speed,and suitable for software and hardware implementation. This dissertation studies the security of block ciphers from the aspects of the cryptographic properties of block cipher components and the analysis theory of block ciphers. Specifically, this dissertation studies the mathematical properties of rotationally symmetric functions, the number of differential branches of nonlinear transformations, the quantum analysis method of SMS4 and MARS Feistel structure, the quantum analysis method of NBC algorithm, automatic search of the number of active S boxes, etc. Based on the theoretical security researchof the block cipher mentioned above, this dissertation designs a block cipher algorithm suitable for lightweight communication.Research on the block cipher components The basic components of block ciphers include nonlinear confusion layer design and linear diffusion layer design. Non-linear layer design usually adopts S-box substitute table, and the design of S--box generally adoptshigh-order Boolean function design. Studying the mathematical characteristics of this type of function is an important basis for S--box selection and safety assessment. In this part, we analyze the number of differential branches of nonlinear permutation and finda general upper bound. Moreover we show that the upper bound is good by comparing this upper bound with Griesmer bound and Sarkar bound. At the same time, a specific discussion is carried out on the commonly used scene of ? = 8. The famous Nordstrom Robinson code explains that the number of differential branches of the 8--bit S--box can reach to 6. And then we give the cryptographic properties of this type of S--boxs .Analysis theory of block ciphers In the era of post quantum, the quantum analysis of block ciphers is a hot area in the field of cryptography. In this dissertation, we give the safety assessment of two types of generalized Feistel structures and NBC which is a representative algorithm based on the second Feistel structures. Specifically, this articlepresents (2? −2) rounds of quantum discrimination attacks for the SMS type block cipher of the ? branch, 6 rounds of quantum discrimination attacks and 11 rounds of quantum key recovery attacks of NBC--128--like, 10 rounds of quantum discrimination attacks and16 rounds of quantum key recovery attacks of NBC--256-like, ? Rounds of quantum discrimination attack and 2? Rounds of quantum key recovery attacks of the MARS typeblock cipher of the ? branch under quantum choose plaintext attack and (? + 1) Rounds of quantum discrimination attack and (2? + 1) Rounds of quantum key recovery attacks of the MARS type block cipher of the ? branch under quantum choose ciphertext attack.In terms of block cipher security assessment, we take the cryptographic algorithm Simpira as an example, and present its automatic search technology for differential and linear truncated trails based on the mixed integer linear programming MILP, thereby improving the security evaluation given by Simpira in the original text.A block cipher algorithm suitable for lightweight communication We have designed a block cipher algorithm suitable for lightweight communication–SimptSPN. The algorithm adopts a balanced Feistel structure design while he round function adopts a substitute permutation structure. The nonlinear layer adopts a lightweight 4-bit S--box design while the linear layer adopts a half-byte cyclic shift and a maximum distance separablecode (MDS code) structure. The algorithm has no key arrangement algorithm. The 128--bit key is divided into two 64--bit keys and used alternately in rounds. The algorithm has a total of 20 rounds. The algorithm reaches to the upper bound of the number of rounds ofthe differential and linear differentiator in 10 rounds, which is suitable for applications inresource -constrained environments and meets the application requirements of lightweight communication.