CN101848081A - S box and construction method thereof - Google Patents

S box and construction method thereof Download PDF

Info

Publication number
CN101848081A
CN101848081A CN 201010204508 CN201010204508A CN101848081A CN 101848081 A CN101848081 A CN 101848081A CN 201010204508 CN201010204508 CN 201010204508 CN 201010204508 A CN201010204508 A CN 201010204508A CN 101848081 A CN101848081 A CN 101848081A
Authority
CN
China
Prior art keywords
unit
input
xor
output
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201010204508
Other languages
Chinese (zh)
Inventor
吴文玲
冯秀涛
周春芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN 201010204508 priority Critical patent/CN101848081A/en
Priority to PCT/CN2010/001048 priority patent/WO2011153666A1/en
Publication of CN101848081A publication Critical patent/CN101848081A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Error Detection And Correction (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an S box and a construction method thereof, which belong to the technical field of communication. The method comprises the following steps: (1) selecting an integer m and three n-in-n-out conversion units P1, P2 and P3, wherein P2 is a replacement unit, and n is an integer being not less than 2; (2) marking the high n bit of input 2n bit information x as x1 and the low n bit thereof as x2; (3) converting x2 by P1 and then carrying out exclusive or with x1, outputting and recording as t1; (4) converting t1 by P2 and then carrying out exclusive or with x2, outputting and recording as t2; (5) converting t2 by P3 and then carrying out exclusive or with t1, outputting and recording as t3; (6) connecting t3 as the high n bit with t2 as the low n bit to form 2n-bit information, and recording as t; and (7) circularly shifting the information t to left for m bits and then outputting. The S box comprises three exclusive or units A, B and C, the three conversion units P1, P2 and P3 and one line sequence replacement unit. Compared with the prior art, the S box method is easy to realize, and the constructed S box has good cryptology characteristic and high running efficiency.

Description

A kind of S box building method and S box
Technical field
The present invention relates to the method for a kind of message transmission and processing, relate in particular to a kind of S box building method and S box, belong to communication technical field.
Background technology
Cryptographic technique is with a long history, is used for the military and diplomatic correspondence safety of protection at first.But along with popularizing of communication network and computer network, the application of contemporary cryptology no longer is confined to politics, military affairs and diplomatic, and its commercial value and social value have obtained approval widely.Maintaining secrecy is cryptographic core, is the utility that acquired information is maintained secrecy and encrypt.
Cryptographic algorithm is divided into public key algorithm and private key cryptographic algorithm.The private key cryptographic algorithm is divided into block cipher and stream cipher algorithm again.Block cipher generally carries out block encryption to message, and a bigger message blocks is once encrypted in the algorithm operation.Stream cipher algorithm generally with the key of a weak point, with specific key stream generating algorithm, generates and the suitable key stream sequence of message-length that will encrypt, key stream sequence and plaintext step-by-step XOR is reached the purpose of encryption.And deciphering side generates same key stream sequence, with the ciphertext XOR, can obtain expressly.
Design safety, cryptographic algorithm efficiently are the focuses that various countries fall over each other to study always.In existing many block ciphers and stream cipher algorithm, the S box non-linear component that is absolutely necessary.As the AES block cipher in U.S.'s encryption standard, in the SNOW 3G stream cipher algorithm in the ETS, the S box provides the major part of whole algorithm non-linearity.Therefore, the S box that designs is the basis of a cryptographic algorithm of design.Simultaneously, the hardware-efficient of S box is realized, and is most important for the realization of cryptographic algorithm.Especially for hardware resource limited add, decryption device, require the hardware of S box to realize that the door number is few as much as possible.
The design of S box, generally based on the computing of certain structure, for example the S box of AES is based on the inversion operation on the finite field.Because the computing on the finite field will consume a large amount of resources, so realize this S box, realizes by tabling look-up usually.Advance the 8 S boxes that go out for 8, generally need 500 circuit scale.
For this reason, we have proposed a method based on structure construction S box, and this structure utilization simply is easy to hard-wired displacement and non-displacement transformation, the S box that structure has good cryptography character.Simultaneously we based on this structure construction a kind of box of S efficiently hardware module, its hardware size be table look-up realize 1/5.
Summary of the invention
The purpose of technical scheme of the present invention is to provide a kind of S box building method and S box, and this method is a kind of method based on structure construction S box, utilizes three 4 and advances 4 conversion that go out, and structure 8 advances the 8 displacement S boxes that go out.This S box is easy to software and hardware and realizes and can provide cryptography character such as good algebraically, difference, non-linearity, and important effect is all arranged in the design of block cipher and stream cipher algorithm, is indispensable assembly.Another object of the present invention is to provide a kind of S box hardware module, the general S cartridge module of this module scale is little.
Technical scheme of the present invention is:
A kind of S box building method the steps include:
1) a selected integer m and three n advance the converter unit that n goes out: P 1, P 2, P 3P wherein 2Be permute unit, n is the integer number more than or equal to 2;
2) the 2n bit information x with input is divided into two parts, is designated as x 1, x 2, wherein, x 1High n position, x for input information 2Low n position for input information;
3) with x 2Through P 1After the conversion with x 1XOR, output result note is made t 1
4) with t 1Through P 2After the conversion with x 2XOR, output result note is made t 2
5) with t 2Through P 3After the conversion with t 1XOR, output result note is made t 3
6) with t 3As high n position, t 2Be connected to become the information of a 2n bit as low n position, note is made t;
7) information t ring shift left m position is exported.
Further, the value of described integer m is 1~2n-1; Described P 1, P 3For n advances the mapping that n goes out; Described n is the integer more than or equal to 2.
Further, adopt a line preface permute unit that information t ring shift left m position is exported.
Further, the conversion described step 3)~5) adopts combinational logic circuit to realize; Wherein the critical path of combinational logic circuit is: x 2→ P 1→ XOR → P 2→ XOR → P 3→ XOR.
Further, the conversion described step 3)~5) adopts sequence circuit to realize.
Further, described employing sequence circuit realizes that the method for conversion is:
1) with P 1, P 2, P 3In information be stored in respectively in the memory;
2) according to P 1The base address, with x 2Read the P that stores in the described memory for offset address 1Information is with itself and x 1Carry out being updated among the n bit register L behind the XOR;
3) according to P 2The base address, as offset address, read the P that stores in the described register with the output of this register L 2Information is with itself and x 2Carry out being updated among the n bit register R behind the XOR;
4) according to P 3The base address, as offset address, read the P that stores in the described register with the output of this register R 3
Information is carried out XOR with itself and this register L.
A kind of S box is characterized in that comprising three XOR unit A, B, C, three converter unit P 1, P 2, P 3, a line preface permute unit; Wherein two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P 1Output connect, the output of XOR unit A respectively with converter unit P 2Input and the input of XOR unit C be connected; Another n bit information data terminal respectively with converter unit P 1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P 2Output connect; The output of XOR unit B respectively with the input and the converter unit P of described line preface permute unit 3Input connect; The output of XOR unit C is connected with the input of described line preface permute unit; Converter unit P 3Output be connected with the input of XOR unit C; P wherein 2Be permute unit, n is a natural number.
Further, the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P 1, P 3Be 4 to advance 4 conversion that go out.
A kind of S box is characterized in that comprising three XOR unit A, B, C, three converter unit P 1, P 2, P 3, a line preface permute unit, two register L, R, a memory; Converter unit P wherein 1, P 2, P 3Be connected with described memory by base I/O addressI/O respectively; Two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P 1Output connect, and its output is connected with the input of described register L; Another n bit information data terminal respectively with converter unit P 1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P 2Output connect, and its output is connected with the input of described register R; The output of described register R respectively with converter unit P 3Input and the input of described line preface permute unit be connected; The output of described register L respectively with input and the converter unit P of XOR unit C 2Input connect; Another input of XOR unit C and converter unit P 3Output connect, and its output is connected with the input of described line preface permute unit, wherein P 2Be permute unit, n is a natural number.
Further, the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P 1, P 3Be 4 to advance 4 conversion that go out.
Concrete, be directed to 8 and advance the 8 concrete building methods of S box that go out and be:
A. selected 4 advance the 4 conversion P that go out 1, P 2, P 3, P wherein 2Be displacement;
B. selected integer m.
For any 8 given bit informations
Figure BSA00000162002500031
Information y=S (x) computational process after the conversion of S box is as follows:
1) get x high 4 for x 1, low 4 is x 2, x 1, x 2As next step input;
2) make x 2Through P 1After the conversion with x 1XOR, result's note is made t 1, output t 1, x 2As next step input;
3) make t 1Through P 2After the conversion with x 2XOR, result's note is made t 2, output t 1, t 2As next step input;
4) make t 2Through P 3After the conversion with t 1XOR, result's note is made t 3, output t 3, t 2As next step input;
5) with t 3As high 4, t 2Be t as low 4 the information notes that are connected to become one 8 bit; T ring shift left m position is exported.
Described S box structure is divided into three layers, and 8 bit branches of input are done two parts, successively two parts value is upgraded in three layers.In the step in the end, with two parts value combination back output.
Among the described step a, the conversion of choosing should be by being easy to computer realization, hard-wired basic operation structure.
Among the described step a, P 2Be displacement, P 1, P 3Can be displacement, also can be non-displacement.
Among the described step b, the span of m is the integer between 1 to 7.
Among the described step 2-4, the output of step is upgraded one in the value of two inputs as input before receiving.
Among the described step 2-4, update method is advanced on the numerical value that XOR is updated to needs behind 4 change actions that go out the original numerical value of value replacement that obtains for the numerical value that will need not upgrade through 4.
In the described step 5, with output two parts value combination back output of previous step.
The method for designing of S box has a variety of, and for example the S box of AES is to utilize finite field On multinomial
Figure BSA00000162002500042
Structure.
If the standby finite field operations was realized when the S box of this method construct was hard-wired, efficient is very low, so realize with the method for tabling look-up usually, generally needs 500 gate circuits.
And the inventive method structure 8 advance the 8 S boxes that go out, by realizing that the less small-scale conversion multiple layer combination of cost forms, only need about 100 gate circuits to get final product.Use the S box construction algorithm of the inventive method structure, not only can provide good cryptography character, and the hardware implementation efficiency is higher than other method.
Another object of the present invention is a kind of box of S efficiently hardware module, and interface is input of 8 bits and the output of 8 bits.Comprise 3 layers of computing and a line preface permute unit, wherein each layer comprises that one 4 bit is to the conversion of 4 bits and the step-by-step XOR of two 4 bit numbers.Its hardware implementation structure is divided into two kinds:
For mode 1) pure combinational logic circuit implementation, comprise three XOR unit and three lookup unit (promptly 4 bits are to the converter unit of 4 bits) P in the module 1, P 2, P 3With a line preface permute unit<<<m.
Two input XORs of 4 bits are finished in described XOR unit, and the circuit of XOR unit is realized simple, is the basic module of hardware designs, is not the content that the present invention emphasized.
Described lookup unit is finished the computing of tabling look-up of 4 bits, is equivalent to 4 bit index values are retrieved.For example 2 not gates (logical not component) can be realized a kind of tabling look-up to 2 bit informations, are output as when promptly being input as binary system " 00 " " 11 "; Be output as when being input as binary system " 01 " " 10 "; Be output as when being input as binary system " 10 " " 01 "; Be output as when being input as binary system " 11 " " 00 ".This computing of tabling look-up can be expressed as binary form successively:
S = 11 10 01 00
Corresponding decimal system form is:
S = 3 2 1 0
Tabling look-up for 4 bits can the rest may be inferred.In fact, current hardware circuit design generally adopts hardware description language, as Verilog or VHDL etc., and after only need defining to output, as:
Case(input)
00:out<=11;
01:out<=10;
10:out<=01;
11:out<=00;
Endcase
Can further obtain the actual logic structure and obtain P by synthesis tool 1, P 2, P 3Circuit structure.
When hardware was realized, the important indicator whether circuit satisfies temporal constraint was exactly the longest combinational logic path delay of time, is also referred to as critical path.This mode critical path is: x 2→ P 1→ XOR → P 2→ XOR → P 3→ XOR.The time delay of a common gate is much smaller than the ns level.So, for mode 1) and the realization of pure combinational logic circuit, can guarantee that in the time of a clock cycle all gate circuits upsets finish, thereby finish the whole process of tabling look-up.
For mode 2) the sequence circuit implementation, then need to design finite state machine and finish with a plurality of clock cycle and table look-up.Comprise storage P in the module 1, P 2, P 3The memory of content, the register resources that is used to store results of intermediate calculations (is at least 81 bits, if be the n bit, and can be divided exactly (n, q are natural number) by q, then can be defined as any n/q q bit register during hardware description, in any case divide, must guarantee that when work the n/2 bit register upgrades simultaneously), three XOR unit and register upgrade control logic.The described step of tabling look-up is divided into three clock cycle at least.
If be input as x, high 4 is x 1, low 4 is x 2, establishing register resources is 8 bits, is divided into the L of one 4 bit and the R of one 4 bit and defines respectively, the treatment step of then tabling look-up is:
1) establishes P 1The base address that content exists is P 1_Base is with x 2Offset address is read the content in the appropriate address, with x 1Carry out being updated among the 4 bit register L behind the XOR;
2) with the output of register L as offset address, choose P 2(base address is P to middle content corresponding 2_Base), after the sense data with x 2Carry out being updated among the 4 bit register R behind the XOR;
3) with the output of register R as offset address, choose P 3(base address is P to middle content corresponding 3_Base), data of reading and 4 bit register L carry out behind the XOR being spliced into T with the output of R, T is carried out the line preface by left cyclic shift m arrange, output y.
According to dependence of each operation input in the above-mentioned steps, output, mode 2 as can be known) realization need 3 clock cycle at least.Because adopt register-stored intermediate object program between each step, so circuit is realized about 80 of cost, critical path is compared mode 1) shorter, but the time of implementation is much longer relatively, is not suitable for the realization of High Speed occasion.
Compared with prior art, the good effect that has of the present invention is:
This structure utilization simply is easy to hard-wired displacement and non-displacement transformation, the S box that structure has good cryptography character.Simultaneously based on this structure construction a kind of box of S efficiently hardware module, its hardware size is 1/5 of the implementation method of tabling look-up usually.
Description of drawings
Fig. 1, S box structure chart of the present invention;
Fig. 2, implementation 1) electrical block diagram;
Fig. 3, implementation 2) electrical block diagram;
Fig. 4, implementation 2) each step realize electrical block diagram;
(a) mode 2) the realization data path of step 1,
(b) mode 2) the realization data path of step 2,
(c) mode 2) the realization data path of step 3.
Embodiment
Now in conjunction with the accompanying drawings, advancing the 8 displacement S boxes that go out with 8 is example, and the present invention is explained in further detail:
The S box concrete structure that the present invention is based on structural design as shown in Figure 1.S box structure is divided into three layers, and 8 bit branches of input are done two parts, successively two parts value is upgraded in three layers.At last with two parts value combination back output.
Utilize S box structure construction S box of the present invention, at first will select 34 and advance the 4 conversion P that go out 1, P 2, P 3, P wherein 2Be displacement.3 conversion all adopt the basic computing compound structure of computer to get final product.The second, selected integer value m.
Behind selected above-mentioned parameter, for being input as x, it is as follows then to export the concrete computational process of y=S (X):
x=x 1‖x 2
t 1=x 1⊕P 1(x 2)
t 2=x 2⊕P 2(t 1)
t 3=t 1⊕P 3(t 2)
y=(t 3‖t 2)<<<m
Wherein ‖ represents the attended operation of Bit String, x 1Be high 4 bits of x, x 2Low 4 bits for x.
Below, provide a specific embodiment and analyze its hardware implementation efficiency and cryptography character.
1. selection of parameter
Make m=5.
Non-displacement P 1For input x=(x 3, x 2, x 1, x 0), output y=(y 3, y 2, y 1, y 0) algebraic expression be:
y 3=x 3x 1+x 1x 0+x 3+x 1+1;
y 2=x 2x 1+x 2x 0+x 0+x 2
y 1=x 3x 0+x 2x 0+x 0+x 2
y 0=x 3x 1+x 3x 2+x 3+x 1+1。
Be P 1=9,15,0,14,15,15,2,10,0,4,0,12,7,5,3,9}.
Displacement P 2For input x=(x 3, x 2, x 1, x 0), output y=(y 3, y 2, y 1, y 0) algebraic expression be:
y 3=x 2x 1x 0+x 3x 1x 0+x 3x 0+x 3x 1+x 3x 2+x 2+x 1+1;
y 2=x 3x 2x 0+x 3x 2x 1+x 3x 0+x 1x 0+x 2x 1+x 0+x 1+x 2
y 1=x 3x 2x 1+x 1x 0+x 2x 0+x 3x 0+x 3x 1+x 3x 2+x 1+x 2+x 3
y 0=x 2x 1x 0+x 2x 1+x 3x 1+x 3x 0+x 3x 2+x 0+x 2+x 3
Be P 2=8,13,6,5,7,0,12,4,11,1,14,10,15,3,9,2}.
Non-displacement P 3For input x=(x 3, x 2, x 1, x 0), output y=(y 3, y 2, y 1, y 0) algebraic expression be:
y 3=x 1x 0+x 2x 0+x 1
y 2=x 3x 0+x 3x 1+x 0
y 1=x 2x 1+x 3x 1+x 2+1;
y 0=x 2x 0+x 3x 2+x 3
Be P 3=2,6,10,6,0,13,10,15,3,3,13,5,0,9,12,13}.
2.S box form
Behind selected above-mentioned conversion and the m, for all
Figure BSA00000162002500071
High 4 with x is row number, and low 4 are row number, can calculate S
Box output and structure table 1:
Table 1, S box output table
??0 ??1 ??2 ??3 ??4 ??5 ??6 ??7 ??8 ??9 ??A ??B ??C ??D ??E ??F
??0 ??3E ??72 ??5B ??47 ??CA ??E0 ??00 ??33 ??04 ??D1 ??54 ??98 ??09 ??B9 ??6D ??CB
??1 ??7B ??1B ??F9 ??32 ??AF ??9D ??6A ??A5 ??B8 ??2D ??FC ??1D ??08 ??53 ??03 ??90
??2 ??4D ??4E ??84 ??99 ??E4 ??CE ??D9 ??91 ??DD ??B6 ??85 ??48 ??8B ??29 ??6E ??AC
??3 ??CD ??C1 ??F8 ??1E ??73 ??43 ??69 ??C6 ??B5 ??BD ??FD ??39 ??63 ??20 ??D4 ??38
??4 ??76 ??7D ??B2 ??A7 ??CF ??ED ??57 ??C5 ??F3 ??2C ??BB ??14 ??21 ??06 ??55 ??9B
??5 ??E3 ??EF ??5E ??31 ??4F ??7F ??5A ??A4 ??0D ??82 ??51 ??49 ??5F ??BA ??58 ??1C
??6 ??4A ??16 ??D5 ??17 ??A8 ??92 ??24 ??1F ??8C ??FF ??D8 ??AE ??2E ??01 ??D3 ??AD
??7 ??3B ??4B ??DA ??46 ??EB ??C9 ??DE ??9A ??8F ??87 ??D7 ??3A ??80 ??6F ??2F ??C8
??8 ??B1 ??B4 ??37 ??F7 ??0A ??22 ??13 ??28 ??7C ??CC ??3C ??89 ??C7 ??C3 ??96 ??56
??9 ??07 ??BF ??7E ??F0 ??0B ??2B ??97 ??52 ??35 ??41 ??79 ??61 ??A6 ??4C ??10 ??FE
??A ??BC ??26 ??95 ??88 ??8A ??B0 ??A3 ??FB ??C0 ??18 ??94 ??F2 ??E1 ??E5 ??E9 ??5D
??B ??D0 ??DC ??11 ??66 ??64 ??5C ??EC ??59 ??42 ??75 ??12 ??F5 ??74 ??9C ??AA ??23
??C ??0E ??86 ??AB ??BE ??2A ??02 ??E7 ??67 ??E6 ??44 ??A2 ??6C ??C2 ??93 ??9F ??F1
??D ??F6 ??FA ??36 ??D2 ??50 ??68 ??9E ??62 ??71 ??15 ??3D ??D6 ??40 ??C4 ??E2 ??0F
??E ??8E ??83 ??77 ??6B ??25 ??05 ??3F ??0C ??30 ??EA ??70 ??B7 ??A1 ??E8 ??A9 ??65
??0 ??1 ??2 ??3 ??4 ??5 ??6 ??7 ??8 ??9 ??A ??B ??C ??D ??E ??F
??F ??8D ??27 ??1A ??DB ??81 ??B3 ??A0 ??F4 ??45 ??7A ??19 ??DF ??EE ??78 ??34 ??60
Numeral adopts 16 systems to represent in the form.
3.S the every cryptography index of box
Every cryptography index of above-mentioned S box is: the difference uniformity is 8, and nonlinearity is 96, and algebraically immunity degree is 2.
For input x=(x 7, x 6, x 5, x 4, x 3, x 2, x 1, x 0), output y=(y 7, y 6, y 5, y 4, y 3, y 2, y 1, y 0), each component of output about the expression formula of all input components is:
y 7=x 4x 3x 2x 1x 0+x 5x 3x 2x 1x 0+x 4x 3x 2x 0+x 4x 3x 1x 0+x 4x 3x 2x 1+x 5x 3x 1x 0
+x 5x 3x 2x 0+x 5x 3x 2x 1+x 6x 2x 1x 0+x 6x 3x 2x 0+x 6x 3x 2x 1+x 6x 4x 3x 1
+x 6x 4x 1x 0+x 6x 5x 1x 0+x 6x 5x 3x 1+x 7x 2x 1x 0+x 7x 3x 1x 0+x 7x 3x 2x 0
+x 7x 4x 2x 0+x 7x 4x 2x 1+x 7x 5x 2x 0+x 7x 5x 2x 1+x 7x 6x 2x 0+x 7x 6x 3x 0
+x 7x 6x 3x 1+x 7x 6x 3x 2+x 3x 2x 1+x 4x 1x 0+x 4x 2x 1+x 4x 3x 2+x 4x 3x 1
+x 5x 3x 0+x 5x 3x 1+x 6x 2x 1+x 6x 3x 2+x 6x 3x 1+x 6x 4x 3+x 6x 4x 1+x 6x 5x 1
+x 6x 5x 3+x 7x 6x 2+x 7x 4x 2+x 7x 3x 1+x 7x 1x 0+x 7x 3x 2+x 7x 4x 0+x 7x 5x 0
+x 7x 5x 2+x 7x 6x 0+x 7x 6x 1+x 7x 6x 3+x 7x 6x 4+x 7x 6x 5+x 3x 2+x 2x 1
+x 3x 0+x 4x 1+x 4x 3+x 5x 1+x 5x 3+x 5x 4+x 6x 1+x 6x 3+x 6x 4
+x 7x 4+x 7x 6+x 7x 3+x 7x 1+x 2+x 7
y 6=x 5x 3x 2x 1x 0+x 6x 3x 2x 1x 0+x 7x 3x 2x 1x 0+x 3x 2x 1x 0+x 7x 5x 2x 0+x 7x 5x 2x 1
+x 5x 3x 2x 0+x 5x 3x 1x 0+x 5x 3x 2x 1+x 7x 6x 2x 0+x 6x 2x 1x 0+x 6x 3x 2x 0
+x 6x 3x 2x 1+x 6x 5x 1x 0+x 6x 5x 3x 1+x 7x 6x 3x 0+x 2x 1x 0+x 7x 2x 0+x 3x 1x 0
+x 4x 3x 0+x 4x 1x 0+x 4x 2x 1+x 4x 3x 1+x 5x 1x 0+x 7x 5x 0+x 7x 5x 2+x 5x 2x 0
+x 5x 2x 1+x 5x 3x 0+x 6x 1x 0+x 7x 6x 0+x 7x 6x 2+x 6x 2x 0+x 6x 2x 1+x 6x 3x 0
+x 7x 6x 5+x 6x 5x 3+x 6x 5x 1+x 7x 3x 1+x 7x 3x 2+x 7x 0+x 7x 1+x 1x 0
+x 3x 2+x 7x 2+x 2x 0+x 7x 4+x 4x 3+x 4x 1+x 7x 5+x 5x 0+x 5x 2
+x 5x 4+x 7x 6+x 6x 0+x 6x 2+x 6x 4+x 6x 5+x 7x 3+x 0+x 1+x 2+x 4+x 5+x 6
y 5=x 4x 3x 2x 1x 0+x 5x 3x 2x 1x 0+x 6x 3x 2x 1x 0+x 5x 2x 1x 0+x 5x 3x 1x 0+x 5x 3x 2x 0
+x 5x 4x 2x 0+x 5x 4x 2x 1+x 6x 2x 1x 0+x 6x 3x 1x 0+x 6x 5x 3x 1+x 6x 3x 2x 1
+x 6x 4x 3x 0+x 6x 4x 2x 0+x 6x 5x 3x 2+x 5x 3x 1+x 5x 4x 0+x 4x 1x 0+x 4x 2x 0
+x 4x 2x 1+x 4x 3x 0+x 4x 3x 1+x 5x 3x 0+x 5x 4x 2+x 6x 5x 1+x 6x 2x 1+x 6x 5x 3
+x 6x 3x 1+x 6x 4x 2+x 6x 4x 0+x 6x 5x 4+x 7x 2x 1+x 7x 3x 0+x 7x 3x 2+x 7x 3x 1
+x 3x 2+x 5x 3+x 3x 1+x 5x 1+x 2x 1+x 2x 0+x 4x 0+x 4x 1+x 4x 2
+x 4x 3+x 6x 1+x 6x 3+x 7x 4+x 7x 6+x 7x 1+x 7x 3+x 7x 5+x 2+x 5+x 3+x 1+1
y 4=x 5x 3x 2x 1x 0+x 5x 4x 2x 1x 0+x 6x 3x 2x 1x 0+x 6x 4x 2x 1x 0+x 6x 4x 3x 2x 0+x 7x 3x 2x 1x 0
+x 7x 4x 2x 1x 0+x 7x 6x 3x 1x 0+x 7x 6x 3x 2x 0+x 4x 2x 1x 0+x 4x 3x 2x 1+x 4x 3x 1x 0
+x 4x 3x 2x 0+x 5x 2x 1x 0+x 5x 3x 2x 1+x 5x 3x 1x 0+x 5x 4x 2x 1+x 5x 4x 3x 1
+x 6x 4x 3x 0+x 6x 3x 2x 0+x 6x 3x 2x 1+x 6x 4x 2x 1+x 6x 4x 3x 1+x 6x 5x 2x 1
+x 6x 5x 4x 2+x 6x 5x 4x 1+x 7x 2x 1x 0+x 7x 6x 3x 0+x 7x 3x 2x 0+x 7x 6x 3x 2
+x 7x 6x 3x 1+x 7x 3x 2x 1+x 7x 4x 2x 1+x 7x 4x 3x 0+x 7x 5x 3x 2+x 7x 5x 3x 1
+x 7x 6x 1x 0+x 7x 6x 4x 0+x 3x 2x 1+x 4x 1x 0+x 4x 2x 0+x 4x 3x 2+x 4x 3x 1
+x 5x 2x 1+x 5x 3x 0+x 5x 4x 1+x 5x 4x 2+x 5x 4x 3+x 6x 4x 2+x 6x 2x 1+x 6x 3x 2
+x 6x 4x 3+x 6x 3x 1+x 6x 4x 1+x 6x 5x 0+x 6x 5x 1+x 7x 6x 2+x 7x 4x 1+x 7x 1x 0
+x 7x 2x 1+x 7x 3x 2+x 7x 6x 3+x 7x 3x 1+x 7x 4x 0+x 7x 4x 1+x 7x 5x 0+x 7x 5x 2
+x 7x 5x 3+x 7x 5x 4+x 7x 6x 4+x 3x 2+x 5x 2+x 1x 0+x 3x 0+x 3x 1+x 4x 3
+x 6x 4+x 6x 3+x 7x 4+x 7x 6+x 7x 3+x 7x 5+x 2+x 5+x 3+1
y 3=x 4x 3x 2x 1x 0+x 5x 3x 2x 1x 0+x 5x 4x 3x 2x 0+x 5x 4x 3x 1x 1+x 5x 4x 3x 1x 0+x 6x 4x 2x 1x 0
+x 6x 4x 3x 1x 0+x 6x 4x 3x 2x 0+x 6x 5x 3x 2x 0+x 6x 5x 3x 2x 1+x 7x 4x 2x 1x 0+x 7x 4x 3x 1x 0
+x 7x 5x 3x 1x 0+x 7x 6x 3x 2x 0+x 4x 2x 1x 0+x 4x 3x 2x 0+x 5x 4x 3x 2+x 5x 4x 1x 0
+x 5x 4x 3x 1+x 6x 3x 2x 1+x 6x 4x 2x 1+x 6x 4x 3x 0+x 6x 4x 3x 1+x 6x 4x 3x 2
+x 6x 5x 1x 0+x 6x 5x 3x 0+x 6x 5x 3x 2+x 6x 5x 4x 0+x 6x 5x 4x 1+x 6x 5x 4x 3
+x 7x 2x 1x 0+x 7x 3x 2x 0+x 7x 3x 1x 0+x 7x 4x 1x 0+x 7x 5x 3x 1+x 7x 5x 4x 1
+x 7x 5x 1x 0+x 7x 5x 4x 0+x 7x 6x 3x 1+x 7x 6x 5x 3+x 2x 1x 0+x 3x 1x 0+x 3x 2x 1
+x 4x 1x 0+x 4x 2x 1+x 4x 3x 0+x 4x 3x 2+x 5x 1x 0+x 5x 2x 0+x 5x 2x 1+x 5x 4x 1
+x 6x 1x 0+x 6x 2x 0+x 6x 3x 0+x 6x 3x 1+x 6x 4x 0+x 6x 4x 1+x 6x 5x 0+x 6x 5x 3
+x 7x 2x 0+x 7x 3x 2+x 7x 3x 0+x 7x 4x 1+x 7x 5x 4+x 7x 5x 3+x 7x 6x 0+x 7x 6x 4
+x 7x 6x 3+x 3x 0+x 7x 0+x 6x 3+x 2x 1+x 3x 2+x 4x 0+x 4x 3+x 5x 2
+x 5x 1+x 5x 0+x 5x 3+x 6x 2+x 6x 5+x 7x 2+x 7x 5+x 0+x 6+x 7+x 3+1
y 2=x 4x 3x 2x 1x 0+x 5x 3x 2x 1x 0+x 5x 4x 2x 1x 0+x 6x 4x 2x 1x 0+x 6x 4x 3x 1x 0+x 6x 5x 2x 1x 0
+x 6x 5x 3x 1x 0+x 7x 4x 3x 1x 0+x 7x 5x 2x 1x 0+x 7x 5x 3x 2x 0+x 7x 6x 2x 1x 0+x 7x 6x 3x 1x 0
+x 7x 6x 3x 2x 1+x 3x 2x 1x 0+x 4x 2x 1x 0+x 4x 3x 2x 0+x 4x 3x 1x 0+x 5x 2x 1x 0
+x 5x 4x 1x 0+x 5x 4x 3x 1+x 6x 2x 1x 0+x 6x 3x 1x 0+x 6x 4x 1x 0+x 6x 4x 2x 1
+x 6x 4x 3x 1+x 6x 5x 4x 1+x 6x 5x 1x 0+x 6x 5x 2x 1+x 6x 5x 3x 2+x 7x 2x 1x 0
+x 7x 3x 2x 1+x 7x 4x 3x 0+x 7x 5x 3x 0+x 7x 5x 1x 0+x 7x 5x 4x 1+x 7x 5x 2x 1
+x 7x 5x 3x 1+x 7x 6x 1x 0+x 7x 6x 2x 1+x 7x 6x 3x 1+x 7x 6x 4x 1+x 7x 6x 5x 3
+x 7x 6x 5x 1+x 7x 6x 5x 2+x 4x 3x 2+x 4x 2x 0+x 4x 3x 0+x 5x 1x 0+x 5x 2x 0
+x 5x 3x 2+x 5x 3x 1+x 5x 4x 2+x 6x 1x 0+x 6x 5x 2+x 6x 2x 0+x 6x 3x 0+x 6x 4x 1
+x 6x 4x 2+x 6x 5x 1+x 7x 1x 0+x 7x 3x 0+x 7x 4x 2+x 7x 4x 3+x 7x 5x 4+x 7x 6x 4
+x 4x 0+x 2x 0+x 7x 2+x 4x 1+x 2x 1+x 3x 1+x 5x 0+x 5x 1+x 5x 2+x 5x 4+x 6x 5
+x 6x 3+x 6x 0+x 6x 2+x 7x 3+x 7x 5+x 7x 6+x 0+x 2+x 4+x 7+x 1+1
y 1=x 5x 4x 2x 1x 0+x 5x 4x 3x 2x 1+x 7x 4x 2x 1x 0+x 7x 4x 3x 2x 1+x 7x 5x 3x 2x 0+x 7x 5x 2x 1x 0
+x 7x 6x 3x 1x 0+x 3x 2x 1x 0+x 5x 4x 3x 1+x 4x 3x 1x 0+x 4x 2x 1x 0+x 4x 3x 2x 0
+x 4x 3x 2x 1+x 5x 3x 2x 0+x 5x 3x 2x 1+x 5x 4x 1x 0+x 5x 4x 2x 1+x 5x 4x 3x 2
+x 6x 2x 1x 0+x 6x 3x 1x 0+x 6x 3x 2x 1+x 6x 3x 2x 0+x 6x 4x 1x 0+x 6x 4x 3x 1
+x 6x 4x 3x 0+x 6x 5x 3x 1+x 6x 5x 1x 0+x 6x 5x 3x 0+x 7x 5x 3x 1+x 7x 2x 1x 0
+x 7x 3x 2x 0+x 7x 4x 2x 1+x 7x 4x 3x 2+x 7x 5x 3x 0+x 7x 5x 2x 0+x 7x 5x 4x 2
+x 7x 6x 1x 0+x 7x 6x 2x 0+x 7x 6x 3x 0+x 7x 6x 3x 1+x 7x 6x 3x 2+x 7x 6x 4x 3
+x 7x 6x 4x 0+x 7x 6x 5x 3+x 7x 6x 5x 0+x 7x 5x 3+x 3x 2x 0+x 5x 2x 1+x 3x 2x 1
+x 4x 3x 1+x 5x 4x 1+x 4x 1x 0+x 5x 1x 0+x 5x 4x 0+x 5x 2x 0+x 5x 3x 2+x 5x 4x 2
+x 6x 1x 0+x 6x 2x 0+x 6x 2x 1+x 6x 3x 2+x 6x 4x 3+x 6x 4x 0+x 6x 4x 1+x 6x 5x 2
+x 6x 5x 1+x 7x 3x 1+x 7x 5x 1+x 7x 2x 0+x 7x 5x 4+x 7x 4x 3+x 7x 4x 2+x 7x 6x 0
+x 7x 6x 1+x 7x 6x 2+x 7x 6x 3+x 7x 6x 4+x 7x 6x 5+x 7x 5+x 5x 3+x 7x 3
+x 2x 0+x 2x 1+x 4x 1+x 5x 0+x 6x 0+x 6x 3+x 6x 5+x 7x 1+x 7x 2
+x 7x 4+x 7x 6+x 7+x 5+x 3+1
y 0=x 6x 3x 2x 1x 0+x 7x 3x 2x 1x 0+x 7x 2x 1x 0+x 4x 3x 2x 0+x 4x 3x 2x 1+x 5x 2x 1x 0
+x 5x 3x 1x 0+x 5x 3x 2x 0+x 5x 4x 1x 0+x 5x 4x 2x 0+x 5x 4x 2x 1+x 5x 4x 3x 1
+x 6x 2x 1x 0+x 6x 3x 1x 0+x 6x 5x 3x 2+x 6x 3x 2x 1+x 6x 4x 2x 0+x 6x 4x 3x 0
+x 6x 5x 3x 1+x 7x 2x 1x 0+x 7x 3x 1x 0+x 7x 3x 2x 1+x 7x 4x 2x 0+x 7x 4x 3x 0
+x 7x 5x 3x 1+x 7x 5x 3x 2+x 2x 1x 0+x 3x 1x 0+x 3x 2x 0+x 3x 2x 1+x 4x 1x 0
+x 4x 3x 1+x 4x 3x 2+x 5x 2x 0+x 5x 2x 1+x 5x 3x 0+x 5x 4x 1+x 5x 4x 0+x 5x 4x 2
+x 5x 4x 3+x 6x 2x 0+x 6x 2x 1+x 6x 3x 0+x 6x 5x 3+x 6x 3x 1+x 6x 4x 0+x 6x 4x 2
+x 6x 5x 1+x 6x 5x 4+x 7x 2x 0+x 7x 5x 3+x 7x 3x 1+x 7x 1x 0+x 7x 3x 2+x 7x 5x 4
+x 7x 4x 0+x 7x 4x 2+x 7x 5x 1+x 3x 1+x 6x 1+x 2x 1+x 3x 0+x 3x 2+x 4x 3
+x 4x 1+x 5x 0+x 5x 2+x 6x 5+x 5x 4+x 6x 0+x 6x 2+x 6x 3+x 7x 0
+x 7x 2+x 7x 6+x 7x 3+x 7x 1+x 7x 4+x 1+x 4+x 5+x 7
Table 2 has provided number and the mathematical expectation that the item of each number of times occurs in each component function of S box.
The item of each number of times occurs in each component function of table 2, S box number and mathematical expectation table
The number of times of item number ??8 ??7 ??6 ??5 ??4 ??3 ??2 ??1 ??0
??y 7 ??0 ??0 ??0 ??2 ??24 ??27 ??15 ??2 ??0
??y 6 ??0 ??0 ??0 ??3 ??13 ??24 ??19 ??6 ??0
??y 5 ??0 ??0 ??0 ??3 ??12 ??20 ??17 ??4 ??1
??y 4 ??0 ??0 ??0 ??9 ??29 ??32 ??12 ??3 ??1
??y 3 ??0 ??0 ??0 ??14 ??26 ??28 ??15 ??4 ??1
??y 2 ??0 ??0 ??0 ??13 ??31 ??21 ??17 ??5 ??1
??y 1 ??0 ??0 ??0 ??7 ??38 ??33 ??14 ??3 ??1
The number of times of item number ??8 ??7 ??6 ??5 ??4 ??3 ??2 ??1 ??0
??y 0 ??0 ??0 ??0 ??2 ??24 ??32 ??20 ??4 ??0
Desired value ??1/2 ??4 ??14 ??28 ??35 ??28 ??14 ??4 ??1/2
4.S box hardware implementation efficiency is analyzed
The described a kind of box of S efficiently hardware module can adopt dual mode to realize:
1) pure combinational logic circuit implementation;
2) sequence circuit implementation.
For implementation 1), described interface is input of 8 bits and the output of 8 bits, comprises three XOR unit A, B, C and three lookup unit P in the module 1, P 2, P 3With a line preface permute unit "<<<m ".As shown in Figure 2.
When hardware was realized, the important indicator whether circuit satisfies temporal constraint was exactly the longest combinational logic path delay of time, is also referred to as critical path.This mode critical path is: x 2→ P 1→ XOR → P 2→ XOR → P 3→ XOR.The time delay of a common gate is much smaller than the ns level.So, for mode 1) and the realization of pure combinational logic circuit, can guarantee that in the time of a clock cycle all gate circuits upsets finish, thereby finish the whole process of tabling look-up.
The time of tabling look-up of this circuit, if output was deposited at once in each clock cycle, then under the 80MHz clock, the realization throughput was 640Mbps (8*80MHz) less than a clock cycle, realized about 100 of area, and the process of tabling look-up is all adopted and is the combinational logic realization.
For mode 2) P 1, P 2, P 3The sequence circuit implementation of content stores in memory then needs to design finite state machine and finishes with a plurality of clock cycle and table look-up.If be input as x, high 4 is x 1, low 4 is x 2, the processing procedure of then tabling look-up needs to deposit for three times as shown in Figure 3 at least, needs a clock cycle upgrade relevant register at every turn, and concrete operating circuit is as shown in Figure 4.
As a kind of embodiment, as P 1, P 2, P 3Content leaves in the RAM medium, and then treatment step is as follows:
1) Fig. 4 (a) establishes P 1The base address that content exists is P 1_Base is with x 2Offset address is read the content in the appropriate address, with x 1Carry out being updated among the 4 bit register L behind the XOR;
2) Fig. 4 (b) establishes P 2The base address that content exists is P 2_Base is that offset address is read the content in the appropriate address with the content of L, with x 2Carry out being updated among the 4 bit register R behind the XOR;
3) Fig. 4 (c) as offset address, chooses P with the output of register R 3(base address is P to middle content corresponding 3_Base), carry out being spliced into T with R behind the XOR with 4 bit register L after the sense data, T is carried out the line preface by left cyclic shift m arrange, output y.
Mode 2) realization needs 3 clock cycle at least.Owing to adopt register-stored intermediate object program between each step, so circuit logic partly realizes about 80 of cost (not comprising ram cell), critical path is compared mode 1) shorter, but the time of implementation is much longer relatively, for example under the 80MHz clock, realize that throughput is up to 213Mbps (8 bit * 80MHz/3), adopt sequential logical circuit to realize.

Claims (10)

1. a S box building method the steps include:
1) a selected integer m and three n advance the converter unit that n goes out: P 1, P 2, P 3P wherein 2Be permute unit, n is a natural number;
2) the 2n bit information x with input is divided into two parts, is designated as x 1, x 2, wherein, x 1High n position, x for input information 2Low n position for input information;
3) with x 2Through P 1After the conversion with x 1XOR, output result note is made t 1
4) with t 1Through P 2After the conversion with x 2XOR, output result note is made t 2
5) with t 2Through P 3After the conversion with t 1XOR, output result note is made t 3
6) with t 3As high n position, t 2Be connected to become the information of a 2n bit as low n position, note is made t;
7) information t ring shift left m position is exported.
2. the method for claim 1, the value that it is characterized in that described integer m is 1~2n-1; Described P 1, P 3For n advances the mapping that n goes out; Described n is integer and n 〉=2.
3. method as claimed in claim 1 or 2 is characterized in that adopting a line preface permute unit that information t ring shift left m position is exported.
4. method as claimed in claim 1 or 2 is characterized in that described step 3)~5) in conversion adopt combinational logic circuit to realize; Wherein the critical path of combinational logic circuit is: x 2→ P 1→ XOR → P 2→ XOR → P 3→ XOR.
5. method as claimed in claim 1 or 2 is characterized in that described step 3)~5) in conversion adopt sequence circuit to realize.
6. method as claimed in claim 5 is characterized in that the method for described employing sequence circuit realization conversion is:
1) with P 1, P 2, P 3In information be stored in respectively in the memory;
2) according to P 1The base address, with x 2Read the P that stores in the described memory for offset address 1Information is with itself and x 1Carry out being updated among the n bit register L behind the XOR;
3) according to P 2The base address, as offset address, read the P that stores in the described register with the output of this register L 2Information is with itself and x 2Carry out being updated among the n bit register R behind the XOR;
4) according to P 3The base address, as offset address, read the P that stores in the described register with the output of this register R 3Information is carried out XOR with itself and this register L.
7. a S box is characterized in that comprising three XOR unit A, B, C, three converter unit P 1, P 2, P 3, a line preface permute unit; Wherein two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P 1Output connect, the output of XOR unit A respectively with converter unit P 2Input and the input of XOR unit C be connected; Another n bit information data terminal respectively with converter unit P 1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P 2Output connect; The output of XOR unit B respectively with the input and the converter unit P of described line preface permute unit 3Input connect; The output of XOR unit C is connected with the input of described line preface permute unit; Converter unit P 3Output be connected with the input of XOR unit C; P wherein 2Be permute unit, n is a natural number.
8. S box as claimed in claim 7 is characterized in that the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P 1, P 3Be 4 to advance 4 conversion that go out.
9. a S box is characterized in that comprising three XOR unit A, B, C, three converter unit P 1, P 2, P 3, a line preface permute unit, two register L, R, a memory; Converter unit P wherein 1, P 2, P 3Be connected with described memory by base I/O addressI/O respectively; Two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P 1Output connect, and its output is connected with the input of described register L; Another n bit information data terminal respectively with converter unit P 1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P 2Output connect, and its output is connected with the input of described register R; The output of described register R respectively with converter unit P 3Input and the input of described line preface permute unit be connected; The output of described register L respectively with input and the converter unit P of XOR unit C 2Input connect; Another input of XOR unit C and converter unit P 3Output connect, and its output is connected with the input of described line preface permute unit, wherein P 2Be permute unit, n is integer and n 〉=2.
10. S box as claimed in claim 9 is characterized in that the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P 1, P 3Be 4 to advance 4 conversion that go out.
CN 201010204508 2010-06-11 2010-06-11 S box and construction method thereof Pending CN101848081A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 201010204508 CN101848081A (en) 2010-06-11 2010-06-11 S box and construction method thereof
PCT/CN2010/001048 WO2011153666A1 (en) 2010-06-11 2010-07-13 Method for constructing s-box and s-box

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010204508 CN101848081A (en) 2010-06-11 2010-06-11 S box and construction method thereof

Publications (1)

Publication Number Publication Date
CN101848081A true CN101848081A (en) 2010-09-29

Family

ID=42772549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010204508 Pending CN101848081A (en) 2010-06-11 2010-06-11 S box and construction method thereof

Country Status (2)

Country Link
CN (1) CN101848081A (en)
WO (1) WO2011153666A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185690A (en) * 2011-01-27 2011-09-14 中国科学院软件研究所 Optimal S box construction method and circuit
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box
CN103378968A (en) * 2012-04-16 2013-10-30 中国科学院软件研究所 A construction method and a circuit of a G1 type S-box
CN104683096A (en) * 2013-11-29 2015-06-03 中国航天科工集团第三研究院第八三五七研究所 Dynamic S-box transforming method and system
CN109905231A (en) * 2019-02-26 2019-06-18 清华大学 A kind of S box building method of novel password dedicated 4 × 4
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance
CN112511293A (en) * 2020-09-21 2021-03-16 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN113162755A (en) * 2021-02-03 2021-07-23 北京信息科学技术研究院 Construction method and circuit of light-weight 8-bit S box
CN114710285A (en) * 2022-05-19 2022-07-05 北京大学 High-performance SM4 bit slice optimization method for heterogeneous parallel architecture

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658569B1 (en) * 1999-02-04 2003-12-02 Bull Cp8 Secret key cryptographic process for protecting a computer system against attacks by physical analysis
CN101719823A (en) * 2009-10-30 2010-06-02 中国科学院软件研究所 Method for realizing linear transformation of S-box

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6243470B1 (en) * 1998-02-04 2001-06-05 International Business Machines Corporation Method and apparatus for advanced symmetric key block cipher with variable length key and block
JP2008058830A (en) * 2006-09-01 2008-03-13 Sony Corp Data converting device, data conversion method, and computer program
WO2009104827A1 (en) * 2008-02-20 2009-08-27 Industry-Academic Cooperation Foundation, Yonsei University Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658569B1 (en) * 1999-02-04 2003-12-02 Bull Cp8 Secret key cryptographic process for protecting a computer system against attacks by physical analysis
CN101719823A (en) * 2009-10-30 2010-06-02 中国科学院软件研究所 Method for realizing linear transformation of S-box

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185690A (en) * 2011-01-27 2011-09-14 中国科学院软件研究所 Optimal S box construction method and circuit
CN102185690B (en) * 2011-01-27 2013-11-27 中国科学院软件研究所 Optimal S box construction method and circuit
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box
CN103368725B (en) * 2012-04-06 2016-08-31 中国科学院软件研究所 A kind of G0 class S box building method and circuit thereof
CN103378968A (en) * 2012-04-16 2013-10-30 中国科学院软件研究所 A construction method and a circuit of a G1 type S-box
CN103378968B (en) * 2012-04-16 2016-08-03 中国科学院软件研究所 A kind of G1 class S box building method and circuit thereof
CN104683096A (en) * 2013-11-29 2015-06-03 中国航天科工集团第三研究院第八三五七研究所 Dynamic S-box transforming method and system
CN104683096B (en) * 2013-11-29 2017-12-22 中国航天科工集团第三研究院第八三五七研究所 Dynamic S-box transform method and system
CN109905231A (en) * 2019-02-26 2019-06-18 清华大学 A kind of S box building method of novel password dedicated 4 × 4
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance
CN112511293A (en) * 2020-09-21 2021-03-16 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN112511293B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112636899B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN113162755A (en) * 2021-02-03 2021-07-23 北京信息科学技术研究院 Construction method and circuit of light-weight 8-bit S box
CN114710285A (en) * 2022-05-19 2022-07-05 北京大学 High-performance SM4 bit slice optimization method for heterogeneous parallel architecture

Also Published As

Publication number Publication date
WO2011153666A1 (en) 2011-12-15

Similar Documents

Publication Publication Date Title
CN101848081A (en) S box and construction method thereof
CN101764686B (en) Encryption method for network and information security
CN106850221B (en) Information encryption and decryption method and device
Deshpande et al. Efficient implementation of AES algorithm on FPGA
CN101952870B (en) Data converter, data conversion method
CN103444124B (en) Cipher processing apparatus, cipher processing method
CN102204158A (en) Low latency block cipher
CN101938349A (en) S box applicable to hardware realization and circuit realization method thereof
KR100800468B1 (en) Hardware cryptographic engine and method improving power consumption and operation speed
CN105916141B (en) A kind of realization system and method for self synchronous Zu Chongzhi's enciphering and deciphering algorithm
CN101841415A (en) Word-oriented key stream generating method and encrypting method
CN106982116A (en) A kind of local file encryption method of the AES based on reversible logic circuits
JP2015191107A (en) Encryption processing device, encryption processing method, and program
CN109039583A (en) It is multiplexed round transformation circuit, AES encryption circuit and encryption method
CN101848078A (en) Perturbation method and encryption method for key stream sequence
CN107171782A (en) A kind of AES secret daily record encryption methods based on reversible logic circuits
CN109033847B (en) AES encryption operation unit, AES encryption circuit and encryption method thereof
Hammad Efficient hardware implementations for the advanced encryption standard algorithm
CN101848079B (en) Perturbation method and encryption method for character-oriented sequence with memory
Rais et al. A novel FPGA implementation of AES-128 using reduced residue of prime numbers based S-Box
Nadjia et al. Efficient implementation of AES S-box in LUT-6 FPGAs
CN104871476A (en) Method and apparatus for a computable, large, variable and secure substitution box
CN104753662A (en) Encryption key stream generating method based on AES (Advanced Encryption Standard) algorithm
CN115022000A (en) Communication method and device of railway signal system and electronic equipment
US7433905B2 (en) Device and method for processing digital values in particular in non-adjacent form

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100929