CN109981250B - SM4 encryption and key expansion method, device, equipment and medium - Google Patents

SM4 encryption and key expansion method, device, equipment and medium Download PDF

Info

Publication number
CN109981250B
CN109981250B CN201910154930.5A CN201910154930A CN109981250B CN 109981250 B CN109981250 B CN 109981250B CN 201910154930 A CN201910154930 A CN 201910154930A CN 109981250 B CN109981250 B CN 109981250B
Authority
CN
China
Prior art keywords
bigsbox
input
calculation
key
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910154930.5A
Other languages
Chinese (zh)
Other versions
CN109981250A (en
Inventor
王学进
蒋红宇
安晓江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN201910154930.5A priority Critical patent/CN109981250B/en
Publication of CN109981250A publication Critical patent/CN109981250A/en
Application granted granted Critical
Publication of CN109981250B publication Critical patent/CN109981250B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses SM4 encryption and key expansion methods, devices, equipment and media, which are used for optimizing an SM4 encryption algorithm and realizing rapid encryption of mass data. The SM4 encryption method, packageComprises the following steps: carrying out 32 times of iterative computation on 128-bit data to be encrypted by using a pre-generated round key, wherein the iterative computation comprises the following steps:
Figure DDA0001982608200000011
i is 0, 1, …, 31, where RKiFor the purpose of the pre-generated round key,
Figure DDA0001982608200000012
the calculation method of T is as follows: if the T input is a, then,
Figure DDA0001982608200000014
then
Figure DDA0001982608200000013
And taking the iteration result of 32 iteration calculations as the encrypted data.

Description

SM4 encryption and key expansion method, device, equipment and medium
Technical Field
The invention relates to the technical field of computer security, in particular to a method, a device, equipment and a medium for SM4 encryption and key expansion.
Background
The SM4 is a block cipher algorithm, mainly used for data encryption, the block length and the key length are both 128 bits, and both the encryption algorithm and the key expansion algorithm adopt 32-round nonlinear iteration structures.
A conventional method for calculating T permutation in SM4 encryption algorithm is T (·) ═ L (τ (·)), where a nonlinear transformation τ is composed of 4 parallel S boxes, and the input is assumed to be
Figure GDA0002371920640000011
Output is as
Figure GDA0002371920640000012
Then (b)0,b1,b2,b3)=τA=(Sbox(a0),Sbox(a1),Sbox(a2),Sbox(a3))。
The output of the non-linear transformation τ is the input of the linear transformation L, let L be
Figure GDA0002371920640000013
Output is as
Figure GDA0002371920640000014
Then
Figure GDA0002371920640000015
As can be seen from the above calculation process, the calculation of T permutation in the existing SM4 encryption algorithm needs 4 times of table lookup calculation, 4 times of round left shift calculation, and 4 times of xor operation, and the calculation amount is large and the calculation is complex.
With the application of passwords in cloud computing and big data, people put higher requirements on the performance of a password algorithm, and expect to realize the encryption of mass data quickly, but the existing SM4 encryption algorithm has large calculation amount and complex calculation and cannot meet the requirement of quick encryption of mass data.
Disclosure of Invention
The embodiment of the invention discloses a method, a device, equipment and a medium for SM4 encryption and key expansion, which are used for optimizing an SM4 encryption algorithm, improving the calculation efficiency and realizing the rapid encryption of mass data.
In a first aspect, an embodiment of the present invention provides an SM4 encryption method, including:
carrying out 32 times of iterative computation on 128-bit data to be encrypted by using a pre-generated round key, wherein the iterative computation comprises the following steps:
Figure GDA0002371920640000021
i is 0, 1, …, 31, where RKiFor the purpose of the pre-generated round key,
Figure GDA0002371920640000022
the calculation method of T is as follows: if the T input is a, then,
Figure GDA00023719206400000216
Figure GDA0002371920640000023
then
Figure GDA0002371920640000024
And taking the iteration result of 32 iteration calculations as the encrypted data.
According to the SM4 encryption method provided by the embodiment of the invention, the calculation of the synthesis and replacement T in the SM4 encryption algorithm is decomposed by constructing the T1 and the T2, and compared with the linear transformation in the existing SM4 encryption algorithm which needs 4 times of table lookup, 4 times of circulation left shift and 4 times of XOR operation, the linear transformation in the SM4 encryption algorithm is simplified into the method which only needs two times of table lookup and one time of XOR operation, so that the SM4 encryption algorithm is simplified, the calculation efficiency is improved, and the rapid encryption of mass data can be realized.
In a possible implementation manner, in the method provided in the embodiment of the present invention, if the key is encrypted
Figure GDA0002371920640000025
Figure GDA0002371920640000026
Then the round key RKiThe generation method comprises the following steps:
Figure GDA0002371920640000027
Figure GDA0002371920640000028
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA0002371920640000029
then
Figure GDA00023719206400000210
In one possible embodiment, the method provided by the present example includes T1[ a1] ═ L1[ BigSbox (a1) ], T2[ a2] ═ L2[ BigSbox (a2) ], where T1 is obtained by combining BigSbox calculation with linear transformation L1, T2 is obtained by combining BigSbox calculation with linear transformation L2, and BigSbox, L1, and L2 are all table lookup calculations.
In one possible implementation, embodiments of the present invention provide a method wherein, if the input to the BigSbox is a1,
Figure GDA00023719206400000211
then BigSbox (a1) ═ B1,
Figure GDA00023719206400000212
in a second aspect, an embodiment of the present invention provides an SM4 key expansion method, including:
if the key is encrypted
Figure GDA00023719206400000213
Then the round key RKiThe generation method comprises the following steps:
Figure GDA00023719206400000214
Figure GDA00023719206400000215
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA0002371920640000031
then
Figure GDA0002371920640000032
Figure GDA0002371920640000033
According to the SM4 key expansion method provided by the embodiment of the invention, the calculation of synthesizing and replacing T ' in the SM4 key expansion algorithm is decomposed by constructing T '1 and T '2, and compared with the linear transformation in the existing SM4 key expansion algorithm which needs 4 times of table lookup, 4 times of circulation left shift and 4 times of XOR operation, the linear transformation in the SM4 key expansion algorithm is simplified into the linear transformation which only needs two times of table lookup and one time of XOR operation, so that the SM4 key expansion algorithm is simplified, the calculation efficiency is improved, and the rapid encryption of mass data can be realized.
In one possible embodiment, the method provided by the embodiments of the present invention includes that T '1[ a1] ═ L'1[ BigSbox (a1) ], T '2[ a2] ═ L'2[ BigSbox (a2) ], where T '1 is obtained by combining BigSbox calculation and linear transformation L'1, T '2 is obtained by combining BigSbox calculation and linear transformation L'2, and BigSbox, L '1, and L'2 are all table lookup calculations.
In one possible implementation, embodiments of the present invention provide a method wherein, if the input to the BigSbox is a1,
Figure GDA0002371920640000034
then BigSbox (a1) ═ B1,
Figure GDA0002371920640000035
in a third aspect, an embodiment of the present invention provides an SM4 encryption apparatus, including:
a calculating unit, configured to perform 32 iterative computations on 128-bit data to be encrypted by using a pre-generated round key, where the iterative computations are:
Figure GDA0002371920640000036
i is 0, 1, …, 31, where RKiFor the purpose of the pre-generated round key,
Figure GDA0002371920640000037
the calculation method of T is as follows: if the T input is a, then,
Figure GDA0002371920640000038
then
Figure GDA0002371920640000039
And the processing unit is used for taking the iteration result of the 32 times of iterative computation as the encrypted data.
In a possible implementation manner, in the apparatus provided in this embodiment of the present invention, if the key is encrypted
Figure GDA00023719206400000310
Figure GDA00023719206400000311
The calculation unit generates the round key RK in the following wayi
Figure GDA00023719206400000312
Figure GDA00023719206400000313
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA00023719206400000314
then
Figure GDA00023719206400000315
In one possible implementation, in the apparatus provided by the embodiment of the present invention, T1[ a1] ═ L1[ BigSbox (a1) ], T2[ a2] ═ L2[ BigSbox (a2) ], where T1 is obtained by combining BigSbox calculation and linear transformation L1, T2 is obtained by combining BigSbox calculation and linear transformation L2 calculation, and BigSbox, L1, and L2 are all table lookup calculations.
In one possible implementation, in the apparatus provided in the embodiments of the present invention, if the input of BigSbox is a1,
Figure GDA0002371920640000041
then BigSbox (a1) ═ B1,
Figure GDA0002371920640000042
in a fourth aspect, an embodiment of the present invention provides an SM4 key expansion apparatus, including:
a processing unit for encrypting the key
Figure GDA0002371920640000043
Under the condition of (1), a round key RK is generated by adopting the following methodi
Figure GDA0002371920640000044
Figure GDA0002371920640000045
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA0002371920640000046
Figure GDA0002371920640000047
then
Figure GDA0002371920640000048
In one possible implementation, in the apparatus provided in this embodiment of the present invention, T '1[ a1] ═ L'1[ BigSbox (a1) ], T '2[ a2] ═ L'2[ BigSbox (a2) ], where T '1 is obtained by combining BigSbox calculation and linear transformation L'1, T '2 is obtained by combining BigSbox calculation and linear transformation L'2, and BigSbox, L '1, and L'2 are all table lookup calculations.
In one possible implementation, in the apparatus provided in the embodiments of the present invention, if the input of BigSbox is a1,
Figure GDA0002371920640000049
then BigSbox (a1) ═ B1,
Figure GDA00023719206400000410
in a fifth aspect, an embodiment of the present application provides an SM4 password optimization apparatus, including: the apparatus may include at least one processor, at least one memory, and computer program instructions stored in the memory, which when executed by the processor, implement the method provided by the first or second aspect of an embodiment of the present application.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium, on which computer program instructions are stored, which, when executed by a processor, implement the method provided by the first aspect or the second aspect of the embodiments of the present application.
Drawings
Fig. 1 is a schematic flow chart of an SM4 encryption method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an SM4 encryption device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an SM4 password optimization device according to an embodiment of the present invention.
Detailed Description
The following describes in detail specific embodiments of SM4 encryption and key expansion methods, apparatuses, devices, and media according to embodiments of the present invention with reference to the accompanying drawings.
As shown in fig. 1, the SM4 encryption method provided by the embodiment of the present invention may include the following steps:
s11, performing 32 times of iterative computations on the 128-bit data to be encrypted by using the pre-generated round key, where the iterative computations are as follows:
Figure GDA0002371920640000051
i is 0, 1, …, 31, where RKiFor the purpose of the pre-generated round key,
Figure GDA0002371920640000052
the calculation method of T is as follows: if the T input is a, then,
Figure GDA0002371920640000053
then
Figure GDA0002371920640000054
In specific implementation, the round key may be generated by using a method in the prior art, or may be generated by using a round key expansion method provided in the following embodiment of the present invention, which is not limited in this embodiment of the present invention.
In practice, if the key is encrypted
Figure GDA0002371920640000055
Figure GDA0002371920640000056
Then the round key RKiThe generation method comprises the following steps:
Figure GDA0002371920640000057
Figure GDA0002371920640000058
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA0002371920640000059
then
Figure GDA00023719206400000510
Figure GDA00023719206400000511
And S12, taking the iteration result of 32 iteration calculations as encrypted data.
In specific implementation, the derivation process of the T calculation method is as follows:
in T substitution, T (·) ═ L (τ (·)), first, for τ, the input is assumed to be
Figure GDA00023719206400000512
Output is as
Figure GDA00023719206400000513
Then (b)0,b1,b2,b3)=τA=(Sbox(a0),Sbox(a1),Sbox(a2),Sbox(a3))。
Constructing a 16-bit input and 16-bit output substitution table BigSbox, wherein the substitution table BigSbox is constructed as follows: let the input of BigSbox be a1 ═ a0,a1) The output is B1 ═ B0,b1) Wherein a is0,a1,b0,b1All are 8-bit bytes, BigSbox [ a ]0,a1]=(b0,b1) Wherein b is0=Sbox[a0],b1=Sbox[a1]For the same reason, the input is a2 ═ a2,a3) The output is B2 ═ B2,b3) Then BigSbox [ a ]2,a3]=(b2,b3)。
In summary, B ═ (B1, B2) ═ B (B) can be obtained0,b1,b2,b3)=τA=(BigSbox[a0,a1],BigSbox[a2,a3]) The calculation of τ a requires 2 table lookups of the BigSbox.
In T permutation, the linear transformation L has the following properties: suppose that
Figure GDA0002371920640000061
Then
Figure GDA0002371920640000062
Figure GDA0002371920640000063
Suppose that
Figure GDA0002371920640000064
Then
Figure GDA0002371920640000065
Figure GDA0002371920640000066
According to the nature of the linear transformation
Figure GDA0002371920640000067
Two sizes of the structure are 216Linear transformation tables L1 and L2 of 65536, both 16-bit input and 32-bit output, L1[ B1 ]]=L(B1*65536);L2[B2]=L(B2)。
Combining the L1 and BigSbox tables gives Table T1 and combining the L2 and BigSbox tables gives Table T2, the specific construction being as follows: suppose that
Figure GDA0002371920640000068
Then T1[ a ]]=L1[BigSbox[a]];T2[a]=L2[BigSbox[a]]I.e. T is calculated as: if the input is
Figure GDA0002371920640000069
Then there is
Figure GDA00023719206400000610
In combination with the SM4 encryption method provided in the above embodiment of the present invention, an embodiment of the present invention further provides an SM4 key expansion method, and a specific implementation of the SM4 key expansion method is described in detail below.
The SM4 key expansion method provided by the embodiment of the invention comprises the following specific steps:
if the key is encrypted
Figure GDA00023719206400000611
Then the round key RKiThe generation method comprises the following steps:
Figure GDA00023719206400000612
Figure GDA00023719206400000613
i is 0, 1, …, 31, wherein
Figure GDA00023719206400000614
Denotes an exclusive or operation, FK ═ FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and when the method is implemented specifically, the calculation method of T' is as follows: if the T' input is a,
Figure GDA00023719206400000615
then
Figure GDA0002371920640000071
In specific implementation, the derivation process of the calculation method of T' is as follows:
in the T ' substitution, T ' (·) L ' (τ (·)), first, for τ, the input is assumed to be
Figure GDA0002371920640000072
Figure GDA0002371920640000073
Output is as
Figure GDA0002371920640000074
Then (b)0,b1,b2,b3)=τA=(Sbox(a0),Sbox(a1),Sbox(a2),Sbox(a3))。
Constructing a 16-bit input and 16-bit output substitution table BigSbox, wherein the substitution table BigSbox is constructed as follows: let the input of BigSbox be a1 ═ a0,a1) The output is B1 ═ B0,b1) Wherein a is0,a1,b0,b1All are 8-bit bytes, BigSbox [ a ]0,a1]=(b0,b1) In which b is0=Sbox[a0],b1=Sbox[a1]For the same reason, the input is a2 ═ a2,a3) The output is B2 ═ B2,b3) Then BigSbox [ a ]2,a3]=(b2,b3)。
In summary, B ═ (B1, B2) ═ B (B) can be obtained0,b1,b2,b3)=τA=(Big BigSbox[a0,a1],Big BigSbox[a2,a3]),Tau A calculation requires 2 BigSbox tables.
In the T 'permutation, the linear transformation L' has the following properties: suppose that
Figure GDA0002371920640000075
Then
Figure GDA0002371920640000076
Figure GDA0002371920640000077
Suppose that
Figure GDA0002371920640000078
Then
Figure GDA0002371920640000079
Figure GDA00023719206400000710
According to the nature of the linear transformation
Figure GDA00023719206400000711
Two sizes of the structure are 216When the linear transformation tables L '1 and L '2 of 65536, both of which have 16 bits input and 32 bits output, are used, L '1[ B1 []=L'(B1*65536);L'2[B2]=L'(B2)。
Combining the L '1 and BigSbox tables to obtain a T'1 table, and combining the L '2 and BigSbox tables to obtain a T'2 table, wherein the specific structure is as follows: suppose that
Figure GDA00023719206400000712
Then T'1[ a ]]=L'1[BigSbox[a]];T'2[a]=L'2[BigSbox[a]]I.e. T' is calculated as: input is as
Figure GDA00023719206400000713
Then
Figure GDA00023719206400000714
Figure GDA00023719206400000715
Based on the same inventive concept, the embodiment of the invention also provides an SM4 encryption device.
As shown in fig. 2, an SM4 encryption apparatus provided in an embodiment of the present invention includes:
a calculating unit 201, configured to perform 32 iterative computations on 128 bits of data to be encrypted by using a pre-generated round key, where the iterative computations are:
Figure GDA00023719206400000716
i is 0, 1, …, 31, where RKiFor the purpose of the pre-generated round key,
Figure GDA0002371920640000081
the calculation method of T is as follows: if the T input is a, then,
Figure GDA0002371920640000082
then
Figure GDA0002371920640000083
And the processing unit 202 is used for taking an iteration result of the 32 iteration calculations as the encrypted data.
In a possible implementation manner, in the apparatus provided in this embodiment of the present invention, if the key is encrypted
Figure GDA0002371920640000084
Figure GDA0002371920640000085
The calculation unit generates the round key RK in the following wayi
Figure GDA0002371920640000086
Figure GDA0002371920640000087
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure GDA0002371920640000088
then
Figure GDA0002371920640000089
In one possible implementation, in the apparatus provided by the embodiment of the present invention, T1[ a1] ═ L1[ BigSbox (a1) ], T2[ a2] ═ L2[ BigSbox (a2) ], where T1 is obtained by combining BigSbox calculation and linear transformation L1, T2 is obtained by combining BigSbox calculation and linear transformation L2 calculation, and BigSbox, L1, and L2 are all table lookup calculations.
In one possible implementation, in the apparatus provided in the embodiments of the present invention, if the input of BigSbox is a1,
Figure GDA00023719206400000810
then BigSbox (a1) ═ B1,
Figure GDA00023719206400000811
an embodiment of the present invention further provides an SM4 key expansion apparatus, including:
a processing unit for encrypting the key
Figure GDA00023719206400000812
Figure GDA00023719206400000813
Under the condition of (1), a round key RK is generated by adopting the following methodi
Figure GDA00023719206400000814
Figure GDA00023719206400000815
i=0,1,…,31,FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) Are all fixed constantThe method for calculating T' comprises the following steps: if the T' input is a,
Figure GDA00023719206400000816
Figure GDA00023719206400000817
then
Figure GDA00023719206400000818
In one possible implementation, in the apparatus provided in this embodiment of the present invention, T '1[ a1] ═ L'1[ BigSbox (a1) ], T '2[ a2] ═ L'2[ BigSbox (a2) ], where T '1 is obtained by combining BigSbox calculation and linear transformation L'1, T '2 is obtained by combining BigSbox calculation and linear transformation L'2, and BigSbox, L '1, and L'2 are all table lookup calculations.
In one possible implementation, in the apparatus provided in the embodiments of the present invention, if the input of BigSbox is a1,
Figure GDA0002371920640000091
then BigSbox (a1) ═ B1,
Figure GDA0002371920640000092
in addition, the SM4 encryption and key expansion methods and apparatuses of the embodiments of the present application described in connection with fig. 1-2 can be implemented by an SM4 password optimization device. Fig. 3 shows a hardware structure diagram of an SM4 password optimization device provided in an embodiment of the present application.
The SM4 password optimization device may include a processor 301 and a memory 302 having stored computer program instructions.
In particular, the processor 301 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 302 may include mass storage for data or instructions. By way of example, and not limitation, memory 302 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 302 may include removable or non-removable (or fixed) media, where appropriate. The memory 302 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 302 is a non-volatile solid-state memory. In a particular embodiment, the memory 302 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 301 implements any one of the SM4 encryption methods or the SM4 key expansion method in the above embodiments by reading and executing computer program instructions stored in the memory 302.
In one example, the SM4 password optimization device may also include a communication interface 303 and a bus 310. As shown in fig. 3, the processor 301, the memory 302, and the communication interface 303 are connected via a bus 310 to complete communication therebetween.
The communication interface 303 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiment of the present invention.
The bus 310 includes hardware, software, or both that couple the components of the SM4 cryptographic optimization device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 310 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
The SM4 password optimization device may perform the SM4 encryption method or the SM4 key expansion method in the embodiment of the present invention, thereby implementing the SM4 encryption method or the SM4 key expansion method described in conjunction with fig. 1.
In addition, in combination with the SM4 password optimization method in the foregoing embodiments, embodiments of the present invention may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any one of the SM4 encryption methods or the SM4 key expansion method of the above embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (16)

1. An SM4 encryption method, comprising:
carrying out 32 times of iterative computation on 128-bit data to be encrypted by using a pre-generated round key, wherein the iterative computation comprises the following steps:
Figure FDA0002371920630000011
wherein, Xi、Xi+1、Xi+2、Xi+3For input data of the ith iteration, Xi+4For output data of the ith iteration, RKiFor the purpose of the pre-generated round key,
Figure FDA0002371920630000012
the calculation method of T is as follows: if the T input is a, then,
Figure FDA0002371920630000013
then
Figure FDA0002371920630000014
Wherein A1,
Figure FDA0002371920630000015
Figure FDA0002371920630000016
Figure FDA0002371920630000017
Represents a 16-bit binary integer;
and taking the iteration result of 32 iteration calculations as the encrypted data.
2. The method of claim 1, wherein the key is encrypted if it is encrypted
Figure FDA0002371920630000018
Figure FDA0002371920630000019
Then the round key RKiThe generation method comprises the following steps:
Figure FDA00023719206300000110
Figure FDA00023719206300000111
Figure FDA00023719206300000112
FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All being fixed constants, TThe calculation method comprises the following steps: if the T' input is a,
Figure FDA00023719206300000113
then
Figure FDA00023719206300000114
3. The method of claim 1, wherein T1[ a1] ═ L1[ BigSbox (a1) ], T2[ a2] ═ L2[ BigSbox (a2) ], wherein T1 is computed from a complex of BigSbox computations and linear transforms L1, T2 is computed from a complex of BigSbox computations and linear transforms L2, and wherein BigSbox, L1, and L2 are each computed as a look-up table.
4. The method of claim 3 wherein if the input to the BigSbox is A1,
Figure FDA00023719206300000115
then BigSbox (a1) ═ B1,
Figure FDA00023719206300000116
wherein a is0
Figure FDA00023719206300000117
b0
Figure FDA00023719206300000118
Figure FDA00023719206300000119
Representing an 8-bit binary integer.
5. An SM4 key expansion method, comprising:
if the key is encrypted
Figure FDA00023719206300000120
Then the round key RKiIs generated byThe method comprises the following steps:
Figure FDA00023719206300000121
Figure FDA00023719206300000122
FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure FDA0002371920630000021
then
Figure FDA0002371920630000022
Figure FDA0002371920630000023
Wherein A1,
Figure FDA0002371920630000024
Figure FDA0002371920630000025
Representing a 16-bit binary integer.
6. The method of claim 5, wherein T '1[ a1] ═ L'1[ BigSbox (a1) ], T '2[ a2] ═ L'2[ BigSbox (a2) ], wherein T '1 is derived from a complex calculation of BigSbox and a linear transformation L'1, T '2 is derived from a complex calculation of BigSbox and a linear transformation L'2, and wherein BigSbox, L '1 and L'2 are each table lookup calculations.
7. The method of claim 6 wherein if the input to the BigSbox is A1,
Figure FDA0002371920630000026
then BigSbox (a1) ═ B1,
Figure FDA0002371920630000027
wherein a is0
Figure FDA0002371920630000028
b0
Figure FDA0002371920630000029
Figure FDA00023719206300000210
Representing an 8-bit binary integer.
8. An SM4 encryption apparatus, the apparatus comprising:
a calculating unit, configured to perform 32 iterative computations on 128-bit data to be encrypted by using a pre-generated round key, where the iterative computations are:
Figure FDA00023719206300000211
Figure FDA00023719206300000212
wherein, Xi、Xi+1、Xi+2、Xi+3For input data of the ith iteration, Xi+4For output data of the ith iteration, RKiFor the purpose of the pre-generated round key,
Figure FDA00023719206300000213
the calculation method of T is as follows: if the T input is a, then,
Figure FDA00023719206300000214
then
Figure FDA00023719206300000215
Wherein A1,
Figure FDA00023719206300000216
Figure FDA00023719206300000217
Represents a 16-bit binary integer;
and the processing unit is used for taking the iteration result of the 32 times of iterative computation as the encrypted data.
9. The apparatus of claim 8, wherein the key is encrypted if it is encrypted
Figure FDA00023719206300000218
Figure FDA00023719206300000219
The calculation unit generates the round key RK in the following wayi
Figure FDA00023719206300000220
Figure FDA00023719206300000221
FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure FDA00023719206300000222
then
Figure FDA00023719206300000223
10. The apparatus of claim 8, wherein T1[ a1] ═ L1[ BigSbox (a1) ], T2[ a2] ═ L2[ BigSbox (a2) ], wherein T1 is derived from a complex calculation of BigSbox and a linear transformation L1, T2 is derived from a complex calculation of BigSbox and a linear transformation L2, and wherein BigSbox, L1, and L2 are each table lookup calculations.
11. As claimed inThe apparatus of claim 10 wherein if the input to the BigSbox is a1,
Figure FDA0002371920630000031
then BigSbox (a1) ═ B1,
Figure FDA0002371920630000032
wherein a is0
Figure FDA0002371920630000033
b0
Figure FDA0002371920630000034
Figure FDA0002371920630000035
Representing an 8-bit binary integer.
12. An SM4 key expansion apparatus, characterized in that the apparatus comprises:
a processing unit for encrypting the key
Figure FDA0002371920630000036
Under the condition of (1), a round key RK is generated by adopting the following methodi
Figure FDA0002371920630000037
Figure FDA0002371920630000038
Figure FDA0002371920630000039
FK=(FK0,FK1,FK2,FK3) And CK ═ CK (CK)0,CK1,…,CK31) All are fixed constants, and the calculation method of T' is as follows: if the T' input is a,
Figure FDA00023719206300000310
then
Figure FDA00023719206300000311
Wherein A1,
Figure FDA00023719206300000312
Figure FDA00023719206300000313
Representing a 16-bit binary integer.
13. The apparatus of claim 12, wherein T '1[ a1] ═ L'1[ BigSbox (a1) ], T '2[ a2] ═ L'2[ BigSbox (a2) ], wherein T '1 is derived from a complex calculation of BigSbox and a linear transformation L'1, T '2 is derived from a complex calculation of BigSbox and a linear transformation L'2, and wherein BigSbox, L '1 and L'2 are each table lookup calculations.
14. The apparatus of claim 13 wherein if the input of the BigSbox is A1,
Figure FDA00023719206300000314
then BigSbox (a1) ═ B1,
Figure FDA00023719206300000315
wherein a is0
Figure FDA00023719206300000316
b0
Figure FDA00023719206300000317
Figure FDA00023719206300000318
Representing an 8-bit binary integer.
15. An SM4 password optimization device, comprising: at least one processor, at least one memory, and computer program instructions stored in the memory, which when executed by the processor, implement the method of any of claims 1-4 or the method of any of claims 5-7.
16. A computer readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any of claims 1-4 or the method of any of claims 5-7.
CN201910154930.5A 2019-03-01 2019-03-01 SM4 encryption and key expansion method, device, equipment and medium Active CN109981250B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910154930.5A CN109981250B (en) 2019-03-01 2019-03-01 SM4 encryption and key expansion method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910154930.5A CN109981250B (en) 2019-03-01 2019-03-01 SM4 encryption and key expansion method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN109981250A CN109981250A (en) 2019-07-05
CN109981250B true CN109981250B (en) 2020-04-07

Family

ID=67077520

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910154930.5A Active CN109981250B (en) 2019-03-01 2019-03-01 SM4 encryption and key expansion method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN109981250B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111736902B (en) * 2020-07-16 2022-04-19 北京炼石网络技术有限公司 Parallel computing method and device of SM4 based on SIMD (Single instruction multiple data) instructions and readable storage medium
CN115801227B (en) * 2022-11-10 2023-07-21 北京海泰方圆科技股份有限公司 Method and device for generating substitution table

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9467279B2 (en) * 2014-09-26 2016-10-11 Intel Corporation Instructions and logic to provide SIMD SM4 cryptographic block cipher functionality
CN105577363B (en) * 2016-01-29 2018-06-01 江苏沁恒股份有限公司 For the Extensible pipeline circuit and its implementation of SM4 cryptographic algorithms
CN106209358B (en) * 2016-07-12 2019-03-12 黑龙江大学 A kind of realization system and method for the SM4 key schedule based on long key
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108123792B (en) * 2017-12-19 2021-05-18 武汉瑞纳捷电子技术有限公司 Power consumption scrambling method of SM4 algorithm circuit

Also Published As

Publication number Publication date
CN109981250A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
US11733966B2 (en) Protection system and method
US7908641B2 (en) Modular exponentiation with randomized exponent
EP3559811B1 (en) Protecting parallel multiplication operations from external monitoring attacks
CN110995420A (en) Data processing method and system
CN108270550B (en) Safe and efficient white box implementation method and device based on SM4 algorithm
JP6575532B2 (en) Encryption device, decryption device, encryption processing system, encryption method, decryption method, encryption program, and decryption program
CN114175572B (en) System and method for performing equal and less operations on encrypted data using a quasi-group operation
US11436946B2 (en) Encryption device, encryption method, decryption device, and decryption method
CN111783129A (en) Data processing method and system for protecting privacy
CN109981250B (en) SM4 encryption and key expansion method, device, equipment and medium
CN112464258B (en) Data encryption and decryption methods, devices, equipment and storage medium
JP6044738B2 (en) Information processing apparatus, program, and storage medium
CN108259506A (en) SM2 whitepack password implementation methods
WO2015004065A1 (en) Electronic signature system
CN112636903A (en) Construction method, encryption method, decryption method, device, equipment and storage medium
CN116561787A (en) Training method and device for visual image classification model and electronic equipment
Arunachalam et al. FPGA implementation of time-area-efficient Elliptic Curve Cryptography for entity authentication
CN110266481B (en) Post-quantum encryption and decryption method and device based on matrix
CN116633526A (en) Data processing method, device, equipment and medium
JP2009169316A (en) Hash function operational device, signature device, program and hash function operational method
CN113098675A (en) Binary data encryption system and method based on polynomial complete homomorphism
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
CN112887097A (en) Signature method based on SM2 elliptic curve, related device and storage medium
EP3419213A1 (en) Computer implemented method, computer system and computer readable computer program product
CN115065470B (en) Data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant