CN101848081A - S box and construction method thereof - Google Patents
S box and construction method thereof Download PDFInfo
- Publication number
- CN101848081A CN101848081A CN 201010204508 CN201010204508A CN101848081A CN 101848081 A CN101848081 A CN 101848081A CN 201010204508 CN201010204508 CN 201010204508 CN 201010204508 A CN201010204508 A CN 201010204508A CN 101848081 A CN101848081 A CN 101848081A
- Authority
- CN
- China
- Prior art keywords
- unit
- input
- xor
- output
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Error Detection And Correction (AREA)
Abstract
The invention discloses an S box and a construction method thereof, which belong to the technical field of communication. The method comprises the following steps: (1) selecting an integer m and three n-in-n-out conversion units P1, P2 and P3, wherein P2 is a replacement unit, and n is an integer being not less than 2; (2) marking the high n bit of input 2n bit information x as x1 and the low n bit thereof as x2; (3) converting x2 by P1 and then carrying out exclusive or with x1, outputting and recording as t1; (4) converting t1 by P2 and then carrying out exclusive or with x2, outputting and recording as t2; (5) converting t2 by P3 and then carrying out exclusive or with t1, outputting and recording as t3; (6) connecting t3 as the high n bit with t2 as the low n bit to form 2n-bit information, and recording as t; and (7) circularly shifting the information t to left for m bits and then outputting. The S box comprises three exclusive or units A, B and C, the three conversion units P1, P2 and P3 and one line sequence replacement unit. Compared with the prior art, the S box method is easy to realize, and the constructed S box has good cryptology characteristic and high running efficiency.
Description
Technical field
The present invention relates to the method for a kind of message transmission and processing, relate in particular to a kind of S box building method and S box, belong to communication technical field.
Background technology
Cryptographic technique is with a long history, is used for the military and diplomatic correspondence safety of protection at first.But along with popularizing of communication network and computer network, the application of contemporary cryptology no longer is confined to politics, military affairs and diplomatic, and its commercial value and social value have obtained approval widely.Maintaining secrecy is cryptographic core, is the utility that acquired information is maintained secrecy and encrypt.
Cryptographic algorithm is divided into public key algorithm and private key cryptographic algorithm.The private key cryptographic algorithm is divided into block cipher and stream cipher algorithm again.Block cipher generally carries out block encryption to message, and a bigger message blocks is once encrypted in the algorithm operation.Stream cipher algorithm generally with the key of a weak point, with specific key stream generating algorithm, generates and the suitable key stream sequence of message-length that will encrypt, key stream sequence and plaintext step-by-step XOR is reached the purpose of encryption.And deciphering side generates same key stream sequence, with the ciphertext XOR, can obtain expressly.
Design safety, cryptographic algorithm efficiently are the focuses that various countries fall over each other to study always.In existing many block ciphers and stream cipher algorithm, the S box non-linear component that is absolutely necessary.As the AES block cipher in U.S.'s encryption standard, in the SNOW 3G stream cipher algorithm in the ETS, the S box provides the major part of whole algorithm non-linearity.Therefore, the S box that designs is the basis of a cryptographic algorithm of design.Simultaneously, the hardware-efficient of S box is realized, and is most important for the realization of cryptographic algorithm.Especially for hardware resource limited add, decryption device, require the hardware of S box to realize that the door number is few as much as possible.
The design of S box, generally based on the computing of certain structure, for example the S box of AES is based on the inversion operation on the finite field.Because the computing on the finite field will consume a large amount of resources, so realize this S box, realizes by tabling look-up usually.Advance the 8 S boxes that go out for 8, generally need 500 circuit scale.
For this reason, we have proposed a method based on structure construction S box, and this structure utilization simply is easy to hard-wired displacement and non-displacement transformation, the S box that structure has good cryptography character.Simultaneously we based on this structure construction a kind of box of S efficiently hardware module, its hardware size be table look-up realize 1/5.
Summary of the invention
The purpose of technical scheme of the present invention is to provide a kind of S box building method and S box, and this method is a kind of method based on structure construction S box, utilizes three 4 and advances 4 conversion that go out, and structure 8 advances the 8 displacement S boxes that go out.This S box is easy to software and hardware and realizes and can provide cryptography character such as good algebraically, difference, non-linearity, and important effect is all arranged in the design of block cipher and stream cipher algorithm, is indispensable assembly.Another object of the present invention is to provide a kind of S box hardware module, the general S cartridge module of this module scale is little.
Technical scheme of the present invention is:
A kind of S box building method the steps include:
1) a selected integer m and three n advance the converter unit that n goes out: P
1, P
2, P
3P wherein
2Be permute unit, n is the integer number more than or equal to 2;
2) the 2n bit information x with input is divided into two parts, is designated as x
1, x
2, wherein, x
1High n position, x for input information
2Low n position for input information;
3) with x
2Through P
1After the conversion with x
1XOR, output result note is made t
1
4) with t
1Through P
2After the conversion with x
2XOR, output result note is made t
2
5) with t
2Through P
3After the conversion with t
1XOR, output result note is made t
3
6) with t
3As high n position, t
2Be connected to become the information of a 2n bit as low n position, note is made t;
7) information t ring shift left m position is exported.
Further, the value of described integer m is 1~2n-1; Described P
1, P
3For n advances the mapping that n goes out; Described n is the integer more than or equal to 2.
Further, adopt a line preface permute unit that information t ring shift left m position is exported.
Further, the conversion described step 3)~5) adopts combinational logic circuit to realize; Wherein the critical path of combinational logic circuit is: x
2→ P
1→ XOR → P
2→ XOR → P
3→ XOR.
Further, the conversion described step 3)~5) adopts sequence circuit to realize.
Further, described employing sequence circuit realizes that the method for conversion is:
1) with P
1, P
2, P
3In information be stored in respectively in the memory;
2) according to P
1The base address, with x
2Read the P that stores in the described memory for offset address
1Information is with itself and x
1Carry out being updated among the n bit register L behind the XOR;
3) according to P
2The base address, as offset address, read the P that stores in the described register with the output of this register L
2Information is with itself and x
2Carry out being updated among the n bit register R behind the XOR;
4) according to P
3The base address, as offset address, read the P that stores in the described register with the output of this register R
3
Information is carried out XOR with itself and this register L.
A kind of S box is characterized in that comprising three XOR unit A, B, C, three converter unit P
1, P
2, P
3, a line preface permute unit; Wherein two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P
1Output connect, the output of XOR unit A respectively with converter unit P
2Input and the input of XOR unit C be connected; Another n bit information data terminal respectively with converter unit P
1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P
2Output connect; The output of XOR unit B respectively with the input and the converter unit P of described line preface permute unit
3Input connect; The output of XOR unit C is connected with the input of described line preface permute unit; Converter unit P
3Output be connected with the input of XOR unit C; P wherein
2Be permute unit, n is a natural number.
Further, the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P
1, P
3Be 4 to advance 4 conversion that go out.
A kind of S box is characterized in that comprising three XOR unit A, B, C, three converter unit P
1, P
2, P
3, a line preface permute unit, two register L, R, a memory; Converter unit P wherein
1, P
2, P
3Be connected with described memory by base I/O addressI/O respectively; Two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P
1Output connect, and its output is connected with the input of described register L; Another n bit information data terminal respectively with converter unit P
1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P
2Output connect, and its output is connected with the input of described register R; The output of described register R respectively with converter unit P
3Input and the input of described line preface permute unit be connected; The output of described register L respectively with input and the converter unit P of XOR unit C
2Input connect; Another input of XOR unit C and converter unit P
3Output connect, and its output is connected with the input of described line preface permute unit, wherein P
2Be permute unit, n is a natural number.
Further, the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P
1, P
3Be 4 to advance 4 conversion that go out.
Concrete, be directed to 8 and advance the 8 concrete building methods of S box that go out and be:
A. selected 4 advance the 4 conversion P that go out
1, P
2, P
3, P wherein
2Be displacement;
B. selected integer m.
For any 8 given bit informations
Information y=S (x) computational process after the conversion of S box is as follows:
1) get x high 4 for x
1, low 4 is x
2, x
1, x
2As next step input;
2) make x
2Through P
1After the conversion with x
1XOR, result's note is made t
1, output t
1, x
2As next step input;
3) make t
1Through P
2After the conversion with x
2XOR, result's note is made t
2, output t
1, t
2As next step input;
4) make t
2Through P
3After the conversion with t
1XOR, result's note is made t
3, output t
3, t
2As next step input;
5) with t
3As high 4, t
2Be t as low 4 the information notes that are connected to become one 8 bit; T ring shift left m position is exported.
Described S box structure is divided into three layers, and 8 bit branches of input are done two parts, successively two parts value is upgraded in three layers.In the step in the end, with two parts value combination back output.
Among the described step a, the conversion of choosing should be by being easy to computer realization, hard-wired basic operation structure.
Among the described step a, P
2Be displacement, P
1, P
3Can be displacement, also can be non-displacement.
Among the described step b, the span of m is the integer between 1 to 7.
Among the described step 2-4, the output of step is upgraded one in the value of two inputs as input before receiving.
Among the described step 2-4, update method is advanced on the numerical value that XOR is updated to needs behind 4 change actions that go out the original numerical value of value replacement that obtains for the numerical value that will need not upgrade through 4.
In the described step 5, with output two parts value combination back output of previous step.
The method for designing of S box has a variety of, and for example the S box of AES is to utilize finite field
On multinomial
Structure.
If the standby finite field operations was realized when the S box of this method construct was hard-wired, efficient is very low, so realize with the method for tabling look-up usually, generally needs 500 gate circuits.
And the inventive method structure 8 advance the 8 S boxes that go out, by realizing that the less small-scale conversion multiple layer combination of cost forms, only need about 100 gate circuits to get final product.Use the S box construction algorithm of the inventive method structure, not only can provide good cryptography character, and the hardware implementation efficiency is higher than other method.
Another object of the present invention is a kind of box of S efficiently hardware module, and interface is input of 8 bits and the output of 8 bits.Comprise 3 layers of computing and a line preface permute unit, wherein each layer comprises that one 4 bit is to the conversion of 4 bits and the step-by-step XOR of two 4 bit numbers.Its hardware implementation structure is divided into two kinds:
For mode 1) pure combinational logic circuit implementation, comprise three XOR unit and three lookup unit (promptly 4 bits are to the converter unit of 4 bits) P in the module
1, P
2, P
3With a line preface permute unit<<<m.
Two input XORs of 4 bits are finished in described XOR unit, and the circuit of XOR unit is realized simple, is the basic module of hardware designs, is not the content that the present invention emphasized.
Described lookup unit is finished the computing of tabling look-up of 4 bits, is equivalent to 4 bit index values are retrieved.For example 2 not gates (logical not component) can be realized a kind of tabling look-up to 2 bit informations, are output as when promptly being input as binary system " 00 " " 11 "; Be output as when being input as binary system " 01 " " 10 "; Be output as when being input as binary system " 10 " " 01 "; Be output as when being input as binary system " 11 " " 00 ".This computing of tabling look-up can be expressed as binary form successively:
Corresponding decimal system form is:
Tabling look-up for 4 bits can the rest may be inferred.In fact, current hardware circuit design generally adopts hardware description language, as Verilog or VHDL etc., and after only need defining to output, as:
Case(input)
00:out<=11;
01:out<=10;
10:out<=01;
11:out<=00;
Endcase
Can further obtain the actual logic structure and obtain P by synthesis tool
1, P
2, P
3Circuit structure.
When hardware was realized, the important indicator whether circuit satisfies temporal constraint was exactly the longest combinational logic path delay of time, is also referred to as critical path.This mode critical path is: x
2→ P
1→ XOR → P
2→ XOR → P
3→ XOR.The time delay of a common gate is much smaller than the ns level.So, for mode 1) and the realization of pure combinational logic circuit, can guarantee that in the time of a clock cycle all gate circuits upsets finish, thereby finish the whole process of tabling look-up.
For mode 2) the sequence circuit implementation, then need to design finite state machine and finish with a plurality of clock cycle and table look-up.Comprise storage P in the module
1, P
2, P
3The memory of content, the register resources that is used to store results of intermediate calculations (is at least 81 bits, if be the n bit, and can be divided exactly (n, q are natural number) by q, then can be defined as any n/q q bit register during hardware description, in any case divide, must guarantee that when work the n/2 bit register upgrades simultaneously), three XOR unit and register upgrade control logic.The described step of tabling look-up is divided into three clock cycle at least.
If be input as x, high 4 is x
1, low 4 is x
2, establishing register resources is 8 bits, is divided into the L of one 4 bit and the R of one 4 bit and defines respectively, the treatment step of then tabling look-up is:
1) establishes P
1The base address that content exists is P
1_Base is with x
2Offset address is read the content in the appropriate address, with x
1Carry out being updated among the 4 bit register L behind the XOR;
2) with the output of register L as offset address, choose P
2(base address is P to middle content corresponding
2_Base), after the sense data with x
2Carry out being updated among the 4 bit register R behind the XOR;
3) with the output of register R as offset address, choose P
3(base address is P to middle content corresponding
3_Base), data of reading and 4 bit register L carry out behind the XOR being spliced into T with the output of R, T is carried out the line preface by left cyclic shift m arrange, output y.
According to dependence of each operation input in the above-mentioned steps, output, mode 2 as can be known) realization need 3 clock cycle at least.Because adopt register-stored intermediate object program between each step, so circuit is realized about 80 of cost, critical path is compared mode 1) shorter, but the time of implementation is much longer relatively, is not suitable for the realization of High Speed occasion.
Compared with prior art, the good effect that has of the present invention is:
This structure utilization simply is easy to hard-wired displacement and non-displacement transformation, the S box that structure has good cryptography character.Simultaneously based on this structure construction a kind of box of S efficiently hardware module, its hardware size is 1/5 of the implementation method of tabling look-up usually.
Description of drawings
Fig. 1, S box structure chart of the present invention;
Fig. 2, implementation 1) electrical block diagram;
Fig. 3, implementation 2) electrical block diagram;
Fig. 4, implementation 2) each step realize electrical block diagram;
(a) mode 2) the realization data path of step 1,
(b) mode 2) the realization data path of step 2,
(c) mode 2) the realization data path of step 3.
Embodiment
Now in conjunction with the accompanying drawings, advancing the 8 displacement S boxes that go out with 8 is example, and the present invention is explained in further detail:
The S box concrete structure that the present invention is based on structural design as shown in Figure 1.S box structure is divided into three layers, and 8 bit branches of input are done two parts, successively two parts value is upgraded in three layers.At last with two parts value combination back output.
Utilize S box structure construction S box of the present invention, at first will select 34 and advance the 4 conversion P that go out
1, P
2, P
3, P wherein
2Be displacement.3 conversion all adopt the basic computing compound structure of computer to get final product.The second, selected integer value m.
Behind selected above-mentioned parameter, for being input as x, it is as follows then to export the concrete computational process of y=S (X):
x=x
1‖x
2
t
1=x
1⊕P
1(x
2)
t
2=x
2⊕P
2(t
1)
t
3=t
1⊕P
3(t
2)
y=(t
3‖t
2)<<<m
Wherein ‖ represents the attended operation of Bit String, x
1Be high 4 bits of x, x
2Low 4 bits for x.
Below, provide a specific embodiment and analyze its hardware implementation efficiency and cryptography character.
1. selection of parameter
Make m=5.
Non-displacement P
1For input x=(x
3, x
2, x
1, x
0), output y=(y
3, y
2, y
1, y
0) algebraic expression be:
y
3=x
3x
1+x
1x
0+x
3+x
1+1;
y
2=x
2x
1+x
2x
0+x
0+x
2;
y
1=x
3x
0+x
2x
0+x
0+x
2;
y
0=x
3x
1+x
3x
2+x
3+x
1+1。
Be P
1=9,15,0,14,15,15,2,10,0,4,0,12,7,5,3,9}.
Displacement P
2For input x=(x
3, x
2, x
1, x
0), output y=(y
3, y
2, y
1, y
0) algebraic expression be:
y
3=x
2x
1x
0+x
3x
1x
0+x
3x
0+x
3x
1+x
3x
2+x
2+x
1+1;
y
2=x
3x
2x
0+x
3x
2x
1+x
3x
0+x
1x
0+x
2x
1+x
0+x
1+x
2;
y
1=x
3x
2x
1+x
1x
0+x
2x
0+x
3x
0+x
3x
1+x
3x
2+x
1+x
2+x
3;
y
0=x
2x
1x
0+x
2x
1+x
3x
1+x
3x
0+x
3x
2+x
0+x
2+x
3;
Be P
2=8,13,6,5,7,0,12,4,11,1,14,10,15,3,9,2}.
Non-displacement P
3For input x=(x
3, x
2, x
1, x
0), output y=(y
3, y
2, y
1, y
0) algebraic expression be:
y
3=x
1x
0+x
2x
0+x
1;
y
2=x
3x
0+x
3x
1+x
0;
y
1=x
2x
1+x
3x
1+x
2+1;
y
0=x
2x
0+x
3x
2+x
3;
Be P
3=2,6,10,6,0,13,10,15,3,3,13,5,0,9,12,13}.
2.S box form
Behind selected above-mentioned conversion and the m, for all
High 4 with x is row number, and low 4 are row number, can calculate S
Box output and structure table 1:
Table 1, S box output table
??0 | ??1 | ??2 | ??3 | ??4 | ??5 | ??6 | ??7 | ??8 | ??9 | ??A | ??B | ??C | ??D | ??E | ??F | |
??0 | ??3E | ??72 | ??5B | ??47 | ??CA | ??E0 | ??00 | ??33 | ??04 | ??D1 | ??54 | ??98 | ??09 | ??B9 | ??6D | ??CB |
??1 | ??7B | ??1B | ??F9 | ??32 | ??AF | ??9D | ??6A | ??A5 | ??B8 | ??2D | ??FC | ??1D | ??08 | ??53 | ??03 | ??90 |
??2 | ??4D | ??4E | ??84 | ??99 | ??E4 | ??CE | ??D9 | ??91 | ??DD | ??B6 | ??85 | ??48 | ??8B | ??29 | ??6E | ??AC |
??3 | ??CD | ??C1 | ??F8 | ??1E | ??73 | ??43 | ??69 | ??C6 | ??B5 | ??BD | ??FD | ??39 | ??63 | ??20 | ??D4 | ??38 |
??4 | ??76 | ??7D | ??B2 | ??A7 | ??CF | ??ED | ??57 | ??C5 | ??F3 | ??2C | ??BB | ??14 | ??21 | ??06 | ??55 | ??9B |
??5 | ??E3 | ??EF | ??5E | ??31 | ??4F | ??7F | ??5A | ??A4 | ??0D | ??82 | ??51 | ??49 | ??5F | ??BA | ??58 | ??1C |
??6 | ??4A | ??16 | ??D5 | ??17 | ??A8 | ??92 | ??24 | ??1F | ??8C | ??FF | ??D8 | ??AE | ??2E | ??01 | ??D3 | ??AD |
??7 | ??3B | ??4B | ??DA | ??46 | ??EB | ??C9 | ??DE | ??9A | ??8F | ??87 | ??D7 | ??3A | ??80 | ??6F | ??2F | ??C8 |
??8 | ??B1 | ??B4 | ??37 | ??F7 | ??0A | ??22 | ??13 | ??28 | ??7C | ??CC | ??3C | ??89 | ??C7 | ??C3 | ??96 | ??56 |
??9 | ??07 | ??BF | ??7E | ??F0 | ??0B | ??2B | ??97 | ??52 | ??35 | ??41 | ??79 | ??61 | ??A6 | ??4C | ??10 | ??FE |
??A | ??BC | ??26 | ??95 | ??88 | ??8A | ??B0 | ??A3 | ??FB | ??C0 | ??18 | ??94 | ??F2 | ??E1 | ??E5 | ??E9 | ??5D |
??B | ??D0 | ??DC | ??11 | ??66 | ??64 | ??5C | ??EC | ??59 | ??42 | ??75 | ??12 | ??F5 | ??74 | ??9C | ??AA | ??23 |
??C | ??0E | ??86 | ??AB | ??BE | ??2A | ??02 | ??E7 | ??67 | ??E6 | ??44 | ??A2 | ??6C | ??C2 | ??93 | ??9F | ??F1 |
??D | ??F6 | ??FA | ??36 | ??D2 | ??50 | ??68 | ??9E | ??62 | ??71 | ??15 | ??3D | ??D6 | ??40 | ??C4 | ??E2 | ??0F |
??E | ??8E | ??83 | ??77 | ??6B | ??25 | ??05 | ??3F | ??0C | ??30 | ??EA | ??70 | ??B7 | ??A1 | ??E8 | ??A9 | ??65 |
??0 | ??1 | ??2 | ??3 | ??4 | ??5 | ??6 | ??7 | ??8 | ??9 | ??A | ??B | ??C | ??D | ??E | ??F | |
??F | ??8D | ??27 | ??1A | ??DB | ??81 | ??B3 | ??A0 | ??F4 | ??45 | ??7A | ??19 | ??DF | ??EE | ??78 | ??34 | ??60 |
Numeral adopts 16 systems to represent in the form.
3.S the every cryptography index of box
Every cryptography index of above-mentioned S box is: the difference uniformity is 8, and nonlinearity is 96, and algebraically immunity degree is 2.
For input x=(x
7, x
6, x
5, x
4, x
3, x
2, x
1, x
0), output y=(y
7, y
6, y
5, y
4, y
3, y
2, y
1, y
0), each component of output about the expression formula of all input components is:
y
7=x
4x
3x
2x
1x
0+x
5x
3x
2x
1x
0+x
4x
3x
2x
0+x
4x
3x
1x
0+x
4x
3x
2x
1+x
5x
3x
1x
0
+x
5x
3x
2x
0+x
5x
3x
2x
1+x
6x
2x
1x
0+x
6x
3x
2x
0+x
6x
3x
2x
1+x
6x
4x
3x
1
+x
6x
4x
1x
0+x
6x
5x
1x
0+x
6x
5x
3x
1+x
7x
2x
1x
0+x
7x
3x
1x
0+x
7x
3x
2x
0
+x
7x
4x
2x
0+x
7x
4x
2x
1+x
7x
5x
2x
0+x
7x
5x
2x
1+x
7x
6x
2x
0+x
7x
6x
3x
0
+x
7x
6x
3x
1+x
7x
6x
3x
2+x
3x
2x
1+x
4x
1x
0+x
4x
2x
1+x
4x
3x
2+x
4x
3x
1
+x
5x
3x
0+x
5x
3x
1+x
6x
2x
1+x
6x
3x
2+x
6x
3x
1+x
6x
4x
3+x
6x
4x
1+x
6x
5x
1
+x
6x
5x
3+x
7x
6x
2+x
7x
4x
2+x
7x
3x
1+x
7x
1x
0+x
7x
3x
2+x
7x
4x
0+x
7x
5x
0
+x
7x
5x
2+x
7x
6x
0+x
7x
6x
1+x
7x
6x
3+x
7x
6x
4+x
7x
6x
5+x
3x
2+x
2x
1
+x
3x
0+x
4x
1+x
4x
3+x
5x
1+x
5x
3+x
5x
4+x
6x
1+x
6x
3+x
6x
4
+x
7x
4+x
7x
6+x
7x
3+x
7x
1+x
2+x
7
y
6=x
5x
3x
2x
1x
0+x
6x
3x
2x
1x
0+x
7x
3x
2x
1x
0+x
3x
2x
1x
0+x
7x
5x
2x
0+x
7x
5x
2x
1
+x
5x
3x
2x
0+x
5x
3x
1x
0+x
5x
3x
2x
1+x
7x
6x
2x
0+x
6x
2x
1x
0+x
6x
3x
2x
0
+x
6x
3x
2x
1+x
6x
5x
1x
0+x
6x
5x
3x
1+x
7x
6x
3x
0+x
2x
1x
0+x
7x
2x
0+x
3x
1x
0
+x
4x
3x
0+x
4x
1x
0+x
4x
2x
1+x
4x
3x
1+x
5x
1x
0+x
7x
5x
0+x
7x
5x
2+x
5x
2x
0
+x
5x
2x
1+x
5x
3x
0+x
6x
1x
0+x
7x
6x
0+x
7x
6x
2+x
6x
2x
0+x
6x
2x
1+x
6x
3x
0
+x
7x
6x
5+x
6x
5x
3+x
6x
5x
1+x
7x
3x
1+x
7x
3x
2+x
7x
0+x
7x
1+x
1x
0
+x
3x
2+x
7x
2+x
2x
0+x
7x
4+x
4x
3+x
4x
1+x
7x
5+x
5x
0+x
5x
2
+x
5x
4+x
7x
6+x
6x
0+x
6x
2+x
6x
4+x
6x
5+x
7x
3+x
0+x
1+x
2+x
4+x
5+x
6
y
5=x
4x
3x
2x
1x
0+x
5x
3x
2x
1x
0+x
6x
3x
2x
1x
0+x
5x
2x
1x
0+x
5x
3x
1x
0+x
5x
3x
2x
0
+x
5x
4x
2x
0+x
5x
4x
2x
1+x
6x
2x
1x
0+x
6x
3x
1x
0+x
6x
5x
3x
1+x
6x
3x
2x
1
+x
6x
4x
3x
0+x
6x
4x
2x
0+x
6x
5x
3x
2+x
5x
3x
1+x
5x
4x
0+x
4x
1x
0+x
4x
2x
0
+x
4x
2x
1+x
4x
3x
0+x
4x
3x
1+x
5x
3x
0+x
5x
4x
2+x
6x
5x
1+x
6x
2x
1+x
6x
5x
3
+x
6x
3x
1+x
6x
4x
2+x
6x
4x
0+x
6x
5x
4+x
7x
2x
1+x
7x
3x
0+x
7x
3x
2+x
7x
3x
1
+x
3x
2+x
5x
3+x
3x
1+x
5x
1+x
2x
1+x
2x
0+x
4x
0+x
4x
1+x
4x
2
+x
4x
3+x
6x
1+x
6x
3+x
7x
4+x
7x
6+x
7x
1+x
7x
3+x
7x
5+x
2+x
5+x
3+x
1+1
y
4=x
5x
3x
2x
1x
0+x
5x
4x
2x
1x
0+x
6x
3x
2x
1x
0+x
6x
4x
2x
1x
0+x
6x
4x
3x
2x
0+x
7x
3x
2x
1x
0
+x
7x
4x
2x
1x
0+x
7x
6x
3x
1x
0+x
7x
6x
3x
2x
0+x
4x
2x
1x
0+x
4x
3x
2x
1+x
4x
3x
1x
0
+x
4x
3x
2x
0+x
5x
2x
1x
0+x
5x
3x
2x
1+x
5x
3x
1x
0+x
5x
4x
2x
1+x
5x
4x
3x
1
+x
6x
4x
3x
0+x
6x
3x
2x
0+x
6x
3x
2x
1+x
6x
4x
2x
1+x
6x
4x
3x
1+x
6x
5x
2x
1
+x
6x
5x
4x
2+x
6x
5x
4x
1+x
7x
2x
1x
0+x
7x
6x
3x
0+x
7x
3x
2x
0+x
7x
6x
3x
2
+x
7x
6x
3x
1+x
7x
3x
2x
1+x
7x
4x
2x
1+x
7x
4x
3x
0+x
7x
5x
3x
2+x
7x
5x
3x
1
+x
7x
6x
1x
0+x
7x
6x
4x
0+x
3x
2x
1+x
4x
1x
0+x
4x
2x
0+x
4x
3x
2+x
4x
3x
1
+x
5x
2x
1+x
5x
3x
0+x
5x
4x
1+x
5x
4x
2+x
5x
4x
3+x
6x
4x
2+x
6x
2x
1+x
6x
3x
2
+x
6x
4x
3+x
6x
3x
1+x
6x
4x
1+x
6x
5x
0+x
6x
5x
1+x
7x
6x
2+x
7x
4x
1+x
7x
1x
0
+x
7x
2x
1+x
7x
3x
2+x
7x
6x
3+x
7x
3x
1+x
7x
4x
0+x
7x
4x
1+x
7x
5x
0+x
7x
5x
2
+x
7x
5x
3+x
7x
5x
4+x
7x
6x
4+x
3x
2+x
5x
2+x
1x
0+x
3x
0+x
3x
1+x
4x
3
+x
6x
4+x
6x
3+x
7x
4+x
7x
6+x
7x
3+x
7x
5+x
2+x
5+x
3+1
y
3=x
4x
3x
2x
1x
0+x
5x
3x
2x
1x
0+x
5x
4x
3x
2x
0+x
5x
4x
3x
1x
1+x
5x
4x
3x
1x
0+x
6x
4x
2x
1x
0
+x
6x
4x
3x
1x
0+x
6x
4x
3x
2x
0+x
6x
5x
3x
2x
0+x
6x
5x
3x
2x
1+x
7x
4x
2x
1x
0+x
7x
4x
3x
1x
0
+x
7x
5x
3x
1x
0+x
7x
6x
3x
2x
0+x
4x
2x
1x
0+x
4x
3x
2x
0+x
5x
4x
3x
2+x
5x
4x
1x
0
+x
5x
4x
3x
1+x
6x
3x
2x
1+x
6x
4x
2x
1+x
6x
4x
3x
0+x
6x
4x
3x
1+x
6x
4x
3x
2
+x
6x
5x
1x
0+x
6x
5x
3x
0+x
6x
5x
3x
2+x
6x
5x
4x
0+x
6x
5x
4x
1+x
6x
5x
4x
3
+x
7x
2x
1x
0+x
7x
3x
2x
0+x
7x
3x
1x
0+x
7x
4x
1x
0+x
7x
5x
3x
1+x
7x
5x
4x
1
+x
7x
5x
1x
0+x
7x
5x
4x
0+x
7x
6x
3x
1+x
7x
6x
5x
3+x
2x
1x
0+x
3x
1x
0+x
3x
2x
1
+x
4x
1x
0+x
4x
2x
1+x
4x
3x
0+x
4x
3x
2+x
5x
1x
0+x
5x
2x
0+x
5x
2x
1+x
5x
4x
1
+x
6x
1x
0+x
6x
2x
0+x
6x
3x
0+x
6x
3x
1+x
6x
4x
0+x
6x
4x
1+x
6x
5x
0+x
6x
5x
3
+x
7x
2x
0+x
7x
3x
2+x
7x
3x
0+x
7x
4x
1+x
7x
5x
4+x
7x
5x
3+x
7x
6x
0+x
7x
6x
4
+x
7x
6x
3+x
3x
0+x
7x
0+x
6x
3+x
2x
1+x
3x
2+x
4x
0+x
4x
3+x
5x
2
+x
5x
1+x
5x
0+x
5x
3+x
6x
2+x
6x
5+x
7x
2+x
7x
5+x
0+x
6+x
7+x
3+1
y
2=x
4x
3x
2x
1x
0+x
5x
3x
2x
1x
0+x
5x
4x
2x
1x
0+x
6x
4x
2x
1x
0+x
6x
4x
3x
1x
0+x
6x
5x
2x
1x
0
+x
6x
5x
3x
1x
0+x
7x
4x
3x
1x
0+x
7x
5x
2x
1x
0+x
7x
5x
3x
2x
0+x
7x
6x
2x
1x
0+x
7x
6x
3x
1x
0
+x
7x
6x
3x
2x
1+x
3x
2x
1x
0+x
4x
2x
1x
0+x
4x
3x
2x
0+x
4x
3x
1x
0+x
5x
2x
1x
0
+x
5x
4x
1x
0+x
5x
4x
3x
1+x
6x
2x
1x
0+x
6x
3x
1x
0+x
6x
4x
1x
0+x
6x
4x
2x
1
+x
6x
4x
3x
1+x
6x
5x
4x
1+x
6x
5x
1x
0+x
6x
5x
2x
1+x
6x
5x
3x
2+x
7x
2x
1x
0
+x
7x
3x
2x
1+x
7x
4x
3x
0+x
7x
5x
3x
0+x
7x
5x
1x
0+x
7x
5x
4x
1+x
7x
5x
2x
1
+x
7x
5x
3x
1+x
7x
6x
1x
0+x
7x
6x
2x
1+x
7x
6x
3x
1+x
7x
6x
4x
1+x
7x
6x
5x
3
+x
7x
6x
5x
1+x
7x
6x
5x
2+x
4x
3x
2+x
4x
2x
0+x
4x
3x
0+x
5x
1x
0+x
5x
2x
0
+x
5x
3x
2+x
5x
3x
1+x
5x
4x
2+x
6x
1x
0+x
6x
5x
2+x
6x
2x
0+x
6x
3x
0+x
6x
4x
1
+x
6x
4x
2+x
6x
5x
1+x
7x
1x
0+x
7x
3x
0+x
7x
4x
2+x
7x
4x
3+x
7x
5x
4+x
7x
6x
4
+x
4x
0+x
2x
0+x
7x
2+x
4x
1+x
2x
1+x
3x
1+x
5x
0+x
5x
1+x
5x
2+x
5x
4+x
6x
5
+x
6x
3+x
6x
0+x
6x
2+x
7x
3+x
7x
5+x
7x
6+x
0+x
2+x
4+x
7+x
1+1
y
1=x
5x
4x
2x
1x
0+x
5x
4x
3x
2x
1+x
7x
4x
2x
1x
0+x
7x
4x
3x
2x
1+x
7x
5x
3x
2x
0+x
7x
5x
2x
1x
0
+x
7x
6x
3x
1x
0+x
3x
2x
1x
0+x
5x
4x
3x
1+x
4x
3x
1x
0+x
4x
2x
1x
0+x
4x
3x
2x
0
+x
4x
3x
2x
1+x
5x
3x
2x
0+x
5x
3x
2x
1+x
5x
4x
1x
0+x
5x
4x
2x
1+x
5x
4x
3x
2
+x
6x
2x
1x
0+x
6x
3x
1x
0+x
6x
3x
2x
1+x
6x
3x
2x
0+x
6x
4x
1x
0+x
6x
4x
3x
1
+x
6x
4x
3x
0+x
6x
5x
3x
1+x
6x
5x
1x
0+x
6x
5x
3x
0+x
7x
5x
3x
1+x
7x
2x
1x
0
+x
7x
3x
2x
0+x
7x
4x
2x
1+x
7x
4x
3x
2+x
7x
5x
3x
0+x
7x
5x
2x
0+x
7x
5x
4x
2
+x
7x
6x
1x
0+x
7x
6x
2x
0+x
7x
6x
3x
0+x
7x
6x
3x
1+x
7x
6x
3x
2+x
7x
6x
4x
3
+x
7x
6x
4x
0+x
7x
6x
5x
3+x
7x
6x
5x
0+x
7x
5x
3+x
3x
2x
0+x
5x
2x
1+x
3x
2x
1
+x
4x
3x
1+x
5x
4x
1+x
4x
1x
0+x
5x
1x
0+x
5x
4x
0+x
5x
2x
0+x
5x
3x
2+x
5x
4x
2
+x
6x
1x
0+x
6x
2x
0+x
6x
2x
1+x
6x
3x
2+x
6x
4x
3+x
6x
4x
0+x
6x
4x
1+x
6x
5x
2
+x
6x
5x
1+x
7x
3x
1+x
7x
5x
1+x
7x
2x
0+x
7x
5x
4+x
7x
4x
3+x
7x
4x
2+x
7x
6x
0
+x
7x
6x
1+x
7x
6x
2+x
7x
6x
3+x
7x
6x
4+x
7x
6x
5+x
7x
5+x
5x
3+x
7x
3
+x
2x
0+x
2x
1+x
4x
1+x
5x
0+x
6x
0+x
6x
3+x
6x
5+x
7x
1+x
7x
2
+x
7x
4+x
7x
6+x
7+x
5+x
3+1
y
0=x
6x
3x
2x
1x
0+x
7x
3x
2x
1x
0+x
7x
2x
1x
0+x
4x
3x
2x
0+x
4x
3x
2x
1+x
5x
2x
1x
0
+x
5x
3x
1x
0+x
5x
3x
2x
0+x
5x
4x
1x
0+x
5x
4x
2x
0+x
5x
4x
2x
1+x
5x
4x
3x
1
+x
6x
2x
1x
0+x
6x
3x
1x
0+x
6x
5x
3x
2+x
6x
3x
2x
1+x
6x
4x
2x
0+x
6x
4x
3x
0
+x
6x
5x
3x
1+x
7x
2x
1x
0+x
7x
3x
1x
0+x
7x
3x
2x
1+x
7x
4x
2x
0+x
7x
4x
3x
0
+x
7x
5x
3x
1+x
7x
5x
3x
2+x
2x
1x
0+x
3x
1x
0+x
3x
2x
0+x
3x
2x
1+x
4x
1x
0
+x
4x
3x
1+x
4x
3x
2+x
5x
2x
0+x
5x
2x
1+x
5x
3x
0+x
5x
4x
1+x
5x
4x
0+x
5x
4x
2
+x
5x
4x
3+x
6x
2x
0+x
6x
2x
1+x
6x
3x
0+x
6x
5x
3+x
6x
3x
1+x
6x
4x
0+x
6x
4x
2
+x
6x
5x
1+x
6x
5x
4+x
7x
2x
0+x
7x
5x
3+x
7x
3x
1+x
7x
1x
0+x
7x
3x
2+x
7x
5x
4
+x
7x
4x
0+x
7x
4x
2+x
7x
5x
1+x
3x
1+x
6x
1+x
2x
1+x
3x
0+x
3x
2+x
4x
3
+x
4x
1+x
5x
0+x
5x
2+x
6x
5+x
5x
4+x
6x
0+x
6x
2+x
6x
3+x
7x
0
+x
7x
2+x
7x
6+x
7x
3+x
7x
1+x
7x
4+x
1+x
4+x
5+x
7
Table 2 has provided number and the mathematical expectation that the item of each number of times occurs in each component function of S box.
The item of each number of times occurs in each component function of table 2, S box number and mathematical expectation table
The number of times of item number | ??8 | ??7 | ??6 | ??5 | ??4 | ??3 | ??2 | ??1 | ??0 |
??y 7 | ??0 | ??0 | ??0 | ??2 | ??24 | ??27 | ??15 | ??2 | ??0 |
??y 6 | ??0 | ??0 | ??0 | ??3 | ??13 | ??24 | ??19 | ??6 | ??0 |
??y 5 | ??0 | ??0 | ??0 | ??3 | ??12 | ??20 | ??17 | ??4 | ??1 |
??y 4 | ??0 | ??0 | ??0 | ??9 | ??29 | ??32 | ??12 | ??3 | ??1 |
??y 3 | ??0 | ??0 | ??0 | ??14 | ??26 | ??28 | ??15 | ??4 | ??1 |
??y 2 | ??0 | ??0 | ??0 | ??13 | ??31 | ??21 | ??17 | ??5 | ??1 |
??y 1 | ??0 | ??0 | ??0 | ??7 | ??38 | ??33 | ??14 | ??3 | ??1 |
The number of times of item number | ??8 | ??7 | ??6 | ??5 | ??4 | ??3 | ??2 | ??1 | ??0 |
??y 0 | ??0 | ??0 | ??0 | ??2 | ??24 | ??32 | ??20 | ??4 | ??0 |
Desired value | ??1/2 | ??4 | ??14 | ??28 | ??35 | ??28 | ??14 | ??4 | ??1/2 |
4.S box hardware implementation efficiency is analyzed
The described a kind of box of S efficiently hardware module can adopt dual mode to realize:
1) pure combinational logic circuit implementation;
2) sequence circuit implementation.
For implementation 1), described interface is input of 8 bits and the output of 8 bits, comprises three XOR unit A, B, C and three lookup unit P in the module
1, P
2, P
3With a line preface permute unit "<<<m ".As shown in Figure 2.
When hardware was realized, the important indicator whether circuit satisfies temporal constraint was exactly the longest combinational logic path delay of time, is also referred to as critical path.This mode critical path is: x
2→ P
1→ XOR → P
2→ XOR → P
3→ XOR.The time delay of a common gate is much smaller than the ns level.So, for mode 1) and the realization of pure combinational logic circuit, can guarantee that in the time of a clock cycle all gate circuits upsets finish, thereby finish the whole process of tabling look-up.
The time of tabling look-up of this circuit, if output was deposited at once in each clock cycle, then under the 80MHz clock, the realization throughput was 640Mbps (8*80MHz) less than a clock cycle, realized about 100 of area, and the process of tabling look-up is all adopted and is the combinational logic realization.
For mode 2) P
1, P
2, P
3The sequence circuit implementation of content stores in memory then needs to design finite state machine and finishes with a plurality of clock cycle and table look-up.If be input as x, high 4 is x
1, low 4 is x
2, the processing procedure of then tabling look-up needs to deposit for three times as shown in Figure 3 at least, needs a clock cycle upgrade relevant register at every turn, and concrete operating circuit is as shown in Figure 4.
As a kind of embodiment, as P
1, P
2, P
3Content leaves in the RAM medium, and then treatment step is as follows:
1) Fig. 4 (a) establishes P
1The base address that content exists is P
1_Base is with x
2Offset address is read the content in the appropriate address, with x
1Carry out being updated among the 4 bit register L behind the XOR;
2) Fig. 4 (b) establishes P
2The base address that content exists is P
2_Base is that offset address is read the content in the appropriate address with the content of L, with x
2Carry out being updated among the 4 bit register R behind the XOR;
3) Fig. 4 (c) as offset address, chooses P with the output of register R
3(base address is P to middle content corresponding
3_Base), carry out being spliced into T with R behind the XOR with 4 bit register L after the sense data, T is carried out the line preface by left cyclic shift m arrange, output y.
Mode 2) realization needs 3 clock cycle at least.Owing to adopt register-stored intermediate object program between each step, so circuit logic partly realizes about 80 of cost (not comprising ram cell), critical path is compared mode 1) shorter, but the time of implementation is much longer relatively, for example under the 80MHz clock, realize that throughput is up to 213Mbps (8 bit * 80MHz/3), adopt sequential logical circuit to realize.
Claims (10)
1. a S box building method the steps include:
1) a selected integer m and three n advance the converter unit that n goes out: P
1, P
2, P
3P wherein
2Be permute unit, n is a natural number;
2) the 2n bit information x with input is divided into two parts, is designated as x
1, x
2, wherein, x
1High n position, x for input information
2Low n position for input information;
3) with x
2Through P
1After the conversion with x
1XOR, output result note is made t
1
4) with t
1Through P
2After the conversion with x
2XOR, output result note is made t
2
5) with t
2Through P
3After the conversion with t
1XOR, output result note is made t
3
6) with t
3As high n position, t
2Be connected to become the information of a 2n bit as low n position, note is made t;
7) information t ring shift left m position is exported.
2. the method for claim 1, the value that it is characterized in that described integer m is 1~2n-1; Described P
1, P
3For n advances the mapping that n goes out; Described n is integer and n 〉=2.
3. method as claimed in claim 1 or 2 is characterized in that adopting a line preface permute unit that information t ring shift left m position is exported.
4. method as claimed in claim 1 or 2 is characterized in that described step 3)~5) in conversion adopt combinational logic circuit to realize; Wherein the critical path of combinational logic circuit is: x
2→ P
1→ XOR → P
2→ XOR → P
3→ XOR.
5. method as claimed in claim 1 or 2 is characterized in that described step 3)~5) in conversion adopt sequence circuit to realize.
6. method as claimed in claim 5 is characterized in that the method for described employing sequence circuit realization conversion is:
1) with P
1, P
2, P
3In information be stored in respectively in the memory;
2) according to P
1The base address, with x
2Read the P that stores in the described memory for offset address
1Information is with itself and x
1Carry out being updated among the n bit register L behind the XOR;
3) according to P
2The base address, as offset address, read the P that stores in the described register with the output of this register L
2Information is with itself and x
2Carry out being updated among the n bit register R behind the XOR;
4) according to P
3The base address, as offset address, read the P that stores in the described register with the output of this register R
3Information is carried out XOR with itself and this register L.
7. a S box is characterized in that comprising three XOR unit A, B, C, three converter unit P
1, P
2, P
3, a line preface permute unit; Wherein two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P
1Output connect, the output of XOR unit A respectively with converter unit P
2Input and the input of XOR unit C be connected; Another n bit information data terminal respectively with converter unit P
1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P
2Output connect; The output of XOR unit B respectively with the input and the converter unit P of described line preface permute unit
3Input connect; The output of XOR unit C is connected with the input of described line preface permute unit; Converter unit P
3Output be connected with the input of XOR unit C; P wherein
2Be permute unit, n is a natural number.
8. S box as claimed in claim 7 is characterized in that the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P
1, P
3Be 4 to advance 4 conversion that go out.
9. a S box is characterized in that comprising three XOR unit A, B, C, three converter unit P
1, P
2, P
3, a line preface permute unit, two register L, R, a memory; Converter unit P wherein
1, P
2, P
3Be connected with described memory by base I/O addressI/O respectively; Two inputs of XOR unit A respectively with a n bit information data terminal and converter unit P
1Output connect, and its output is connected with the input of described register L; Another n bit information data terminal respectively with converter unit P
1Input and the input of XOR unit B be connected; Another input of XOR unit B and converter unit P
2Output connect, and its output is connected with the input of described register R; The output of described register R respectively with converter unit P
3Input and the input of described line preface permute unit be connected; The output of described register L respectively with input and the converter unit P of XOR unit C
2Input connect; Another input of XOR unit C and converter unit P
3Output connect, and its output is connected with the input of described line preface permute unit, wherein P
2Be permute unit, n is integer and n 〉=2.
10. S box as claimed in claim 9 is characterized in that the S box is 8 bit input interfaces and 8 bit output interfaces; Described n value is 4; Described P
1, P
3Be 4 to advance 4 conversion that go out.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010204508 CN101848081A (en) | 2010-06-11 | 2010-06-11 | S box and construction method thereof |
PCT/CN2010/001048 WO2011153666A1 (en) | 2010-06-11 | 2010-07-13 | Method for constructing s-box and s-box |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010204508 CN101848081A (en) | 2010-06-11 | 2010-06-11 | S box and construction method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101848081A true CN101848081A (en) | 2010-09-29 |
Family
ID=42772549
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201010204508 Pending CN101848081A (en) | 2010-06-11 | 2010-06-11 | S box and construction method thereof |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101848081A (en) |
WO (1) | WO2011153666A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102185690A (en) * | 2011-01-27 | 2011-09-14 | 中国科学院软件研究所 | Optimal S box construction method and circuit |
CN103368725A (en) * | 2012-04-06 | 2013-10-23 | 中国科学院软件研究所 | Construction method of G0-type S-box and circuit of G0-type S-box |
CN103378968A (en) * | 2012-04-16 | 2013-10-30 | 中国科学院软件研究所 | A construction method and a circuit of a G1 type S-box |
CN104683096A (en) * | 2013-11-29 | 2015-06-03 | 中国航天科工集团第三研究院第八三五七研究所 | Dynamic S-box transforming method and system |
CN109905231A (en) * | 2019-02-26 | 2019-06-18 | 清华大学 | A kind of S box building method of novel password dedicated 4 × 4 |
CN111339577A (en) * | 2020-02-12 | 2020-06-26 | 南京师范大学 | Construction method of S box with excellent DPA resistance |
CN112511293A (en) * | 2020-09-21 | 2021-03-16 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
CN113162755A (en) * | 2021-02-03 | 2021-07-23 | 北京信息科学技术研究院 | Construction method and circuit of light-weight 8-bit S box |
CN114710285A (en) * | 2022-05-19 | 2022-07-05 | 北京大学 | High-performance SM4 bit slice optimization method for heterogeneous parallel architecture |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658569B1 (en) * | 1999-02-04 | 2003-12-02 | Bull Cp8 | Secret key cryptographic process for protecting a computer system against attacks by physical analysis |
CN101719823A (en) * | 2009-10-30 | 2010-06-02 | 中国科学院软件研究所 | Method for realizing linear transformation of S-box |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6243470B1 (en) * | 1998-02-04 | 2001-06-05 | International Business Machines Corporation | Method and apparatus for advanced symmetric key block cipher with variable length key and block |
JP2008058830A (en) * | 2006-09-01 | 2008-03-13 | Sony Corp | Data converting device, data conversion method, and computer program |
WO2009104827A1 (en) * | 2008-02-20 | 2009-08-27 | Industry-Academic Cooperation Foundation, Yonsei University | Method and apparatus for generating key stream for stream cipher, s-box for block cipher and method for substituting input vector using the s-box |
-
2010
- 2010-06-11 CN CN 201010204508 patent/CN101848081A/en active Pending
- 2010-07-13 WO PCT/CN2010/001048 patent/WO2011153666A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658569B1 (en) * | 1999-02-04 | 2003-12-02 | Bull Cp8 | Secret key cryptographic process for protecting a computer system against attacks by physical analysis |
CN101719823A (en) * | 2009-10-30 | 2010-06-02 | 中国科学院软件研究所 | Method for realizing linear transformation of S-box |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102185690A (en) * | 2011-01-27 | 2011-09-14 | 中国科学院软件研究所 | Optimal S box construction method and circuit |
CN102185690B (en) * | 2011-01-27 | 2013-11-27 | 中国科学院软件研究所 | Optimal S box construction method and circuit |
CN103368725A (en) * | 2012-04-06 | 2013-10-23 | 中国科学院软件研究所 | Construction method of G0-type S-box and circuit of G0-type S-box |
CN103368725B (en) * | 2012-04-06 | 2016-08-31 | 中国科学院软件研究所 | A kind of G0 class S box building method and circuit thereof |
CN103378968A (en) * | 2012-04-16 | 2013-10-30 | 中国科学院软件研究所 | A construction method and a circuit of a G1 type S-box |
CN103378968B (en) * | 2012-04-16 | 2016-08-03 | 中国科学院软件研究所 | A kind of G1 class S box building method and circuit thereof |
CN104683096A (en) * | 2013-11-29 | 2015-06-03 | 中国航天科工集团第三研究院第八三五七研究所 | Dynamic S-box transforming method and system |
CN104683096B (en) * | 2013-11-29 | 2017-12-22 | 中国航天科工集团第三研究院第八三五七研究所 | Dynamic S-box transform method and system |
CN109905231A (en) * | 2019-02-26 | 2019-06-18 | 清华大学 | A kind of S box building method of novel password dedicated 4 × 4 |
CN111339577A (en) * | 2020-02-12 | 2020-06-26 | 南京师范大学 | Construction method of S box with excellent DPA resistance |
CN112511293A (en) * | 2020-09-21 | 2021-03-16 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
CN112511293B (en) * | 2020-09-21 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112636899B (en) * | 2020-09-21 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
CN113162755A (en) * | 2021-02-03 | 2021-07-23 | 北京信息科学技术研究院 | Construction method and circuit of light-weight 8-bit S box |
CN114710285A (en) * | 2022-05-19 | 2022-07-05 | 北京大学 | High-performance SM4 bit slice optimization method for heterogeneous parallel architecture |
Also Published As
Publication number | Publication date |
---|---|
WO2011153666A1 (en) | 2011-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101848081A (en) | S box and construction method thereof | |
CN101764686B (en) | Encryption method for network and information security | |
Deshpande et al. | Efficient implementation of AES algorithm on FPGA | |
CN101952870B (en) | Data converter, data conversion method | |
CN103444124B (en) | Cipher processing apparatus, cipher processing method | |
CN102204158A (en) | Low latency block cipher | |
CN101938349A (en) | S box applicable to hardware realization and circuit realization method thereof | |
KR100800468B1 (en) | Hardware cryptographic engine and method improving power consumption and operation speed | |
JPWO2015146431A1 (en) | Cryptographic processing apparatus, cryptographic processing method, and program | |
JP2015191106A (en) | Encryption processing device, encryption processing method, and program | |
CN105916141B (en) | A kind of realization system and method for self synchronous Zu Chongzhi's enciphering and deciphering algorithm | |
CN101841415A (en) | Word-oriented key stream generating method and encrypting method | |
CN106982116A (en) | A kind of local file encryption method of the AES based on reversible logic circuits | |
JP2015191107A (en) | Encryption processing device, encryption processing method, and program | |
CN109039583A (en) | It is multiplexed round transformation circuit, AES encryption circuit and encryption method | |
CN101848078A (en) | Perturbation method and encryption method for key stream sequence | |
CN107171782A (en) | A kind of AES secret daily record encryption methods based on reversible logic circuits | |
CN109033847B (en) | AES encryption operation unit, AES encryption circuit and encryption method thereof | |
Hammad | Efficient hardware implementations for the advanced encryption standard algorithm | |
CN101848079B (en) | Perturbation method and encryption method for character-oriented sequence with memory | |
CN104871476A (en) | Method and apparatus for a computable, large, variable and secure substitution box | |
CN104753662A (en) | Encryption key stream generating method based on AES (Advanced Encryption Standard) algorithm | |
CN115022000A (en) | Communication method and device of railway signal system and electronic equipment | |
US7433905B2 (en) | Device and method for processing digital values in particular in non-adjacent form | |
Barrera et al. | Improved mix column computation of cryptographic AES |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100929 |