CN101938351A - Key expanding method for encrypting block cipher - Google Patents
Key expanding method for encrypting block cipher Download PDFInfo
- Publication number
- CN101938351A CN101938351A CN2010102845521A CN201010284552A CN101938351A CN 101938351 A CN101938351 A CN 101938351A CN 2010102845521 A CN2010102845521 A CN 2010102845521A CN 201010284552 A CN201010284552 A CN 201010284552A CN 101938351 A CN101938351 A CN 101938351A
- Authority
- CN
- China
- Prior art keywords
- key
- sub
- block cipher
- array
- box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a key expanding method for a block cipher algorithm, which is used for generating each round of subkeys in the block cipher algorithm. The method provided by the invention mainly comprises the following step of calculating an iteration function for generating a subkey, wherein the iteration function is formed by a nonlinear operation, a constant operation and a cycle shift operation. The method provided by the invention can effectively and conveniently generate the subkeys, effectively reduce storage space, has higher realizing speed compared with a common commercial block cipher algorithm, can meet the requirements on real-time encryption and decryption, and simultaneously has higher safety.
Description
Technical field
The present invention relates to the method for a kind of data encryption and deciphering, be specifically related to a kind of cipher key spreading method of block cipher, what be used to generate block cipher respectively takes turns sub-key.
Background technology
Information age computer technology fast development, block cipher because have speed fast, be easy to standardization and be convenient to characteristics such as software and hardware realization, become the core cryptographic algorithm of realizing data encryption, message discriminating, authentication and key management in the information security field, in field extensive uses such as computer, communications.
Block cipher is that the original data sequence (promptly expressly) that will need data protection divides into groups, and each is grouped in carries out cryptographic operation under the key effect, will expressly be converted to the irregular data (being ciphertext) that can not discern.Ciphertext is transmitted to guarantee data security, and data receiving uses same group key decrypt ciphertext can be plaintext.The block cipher cryptographic operation is usually through too much round function effect, and each is taken turns all needs one group of corresponding sub-key.In the implementation process of encryption and decryption, communicating pair is only shared one group of initial seed key, by key schedule the seed key expansion is generated the sub-key that needs, and reduces memory space, the traffic, improves systematic function.
The key schedule of exemplary packet cryptographic algorithm is applicable to that usually key length is the cipher key spreading of 128 bits, 192 bits or 256 bits at present.256 bit keys length are a kind of typical key lengths during block cipher is used, under the pressure of data security, 256 bit clear packets are subjected to password designer's favor day by day, the key frequency of utilization of corresponding 256 bit lengths progressively promotes, therefore, the block cipher that designs 256 bit keys length will have very strong practicality.
Key schedule at first will guarantee fail safe, promptly requires the design of key schedule to have sub-key statistical independence and sensitivity.Statistical independence promptly requires not exist between the sub-key simple relation, and sensitivity promptly requires the change of the several bits of seed key can change corresponding sub-key largely.In addition, the speed of key schedule should not influence the progress of work of encrypting or deciphering, and the parts that algorithm is realized under the software and hardware condition should have applicability and save resource as much as possible.
Block cipher key layout design for scheme should be observed design criterions such as above fail safe, speed, applicability.Mutual restriction between each design criterion, the key schedule of at present typical block cipher has characteristics and deficiency separately.The key schedule of a lot of typical cryptographic algorithms, key schedule as cryptographic algorithms such as AES, IDEA, KASUMI and SHACAL all can not be resisted specific cryptanalysis, as carrying out cryptanalytic key correlation attack at key schedule specially and ganging up against.Some algorithms such as RC6, MAPRS need take resources such as a large amount of calculating and storage when realizing, greatly reduce its practicality, and under resource-constrained situation, they can not be realized at a high speed, synchronous encryption and decryption are operated.The key schedule of taking into account performances such as fail safe and speed becomes designer's design object.
Summary of the invention
The purpose of this invention is to provide a kind of block cipher key schedule, support the length of 256 bit keys, generate the sub-key of specified quantity, be used for data encryption and deciphering.This key schedule comprises that initialization, sub-key iteration generating algorithm and sub-key choose algorithm, wherein, sub-key iteration generating algorithm is a core of the present invention, and 256 bit seed keys are imported this algorithm, can generate required several sub-keys of respectively taking turns of taking turns efficiently and safely.
For key length is that 8 of 256 bits are taken turns block cipher, needs 8 round key and 1 albefaction key, and each sub-key length is 256 bits, needs to generate the expanded keys of 2304 bits altogether.Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm, comprises that (1) initialization, (2) key iteration generating algorithm and (3) sub-key choose algorithm.
Technical scheme of the present invention is as follows:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W[0 successively]~W[7] as input; W[8]~W[79] be used for storing the sub-key that expansion generates;
B. calculate and generate sub-key (as shown in Figure 2), adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+ F
Imod4+ t (i) }<<<(7i+3) mod32 (formula 1)
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-Φ is 4 constants, finds the solution by 5 rank roots of 32 rank primitive polynomials in the finite field, determines that the value of 4 constants is:;
■Φ
0=3C2D240E
■Φ
1=E4BB73F6
■Φ
2=B40B34CD
■Φ
3=6C9D6334
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left; As a<<<b represents the position a ring shift left b.
C. export sub-key: with array W[i] (i=8,9 ..., 79) in order of elements output be sub-key.
In formula 1, the implementation of described non-linear transform function FS is as follows: for described function F S (x), x represents the variable of long 32 bits, is write x as the form of 48 bit number parallel connections, i.e. x=x
1x
2x
3x
4, then
FS (x)=M (S
0(x
1), S
1(x
2), S
2(x
3), S
3(s
4)) (formula 2)
Wherein,
y
1, y
2, y
3, y
4Be GF (2
8) in element;
Element in the matrix is GF (2
8) in the hexadecimal representation of element;
S
0, S
1, S
2, S
3Be four different functions, the S box of expression 8 * 8; S
0Adopt the S box of the block cipher of encryption and decryption computing; S
1, S
2, S
3By S
0Generate, the generation method is as follows:
S described in the formula 2
0Select the S box of the supporting block cipher of key schedule for use, to reduce memory space, to improve operation efficiency.Most block ciphers all have satisfactory S box, as the S box of AES, 4 different S boxes of Camellia, 2 S boxes of SEED.Value is a self-defined S box (as table 1) when the form of block cipher S box is incompatible, can change the S box as required.Carrying out nonlinear operation with the S box is to guarantee good diffusion and non-linearity, the effective means of promoting fail safe.
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | |
0 | E4 | 80 | 65 | 7A | C8 | 4B | FB | A8 | 93 | E7 | 54 | 3A | D7 | 0C | B4 | 5B |
1 | 89 | 61 | B7 | 69 | 67 | F1 | 74 | 7C | A0 | 72 | 2E | 4 | D4 | 22 | EB | EC |
2 | A4 | 20 | 6E | 97 | 87 | 8 | 17 | DC | 23 | 13 | 45 | 8F | CF | B8 | B6 | E6 |
3 | CD | FA | 82 | 55 | 6D | 91 | 57 | 92 | F3 | 76 | B2 | 2A | 68 | C7 | 9D | 3 |
4 | 6B | F6 | 59 | CE | E2 | 36 | 2F | 5D | 90 | 9E | 88 | 21 | BB | 18 | 8A | 86 |
5 | 0A | 12 | 1D | 27 | 60 | 98 | E9 | E3 | 66 | D3 | 0B | A1 | 3F | 85 | 0F | 33 |
6 | 8D | 6C | 6F | 4F | 8E | 0E | DF | 10 | B1 | 43 | 62 | 56 | 34 | 44 | 31 | D2 |
7 | AE | 77 | 24 | ED | 99 | 7F | CB | DD | AF | BC | 1F | CC | BD | F0 | A2 | E0 |
8 | FC | 4A | B0 | 7 | 0 | 94 | DE | 70 | A9 | F4 | AB | 73 | D5 | 79 | A6 | 1E |
9 | DA | 16 | EE | 52 | 1C | 53 | E1 | D0 | 58 | 30 | 37 | 19 | F7 | 1A | 28 | 96 |
A | 63 | 46 | A5 | 4C | 29 | F5 | AC | 39 | D6 | 2C | A3 | B3 | 83 | 7E | 11 | EF |
B | 9B | BA | 6 | 3B | DB | 81 | 75 | D1 | 6A | 3E | 7B | 9F | 7D | 78 | B5 | 8B |
C | 2 | 0D | 9 | 4D | 5A | EA | F2 | C1 | 51 | 5C | C5 | 2B | D9 | 64 | 4E | 48 |
D | CA | 47 | 2D | 38 | 3D | 71 | 8C | E8 | 40 | 5 | D8 | B9 | 5E | 3C | BE | C4 |
E | F9 | 95 | 9C | C3 | FF | 14 | 25 | A7 | 1B | 9A | E5 | C9 | C0 | 50 | 32 | 5F |
F | 41 | F8 | AD | BF | C2 | 1 | 35 | 49 | 15 | AA | FD | FE | 26 | C6 | 42 | 84 |
The S box that this algorithm of table 1 provides
In the formula 1 calculating by multinomial X
-8+ X
-7+ X
-3+ X
-2=1 determines, the array element of back is calculated as parameter by the 8th, 7,3,2 array element before it.Because this multinomial is a primitive polynomial, so guaranteed not repeating of the new array element that generates; Generate 1 new element by 4 element iteration, guaranteed the one-way of iteration function, it is invalid to make the key correlation attack analyze this key.
Take turns several block ciphers for wheel number other in [4,20] scope, only need to use the present invention according to data volume change array length.For example 10 take turns cryptographic algorithm, need 10 iteration keys and 1 albefaction key, then byte arrays changes W[8 into], W[9] ..., W[95].The rest may be inferred.
Beneficial effect of the present invention: algorithm provided by the invention has reduced the work internal memory, can efficiently generate sub-key expediently, have the higher realization speed of more general commercial block cipher, can satisfy requirement real-time encrypted and deciphering, simultaneously, this algorithm has than higher fail safe.
Description of drawings
Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm;
Fig. 2 is that sub-key generates the iterative algorithm schematic diagram.
Embodiment
The ins and outs such as step, scheme that generate sub-key that 8 key lengths of taking turns block cipher are 256 bits and albefaction sub-key by 256 bit seed keys are described below, so that thorough understanding of the present invention to be provided.
Implementing procedure figure according to Fig. 1.The present invention implements initialization, key iteration generating algorithm and sub-key successively and chooses steps such as algorithm.
In initialization, 256 bit seed keys are write array: W[0 successively], W[1], W[2] and, W[3], W[4] and, W[5], W[6] and, W[7], as input.W[8], W[9] ..., W[79] and be used for storing the sub-key that expansion generates.
Expanded keys is generated by sub-key iterative algorithm iteration, and the principle of expansion structure design, iteration function design and constant design and method are as described in the summary of the invention, and iterative process is shown in figure two.Initialized byte arrays input follow procedure is calculated:
for?i←8to 79
do
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+F
imod?4+t(i)}<<<(7i+3)mod32
end
The expanded keys byte arrays that generates is chosen algorithm by key and is generated 8 sub-keys and 1 albefaction key, and principle is shown in summary of the invention, and program is as follows:
for?i←0to 8
output(W[8i+8],W[8i+9],…,W[8i+15])
end
It should be noted that, the purpose of publicizing and implementing example is to help further to understand the present invention, but it will be appreciated by those skilled in the art that: according to key schedule provided by the invention, generate the sub-key that other take turns number and key length, the performance at aspects such as fail safe, speed is of equal value.Therefore, the present invention should not be limited to the disclosed content of embodiment, and the scope of protection of present invention is as the criterion with the scope that claims define.
Claims (6)
1. a cipher key spreading method that is applied to block cipher encrypting and decrypting algorithm is characterized in that, the step that generates the wheel number and be 8 sub-key is as follows:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W[0 successively]~W[7] as input; W[8]~W[79] be used for storing the sub-key that expansion generates;
B. calculate and generate sub-key, adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+F
imod?4+t(i)}<<<(7i+3)mod32
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-Φ is 4 constants;
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left;
C. export sub-key: with array W[i] (i=8,9 ..., 79) in order of elements output be sub-key.
2. the method for claim 1 is characterized in that, the implementation of described non-linear transform function FS is as follows:
For described function F S (x), x represents the variable of long 32 bits, is write x the form of 48 bit number parallel connections as, promptly
X=x
1x
2x
3x
4, FS (x)=M (S then
0(x
1), S
1(x
2), S
2(x
3), S
3(x
4)), wherein,
y
1, y
2, y
3, y
4Be GF (2
8) in element;
Element in the matrix is GF (2
8) in the hexadecimal representation of element;
S
0, S
1, S
2, S
3Be four different functions, the S box of expression 8 * 8; S
0Adopt the S box of the block cipher of supporting encryption and decryption computing; S
1, S
2, S
3By S
0Generate, the generation method is as follows:
3. method as claimed in claim 2 is characterized in that, described S
0Value be the S box of supporting block cipher.
4. method as claimed in claim 2 is characterized in that, described S
0Value be self-defined S box.
5. the method for claim 1 is characterized in that, the value of Φ is following 4 constants:
Φ
0=3C2D240E
Φ
1=E4BB73F6
Φ
2=B40B34CD
Φ
3=6C9D6334。
6. require 1 described method as claim, it is characterized in that, described to take turns several spans be 4~20.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102845521A CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102845521A CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101938351A true CN101938351A (en) | 2011-01-05 |
CN101938351B CN101938351B (en) | 2012-07-04 |
Family
ID=43391501
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010102845521A Expired - Fee Related CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101938351B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624520A (en) * | 2012-05-02 | 2012-08-01 | 西安电子科技大学 | 192 bit key expansion system and method based on AES (Advanced Encryption Standard) |
CN102946315A (en) * | 2012-11-19 | 2013-02-27 | 成都卫士通信息产业股份有限公司 | Method and system for constructing MAC (Media Access Control) code by utilizing packet mode |
CN104317552A (en) * | 2014-11-06 | 2015-01-28 | 昆明通渡电气有限公司 | True random number generator and method and true random number secret key encryption system and method |
CN111147230A (en) * | 2019-12-31 | 2020-05-12 | 东方红卫星移动通信有限公司 | Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things |
CN111400730A (en) * | 2020-03-11 | 2020-07-10 | 西南石油大学 | AES key expansion method based on weak correlation |
CN111740816A (en) * | 2019-03-25 | 2020-10-02 | 山东文斌信息安全技术有限公司 | BWGCF block cipher algorithm realizing method |
CN114826558A (en) * | 2022-04-06 | 2022-07-29 | 郑州朗灵电子科技有限公司 | Mass data rapid encryption method and system |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106712930A (en) * | 2017-01-24 | 2017-05-24 | 北京炼石网络技术有限公司 | SM4 encryption method and device |
CN108768615B (en) * | 2018-05-16 | 2021-04-13 | 济南蓝剑钧新信息科技有限公司 | ASIC chip implementation method of hash algorithm under same frame |
-
2010
- 2010-09-16 CN CN2010102845521A patent/CN101938351B/en not_active Expired - Fee Related
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624520A (en) * | 2012-05-02 | 2012-08-01 | 西安电子科技大学 | 192 bit key expansion system and method based on AES (Advanced Encryption Standard) |
CN102624520B (en) * | 2012-05-02 | 2014-10-29 | 西安电子科技大学 | 192 bit key expansion system and method based on AES (Advanced Encryption Standard) |
CN102946315A (en) * | 2012-11-19 | 2013-02-27 | 成都卫士通信息产业股份有限公司 | Method and system for constructing MAC (Media Access Control) code by utilizing packet mode |
CN102946315B (en) * | 2012-11-19 | 2015-08-26 | 成都卫士通信息产业股份有限公司 | A kind of method and system adopting packet mode to construct MAC code |
CN104317552A (en) * | 2014-11-06 | 2015-01-28 | 昆明通渡电气有限公司 | True random number generator and method and true random number secret key encryption system and method |
CN104317552B (en) * | 2014-11-06 | 2018-04-13 | 合肥濯新光电科技有限公司 | Real random number generator and method, true random number key cryptographic systems and method |
CN111740816A (en) * | 2019-03-25 | 2020-10-02 | 山东文斌信息安全技术有限公司 | BWGCF block cipher algorithm realizing method |
CN111740816B (en) * | 2019-03-25 | 2023-03-31 | 山东文斌信息安全技术有限公司 | BWGCF block cipher algorithm realizing method |
CN111147230A (en) * | 2019-12-31 | 2020-05-12 | 东方红卫星移动通信有限公司 | Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things |
CN111400730A (en) * | 2020-03-11 | 2020-07-10 | 西南石油大学 | AES key expansion method based on weak correlation |
CN111400730B (en) * | 2020-03-11 | 2022-03-08 | 西南石油大学 | AES key expansion method based on weak correlation |
CN114826558A (en) * | 2022-04-06 | 2022-07-29 | 郑州朗灵电子科技有限公司 | Mass data rapid encryption method and system |
Also Published As
Publication number | Publication date |
---|---|
CN101938351B (en) | 2012-07-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101938351B (en) | Key expanding method for encrypting block cipher | |
CN102185692B (en) | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm | |
CN101764686B (en) | Encryption method for network and information security | |
CN105049401B (en) | A kind of safety communicating method based on intelligent vehicle | |
Panda | Data security in wireless sensor networks via AES algorithm | |
CN104184579A (en) | Lightweight block cipher VH algorithm based on dual pseudo-random transformation | |
Gueron et al. | Comet: counter mode encryption with authentication tag | |
CN101848081A (en) | S box and construction method thereof | |
CN101841415A (en) | Word-oriented key stream generating method and encrypting method | |
CN101826959B (en) | Byte-oriented key stream generation method and encryption method | |
Fadhil et al. | A new lightweight AES using a combination of chaotic systems | |
Alemami et al. | Advanced approach for encryption using advanced encryption standard with chaotic map | |
CN104320420A (en) | SCADA file encryption method based on AES algorithm | |
Murtaza et al. | Parallelized key expansion algorithm for advanced encryption standard | |
Wenceslao Jr | Enhancing the performance of the advanced encryption standard (AES) algorithm using multiple substitution boxes | |
Stoianov | One approach of using key-dependent S-BOXes in AES | |
US20210036840A1 (en) | Enhanced randomness for digital systems | |
Jingmei et al. | One AES S-box to increase complexity and its cryptanalysis | |
Samiah et al. | An efficient software implementation of AES-CCM for IEEE 802.11 i Wireless St | |
Santhanalakshmi et al. | Enhanced AES-256 cipher round algorithm for IoT applications | |
CN101938352A (en) | Block cipher software encrypting method | |
CN107147626A (en) | The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms | |
CN116318669A (en) | Lightweight encryption method based on narrowband Internet of things | |
CN105391546A (en) | Lightweight block cipher technology VHF based on double pseudo random transformation and Feistel structure | |
CN105162580A (en) | Lightweight stream cipher technology VHO based on OFB mode and block cipher VH |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 Termination date: 20150916 |
|
EXPY | Termination of patent right or utility model |