CN101938351A - Key expanding method for encrypting block cipher - Google Patents

Key expanding method for encrypting block cipher Download PDF

Info

Publication number
CN101938351A
CN101938351A CN2010102845521A CN201010284552A CN101938351A CN 101938351 A CN101938351 A CN 101938351A CN 2010102845521 A CN2010102845521 A CN 2010102845521A CN 201010284552 A CN201010284552 A CN 201010284552A CN 101938351 A CN101938351 A CN 101938351A
Authority
CN
China
Prior art keywords
key
sub
block cipher
array
box
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102845521A
Other languages
Chinese (zh)
Other versions
CN101938351B (en
Inventor
郑志明
张筱
高莹
王钊
邱望洁
王文华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN2010102845521A priority Critical patent/CN101938351B/en
Publication of CN101938351A publication Critical patent/CN101938351A/en
Application granted granted Critical
Publication of CN101938351B publication Critical patent/CN101938351B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a key expanding method for a block cipher algorithm, which is used for generating each round of subkeys in the block cipher algorithm. The method provided by the invention mainly comprises the following step of calculating an iteration function for generating a subkey, wherein the iteration function is formed by a nonlinear operation, a constant operation and a cycle shift operation. The method provided by the invention can effectively and conveniently generate the subkeys, effectively reduce storage space, has higher realizing speed compared with a common commercial block cipher algorithm, can meet the requirements on real-time encryption and decryption, and simultaneously has higher safety.

Description

A kind of realization block cipher encrypted secret key extended method
Technical field
The present invention relates to the method for a kind of data encryption and deciphering, be specifically related to a kind of cipher key spreading method of block cipher, what be used to generate block cipher respectively takes turns sub-key.
Background technology
Information age computer technology fast development, block cipher because have speed fast, be easy to standardization and be convenient to characteristics such as software and hardware realization, become the core cryptographic algorithm of realizing data encryption, message discriminating, authentication and key management in the information security field, in field extensive uses such as computer, communications.
Block cipher is that the original data sequence (promptly expressly) that will need data protection divides into groups, and each is grouped in carries out cryptographic operation under the key effect, will expressly be converted to the irregular data (being ciphertext) that can not discern.Ciphertext is transmitted to guarantee data security, and data receiving uses same group key decrypt ciphertext can be plaintext.The block cipher cryptographic operation is usually through too much round function effect, and each is taken turns all needs one group of corresponding sub-key.In the implementation process of encryption and decryption, communicating pair is only shared one group of initial seed key, by key schedule the seed key expansion is generated the sub-key that needs, and reduces memory space, the traffic, improves systematic function.
The key schedule of exemplary packet cryptographic algorithm is applicable to that usually key length is the cipher key spreading of 128 bits, 192 bits or 256 bits at present.256 bit keys length are a kind of typical key lengths during block cipher is used, under the pressure of data security, 256 bit clear packets are subjected to password designer's favor day by day, the key frequency of utilization of corresponding 256 bit lengths progressively promotes, therefore, the block cipher that designs 256 bit keys length will have very strong practicality.
Key schedule at first will guarantee fail safe, promptly requires the design of key schedule to have sub-key statistical independence and sensitivity.Statistical independence promptly requires not exist between the sub-key simple relation, and sensitivity promptly requires the change of the several bits of seed key can change corresponding sub-key largely.In addition, the speed of key schedule should not influence the progress of work of encrypting or deciphering, and the parts that algorithm is realized under the software and hardware condition should have applicability and save resource as much as possible.
Block cipher key layout design for scheme should be observed design criterions such as above fail safe, speed, applicability.Mutual restriction between each design criterion, the key schedule of at present typical block cipher has characteristics and deficiency separately.The key schedule of a lot of typical cryptographic algorithms, key schedule as cryptographic algorithms such as AES, IDEA, KASUMI and SHACAL all can not be resisted specific cryptanalysis, as carrying out cryptanalytic key correlation attack at key schedule specially and ganging up against.Some algorithms such as RC6, MAPRS need take resources such as a large amount of calculating and storage when realizing, greatly reduce its practicality, and under resource-constrained situation, they can not be realized at a high speed, synchronous encryption and decryption are operated.The key schedule of taking into account performances such as fail safe and speed becomes designer's design object.
Summary of the invention
The purpose of this invention is to provide a kind of block cipher key schedule, support the length of 256 bit keys, generate the sub-key of specified quantity, be used for data encryption and deciphering.This key schedule comprises that initialization, sub-key iteration generating algorithm and sub-key choose algorithm, wherein, sub-key iteration generating algorithm is a core of the present invention, and 256 bit seed keys are imported this algorithm, can generate required several sub-keys of respectively taking turns of taking turns efficiently and safely.
For key length is that 8 of 256 bits are taken turns block cipher, needs 8 round key and 1 albefaction key, and each sub-key length is 256 bits, needs to generate the expanded keys of 2304 bits altogether.Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm, comprises that (1) initialization, (2) key iteration generating algorithm and (3) sub-key choose algorithm.
Technical scheme of the present invention is as follows:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W[0 successively]~W[7] as input; W[8]~W[79] be used for storing the sub-key that expansion generates;
B. calculate and generate sub-key (as shown in Figure 2), adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+ F Imod4+ t (i) }<<<(7i+3) mod32 (formula 1)
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-Φ is 4 constants, finds the solution by 5 rank roots of 32 rank primitive polynomials in the finite field, determines that the value of 4 constants is:;
■Φ 0=3C2D240E
■Φ 1=E4BB73F6
■Φ 2=B40B34CD
■Φ 3=6C9D6334
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left; As a<<<b represents the position a ring shift left b.
C. export sub-key: with array W[i] (i=8,9 ..., 79) in order of elements output be sub-key.
In formula 1, the implementation of described non-linear transform function FS is as follows: for described function F S (x), x represents the variable of long 32 bits, is write x as the form of 48 bit number parallel connections, i.e. x=x 1x 2x 3x 4, then
FS (x)=M (S 0(x 1), S 1(x 2), S 2(x 3), S 3(s 4)) (formula 2)
Wherein,
M ( y 1 , y 2 , y 3 , y 4 ) = 01 02 03 01 01 01 03 02 02 01 01 03 03 02 01 01 · y 1 y 2 y 3 y 4 ,
y 1, y 2, y 3, y 4Be GF (2 8) in element;
Element in the matrix is GF (2 8) in the hexadecimal representation of element;
S 0, S 1, S 2, S 3Be four different functions, the S box of expression 8 * 8; S 0Adopt the S box of the block cipher of encryption and decryption computing; S 1, S 2, S 3By S 0Generate, the generation method is as follows:
Figure BDA0000026492430000032
Figure BDA0000026492430000033
Figure BDA0000026492430000034
Figure BDA0000026492430000035
Figure BDA0000026492430000036
Figure BDA0000026492430000037
S described in the formula 2 0Select the S box of the supporting block cipher of key schedule for use, to reduce memory space, to improve operation efficiency.Most block ciphers all have satisfactory S box, as the S box of AES, 4 different S boxes of Camellia, 2 S boxes of SEED.Value is a self-defined S box (as table 1) when the form of block cipher S box is incompatible, can change the S box as required.Carrying out nonlinear operation with the S box is to guarantee good diffusion and non-linearity, the effective means of promoting fail safe.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 E4 80 65 7A C8 4B FB A8 93 E7 54 3A D7 0C B4 5B
1 89 61 B7 69 67 F1 74 7C A0 72 2E 4 D4 22 EB EC
2 A4 20 6E 97 87 8 17 DC 23 13 45 8F CF B8 B6 E6
3 CD FA 82 55 6D 91 57 92 F3 76 B2 2A 68 C7 9D 3
4 6B F6 59 CE E2 36 2F 5D 90 9E 88 21 BB 18 8A 86
5 0A 12 1D 27 60 98 E9 E3 66 D3 0B A1 3F 85 0F 33
6 8D 6C 6F 4F 8E 0E DF 10 B1 43 62 56 34 44 31 D2
7 AE 77 24 ED 99 7F CB DD AF BC 1F CC BD F0 A2 E0
8 FC 4A B0 7 0 94 DE 70 A9 F4 AB 73 D5 79 A6 1E
9 DA 16 EE 52 1C 53 E1 D0 58 30 37 19 F7 1A 28 96
A 63 46 A5 4C 29 F5 AC 39 D6 2C A3 B3 83 7E 11 EF
B 9B BA 6 3B DB 81 75 D1 6A 3E 7B 9F 7D 78 B5 8B
C 2 0D 9 4D 5A EA F2 C1 51 5C C5 2B D9 64 4E 48
D CA 47 2D 38 3D 71 8C E8 40 5 D8 B9 5E 3C BE C4
E F9 95 9C C3 FF 14 25 A7 1B 9A E5 C9 C0 50 32 5F
F 41 F8 AD BF C2 1 35 49 15 AA FD FE 26 C6 42 84
The S box that this algorithm of table 1 provides
In the formula 1 calculating by multinomial X -8+ X -7+ X -3+ X -2=1 determines, the array element of back is calculated as parameter by the 8th, 7,3,2 array element before it.Because this multinomial is a primitive polynomial, so guaranteed not repeating of the new array element that generates; Generate 1 new element by 4 element iteration, guaranteed the one-way of iteration function, it is invalid to make the key correlation attack analyze this key.
Take turns several block ciphers for wheel number other in [4,20] scope, only need to use the present invention according to data volume change array length.For example 10 take turns cryptographic algorithm, need 10 iteration keys and 1 albefaction key, then byte arrays changes W[8 into], W[9] ..., W[95].The rest may be inferred.
Beneficial effect of the present invention: algorithm provided by the invention has reduced the work internal memory, can efficiently generate sub-key expediently, have the higher realization speed of more general commercial block cipher, can satisfy requirement real-time encrypted and deciphering, simultaneously, this algorithm has than higher fail safe.
Description of drawings
Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm;
Fig. 2 is that sub-key generates the iterative algorithm schematic diagram.
Embodiment
The ins and outs such as step, scheme that generate sub-key that 8 key lengths of taking turns block cipher are 256 bits and albefaction sub-key by 256 bit seed keys are described below, so that thorough understanding of the present invention to be provided.
Implementing procedure figure according to Fig. 1.The present invention implements initialization, key iteration generating algorithm and sub-key successively and chooses steps such as algorithm.
In initialization, 256 bit seed keys are write array: W[0 successively], W[1], W[2] and, W[3], W[4] and, W[5], W[6] and, W[7], as input.W[8], W[9] ..., W[79] and be used for storing the sub-key that expansion generates.
Expanded keys is generated by sub-key iterative algorithm iteration, and the principle of expansion structure design, iteration function design and constant design and method are as described in the summary of the invention, and iterative process is shown in figure two.Initialized byte arrays input follow procedure is calculated:
for?i←8to 79
do
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+F imod?4+t(i)}<<<(7i+3)mod32
end
The expanded keys byte arrays that generates is chosen algorithm by key and is generated 8 sub-keys and 1 albefaction key, and principle is shown in summary of the invention, and program is as follows:
for?i←0to 8
output(W[8i+8],W[8i+9],…,W[8i+15])
end
It should be noted that, the purpose of publicizing and implementing example is to help further to understand the present invention, but it will be appreciated by those skilled in the art that: according to key schedule provided by the invention, generate the sub-key that other take turns number and key length, the performance at aspects such as fail safe, speed is of equal value.Therefore, the present invention should not be limited to the disclosed content of embodiment, and the scope of protection of present invention is as the criterion with the scope that claims define.

Claims (6)

1. a cipher key spreading method that is applied to block cipher encrypting and decrypting algorithm is characterized in that, the step that generates the wheel number and be 8 sub-key is as follows:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W[0 successively]~W[7] as input; W[8]~W[79] be used for storing the sub-key that expansion generates;
B. calculate and generate sub-key, adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+F imod?4+t(i)}<<<(7i+3)mod32
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-Φ is 4 constants;
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left;
C. export sub-key: with array W[i] (i=8,9 ..., 79) in order of elements output be sub-key.
2. the method for claim 1 is characterized in that, the implementation of described non-linear transform function FS is as follows:
For described function F S (x), x represents the variable of long 32 bits, is write x the form of 48 bit number parallel connections as, promptly
X=x 1x 2x 3x 4, FS (x)=M (S then 0(x 1), S 1(x 2), S 2(x 3), S 3(x 4)), wherein,
M ( y 1 , y 2 , y 3 , y 4 ) = 01 02 03 01 01 01 03 02 02 01 01 03 03 02 01 01 · y 1 y 2 y 3 y 4 ,
y 1, y 2, y 3, y 4Be GF (2 8) in element;
Element in the matrix is GF (2 8) in the hexadecimal representation of element;
S 0, S 1, S 2, S 3Be four different functions, the S box of expression 8 * 8; S 0Adopt the S box of the block cipher of supporting encryption and decryption computing; S 1, S 2, S 3By S 0Generate, the generation method is as follows:
Figure FDA0000026492420000021
Figure FDA0000026492420000022
Figure FDA0000026492420000023
Figure FDA0000026492420000024
Figure FDA0000026492420000025
3. method as claimed in claim 2 is characterized in that, described S 0Value be the S box of supporting block cipher.
4. method as claimed in claim 2 is characterized in that, described S 0Value be self-defined S box.
5. the method for claim 1 is characterized in that, the value of Φ is following 4 constants:
Φ 0=3C2D240E
Φ 1=E4BB73F6
Φ 2=B40B34CD
Φ 3=6C9D6334。
6. require 1 described method as claim, it is characterized in that, described to take turns several spans be 4~20.
CN2010102845521A 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher Expired - Fee Related CN101938351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010102845521A CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010102845521A CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Publications (2)

Publication Number Publication Date
CN101938351A true CN101938351A (en) 2011-01-05
CN101938351B CN101938351B (en) 2012-07-04

Family

ID=43391501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010102845521A Expired - Fee Related CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Country Status (1)

Country Link
CN (1) CN101938351B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624520A (en) * 2012-05-02 2012-08-01 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN102946315A (en) * 2012-11-19 2013-02-27 成都卫士通信息产业股份有限公司 Method and system for constructing MAC (Media Access Control) code by utilizing packet mode
CN104317552A (en) * 2014-11-06 2015-01-28 昆明通渡电气有限公司 True random number generator and method and true random number secret key encryption system and method
CN111147230A (en) * 2019-12-31 2020-05-12 东方红卫星移动通信有限公司 Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things
CN111400730A (en) * 2020-03-11 2020-07-10 西南石油大学 AES key expansion method based on weak correlation
CN111740816A (en) * 2019-03-25 2020-10-02 山东文斌信息安全技术有限公司 BWGCF block cipher algorithm realizing method
CN114826558A (en) * 2022-04-06 2022-07-29 郑州朗灵电子科技有限公司 Mass data rapid encryption method and system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108768615B (en) * 2018-05-16 2021-04-13 济南蓝剑钧新信息科技有限公司 ASIC chip implementation method of hash algorithm under same frame

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624520A (en) * 2012-05-02 2012-08-01 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN102624520B (en) * 2012-05-02 2014-10-29 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN102946315A (en) * 2012-11-19 2013-02-27 成都卫士通信息产业股份有限公司 Method and system for constructing MAC (Media Access Control) code by utilizing packet mode
CN102946315B (en) * 2012-11-19 2015-08-26 成都卫士通信息产业股份有限公司 A kind of method and system adopting packet mode to construct MAC code
CN104317552A (en) * 2014-11-06 2015-01-28 昆明通渡电气有限公司 True random number generator and method and true random number secret key encryption system and method
CN104317552B (en) * 2014-11-06 2018-04-13 合肥濯新光电科技有限公司 Real random number generator and method, true random number key cryptographic systems and method
CN111740816A (en) * 2019-03-25 2020-10-02 山东文斌信息安全技术有限公司 BWGCF block cipher algorithm realizing method
CN111740816B (en) * 2019-03-25 2023-03-31 山东文斌信息安全技术有限公司 BWGCF block cipher algorithm realizing method
CN111147230A (en) * 2019-12-31 2020-05-12 东方红卫星移动通信有限公司 Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things
CN111400730A (en) * 2020-03-11 2020-07-10 西南石油大学 AES key expansion method based on weak correlation
CN111400730B (en) * 2020-03-11 2022-03-08 西南石油大学 AES key expansion method based on weak correlation
CN114826558A (en) * 2022-04-06 2022-07-29 郑州朗灵电子科技有限公司 Mass data rapid encryption method and system

Also Published As

Publication number Publication date
CN101938351B (en) 2012-07-04

Similar Documents

Publication Publication Date Title
CN101938351B (en) Key expanding method for encrypting block cipher
CN102185692B (en) Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm
CN101764686B (en) Encryption method for network and information security
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
Panda Data security in wireless sensor networks via AES algorithm
CN104184579A (en) Lightweight block cipher VH algorithm based on dual pseudo-random transformation
Gueron et al. Comet: counter mode encryption with authentication tag
CN101848081A (en) S box and construction method thereof
CN101841415A (en) Word-oriented key stream generating method and encrypting method
CN101826959B (en) Byte-oriented key stream generation method and encryption method
Fadhil et al. A new lightweight AES using a combination of chaotic systems
Alemami et al. Advanced approach for encryption using advanced encryption standard with chaotic map
CN104320420A (en) SCADA file encryption method based on AES algorithm
Murtaza et al. Parallelized key expansion algorithm for advanced encryption standard
Wenceslao Jr Enhancing the performance of the advanced encryption standard (AES) algorithm using multiple substitution boxes
Stoianov One approach of using key-dependent S-BOXes in AES
US20210036840A1 (en) Enhanced randomness for digital systems
Jingmei et al. One AES S-box to increase complexity and its cryptanalysis
Samiah et al. An efficient software implementation of AES-CCM for IEEE 802.11 i Wireless St
Santhanalakshmi et al. Enhanced AES-256 cipher round algorithm for IoT applications
CN101938352A (en) Block cipher software encrypting method
CN107147626A (en) The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms
CN116318669A (en) Lightweight encryption method based on narrowband Internet of things
CN105391546A (en) Lightweight block cipher technology VHF based on double pseudo random transformation and Feistel structure
CN105162580A (en) Lightweight stream cipher technology VHO based on OFB mode and block cipher VH

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120704

Termination date: 20150916

EXPY Termination of patent right or utility model