CN101938351B - Key expanding method for encrypting block cipher - Google Patents
Key expanding method for encrypting block cipher Download PDFInfo
- Publication number
- CN101938351B CN101938351B CN2010102845521A CN201010284552A CN101938351B CN 101938351 B CN101938351 B CN 101938351B CN 2010102845521 A CN2010102845521 A CN 2010102845521A CN 201010284552 A CN201010284552 A CN 201010284552A CN 101938351 B CN101938351 B CN 101938351B
- Authority
- CN
- China
- Prior art keywords
- key
- sub
- block cipher
- array
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a key expanding method for a block cipher algorithm, which is used for generating each round of subkeys in the block cipher algorithm. The method provided by the invention mainly comprises the following step of calculating an iteration function for generating a subkey, wherein the iteration function is formed by a nonlinear operation, a constant operation and a cycle shift operation. The method provided by the invention can effectively and conveniently generate the subkeys, effectively reduce storage space, has higher realizing speed compared with a common commercial block cipher algorithm, can meet the requirements on real-time encryption and decryption, and simultaneously has higher safety.
Description
Technical field
The present invention relates to the method for a kind of data encryption and deciphering, be specifically related to a kind of cipher key spreading method of block cipher, what be used to generate block cipher respectively takes turns sub-key.
Background technology
Information age computer technology fast development; Block cipher because have speed fast, be easy to standardization and be convenient to characteristics such as software and hardware realization; Become the core cryptographic algorithm of realizing data encryption, message discriminating, authentication and key management in the information security field, in field extensive uses such as computer, communications.
Block cipher is that the original data sequence that needs data protection (promptly expressly) is divided into groups, and each is grouped in carries out cryptographic operation under the key effect, with expressly converting the irregular data (being ciphertext) that can not discern into.Ciphertext is transmitted to guarantee data security, and data receiving uses same group key can decrypt ciphertext be plaintext.The block cipher cryptographic operation is usually through too much round function effect, and each is taken turns all needs one group of corresponding sub-key.In the implementation process of encryption and decryption, communicating pair is only shared one group of initial seed key, with the sub-key that seed key expansion generation needs, reduces memory space, the traffic through key schedule, improves systematic function.
The key schedule of exemplary packet cryptographic algorithm is applicable to that usually key length is the cipher key spreading of 128 bits, 192 bits or 256 bits at present.256 bit keys length are a kind of typical key lengths during block cipher is used; Under the pressure of data security; 256 bit clear packets receive encryption design person's favor day by day; The key frequency of utilization of corresponding 256 bit lengths progressively promotes, and therefore, the block cipher that designs 256 bit keys length will have very strong practicality.
Key schedule at first will guarantee fail safe, promptly requires the design of key schedule to have sub-key statistical independence and sensitivity.Statistical independence promptly requires not exist between the sub-key simple relation, and sensitivity promptly requires the change of the several bits of seed key can change corresponding sub-key largely.In addition, the speed of key schedule should not influence the progress of work of encrypting or deciphering, and the parts that algorithm is realized under the software and hardware condition should have applicability and save resource as much as possible.
Block cipher key layout design for scheme should be observed design criterions such as above fail safe, speed, applicability.Mutual restriction between each design criterion, the key schedule of at present typical block cipher has separately characteristics and deficiency.The key schedule of a lot of typical cryptographic algorithms; Key schedule like cryptographic algorithms such as AES, IDEA, KASUMI and SHACAL all can not be resisted specific cryptanalysis, as carrying out cryptanalytic key correlation attack to key schedule specially and ganging up against.Some algorithms such as RC6, MAPRS need take resources such as a large amount of calculating and storage when realizing, greatly reduce its practicality, and under resource-constrained situation, they can not be realized at a high speed, synchronous encryption and decryption are operated.The key schedule of taking into account performances such as fail safe and speed becomes designer's design object.
Summary of the invention
The purpose of this invention is to provide a kind of block cipher key schedule, support the length of 256 bit keys, generate the sub-key of specified quantity, be used for data encryption and deciphering.This key schedule comprises that initialization, sub-key iteration generating algorithm and sub-key choose algorithm; Wherein, Sub-key iteration generating algorithm is a core of the present invention, with this algorithm of 256 bit seed keys inputs, can generate required several sub-keys of respectively taking turns of taking turns efficiently and safely.
For key length is that 8 of 256 bits are taken turns block cipher, needs 8 round key and 1 albefaction key, and each sub-key length is 256 bits, need generate the expanded keys of 2304 bits altogether.Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm, comprises that (1) initialization, (2) key iteration generating algorithm and (3) sub-key choose algorithm.
Technical scheme of the present invention is following:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is complied with
Inferior array W [the 0]~W [7] that writes is as input; W [8]~W [79] is used for storing the sub-key that expansion generates;
B. calculate and generate sub-key (as shown in Figure 2), adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+ Φ
Imod4+ t (i) }<<<(7i+3) mod32 (formula 1)
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-φ is 4 constants, finds the solution through 5 rank roots of 32 rank primitive polynomials in the finite field, confirms that the value of 4 constants is:;
■φ
0=3C2D240E
■φ
1=E4BB73F6
■φ
2=B40B34CD
■φ
3=6C9D6334
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left; As a<<<b representes the position a ring shift left b.
C. export sub-key: with array W [i] (i=8,9 ..., 79) in order of elements output be sub-key.
In formula 1, the implementation of said non-linear transform function FS is following:
For said function F S (x), x representes the variable of long 32 bits, is write x as the form of 48 bit number parallel connections, i.e. x=x
1x
2x
3x
4, then
FS (x)=M (S
0(x
1), S
1(x
2), S
2(x
3), S
3(x
4)) (formula 2)
Wherein,
y
1, y
2, y
3, y
4Be GF (2
8) in element;
Element in the matrix is GF (2
8) in the hexadecimal representation of element;
S
0, S
1, S
2, S
3Be four different functions, the S box of expression 8 * 8; S
0Adopt the S box of the block cipher of encryption and decryption computing; S
1, S
2, S
3By S
0Generate, the generation method is following:
S
1:GF?2
8→GF?2
8
x=S
0?x>>>1;
S
2:GF?2
8→GF?2
8
S
3:GF?2
8→GF?2
8
S described in the formula 2
0Select the S box of the supporting block cipher of key schedule for use, to reduce memory space, to improve operation efficiency.Most block ciphers all have satisfactory S box, like the S box of AES, 4 different S boxes of Camellia, 2 S boxes of SEED.Value is a self-defined S box (like table 1) when the form of block cipher S box is incompatible, can change the S box as required.Carrying out nonlinear operation with the S box is to guarantee good diffusion property and non-linearity, the effective means of promoting fail safe.
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | |
0 | E4 | 80 | 65 | 7A | C8 | 4B | FB | A8 | 93 | E7 | 54 | 3A | D7 | 0C | B4 | 5B |
1 | 89 | 61 | B7 | 69 | 67 | F1 | 74 | 7C | A0 | 72 | 2E | 4 | D4 | 22 | EB | EC |
2 | A4 | 20 | 6E | 97 | 87 | 8 | 17 | DC | 23 | 13 | 45 | 8F | CF | B8 | B6 | E6 |
3 | CD | FA | 82 | 55 | 6D | 91 | 57 | 92 | F3 | 76 | B2 | 2A | 68 | C7 | 9D | 3 |
4 | 6B | F6 | 59 | CE | E2 | 36 | 2F | 5D | 90 | 9E | 88 | 21 | BB | 18 | 8A | 86 |
5 | 0A | 12 | 1D | 27 | 60 | 98 | E9 | E3 | 66 | D3 | 0B | A1 | 3F | 85 | 0F | 33 |
6 | 8D | 6C | 6F | 4F | 8E | 0E | DF | 10 | B1 | 43 | 62 | 56 | 34 | 44 | 31 | D2 |
7 | AE | 77 | 24 | ED | 99 | 7F | CB | DD | AF | BC | 1F | CC | BD | F0 | A2 | E0 |
8 | FC | 4A | B0 | 7 | 0 | 94 | DE | 70 | A9 | F4 | AB | 73 | D5 | 79 | A6 | 1E |
9 | DA | 16 | EE | 52 | 1C | 53 | E1 | D0 | 58 | 30 | 37 | 19 | F7 | 1A | 28 | 96 |
A | 63 | 46 | A5 | 4C | 29 | F5 | AC | 39 | D6 | 2C | A3 | B3 | 83 | 7E | 11 | EF |
B | 9B | BA | 6 | 3B | DB | 81 | 75 | D1 | 6A | 3E | 7B | 9F | 7D | 78 | B5 | 8B |
C | 2 | 0D | 9 | 4D | 5A | EA | F2 | C1 | 51 | 5C | C5 | 2B | D9 | 64 | 4E | 48 |
D | CA | 47 | 2D | 38 | 3D | 71 | 8C | E8 | 40 | 5 | D8 | B9 | 5E | 3C | BE | C4 |
E | F9 | 95 | 9C | C3 | FF | 14 | 25 | A7 | 1B | 9A | E5 | C9 | C0 | 50 | 32 | 5F |
F | 41 | F8 | AD | BF | C2 | 1 | 35 | 49 | 15 | AA | FD | FE | 26 | C6 | 42 | 84 |
The S box that this algorithm of table 1 provides
In the formula 1 calculating by multinomial X
-8+ X
-7+ X
-3+ X
-2=1 confirms, the array element of back is calculated as parameter by the 8th, 7,3,2 array element before it.Because this multinomial is a primitive polynomial, not the repeating of the new array element that has so guaranteed to generate; Generate 1 new element by 4 element iteration, guaranteed the one-way of iteration function, it is invalid to make the key correlation attack analyze this key.
Take turns several block ciphers for wheel number other in [4,20] scope, only need to use the present invention according to data volume change array length.For example 10 take turns cryptographic algorithm, need 10 iteration keys and 1 albefaction key, then byte arrays changes W [8] into, W [9] ..., W [95].The rest may be inferred.
Beneficial effect of the present invention: algorithm provided by the invention has reduced the work internal memory; Can efficiently generate sub-key expediently, have the higher realization speed of more general commercial block cipher, can satisfy requirement real-time encrypted and deciphering; Simultaneously, this algorithm has than higher fail safe.
Description of drawings
Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm;
Fig. 2 is that sub-key generates the iterative algorithm sketch map.
Embodiment
Describe below through 256 bit seed keys generate 8 take turns block cipher key length be the ins and outs such as step, scheme of sub-key and the albefaction sub-key of 256 bits, so that thorough understanding of the present invention to be provided.
Implementing procedure figure according to Fig. 1.The present invention implements initialization, key iteration generating algorithm and sub-key successively and chooses steps such as algorithm.
In initialization, 256 bit seed keys are write array: W [0] successively, W [1], W [2], W [3], W [4], W [5], W [6], W [7] is as input.W [8], W [9] ..., W [79] is used for storing the sub-key that expansion generates.
Expanded keys is generated by sub-key iterative algorithm iteration, and the principle of expansion structure design, iteration function design and constant design and method such as summary of the invention are said, and iterative process is shown in figure two.Initialized byte arrays input follow procedure is calculated:
for?i←8?to?79
do
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+Φ
imod4+t(i)}<<<(7i+3)mod32
end
The expanded keys byte arrays that generates is chosen algorithm through key and is generated 8 sub-key and 1 albefaction key, and principle is shown in summary of the invention, and program is following:
for?i←0?to?8
output(W[8i+8],W[8i+9],…,W[8i+15])
end
It should be noted that; The purpose of publicizing and implementing example is to help further to understand the present invention; But it will be appreciated by those skilled in the art that: according to key schedule provided by the invention; Generate the sub-key that other take turns number and key length, the performance at aspects such as fail safe, speed is of equal value.Therefore, the present invention should not be limited to the disclosed content of embodiment, and the scope that the present invention requires to protect is as the criterion with the scope that claims define.
Claims (1)
1. a cipher key spreading method that is applied to block cipher encrypting and decrypting algorithm is characterized in that, generation wheel number is 8 sub-key, is used for data encryption and deciphering, and concrete steps are following:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W [0]~W [7] successively as input; W [8]~W [79] is used for storing the sub-key that expansion generates;
B. calculate and generate sub-key, adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+Φ
imod4+t(i)}<<<(7i+3)mod32
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-φ is 4 constants:
φ
0=3C2D240E
φ
1=E4BB73F6
φ
2=B40B34CD
φ
3=6C9D6334;
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left;
C. export sub-key: with array W [i] (i=8,9 ..., 79) in order of elements output be sub-key;
Wherein, the implementation of said non-linear transform function FS is following:
For said function F S (x), x representes the variable of long 32 bits, is write x the form of 48 bit number parallel connections as, promptly
X=x
1x
2x
3x
4, FS (x)=M (S then
0(x
1), S
1(x
2), S
2(x
3), S
3(x
4)), wherein,
y
1, y
2, y
3, y
4Be GF (2
8) in element;
Element in the matrix is GF (2
8) in the hexadecimal representation of element;
S
0, S
1, S
2, S
3Be four different functions, the S box of expression 8 * 8; S
0Adopt the S box or the self-defined S box of the block cipher of supporting encryption and decryption computing; S
1, S
2, S
3By S
0Generate, the generation method is following:
S
1:GF?2
8→GF?2
8
S
2:GF?2
8→GF?2
8
S
2:GF?2
8→GF?2
8
。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102845521A CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102845521A CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101938351A CN101938351A (en) | 2011-01-05 |
CN101938351B true CN101938351B (en) | 2012-07-04 |
Family
ID=43391501
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010102845521A Expired - Fee Related CN101938351B (en) | 2010-09-16 | 2010-09-16 | Key expanding method for encrypting block cipher |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101938351B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106712930A (en) * | 2017-01-24 | 2017-05-24 | 北京炼石网络技术有限公司 | SM4 encryption method and device |
CN108768615B (en) * | 2018-05-16 | 2021-04-13 | 济南蓝剑钧新信息科技有限公司 | ASIC chip implementation method of hash algorithm under same frame |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624520B (en) * | 2012-05-02 | 2014-10-29 | 西安电子科技大学 | 192 bit key expansion system and method based on AES (Advanced Encryption Standard) |
CN102946315B (en) * | 2012-11-19 | 2015-08-26 | 成都卫士通信息产业股份有限公司 | A kind of method and system adopting packet mode to construct MAC code |
CN104317552B (en) * | 2014-11-06 | 2018-04-13 | 合肥濯新光电科技有限公司 | Real random number generator and method, true random number key cryptographic systems and method |
CN111740816B (en) * | 2019-03-25 | 2023-03-31 | 山东文斌信息安全技术有限公司 | BWGCF block cipher algorithm realizing method |
CN111147230A (en) * | 2019-12-31 | 2020-05-12 | 东方红卫星移动通信有限公司 | Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things |
CN111400730B (en) * | 2020-03-11 | 2022-03-08 | 西南石油大学 | AES key expansion method based on weak correlation |
CN114826558B (en) * | 2022-04-06 | 2023-06-30 | 北京联诚合创信息技术有限公司 | Method and system for quickly encrypting mass data |
-
2010
- 2010-09-16 CN CN2010102845521A patent/CN101938351B/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106712930A (en) * | 2017-01-24 | 2017-05-24 | 北京炼石网络技术有限公司 | SM4 encryption method and device |
CN108768615B (en) * | 2018-05-16 | 2021-04-13 | 济南蓝剑钧新信息科技有限公司 | ASIC chip implementation method of hash algorithm under same frame |
Also Published As
Publication number | Publication date |
---|---|
CN101938351A (en) | 2011-01-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101938351B (en) | Key expanding method for encrypting block cipher | |
CN102185692B (en) | Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm | |
CN101764686B (en) | Encryption method for network and information security | |
Panda | Data security in wireless sensor networks via AES algorithm | |
CN104184579A (en) | Lightweight block cipher VH algorithm based on dual pseudo-random transformation | |
CN113078997B (en) | Terminal protection method based on lightweight cryptographic algorithm | |
CN101841415A (en) | Word-oriented key stream generating method and encrypting method | |
CN101848081A (en) | S box and construction method thereof | |
Gueron et al. | Comet: counter mode encryption with authentication tag | |
CN101826959B (en) | Byte-oriented key stream generation method and encryption method | |
Fadhil et al. | A new lightweight AES using a combination of chaotic systems | |
Alemami et al. | Advanced approach for encryption using advanced encryption standard with chaotic map | |
CN104320420A (en) | SCADA file encryption method based on AES algorithm | |
Murtaza et al. | Parallelized key expansion algorithm for advanced encryption standard | |
Jean et al. | Deoxys v1. 3 | |
Wenceslao Jr | Enhancing the performance of the advanced encryption standard (AES) algorithm using multiple substitution boxes | |
Jingmei et al. | One AES S-box to increase complexity and its cryptanalysis | |
Stoianov | One approach of using key-dependent S-BOXes in AES | |
CN101938352A (en) | Block cipher software encrypting method | |
CN107147626A (en) | The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms | |
CN105391546A (en) | Lightweight block cipher technology VHF based on double pseudo random transformation and Feistel structure | |
CN105162580A (en) | Lightweight stream cipher technology VHO based on OFB mode and block cipher VH | |
CN101848079B (en) | Perturbation method and encryption method for character-oriented sequence with memory | |
CN105577362B (en) | A kind of byte replacement method and system applied to aes algorithm | |
Bao et al. | Quantum multi-collision distinguishers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 Termination date: 20150916 |
|
EXPY | Termination of patent right or utility model |