CN101938351B - Key expanding method for encrypting block cipher - Google Patents

Key expanding method for encrypting block cipher Download PDF

Info

Publication number
CN101938351B
CN101938351B CN2010102845521A CN201010284552A CN101938351B CN 101938351 B CN101938351 B CN 101938351B CN 2010102845521 A CN2010102845521 A CN 2010102845521A CN 201010284552 A CN201010284552 A CN 201010284552A CN 101938351 B CN101938351 B CN 101938351B
Authority
CN
China
Prior art keywords
key
sub
block cipher
array
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010102845521A
Other languages
Chinese (zh)
Other versions
CN101938351A (en
Inventor
郑志明
张筱
高莹
王钊
邱望洁
王文华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN2010102845521A priority Critical patent/CN101938351B/en
Publication of CN101938351A publication Critical patent/CN101938351A/en
Application granted granted Critical
Publication of CN101938351B publication Critical patent/CN101938351B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a key expanding method for a block cipher algorithm, which is used for generating each round of subkeys in the block cipher algorithm. The method provided by the invention mainly comprises the following step of calculating an iteration function for generating a subkey, wherein the iteration function is formed by a nonlinear operation, a constant operation and a cycle shift operation. The method provided by the invention can effectively and conveniently generate the subkeys, effectively reduce storage space, has higher realizing speed compared with a common commercial block cipher algorithm, can meet the requirements on real-time encryption and decryption, and simultaneously has higher safety.

Description

A kind of realization block cipher encrypted secret key extended method
Technical field
The present invention relates to the method for a kind of data encryption and deciphering, be specifically related to a kind of cipher key spreading method of block cipher, what be used to generate block cipher respectively takes turns sub-key.
Background technology
Information age computer technology fast development; Block cipher because have speed fast, be easy to standardization and be convenient to characteristics such as software and hardware realization; Become the core cryptographic algorithm of realizing data encryption, message discriminating, authentication and key management in the information security field, in field extensive uses such as computer, communications.
Block cipher is that the original data sequence that needs data protection (promptly expressly) is divided into groups, and each is grouped in carries out cryptographic operation under the key effect, with expressly converting the irregular data (being ciphertext) that can not discern into.Ciphertext is transmitted to guarantee data security, and data receiving uses same group key can decrypt ciphertext be plaintext.The block cipher cryptographic operation is usually through too much round function effect, and each is taken turns all needs one group of corresponding sub-key.In the implementation process of encryption and decryption, communicating pair is only shared one group of initial seed key, with the sub-key that seed key expansion generation needs, reduces memory space, the traffic through key schedule, improves systematic function.
The key schedule of exemplary packet cryptographic algorithm is applicable to that usually key length is the cipher key spreading of 128 bits, 192 bits or 256 bits at present.256 bit keys length are a kind of typical key lengths during block cipher is used; Under the pressure of data security; 256 bit clear packets receive encryption design person's favor day by day; The key frequency of utilization of corresponding 256 bit lengths progressively promotes, and therefore, the block cipher that designs 256 bit keys length will have very strong practicality.
Key schedule at first will guarantee fail safe, promptly requires the design of key schedule to have sub-key statistical independence and sensitivity.Statistical independence promptly requires not exist between the sub-key simple relation, and sensitivity promptly requires the change of the several bits of seed key can change corresponding sub-key largely.In addition, the speed of key schedule should not influence the progress of work of encrypting or deciphering, and the parts that algorithm is realized under the software and hardware condition should have applicability and save resource as much as possible.
Block cipher key layout design for scheme should be observed design criterions such as above fail safe, speed, applicability.Mutual restriction between each design criterion, the key schedule of at present typical block cipher has separately characteristics and deficiency.The key schedule of a lot of typical cryptographic algorithms; Key schedule like cryptographic algorithms such as AES, IDEA, KASUMI and SHACAL all can not be resisted specific cryptanalysis, as carrying out cryptanalytic key correlation attack to key schedule specially and ganging up against.Some algorithms such as RC6, MAPRS need take resources such as a large amount of calculating and storage when realizing, greatly reduce its practicality, and under resource-constrained situation, they can not be realized at a high speed, synchronous encryption and decryption are operated.The key schedule of taking into account performances such as fail safe and speed becomes designer's design object.
Summary of the invention
The purpose of this invention is to provide a kind of block cipher key schedule, support the length of 256 bit keys, generate the sub-key of specified quantity, be used for data encryption and deciphering.This key schedule comprises that initialization, sub-key iteration generating algorithm and sub-key choose algorithm; Wherein, Sub-key iteration generating algorithm is a core of the present invention, with this algorithm of 256 bit seed keys inputs, can generate required several sub-keys of respectively taking turns of taking turns efficiently and safely.
For key length is that 8 of 256 bits are taken turns block cipher, needs 8 round key and 1 albefaction key, and each sub-key length is 256 bits, need generate the expanded keys of 2304 bits altogether.Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm, comprises that (1) initialization, (2) key iteration generating algorithm and (3) sub-key choose algorithm.
Technical scheme of the present invention is following:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is complied with
Inferior array W [the 0]~W [7] that writes is as input; W [8]~W [79] is used for storing the sub-key that expansion generates;
B. calculate and generate sub-key (as shown in Figure 2), adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
+ Φ Imod4+ t (i) }<<<(7i+3) mod32 (formula 1)
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-φ is 4 constants, finds the solution through 5 rank roots of 32 rank primitive polynomials in the finite field, confirms that the value of 4 constants is:;
■φ 0=3C2D240E
■φ 1=E4BB73F6
■φ 2=B40B34CD
■φ 3=6C9D6334
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left; As a<<<b representes the position a ring shift left b.
C. export sub-key: with array W [i] (i=8,9 ..., 79) in order of elements output be sub-key.
In formula 1, the implementation of said non-linear transform function FS is following:
For said function F S (x), x representes the variable of long 32 bits, is write x as the form of 48 bit number parallel connections, i.e. x=x 1x 2x 3x 4, then
FS (x)=M (S 0(x 1), S 1(x 2), S 2(x 3), S 3(x 4)) (formula 2)
Wherein,
M ( y 1 , y 2 , y 3 , y 4 ) = 01 02 03 01 01 01 03 02 02 01 01 03 03 02 01 01 · y 1 y 2 y 3 y 4 ,
y 1, y 2, y 3, y 4Be GF (2 8) in element;
Element in the matrix is GF (2 8) in the hexadecimal representation of element;
S 0, S 1, S 2, S 3Be four different functions, the S box of expression 8 * 8; S 0Adopt the S box of the block cipher of encryption and decryption computing; S 1, S 2, S 3By S 0Generate, the generation method is following:
S 1:GF?2 8→GF?2 8
x=S 0?x>>>1;
S 2:GF?2 8→GF?2 8
Figure GDA0000152225570000033
x=S 0?x<<<1;
S 3:GF?2 8→GF?2 8
Figure GDA0000152225570000034
x=S 0<<<1
S described in the formula 2 0Select the S box of the supporting block cipher of key schedule for use, to reduce memory space, to improve operation efficiency.Most block ciphers all have satisfactory S box, like the S box of AES, 4 different S boxes of Camellia, 2 S boxes of SEED.Value is a self-defined S box (like table 1) when the form of block cipher S box is incompatible, can change the S box as required.Carrying out nonlinear operation with the S box is to guarantee good diffusion property and non-linearity, the effective means of promoting fail safe.
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 E4 80 65 7A C8 4B FB A8 93 E7 54 3A D7 0C B4 5B
1 89 61 B7 69 67 F1 74 7C A0 72 2E 4 D4 22 EB EC
2 A4 20 6E 97 87 8 17 DC 23 13 45 8F CF B8 B6 E6
3 CD FA 82 55 6D 91 57 92 F3 76 B2 2A 68 C7 9D 3
4 6B F6 59 CE E2 36 2F 5D 90 9E 88 21 BB 18 8A 86
5 0A 12 1D 27 60 98 E9 E3 66 D3 0B A1 3F 85 0F 33
6 8D 6C 6F 4F 8E 0E DF 10 B1 43 62 56 34 44 31 D2
7 AE 77 24 ED 99 7F CB DD AF BC 1F CC BD F0 A2 E0
8 FC 4A B0 7 0 94 DE 70 A9 F4 AB 73 D5 79 A6 1E
9 DA 16 EE 52 1C 53 E1 D0 58 30 37 19 F7 1A 28 96
A 63 46 A5 4C 29 F5 AC 39 D6 2C A3 B3 83 7E 11 EF
B 9B BA 6 3B DB 81 75 D1 6A 3E 7B 9F 7D 78 B5 8B
C 2 0D 9 4D 5A EA F2 C1 51 5C C5 2B D9 64 4E 48
D CA 47 2D 38 3D 71 8C E8 40 5 D8 B9 5E 3C BE C4
E F9 95 9C C3 FF 14 25 A7 1B 9A E5 C9 C0 50 32 5F
F 41 F8 AD BF C2 1 35 49 15 AA FD FE 26 C6 42 84
The S box that this algorithm of table 1 provides
In the formula 1 calculating by multinomial X -8+ X -7+ X -3+ X -2=1 confirms, the array element of back is calculated as parameter by the 8th, 7,3,2 array element before it.Because this multinomial is a primitive polynomial, not the repeating of the new array element that has so guaranteed to generate; Generate 1 new element by 4 element iteration, guaranteed the one-way of iteration function, it is invalid to make the key correlation attack analyze this key.
Take turns several block ciphers for wheel number other in [4,20] scope, only need to use the present invention according to data volume change array length.For example 10 take turns cryptographic algorithm, need 10 iteration keys and 1 albefaction key, then byte arrays changes W [8] into, W [9] ..., W [95].The rest may be inferred.
Beneficial effect of the present invention: algorithm provided by the invention has reduced the work internal memory; Can efficiently generate sub-key expediently, have the higher realization speed of more general commercial block cipher, can satisfy requirement real-time encrypted and deciphering; Simultaneously, this algorithm has than higher fail safe.
Description of drawings
Fig. 1 is the implementing procedure figure of iteration type password expansion algorithm;
Fig. 2 is that sub-key generates the iterative algorithm sketch map.
Embodiment
Describe below through 256 bit seed keys generate 8 take turns block cipher key length be the ins and outs such as step, scheme of sub-key and the albefaction sub-key of 256 bits, so that thorough understanding of the present invention to be provided.
Implementing procedure figure according to Fig. 1.The present invention implements initialization, key iteration generating algorithm and sub-key successively and chooses steps such as algorithm.
In initialization, 256 bit seed keys are write array: W [0] successively, W [1], W [2], W [3], W [4], W [5], W [6], W [7] is as input.W [8], W [9] ..., W [79] is used for storing the sub-key that expansion generates.
Expanded keys is generated by sub-key iterative algorithm iteration, and the principle of expansion structure design, iteration function design and constant design and method such as summary of the invention are said, and iterative process is shown in figure two.Initialized byte arrays input follow procedure is calculated:
for?i←8?to?79
do
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
imod4+t(i)}<<<(7i+3)mod32
end
The expanded keys byte arrays that generates is chosen algorithm through key and is generated 8 sub-key and 1 albefaction key, and principle is shown in summary of the invention, and program is following:
for?i←0?to?8
output(W[8i+8],W[8i+9],…,W[8i+15])
end
It should be noted that; The purpose of publicizing and implementing example is to help further to understand the present invention; But it will be appreciated by those skilled in the art that: according to key schedule provided by the invention; Generate the sub-key that other take turns number and key length, the performance at aspects such as fail safe, speed is of equal value.Therefore, the present invention should not be limited to the disclosed content of embodiment, and the scope that the present invention requires to protect is as the criterion with the scope that claims define.

Claims (1)

1. a cipher key spreading method that is applied to block cipher encrypting and decrypting algorithm is characterized in that, generation wheel number is 8 sub-key, is used for data encryption and deciphering, and concrete steps are following:
A. initialization:
Definition length is 80 array W, and the length of element of this array is 32 bits; The seed key of 256 bits is write array W [0]~W [7] successively as input; W [8]~W [79] is used for storing the sub-key that expansion generates;
B. calculate and generate sub-key, adopt following iteration function:
W[i]={FS(W[i-8])+FS(W[i-7])+FS(W[i-3])+FS(W[i-2])
imod4+t(i)}<<<(7i+3)mod32
Wherein:
-i is an array index, carries out iteration, i≤79 since 8 each increases by 1;
-FS is a non-linear transform function;
The value of-φ is 4 constants:
φ 0=3C2D240E
φ 1=E4BB73F6
φ 2=B40B34CD
φ 3=6C9D6334;
-t is a function, is used for its parameter is converted into binary representation;
-"<<<" the expression ring shift left;
C. export sub-key: with array W [i] (i=8,9 ..., 79) in order of elements output be sub-key;
Wherein, the implementation of said non-linear transform function FS is following:
For said function F S (x), x representes the variable of long 32 bits, is write x the form of 48 bit number parallel connections as, promptly
X=x 1x 2x 3x 4, FS (x)=M (S then 0(x 1), S 1(x 2), S 2(x 3), S 3(x 4)), wherein,
M ( y 1 , y 2 , y 3 , y 4 ) = 01 02 03 01 01 01 03 02 02 01 01 03 03 02 01 01 · y 1 y 2 y 3 y 4 ,
y 1, y 2, y 3, y 4Be GF (2 8) in element;
Element in the matrix is GF (2 8) in the hexadecimal representation of element;
S 0, S 1, S 2, S 3Be four different functions, the S box of expression 8 * 8; S 0Adopt the S box or the self-defined S box of the block cipher of supporting encryption and decryption computing; S 1, S 2, S 3By S 0Generate, the generation method is following:
S 1:GF?2 8→GF?2 8
Figure FDA0000152225560000021
x=S 0?x>>>1;
S 2:GF?2 8→GF?2 8
Figure FDA0000152225560000022
x=S 0?x<<<1;
S 2:GF?2 8→GF?2 8
Figure FDA0000152225560000023
x=S 0<<<1
CN2010102845521A 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher Expired - Fee Related CN101938351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010102845521A CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010102845521A CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Publications (2)

Publication Number Publication Date
CN101938351A CN101938351A (en) 2011-01-05
CN101938351B true CN101938351B (en) 2012-07-04

Family

ID=43391501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010102845521A Expired - Fee Related CN101938351B (en) 2010-09-16 2010-09-16 Key expanding method for encrypting block cipher

Country Status (1)

Country Link
CN (1) CN101938351B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108768615B (en) * 2018-05-16 2021-04-13 济南蓝剑钧新信息科技有限公司 ASIC chip implementation method of hash algorithm under same frame

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624520B (en) * 2012-05-02 2014-10-29 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN102946315B (en) * 2012-11-19 2015-08-26 成都卫士通信息产业股份有限公司 A kind of method and system adopting packet mode to construct MAC code
CN104317552B (en) * 2014-11-06 2018-04-13 合肥濯新光电科技有限公司 Real random number generator and method, true random number key cryptographic systems and method
CN111740816B (en) * 2019-03-25 2023-03-31 山东文斌信息安全技术有限公司 BWGCF block cipher algorithm realizing method
CN111147230A (en) * 2019-12-31 2020-05-12 东方红卫星移动通信有限公司 Information encryption transmission method between light-weight satellites based on low-earth orbit satellite Internet of things
CN111400730B (en) * 2020-03-11 2022-03-08 西南石油大学 AES key expansion method based on weak correlation
CN114826558B (en) * 2022-04-06 2023-06-30 北京联诚合创信息技术有限公司 Method and system for quickly encrypting mass data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108768615B (en) * 2018-05-16 2021-04-13 济南蓝剑钧新信息科技有限公司 ASIC chip implementation method of hash algorithm under same frame

Also Published As

Publication number Publication date
CN101938351A (en) 2011-01-05

Similar Documents

Publication Publication Date Title
CN101938351B (en) Key expanding method for encrypting block cipher
CN102185692B (en) Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm
CN101764686B (en) Encryption method for network and information security
Panda Data security in wireless sensor networks via AES algorithm
CN104184579A (en) Lightweight block cipher VH algorithm based on dual pseudo-random transformation
CN113078997B (en) Terminal protection method based on lightweight cryptographic algorithm
CN101841415A (en) Word-oriented key stream generating method and encrypting method
CN101848081A (en) S box and construction method thereof
Gueron et al. Comet: counter mode encryption with authentication tag
CN101826959B (en) Byte-oriented key stream generation method and encryption method
Fadhil et al. A new lightweight AES using a combination of chaotic systems
Alemami et al. Advanced approach for encryption using advanced encryption standard with chaotic map
CN104320420A (en) SCADA file encryption method based on AES algorithm
Murtaza et al. Parallelized key expansion algorithm for advanced encryption standard
Jean et al. Deoxys v1. 3
Wenceslao Jr Enhancing the performance of the advanced encryption standard (AES) algorithm using multiple substitution boxes
Jingmei et al. One AES S-box to increase complexity and its cryptanalysis
Stoianov One approach of using key-dependent S-BOXes in AES
CN101938352A (en) Block cipher software encrypting method
CN107147626A (en) The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms
CN105391546A (en) Lightweight block cipher technology VHF based on double pseudo random transformation and Feistel structure
CN105162580A (en) Lightweight stream cipher technology VHO based on OFB mode and block cipher VH
CN101848079B (en) Perturbation method and encryption method for character-oriented sequence with memory
CN105577362B (en) A kind of byte replacement method and system applied to aes algorithm
Bao et al. Quantum multi-collision distinguishers

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120704

Termination date: 20150916

EXPY Termination of patent right or utility model