CN102185692A - Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm - Google Patents

Abstract

The invention discloses a multimode reconfigurable encryption method based on an advanced encryption standard (AES) encryption algorithm. In the method, five operating modes are provided for a user to select, and an all-random S box generation way and a biased random S box generation way are provided. The method comprises the following steps of: judging whether the operating mode and an S box selected by the user are rational or not; if the selected operating mode and the selected S box are irrational, prompting the user to perform reselection; if the selected operating mode and the selected S box are rational, further calculating the smallest encryption round number according to the differential uniformity and nonlinearity of the generated S box, and determining a final encryption round number according to the requirements of the user; selecting a source file for an encryption or decryption operation; and finally storing the encrypted or decrypted data file, and providing the encrypted or decrypted data file for the user to view. By the method, side channel attacks possibly on encryption realized by adopting hardware are effectively avoided, and an operating way of the reconfigurable encryption method is optimized; the method is applied to the configuration of a set of reconfigurable software encryption system, and the reconfiguration and integration of block ciphers into the same software system; and convenience is brought to operations and management.

Description

Multi-mode restructural encryption method based on the AES cryptographic algorithm

Technical field

The invention belongs to field of information security technology, be specifically related to a multi-mode restructural encryption method based on the AES cryptographic algorithm.

Background technology

Cryptographic algorithm is the important foundation that realizes information security, and a kind of cryptographic algorithm can provide the Confidentiality protection of data content in certain environment, realizes the authentication of data integrity protection and informed source.

Last century end, the Rijndael algorithm that Belgium Joan Daeman and Vincent Rijmen submit to is proposed as AES (Advanced Encryption Standard, Advanced Encryption Standard) final algorithm, this algorithm become the new data encryption standard of the U.S. and are widely used in the every field.Although people also have different views to AES, on the whole, AES has converged strong security, high-performance, high efficiency, advantage such as easy-to-use and flexible as the data encryption standard of a new generation.The AES design has three key lengths: 128,192,256, comparatively speaking, 128 keys of AES are stronger 1021 times than 56 keys of DES (data encryption standard).From should being used for of AES, at present the AES cryptographic algorithm is mainly used in the various information security technologies and safety product based on private key data cryptographic algorithm (symmetric key encryption algorithm), AES is considered to the substituent of DES usually, and using for original data encryption provides stronger data security guarantee.Before the AES standard is announced, in IPSec (Internet protocol safety) agreement the used DEA of ESP (ESP) mainly usefulness be DES, announcement along with the AES standard, the IPSec working group of IETF (the Internet engineering duty group) next step just make AES become the default encryption algorithm that ESP uses, and requiring all IPSec to realize must compatible AES cryptographic algorithm.Great majority provide the company of VPN (Virtual Private Network) equipment and solution all to use the AES cryptographic algorithm to replace the des encryption algorithm now, and as the important counterweight of propagating enterprise product.

The AES cryptographic algorithm mainly comprises three aspects: wheel variation, the number of turns and cipher key spreading.Each has four steps in taking turns the AES cryptographic algorithm: be respectively byte substitution (SubBytes), the conversion (ShiftRows) of dividing a word with a hyphen at the end of a line, mix row conversions (MixColumns), take turns close addition (AddRoundKey).Each byte in the AddRoundKey-----matrix is all taken turns sub-key (round key) with this and is done XOR (XOR) computing; Each sub-key is produced by key generation scheme.SubBytes------is by a nonlinear replacement function, with the mode of look-up table each byte replaced to the byte of correspondence, and the used look-up table of described byte substitution is also referred to as the S box usually.ShiftRows-----carries out circulating displacement with each line in the matrix.MixColumns-----is to use linear transformation to mix every four inline bytes for the operation of each craspedodrome in the abundant hybrid matrix.

Traditional data ciphering method has two kinds: a kind of is software cryptography; Another kind is a hardware encipher.Two kinds of data ciphering methods respectively have characteristics, though software cryptography is flexible, enciphering rate is slow, and is changed by the people easily; Though hardware encipher speed is fast, algorithm is single, and immobilizes, and if things go on like this, always has one day that cracks.In order to solve the shortcoming of above-mentioned two kinds of encryption methods, utilization restructural art designs goes out the crypto chip that can realize multiple cryptographic algorithm, makes and can realize multiple different cryptographic algorithm flexibly, apace, can avoid the hidden danger on the above-mentioned safety again.

So-called restructural encryption method/system is actually the cryptographic processing system that its internal algorithm program structure and function can be changed flexibly, it can the control of primary processor with drive under realize multiple different encryption, decryption oprerations flexibly, apace so that adapt to the demand of different cryptographic algorithms and mode of operation.Encryption method/system based on reconfigurable structures has flexible, quick, safe characteristics, has a good application prospect in fields such as secure communication and network security.

The restructural computing technique had obtained greatly developing in the last few years, had done comparatively further investigation as the National University of Defense technology in restructural cryptographic processing configuration aspects, proposed and designed restructural level interconnection cryptographic processing structure (RHCA).University of Science ﹠ Technology, Beijing has developed the RELOG_DIGG system, can realize part block cipher and stream cipher algorithm.Yet use at present the most widely restructurable computing system be to be the system hardware architecture of representative with FPGA (Field-Programmable Gate Array, field programmable gate array).Though the hardware of cryptographic algorithm realizes possessing higher efficient, hardware realizes such as Electromagnetic attack, the resistivity of side-channel attacks such as differential power attack a little less than.In addition, in restructural cryptographic processing structural design, lack the method for designing of system and the model with versatility, the structural design otherness is very big, and this just gives using of restructural cryptographic system and manages and bring a lot of troubles.

Summary of the invention

The present invention is directed to the side-channel attack that the realization technology of Current Password algorithm faces, and the bigger problem of restructural cryptographic processing structural design otherness, a kind of multi-mode restructural encryption method based on the AES cryptographic algorithm is proposed.The inventive method changes the S box generating mode among the existing AES, has rationally adjusted the active wheel number according to user's request, realized simultaneously block cipher five kinds of main mode of operations.Multi-mode restructural encryption method based on the AES cryptographic algorithm specifically may further comprise the steps:

Step 1, user select mode of operation and key length as required;

Step 2, user select S box random fashion and S box size; Described S box random fashion has two kinds: S box and S box partially at random at random entirely;

Step 3, judge whether the S box size that the user selects is reasonable, if rationally, generate corresponding S box, if unreasonable, the prompting user error changes step 2 and carries out;

Step 4, according to user's speed requirement and demand for security, determine the encryption round number; Described speed requirement comprises two kinds: require at a high speed and do not have a rate request; Described demand for security comprises two kinds: high safety requirements and no safety requirements; The user can not only select high speed but also select high safety;

Step 5, indicate source file to be encrypted and deposit the file destination of ciphertext, source file is encrypted or decryption oprerations;

Step 6, will encrypt or the decrypted data result preserves, and be shown to the user and check.

Mode of operation described in the step 1 has 5 kinds: this (Electronic Code Book of electronic code, abbreviation ECB) pattern, cipher block chaining (Cipher Block Chaining, abbreviation CBC) pattern, cipher feedback (Cipher FeedBack Mode, abbreviation CFB) pattern, output feedback (Output FeedBack is called for short OFB) pattern sum counter pattern (CTR).

The box of S partially at random described in the step 2 is of a size of 8 * 8; S box size has 3 kinds at random entirely: 12 * 8,10 * 8 and 8 * 8.

Whether the S box size of judging user's selection described in the step 3 is reasonably according to being: if the mode of operation of selecting in the step 1 is ecb mode, CBC pattern or CFB pattern, and the user needs to encrypt, also need deciphering, then Ci Shi S box size can only be 8 * 8, otherwise S box size Selection is unreasonable.

The full generation method of S box at random described in the step 3 is: at first, utilize the generating mode of random number to generate one by 0-(2 ^k-1) form totally 2 ^kThe random permutation square formation A of number, the k value is 12,10 or 8, the first digit of the S box size of selecting according to the user is determined; Spread function among the byte utilization DES under then 4 16 systems of initial input being represented is extended to 48; 4 byte substitution random permutation square formation A after will expanding at last draw the byte that same length is the k position, and each byte is removed last 4, exports 4 bytes of 8.

The generation method of S box partially at random described in the step 3 is: at first, and according to the finite field gf (2 of user's selection ⁸), each byte is inverted, obtain this byte at finite field gf (2 ⁸) in multiplicative inverse, then, the multiplicative inverse that obtains is done affine transformation by following formula:

Y＝AX+B

Wherein, Y represents the output row after the affine transformation, and X represents that the multiplicative inverse of importing is listed as, and A is 8 * 8 the matrix at random of affine transformation, and B is the constant row; The generation method of described matrix A is: produce row at first at random by 0, the 1 eight line number groups of forming, the generating mode by circular matrix produces residue 7 row successively then, finally obtains the matrix of a 8*8; Described constant row B is the row by 0,1 composition that generate at random.

Definite method of the encryption round number described in the step 4 is: according to the difference uniformity δ (S) and the minimum encryption round number of nonlinearity NF (S) estimation of S box, described nonlinearity NF (S) is:

$\mathrm{NF}\left(S\right)=2^{n-1}-\frac{1}{2}\max \left|\underset{i=1}{\overset{n}{\mathrm{\Σ}}}{(-1)}^{v*S\left(x\right)+u*x}\right|\≤2^{n-1}-2^{\frac{n}{2}-1},$ $u,v,x\∈Z_2^n$

Wherein, u, v are intermediate parameters, and x, S (x) they are respectively the input and the output of S box, the bit number of n representative input, What represent is finite field gf (2 ⁿ);

Described difference uniformity δ (S) is:

$\mathrm{\δ}\left(S\right)=\max \left\{\right|x\∈\mathrm{GF}\left(2^n\right)|S\left(x\right)\⊕S(x\⊕\mathrm{\α})=\mathrm{\β},\mathrm{\α}\∈\mathrm{GF}\left(2^n\right),\mathrm{\β}\∈\mathrm{GF}\left(2^n\right)\}$

S (x) expression is from the output of S box, and x is input, and α and β are intermediate parameters, and GF (2 ⁿ) be finite field;

At last, determine the encryption round number according to the demand that the user selects: if the user is a high speed to the requirement of speed, then the encryption round number is minimum encryption round number, if the user to the speed no requirement (NR), then the encryption round number is 10 to take turns; If the user is high safety to the requirement of fail safe, then the encryption round number is 14, if the user to the fail safe no requirement (NR), then the encryption round number is 10 to take turns.

Advantage of the present invention and good effect are: (1) the inventive method realizes the software that the restructural technology is applied to cryptographic algorithm, has effectively avoided hardware to realize the side-channel attack that may face; (2) the inventive method parameter that the reconstruct of most of block cipher is required has converted user oriented demand to, has optimized the mode of operation of restructural cryptographic methods; (3) the inventive method is applicable to the reconfigurable software encryption system of structure one cover, and the reconstruct of block cipher is integrated in the same encryption system, helps the management of system.

Description of drawings

Fig. 1 is the flow chart of steps of encryption method of the present invention;

Fig. 2 is the schematic flow sheet of reconstruct S box in the step 3 in the encryption method of the present invention;

Fig. 3 is the schematic flow sheet of encrypting or deciphering in the step 4 in the encryption method of the present invention.

Embodiment

The present invention is described in further detail below in conjunction with drawings and Examples.

The reconfigurability of the inventive method is mainly reflected in the reconstruct to the S box, on the adjustment of wheel number and the implementation of mode of operation.Specifically the present invention is based on the multi-mode restructural encryption method of AES cryptographic algorithm, as shown in Figure 1, comprise following 6 steps.

Step 1: the user selects mode of operation and key length as required.

Be provided with five kinds of mode of operations commonly used in the inventive method: ecb mode, CBC pattern, CFB pattern, OFB pattern and CTR pattern allow the user that the more space of more options is arranged.Ecb mode, CBC pattern and CFB pattern belong to this mode: clear-text message is more much longer than specific grouping size usually, and uses different encryption technologies or cryptographic operation mode.Ecb mode uses same key simply each Plaintext block to be encrypted one by one; The CBC pattern is that each Plaintext block is carried out nonequivalence operation with last ciphertext blocks earlier before encryption, thereby has increased complexity, and some attack more is difficult to carry out.The OFB mode class is like the CBC pattern, but the amount of carrying out distance is independent the generation.The CTR pattern is passed through counter sequence T1 ... Tm calls block encryption algorithm and obtains key stream, obtains ciphertext with the plaintext XOR then.Requirement to the counter sequence is different in twos, is not only in the operation of a message, all requires all counter sequences different in twos in all operations of same key.

The user can select one of above-mentioned mode of operation according to the needs of oneself.

Key length has 3 kinds of selection: 128bits, 192bits, 256bits.Bits representation unit bit.

Step 2: the user selects S box random fashion and S box size.S box random fashion has two kinds: S box and S box at random partially at random entirely.The full size of S box at random has 3 kinds: 12 * 8,10 * 8,8 * 8.The size of S box has a kind at random partially: 8 * 8.The unit of S box size is the position.The user then also needs to select to calculate the needed finite field gf (2 of S box if select S box partially at random ⁸).Described finite field is irreducible function just, and one to have 30 irreducible functions available: 11B, 11D, 12B, 12D, 139,13F, 14D, 15F, 163,165,169,171,177,17B, 187,18B, 18D, 19F, 1A3,1A9,1B1,1BD, 1C3,1CF, 1D7,1DD, 1E7,1F3,1F5,1F9.

Step 3: whether the S box size of judging user's selection is reasonable, if rationally, generate corresponding S box, continues next step, if unreasonable, points out user error, changes step 2, reselects the S box.

In order to satisfy the reversible demand of cryptographic algorithm, there be following getting in touch in the selection of the selection of mode of operation and S box size: ecb mode, CBC pattern and CFB pattern promptly need encryption method, also need decryption method, can only select 8 * 8 S box this time, otherwise decryption method does not exist, if only need cryptographic operation with ecb mode, CBC pattern and CFB pattern, then three kinds of S box sizes can be selected.OFB pattern and CTR pattern only need encryption method, and 12 * 8 and 10 * 8,8 * 8 S box can both use.In the first step, need the parameter of user's selection is judged, remind some selection of user whether reasonable.

The present invention produces two kinds of S boxes at random according to different generating modes, is respectively S box and S box at random partially at random entirely.

The full core concept of S box method of formation at random is directly to replace the S box that has now in the aes algorithm with a random permutation.But 8 * 8 random permutation character may be it would be better original S box, so change the input size of S box, generates 12 * 8 or 10 * 8 or 8 * 8 S box.As shown in Figure 2, illustrate the S box at random entirely that how to produce 12 * 8 below.

At first utilize the generating mode of random number to generate one by 0-(2 ¹²-1) this 2 ¹²The random permutation square formation C that number is formed.Byte under 4 16 systems of initial input are represented owing to be byte under 16 systems, therefore can be expressed as 4 bit stream: b1 successively ... b8; B9 ... b16; B17 ... ... b24; B25 ... b32.Spread function among the utilization DES as the formula (1) is extended to 48 bits:

$\left(\begin{array}{cccccc}32& 1& 2& 3& 4& 5\\ 4& 5& 6& 7& 8& 9\\ 8& 9& 10& 11& 12& 13\\ 12& 13& 14& 15& 16& 17\\ 16& 17& 18& 19& 20& 21\\ 20& 21& 22& 23& 24& 25\\ 24& 25& 26& 27& 28& 29\\ 28& 29& 30& 31& 32& 1\end{array}\right)---\left(1\right)$

The practical significance of formula (1) expands to 32-bit number 48 bit digital exactly.With four bytes expand successively be 12 after, substitution square formation A both can draw same length and be 12 byte.Remove last 4, at this moment become 8 outputs.Initial input is 32, is divided into four bytes, 8 of each bytes, and through obtaining 48 after the expansion, each byte partly becomes 12, then is input among the square formation C, has exported 12, obtains 8 outputs thereby remove next four at last.Thereby partly be to become 12 by 8 for each byte, finally export 8.

Passed through after the aforesaid operations, with generate 12 * 8 entirely at random the S box replace in the existing aes algorithm existing 8 * 8 S box.S box for 10 * 8 and 8 * 8, the same random number that generates is earlier carried out corresponding figure place again and is expanded, and intercepts several of back at last, guarantees that 8 outputs get final product.

The generation method of S box is that the structure of change finite field and the constant in the affine transformation are realized partially at random.Specifically as shown in Figure 2.

At first, the finite field gf of selecting according to the user (2 ⁸), a byte is inverted, obtain this byte for finite field gf (2 ⁸) in multiplicative inverse.

Be at mould irreducible function (x in the SubBytes first step ⁸+ x ⁴+ x ³+ x+1) invert under the meaning, in cryptography, claim in the 11B of territory, to invert.For GF (2 ⁸), for the user provides following 30 irreducible functions available, under different finite fields, invert, can obtain different results.

Then, through type (2) is done affine transformation to the multiplicative inverse that obtains:

Y＝AX+B (2)

Wherein, Y represents the output row after the affine transformation, and X represents that the multiplicative inverse of importing is listed as, and A is 8 * 8 the matrix at random of affine transformation, and B is the constant row.An object lesson of formula (2) is shown in following formula (3).

$\left(\begin{array}{c}b0*\\ b1*\\ b2*\\ b3*\\ b4*\\ b5*\\ b6*\\ b7*\end{array}\right)=\left(\begin{array}{cccccccc}1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\\ 1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\end{array}\right)\left(\begin{array}{c}b0\\ b1\\ b2\\ b3\\ b4\\ b5\\ b6\\ b7\end{array}\right)+\left(\begin{array}{c}1\\ 1\\ 0\\ 0\\ 0\\ 1\\ 1\\ 0\end{array}\right)---\left(3\right)$

8 * 8 the specifically generation method of matrix A at random of affine transformation is: produce row at first at random by 0, the 1 eight line number groups of forming, the generating mode by circular matrix produces other row then, finally obtains the matrix of a 8*8.

Constant row B is listed as forming by 0,1 of generating at random.

By the reconstruct in above two steps, just can obtain S box partially at random.

Step 4:, determine the encryption round number according to user's speed requirement and demand for security.For requiring at a high speed or do not have rate request, demand for security is high safety requirements or does not have safety requirements the user to the demand of speed.But requirement and high safety requirements can not all satisfy simultaneously at a high speed, so the user can not select simultaneously.

The encryption round number is turned to adjustable, allow the user on rate request and security performance, find balance.By the cryptography relevant knowledge as can be known aes algorithm only need four-wheel operation, just can resist the linear differential attack.Along with the lifting of wheel number, the fail safe of system also can be more and more stronger, but also can bring the increase of encryption time simultaneously.Demand in the face of the user is provided with the variable of encryption round number, thereby adapts to user's needs.The method of concrete definite encryption round number is as follows:

1, produce after the S box, calculate the difference uniformity and the nonlinearity of S box, the computing formula of difference uniformity δ (S) and nonlinearity NF (S) is followed successively by:

$\mathrm{NF}\left(S\right)=2^{n-1}-\frac{1}{2}\max \left|\underset{i=1}{\overset{n}{\mathrm{\Σ}}}{(-1)}^{v*S\left(x\right)+u*x}\right|\≤2^{n-1}-2^{\frac{n}{2}-1},$ $u,v,x\∈Z_2^n$

Wherein, u, v are intermediate parameters, and x, S (x) they are respectively the input and the output of S box, the bit number of n representative input, and the bit number of importing in the inventive method is 8,

What represent is finite field gf (2 ⁿ).

$\mathrm{\δ}\left(S\right)=\max \left\{\right|x\∈\mathrm{GF}\left(2^n\right)|S\left(x\right)\⊕S(x\⊕\mathrm{\α})=\mathrm{\β},\mathrm{\α}\∈\mathrm{GF}\left(2^n\right),\mathrm{\β}\∈\mathrm{GF}\left(2^n\right)\}$

Wherein, S (x) expression is from the output of S box, and x is input, and α and β are intermediate parameters, and GF (2 ⁿ) be finite field.

2, estimate reconstruct sexual assault of algorithm burden and the required minimum number of taking turns of differential attack afterwards.Through calculating, when input x is 8, the NF (f)=120 of complete nonlinear function (being the best function of nonlinearity), and the nonlinearity value of the S box of the inventive method is 112, so the nonlinearity of S box used in the present invention is quite high, has the ability of stronger burden sexual assault.The value of the δ (S) of the S box of the present invention that calculates is 4, and then the difference uniformity is 2 ^-6If four-wheel AES cryptographic operation then obtains the result and is: 2 ^-6*52=2 ^-150≤ 2 ^-128, in the reply differential attack, it is 2 that the 4 maximum difference of taking turns cryptographic operation are propagated probability ^-150, less than 2 ^-128Therefore, 4 take turns cryptographic operation and be enough to carry resisting differential and attack.So the minimum number of taking turns can be defined as 4.

If 3 users are " at a high speed " to the demand of speed, then with minimum take turns several as the encryption round number.If there is not rate request, the initial encryption wheel number that then keeps AES is constant.Described initial encryption wheel number is 10 to take turns.

If 4 users are " high safety " to the demand of fail safe, then the encryption round number is set to 14, otherwise initial encryption wheel number is constant.

Step 5, indicate source file to be encrypted and deposit the file destination of ciphertext, source file is encrypted or decryption oprerations.The operation of encryption or deciphering is based on existing aes algorithm in the inventive method, and close addition of each wheel of taking turns and mixed row conversion are adopted the method in the existing aes algorithm.

The concrete encryption or decryption oprerations, specifically as shown in Figure 3.

At first, from the source file reading of data, divide into groups with per 128, if last group is then supplied with 0 not enough 128; Judge then and be decrypted or cryptographic operation.

Carry out cryptographic operation, expanded keys at first, then take turns close addition, and then repeat wheel according to the encryption round number of determining in the step 4 and encrypt, each is taken turns and comprises byte substitution, the conversion of dividing a word with a hyphen at the end of a line, mixes the row conversion and take turns four steps of close addition, last take turns encrypt have only byte substitution, the conversion and take turns three steps of close addition of dividing a word with a hyphen at the end of a line.Use the S box that generates in the step 3 in the byte substitution, will replace to corresponding byte to each byte.At last the mode of data encrypted with byte stream is written in the file destination.

Be decrypted operation, expanded keys at first, then take turns close addition, and then the encryption round number when encrypting according to this source file of preserving repeats the wheel deciphering, each is taken turns and comprising and divide a word with a hyphen at the end of a line that conversion is inverted, byte substitution is inverted, take turns close addition and mix row conversion four steps of inverting, and last is taken turns deciphering and only divides a word with a hyphen at the end of a line that conversion is inverted, byte substitution is inverted and take turns three step decryption rounds of close addition number equates with the encryption round number.The data that processing is obtained write in the file destination with the form of byte stream at last.

Step 6, will encrypt or decrypted data is preserved, and be shown to the user and check.After source file is encrypted, preserve the encrypt data that obtains, and user selected parameter, so that the later stage deciphering.

In the embodiment of the invention, the user selects ecb mode, selects key length 128 bits, selected S box partially at random, the S box is of a size of 8 * 8, and employed finite field is 11B, the user adopts the acquiescence mode to the demand of speed and safety, and just the encryption round number is 10, and source file is carried out cryptographic operation.

Under finite field 11B, finite field gf (2 ⁸) the contrary result of calculation of each element, the multiplicative inverse that promptly obtains is shown in following table 1:

The multiplicative inverse that table 1 obtains under finite field 11B

It is as follows that affine transformation generates the result:

$\left(\begin{array}{c}b0*\\ b1*\\ b2*\\ b3*\\ b4*\\ b5*\\ b6*\\ b7*\end{array}\right)=\left(\begin{array}{cccccccc}1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\\ 1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\end{array}\right)\left(\begin{array}{c}b0\\ b1\\ b2\\ b3\\ b4\\ b5\\ b6\\ b7\end{array}\right)+\left(\begin{array}{c}1\\ 1\\ 0\\ 0\\ 0\\ 1\\ 1\\ 0\end{array}\right)$

The number of blocks Nb=4 that divides into groups in the ciphering process, round key columns Nk=4, wherein initial round key is shown in the following table 1:

Table 1: initial round key

00	1B	23	6A
				3C	A6	B7	34
12	A8	F3	E2
				63	2A	3C	67

Need ciphered data in the source file shown in following table 2:

Table 2: need ciphered data

02	3B	AD	65
				45	47	89	9A
A7	F6	AC	CB
				78	56	37	34

Follow the tracks of 02 in the enciphered data, use S box partially at random in the byte substitution, at first invert in the 11B of territory, the result is: 8D, then carry out affine transformation, and obtain: 50.Divide a word with a hyphen at the end of a line and change the back invariant position.Then by after mixing the row conversion, 00 in the last and initial key done XOR and got final product.So just, finished a wheel operation, such operation is carried out 10 altogether and is taken turns.

Claims (10)

1. multi-mode restructural encryption method based on the AES cryptographic algorithm is characterized in that described method specifically may further comprise the steps:

Step 1: the user selects mode of operation and key length as required;

Step 2: the user selects S box random fashion and S box size; Described S box random fashion has two kinds: S box and S box partially at random at random entirely;

Step 3: whether the S box size of judging user's selection is reasonable, if rationally, generates accordingly S box or S box at random partially at random entirely, if unreasonable, points out user error, changes step 2 and carries out;

Step 4: speed requirement and demand for security that the user selects, described speed requirement comprises two kinds: at a high speed with no rate request; Described demand for security comprises two kinds: high safety and no safety requirements, and the user can not select at a high speed and high safety definite then encryption round number simultaneously;

Step 5: indicate source file to be encrypted and the file destination of depositing ciphertext, source file is encrypted or decryption oprerations;

Step 6: the result data that will encrypt or decipher is preserved, and is shown to the user and checks.

2. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1, it is characterized in that the mode of operation described in the step 1 comprises 5 kinds: this pattern of electronic code, cipher block chaining pattern, cipher feedback pattern, output feedback mode sum counter pattern.

3. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1 is characterized in that, described in the step 2 entirely at random S box size have 3 kinds: 12 * 8,10 * 8 and 8 * 8; The S box is of a size of 8 * 8 partially at random.

4. according to claim 1 or 2 or 3 described multi-mode restructural encryption methods based on the AES cryptographic algorithm, it is characterized in that, whether reasonable method is the S box size of judging described in the step 3: if the mode of operation of selecting in the step 1 is this pattern of electronic code, cipher block chaining pattern or cipher feedback pattern, and the user needs to encrypt, also need deciphering, then Ci Shi S box size can only be 8 * 8, otherwise S box size Selection is unreasonable.

5. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1 is characterized in that, the full generation method of S box at random described in the step 3 is: at first, utilize the generating mode of random number to generate one by 0-(2 ^k-1) form totally 2 ^kThe random permutation square formation C of number, the k value is 12,10 or 8, the first digit of the S box size of selecting according to the user is determined; Spread function among the byte utilization DES under then 4 16 systems of initial input being represented is extended to 48; 4 byte substitution random permutation square formation C after will expanding at last draw the byte that same length is the k position, and each byte is removed last 4, exports 4 bytes of 8.

6. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1 is characterized in that, the generation method of S box partially at random described in the step 3 is: at first, and according to the finite field gf (2 of user's selection ⁸), each byte is inverted, obtain this byte at finite field gf (2 ⁸) in multiplicative inverse, then, the multiplicative inverse that obtains is done affine transformation by following formula:

Y＝AX+B

Wherein, Y represents the output row after the affine transformation, and X represents that the multiplicative inverse of importing is listed as, and A is 8 * 8 the matrix at random of affine transformation, and B is the constant row; The generation method of described matrix A is: produce row at first at random by 0, the 1 eight line number groups of forming, the generating mode by circular matrix produces residue 7 row successively then, finally obtains the matrix of a 8*8; Described constant row B is the row by 0,1 composition that generate at random.

7. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 6 is characterized in that described finite field gf (2 ⁸) have 30 irreducible functions selective, 30 irreducible functions are: 11B, 11D, 12B, 12D, 139,13F, 14D, 15F, 163,165,169,171,177,17B, 187,18B, 18D, 19F, 1A3,1A9,1B1,1BD, 1C3,1CF, 1D7,1DD, 1E7,1F3,1F5,1F9.

8. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1 is characterized in that definite method of the encryption round number described in the step 4 is: at first, estimate minimum encryption round number according to the nonlinearity and the difference uniformity of S box; The nonlinearity NF (S) of described S box is:

$\mathrm{NF}\left(S\right)=2^{n-1}-\frac{1}{2}\max \left|\underset{i=1}{\overset{n}{\mathrm{\Σ}}}{(-1)}^{v*S\left(x\right)+u*x}\right|\≤2^{n-1}-2^{\frac{n}{2}-1},$ $u,v,x\∈Z_2^n$

Wherein, u, v are intermediate parameters, and x, S (x) they are respectively the input and the output of S box, the bit number of n representative input,

It is finite field gf (2 ⁿ);

The difference uniformity δ (S) of described S box is:

$\mathrm{\δ}\left(S\right)=\max \left\{\right|x\∈\mathrm{GF}\left(2^n\right)|S\left(x\right)\⊕S(x\⊕\mathrm{\α})=\mathrm{\β},\mathrm{\α}\∈\mathrm{GF}\left(2^n\right),\mathrm{\β}\∈\mathrm{GF}\left(2^n\right)\}$

Wherein, the output of S (x) expression S box, x is input, and α and β are intermediate parameters, and GF (2 ⁿ) be finite field;

Then, determine the encryption round number according to the demand that the user selects: if the user is a high speed to the requirement of speed, then the encryption round number is minimum encryption round number, if the user to the speed no requirement (NR), then the encryption round number is 10 to take turns; If the user is high safety to the requirement of fail safe, then the encryption round number is 14, if the user to the fail safe no requirement (NR), then the encryption round number is 10 to take turns.

9. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 8 is characterized in that described minimum encryption round number is 4.

10. the multi-mode restructural encryption method based on the AES cryptographic algorithm according to claim 1, it is characterized in that, cryptographic operation described in the step 5, be from the source file reading of data, divide into groups with per 128, if last group is not enough 128, then supply with 0, carry out cryptographic operation then: expanded keys at first, then take turns close addition, and then repeat wheel according to the encryption round number of determining in the step 4 and encrypt, each is taken turns and comprises byte substitution, the conversion of dividing a word with a hyphen at the end of a line, mix the row conversion and take turns four steps of close addition, last takes turns to encrypt has only byte substitution, the S box that generates in the step 3 is used in divide a word with a hyphen at the end of a line conversion and take turns three steps of close addition in the byte substitution, to replace to corresponding byte to each byte, at last the mode of data encrypted with byte stream will be written in the file destination.

Images