CN105577362A - Byte substitution method applied to AES algorithm and system thereof - Google Patents

Abstract

The invention relates to a byte substitution method applied to an AES algorithm, characterized by comprising the following steps of: expressing each byte of input data of an internal data path of the AES algorithm as one element in a finite field GF (28), calculating a multiplicative inverse of the input data in the finite field GF (28) based on an irreducible polynomial through an extended Euclidean algorithm, and then performing affine arithmetic for the obtained multiplicative inverse to obtain a byte substitution result. The substitution method provided by the invention solves the multiplicative inverse through the extended Euclidean algorithm, and then realizes a byte substitution function in the AES algorithm through performing the extended Euclidean algorithm for the multiplicative inverse, thus, compared with the prior art, the method can save logic resource maximally, and can effectively improve working efficiency of the system.

Description

A kind of byte replacement method and system being applied to aes algorithm

Technical field

The invention belongs to wireless communication chips media interviews and control (MediaAccessControl, MAC) infill layer technical field, more specifically, relate in Advanced Encryption Standard (AdvancedEncryptStandard, AES) algorithm at finite field gf (2 ⁸) in realize byte replace method.

Background technology

In October, 2000, U.S. government announces that the Rijndael algorithm of the Belgian cryptologist joint invention of selection two is as Advanced Encryption Standard of new generation (AES).AES is published on FIPSPUB197 by National Institute of Standards and Technology November 26 calendar year 2001, and effectively formal on May 26th, 2002.Rijndael algorithm is because its safety, performance is good, efficiency is high, practical, flexibility is good feature and finally elected as AES, as data encryption standard of new generation.Current AES is received as standard by some International Organization for standardization (ISO, IETF, IEEE802.11i etc.) Bian.

AES, as data encryption standard of new generation, is widely used in every field.In wireless network application aspect, the opening of wireless communication channel makes communication become higher to the requirement of fail safe.At present, two wireless network international standards are mainly contained in the world: one is the IEEE802.11 agreement (Wi-Fi) of WLAN; Two is IEEE802.16 agreements (WiMAX) of WMAN.Although these two agreements have selected RC4 and DES (DataEncryptionStandard) as security mechanism used respectively at the formulation initial stage, along with information security development need and consider safety reason, AES gradually replace RC4 and DES.In addition, some other radio network technique also all have employed AES, for enciphered data safe transmission.

Cryptography encryption technology is with regard on the strategy of key, and cryptographic system can be divided into DSE arithmetic and asymmetric cryptosystem.AES encryption algorithm belongs to DSE arithmetic, plays an important role in information security, has following advantage:

(1) encryption and decryption speed is fast, has very high data throughput, is convenient to software and hardware and realizes;

(2) ciphertext is identical with length of the plaintext;

(3) its algorithm security performance can keep good fail safe under existing attack.

Rise when AES proposes, lot of domestic and international scholar expert has carried out every research to it.Wherein, part research focuses on attack pattern and the analytical method of AES, a part of then optimization and application of primary study AES, and the object of the latter is to balance area in AES hardware implementing specific design and speed better.The implementation of aes algorithm has two kinds: software mode and hardware mode.Software simulating speed is slow, and there is potential safety hazard.The hardware implementing of AES can provide strong security, flexibility and high efficiency, and therefore AES high-performance hardware realizes becoming research emphasis.

Summary of the invention

The present invention proposes a kind of byte replacement method being applied to aes algorithm, the method asks for multiplicative inverse by Extended Euclidean Algorithm, then multiplicative inverse is carried out Affine arithmetic to realize the byte replacement function in aes algorithm, compared with prior art, logical resource can be saved to greatest extent, and the operating frequency of effective elevator system.

For realizing above goal of the invention, the technical scheme of employing is:

Be applied to a byte replacement method for aes algorithm, each byte of aes algorithm internal data paths input data is all expressed as finite field gf (2 ⁸) in an element, use Extended Euclidean Algorithm calculate finite field gf (2 ⁸) in input data based on the multiplicative inverse of irreducible function, then Affine arithmetic is carried out to the multiplicative inverse obtained, obtain byte replace result.

In such scheme, by GF (2 ⁸) in multiplicative inverse be used as byte replace advantage there are provided height non-linear, can resist by the end of the strongest known so far analytical attack.And Affine arithmetic destroys the Algebraic Structure of finite field, the attack of the multiplicative inverse for finite field effectively can be resisted further.

Preferably, described Extended Euclidean Algorithm is expressed as follows:

gcd(r ₀,r)＝s*r ₀+t*r

Wherein ' * ' is finite field multiplier computing, and '+' is the add operation in finite field; Gcd (r ₀, r) represent r ₀with the greatest common divisor of r two positive integers, wherein r ₀represent irreducible function, r represents finite field gf (2 ⁸) in any one input data, s and t is unique a pair integer solution meeting above-mentioned Euclidean algorithm equation, and wherein t is that r is based on r ₀multiplicative inverse, s is r ₀based on the multiplicative inverse of r;

And irreducible function default setting is: m (x)=x ⁸+ x ⁴+ x ³+ x+1;

Adopt 9 binary representations to be 9 ' b100011011 to the coefficient of irreducible function, 9 ' b100011011 is scaled 10 systems and is expressed as 283; Then finite field gf (2 ⁸) in all input data and 283 greatest common divisor be 1, now Extended Euclidean Algorithm is expressed as follows:

s*r ₀+t*r＝1；

The detailed process of described calculating multiplicative inverse is as follows:

S1. two groups of data s are set ₀, s ₁with t ₀, t ₁, work as s=s ₀when=1, and t=t ₀when=0, s*r ₀+ t*r=r ₀=283; Work as s=s ₁when=0, and t=t ₁when=1, s*r ₀+ t*r=r; Now obtain two groups of initialization datas:

(s ₀, t ₀, r ₀)=(1,0,283) and (s ₁, t ₁, r)=(0,1, r);

Now setting circulation wheel number is i and makes i be initialized as 1;

S2. judge to circulate in finite field gf (2 i-th time ⁸) in the input data r that chooses _iwhether equal 1, if r _i=1 end loop, with r _icorresponding t _ifor required multiplicative inverse, otherwise perform step S3;

S3. i=i+1 is made;

S4. by r _i-2, r _i-1the bit wide of highest order carries out potential difference calculating, wherein r _i-2, r _i-1be respectively the input data chosen that circulate for the i-th-1 time, the i-th-2 times, if r _i-2bit wide be less than r _i-1bit wide, then output enable signal value is low level, then perform step S6; If r _i-2bit wide be greater than r _i-1bit wide, then output enable signal value is high level, and exports r _i-2, r _i-1potential difference dif, and perform step S5;

S5. following operation is performed:

tmp＝r _i-1＜＜dif；

$r_{i-2}=r_{i-2}\⊕tmp;$

$Quotient=Quotient\&CirclePlus;\{9^{\&prime;}b1<<dif\};$

Wherein ' << ' represents shift left operation, represent XOR;

Then step S4 is performed;

S6. Quotient is exported;

S7. following operation is performed:

r _i＝r _i-2-Quotient*r _i-1；

s _i＝s _i-2-Quotient*s _i-1；

t _i＝t _i-2-Quotient*t _i-1；

Wherein '-' is the subtraction in finite field; s _i-2and t _i-2, s _i-1and t _i-1be respectively r _i-2, r _i-1meet the intermediate iteration parameter asking for s and t of condition;

S8. step S2 is returned.

Preferably, the detailed process of described Affine arithmetic is as follows:

If $t_i=\left[\begin{array}{c}{a}_0\\ a_1\\ a_2\\ a_3\\ a_4\\ a_5\\ a_6\\ a_7\end{array}\right];$

Then Affine arithmetic is expressed as follows: $\left[\begin{array}{c}{b}_0\\ b_1\\ b_2\\ b_3\\ b_4\\ b_5\\ b_6\\ b_7\end{array}\right]=\left[\begin{array}{cccccccc}1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\\ 1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\end{array}\right]*\left[\begin{array}{c}{a}_0\\ a_1\\ a_2\\ a_3\\ a_4\\ a_5\\ a_6\\ a_7\end{array}\right]\&CirclePlus;\left[\begin{array}{c}1\\ 1\\ 0\\ 0\\ 0\\ 1\\ 1\\ 0\end{array}\right];$

Wherein $\left[\begin{array}{c}{b}_0\\ b_1\\ b_2\\ b_3\\ b_4\\ b_5\\ b_6\\ b_7\end{array}\right]$ Represent that byte replaces result.

Meanwhile, present invention also offers a kind of system according to said method, its concrete scheme is as follows:

Comprise potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and Affine arithmetic module;

Wherein potential difference computing module is used for r _i-2, r _i-1the bit wide of highest order carries out potential difference calculating, and according to result of calculation, output enable signal value and potential difference dif;

Finite field division calculation module is used for calculating and exporting Quotient;

Finite field multiplier computing module is owing to calculating q _i-1* r _i-1, q _i-1* s _i-1and q _i-1* t _i-1;

Loop iteration module is for calculating r _i, s _iand t _i, and judge r _iwhether equal 1, if equal 1, by t _iexport Affine arithmetic module to, otherwise make i=i+1;

Affine arithmetic module is used for t _icarry out Affine arithmetic, obtain byte and replace result.

Compared with prior art, the invention has the beneficial effects as follows:

Alternative method provided by the invention asks for multiplicative inverse by Extended Euclidean Algorithm, then multiplicative inverse is carried out Affine arithmetic to realize the byte replacement function in aes algorithm, compared with prior art, logical resource can be saved to greatest extent, and the operating frequency of effective elevator system.

Accompanying drawing explanation

Fig. 1 should the structural representation of system alternatively.

The enforcement schematic diagram of Fig. 2 potential difference computing module.

The enforcement schematic diagram of Fig. 3 finite field division calculation module.

The operating process schematic diagram of Fig. 4 loop iteration module.

Embodiment

Accompanying drawing, only for exemplary illustration, can not be interpreted as the restriction to this patent;

Below in conjunction with drawings and Examples, the present invention is further elaborated.

Embodiment 1

Square (square) algorithm structure of aes algorithm Bian block cipher, carries out interative computation to round function.In encryption process except last is taken turns, often take turns and all perform identical operation.The round function (wheel unit) of ciphering process comprises: byte substitution (SubBytes), row displacement (ShiftRows), row mixing (MixColumns) and round key XOR (AddRoundkey) four kinds of basic operations; AES decrypting process round function comprises: Retrograde transposition (InvShiftRows), inverse byte substitution (InvSubBytes), round key XOR (AddRoundKey) and inverse row mixing (InvMixColumns) four kinds of basic operations.In decrypting process, round function respectively operates is the inverse operation of ciphering process, but operating sequence is different from ciphering process.Wherein, the round key that round key XOR is used is obtained by cipher key spreading.In ciphering process, cipher key spreading can in real time for after cryptographic operation provides encryption round key; And in decrypting process, need first to carry out cipher key spreading, produce each take turns decryption round key after, then be decrypted operation.Wherein, decryption round key is that backward uses encryption round key.

In the middle of aes algorithm, row displacement, row mix, these three modules of round key XOR are comparatively simple.The logical resource taken is also less.Byte replacement module is nonlinear transformation module unique in aes algorithm, and the conversion (S-box) if byte replacement module employing S box is tabled look-up, method is also simpler.S box look-up table (S-box) is the address finishing writing displacement on ROM in advance, by reading address on ROM, data being write in RAM, then sequentially reading data.This Hardware Implementation is simple, but cost is a large amount of ROM resource is depleted, and integrated area is larger.

In the AES design of high speed 128 byte, general needs are 16 S-box modules and 16 inverse S-box modules altogether.Wherein, the function that 16 S-box modules substitute for realizing byte, 4 S-box are for realizing the function of cipher key spreading, and 16 inverse S-box modules are for realizing inverse byte alternative functions.In this case, if use different lists when byte substitutes and inverse byte substitutes, a large amount of hardware resources will be taken.So be starved of a kind of method reducing hardware complexity.

In aes algorithm, data manipulation is carried out in state matrix, and wherein state matrix take byte as the two-dimensional matrix of element.Byte substitution is that each byte of state matrix is transformed to another one byte.Each byte of input is another one byte by a series of operation transformation by it.Length is that the state matrix of 128 bits is as shown in table 1.

Table 1 length is the state matrix of 128 bits

a0，0	a0，1	a0，2	a0，3
				a1，0	a1，1	a1，2	a1，3
a2，0	a2，1	a2，2	a2，3
				a3，0	a3，1	a3，2	a3，3

Each element in state matrix can represent with 8 bits, the present embodiment a ₇a ₆a ₅a ₄a ₃a ₂a ₁a ₀represent each value in table, a ₇highest significant position, a ₀it is least significant bit.

All can use Galois field operations for exhausted large several layers of AES, Galois Field is otherwise known as finite field, and it refers to the set having limited element, can carry out adding, subtract, take advantage of, inverse operation in this set the inside.The finite field comprising 256 elements in aes algorithm can be expressed as GF (2 ⁸).Each element in this territory can with a byte representation to select the reason of this finite field to be.In byte is replaced and in Mixcolumn conversion, each byte of internal data paths is all expressed as GF (2 by AES ⁸) in an element, and utilize the arithmetical operation operating data in this finite field.

By GF (2 ⁸) in inverse element be used as the advantage of byte substitution layer Core Feature and be, it provide the non-linear of height, can resist by the end of the strongest known so far analytical attack.And Affine arithmetic destroys the Algebraic Structure of Galois Field, the attack for Galois field multiply inverse element effectively can be resisted further.

As shown in Figure 1, the fast A ES cryptographic algorithm framework based on loop iteration method of the present invention comprises potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module, Affine arithmetic module, data input module and data outputting module.

Below in conjunction with accompanying drawing, each functional module is described in detail:

One: potential difference computing module

The major function of potential difference computing module carries out potential difference calculating to two input data.First data input module inputs two data Data_a and Data_b, then calculates bit wide a_bit and the b_bit of the highest order of two input data respectively by bit wide judge module.And then judge whether the bit wide a_bit of Data_a is greater than the bit wide b_bit of Data_b, if a_bit is less than b_bit, then output enable signal value is low level, represents that the difference of bit wide is negative, for polynomial division module, the mark that this module terminates is exactly that the difference of bit wide is less than 0.If the bit wide of Data_a is greater than the bit wide of Data_b, then output enable signal value is high level, represents that the difference of bit wide is just, and exports the potential difference dif of Data_a and Data_b.The enforcement schematic diagram of potential difference computing module as shown in Figure 2.

Two: finite field division calculation module

This process is a loop iteration process in the algorithm.For two input data dividend_a and divisor_b of this module, first call potential difference computing module.And then calculate the enable signal value that obtains of module judge calling tentiometer.If the enable signal value received is low level, then terminate the calculating of this module, export operation result Quotient; If the enable signal value received is high level, then continue following operation.

For two input data dividend_a and divisor_b, the potential difference being obtained both by potential difference computing module is dif.Then following steps are carried out respectively.

tmp＝divisor_b＜＜dif

$dividend\_a=dividend\_a\&CirclePlus;tmp$

$Quotient=Quotient\&CirclePlus;\{9^{\&prime;}b1<<dif\}$

More than in operation, ' << ' represents shift left operation, represent XOR, ' 9 ' b1 ' is the method describing constant in hardware language, ' 9 ' bit wide representing digital constant is 9, and the describing mode that ' b ' represents digital constant is binary system (binary), ' 1 ' the concrete numerical value representing digital constant.The object upgrading dividend_a value is: the bit wide constantly reducing dividend_a, until its bit wide is less than or equal to the bit wide of divisor_b, could meet the condition that potential difference computing module terminates.And the essence of multiplication, division arithmetic is exactly shift operation.So (formula 5) utilizes potential difference dif constantly to carry out shift operation.Carry out with after last round of operation, continue to call potential difference computing module and input new data dividend_a and former data divisor_b, obtain new potential difference result, again positive negative judgement is carried out to it, until the enable signal value of potential difference computing module transmission is low level, export the result 9 bit Quotient of division calculation, Quotient is passed to loop iteration module.The implementation process figure of finite field division calculation module as shown in Figure 3.

Three: finite field multiplier computing module

Traditional multiplier can adopt the method for the cumulative addition summation of displacement.But add operation is equal to XOR in finite field, compared with traditional multiplier, polynomial multiplication calculator adopt be displacement XOR method.Carry out finite field multiplier operation to data A and the B received, the essence of computing is displacement phase XOR.Then the result of calculating is passed to loop iteration module.

Four: loop iteration module

Loop iteration module is the nucleus module of this patent design, and its main purpose is to calculate GF (2 ⁸) multiplicative inverse of territory interior element.Extended Euclidean Algorithm is mathematically often adopted to calculate the multiplicative inverse of real number field.The design of this patent is the process calculating multiplicative inverse according to the Extended Euclidean Algorithm in real number field, at GF (2 ⁸) carry out corresponding conversion in territory and try to achieve multiplicative inverse.

In Extended Euclidean Algorithm, there is following Diophantine equation

Gcd (r ₀, r)=s*r ₀+ t*r (formula 1)

Ask the principle of multiplicative inverse according to Extended Euclidean Algorithm, this Diophantine equation can be used for asking at GF (2 ⁸) in territory r based on r ₀multiplicative inverse.Namely required multiplicative inverse is the integer solution of the parametric t of satisfied (formula 1) equation.If ask GF (2 ⁸) r in territory ₀based on the multiplicative inverse of r, its result is the integer solution of the parameter s meeting equation.Gcd (r ₀, be r) ask r ₀with the greatest common divisor (gcd, greatestcommondivisor, greatest common divisor) of r two positive integers.The process of whole calculating is the process of a loop iteration.Require in aes algorithm at GF (2 ⁸) input the multiplicative inverse of data based on irreducible function in territory.At GF (2 ⁸) in territory, irreducible function default setting is

m(x)＝x ⁸+x ⁴+x ³+x+1

Be 9 ' b100011011 (describe the method for constant in hardware, numeral ' 9 ' represents digital bit wide, and ' b ' represent digital system is 2 systems, the concrete numerical value of ' 100011011 ' representative digit) by polynomial coefficient with 9 binary representations.9 ' b100011011 being converted into 10 systems is 283.Namely by finite field gf (2 ⁸) ask the question variation of multiplicative inverse at finite field gf (2 based on irreducible function in territory ⁸) ask multiplicative inverse based on decimal number 283 in territory.At GF (2 ⁸) decimal number 283 that represents with irreducible function coefficient of number (0-255) all in territory is irreducible, namely 283 with GF (2 ⁸) greatest common divisor of arbitrary number is 1 in territory.According to the Diophantine equation of (formula 1), because be at GF (2 ⁸) ask multiplicative inverse based on decimal number 283 in territory.So the r in setting (formula 1) equation ₀=283, r is GF (2 ⁸) any one data to be replaced in territory.The parametric t meeting equation is r based on r ₀multiplicative inverse.Because 283 with GF (2 ⁸) greatest common divisor of arbitrary number is 1, so gcd (r in Diophantine equation equation in territory ₀, r)=1.This Diophantine equation is actually the equation asked and meet following condition.

S*r ₀+ t*r=1 (formula 2)

According to the Solving Equations multiplicative inverse of (formula 2).Meet s and t of (formula 2) equation with or without array solution.But the integer solution meeting s and t of (formula 2) equation has and only has one group.Multiplicative inverse is asked to ask the integer solution of the t of satisfied (formula 2) equation exactly.With calculate in real number field multiplicative inverse unlike, the multiplying ' * ' used in (formula 2) is finite field multiplier computing, and non-common ordinary multiplications calculates.For the add operation in finite field, (its essence is exactly XOR in add operation '+' in (formula 2) ), and non-common common add operation.

First, initialization procedure is carried out.Set two groups of data s ₀, s ₁with t ₀, t ₁, setting circulation wheel number is i.Initiation parameter is set, for multinomial s*r in initialization procedure ₀+ t*r, works as s=s ₀when=1, and t=t ₀when=0, s*r ₀+ t*r=r ₀=283.Work as s=s ₁when=0, and t=t ₁when=1, s*r ₀+ t*r=r.So obtain two groups of initialization data (s ₀, t ₀, r ₀)=(1,0,283) and (s ₁, t ₁, r)=(0,1, r).Circulation wheel number i initialization acquiescence i=1 simultaneously.

After initialization completes, enter loop iteration process.Carry out following steps successively:

(1) first r is judged _iwhether equal 1, if r _i=1 end loop.T _ifor required multiplicative inverse, output module exports t _ivalue.If r ₁=1, then export t ₁=1, be required multiplicative inverse.If r _ibe not equal to 1.Then continue following steps.

(2) circulation wheel number is increased progressively.i＝i+1。

(3) call finite field division calculation module and calculate q _i-1=r _i-2/ r _i-1.By r _i-2value be assigned to dividend_a, by r _i-1value be assigned to divisor_b.Call the result Quotient returning to the division calculation of loop iteration module after finite field division calculation module calculates.

(4) call finite field multiplier computing module again and perform xor operation.

r _i＝r _i-2-q _i-1*r _i-1

s _i＝s _i-2-q _i-1*s _i-1

t _i＝t _i-2-q _i-1*t _i-1

Wherein ' * ' represents finite field multiplier calculating.'-' is the subtraction in finite field, and its essence is still XOR respectively by q _i-1, s _i-1and q _i-1, t _i-1, and q _i-1, r _i-1three groups of data are passed to finite field multiplier computing module and calculate, and then loop iteration module is returned in the result transmission of finite field multiplier computing module carry out XOR.New r is obtained through this step _ivalue.

(5) return step (1) to judge.

It is more than cyclic part content.After circulation terminates, by obtained inverse element data t _ibe sent to Affine arithmetic module.S _idata do not need to be passed to aff iotane models, can be used for and t _iverify the Diophantine equation whether meeting (formula 2) together.The implementing procedure figure of loop iteration module as shown in Figure 4.

Five: Affine arithmetic module

Eight multiplicative inverse t of data are obtained in loop iteration module _i, using the input as Affine arithmetic module of the multiplicative inverse that obtains.By t _ivalue be assigned to a ₇a ₆a ₅a ₄a ₃a ₂a ₁a ₀.

$\left[\begin{array}{c}{b}_0\\ b_1\\ b_2\\ b_3\\ b_4\\ b_5\\ b_6\\ b_7\end{array}\right]=\left[\begin{array}{cccccccc}1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\\ 1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\end{array}\right]*\left[\begin{array}{c}{a}_0\\ a_1\\ a_2\\ a_3\\ a_4\\ a_5\\ a_6\\ a_7\end{array}\right]\&CirclePlus;\left[\begin{array}{c}1\\ 1\\ 0\\ 0\\ 0\\ 1\\ 1\\ 0\end{array}\right]$

A=(a ₇a ₆a ₅a ₄a ₃a ₂a ₁a ₀) be multiplicative inverse t _istep-by-step vector representation, and C=(01100011), represent XOR.And Affine arithmetic can represent with following mathematic(al) representation:

$b_i=a_i\&CirclePlus;a_{(i+4)\mathrm{mod}8}\&CirclePlus;a_{(i+5)\mathrm{mod}8}\&CirclePlus;a_{(i+6)\mathrm{mod}8}\&CirclePlus;a_{(i+7)\mathrm{mod}8}\&CirclePlus;c_i$

Result B=(the b obtained by this Affine arithmetic ₇b ₆b ₅b ₄b ₃b ₂b ₁b ₀) be the result of whole byte replacement module, and then this result is passed to data outputting module.

Affine arithmetic module receives the multiplicative inverse completed as calculated from loop iteration module.Then carry out Affine arithmetic to it, the essence of Affine arithmetic carries out step-by-step or computing to the result of multiplicative inverse.

Six: data input module, data outputting module

Data input module is the input of byte replacement module, completes the importation of data.Data outputting module exports the replacement data calculating through multiplicative inverse and obtain after Affine arithmetic.

Obviously, the above embodiment of the present invention is only for example of the present invention is clearly described, and is not the restriction to embodiments of the present invention.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without the need to also giving all execution modes.All any amendments done within the spirit and principles in the present invention, equivalent to replace and improvement etc., within the protection range that all should be included in the claims in the present invention.

Claims (4)

1. be applied to a byte replacement method for aes algorithm, it is characterized in that: each byte of aes algorithm internal data paths input data is all expressed as finite field gf (2 ⁸) in an element, use Extended Euclidean Algorithm calculate finite field gf (2 ⁸) in input data based on the multiplicative inverse of irreducible function, then Affine arithmetic is carried out to the multiplicative inverse obtained, obtain byte replace result.

2. the byte replacement method being applied to aes algorithm according to claim 1, is characterized in that: described Extended Euclidean Algorithm is expressed as follows:

gcd(r ₀,r)＝s*r ₀+t*r

Wherein ' * ' is finite field multiplier computing, and '+' is the add operation in finite field; Gcd (r ₀, r) represent r ₀with the greatest common divisor of r two positive integers, wherein r ₀represent irreducible function, r represents finite field gf (2 ⁸) in any one input data, s and t is unique a pair integer solution meeting above-mentioned Euclidean algorithm equation, and wherein t is that r is based on r ₀multiplicative inverse, s is r ₀based on the multiplicative inverse of r;

And irreducible function default setting is: m (x)=x ⁸+ x ⁴+ x ³+ x+1;

Adopt 9 binary representations to be 9 ' b100011011 to the coefficient of irreducible function, 9 ' b100011011 is scaled 10 systems and is expressed as 283; Then finite field gf (2 ⁸) in all input data and 283 greatest common divisor be 1, now Extended Euclidean Algorithm is expressed as follows:

s*r ₀+t*r＝1；

The detailed process of described calculating multiplicative inverse is as follows:

S1. two groups of data s are set ₀, s ₁with t ₀, t ₁, work as s=s ₀when=1, and t=t ₀when=0, s*r ₀+ t*r=r ₀=283; Work as s=s ₁when=0, and t=t ₁when=1, s*r ₀+ t*r=r; Now obtain two groups of initialization datas:

(s ₀, t ₀, r ₀)=(1,0,283) and (s ₁, t ₁, r)=(0,1, r);

Now setting circulation wheel number is i and makes i be initialized as 1;

S2. judge to circulate in finite field gf (2 i-th time ⁸) in the input data r that chooses _iwhether equal 1, if r _i=1 end loop, with r _icorresponding t _ifor required multiplicative inverse, otherwise perform step S3;

S3. i=i+1 is made;

S4. by r _i-2, r _i-1the bit wide of highest order carries out potential difference calculating, wherein r _i-2, r _i-1be respectively the input data chosen that circulate for the i-th-1 time, the i-th-2 times, if r _i-2bit wide be less than r _i-1bit wide, then output enable signal value is low level, then perform step S6; If r _i-2bit wide be greater than r _i-1bit wide, then output enable signal value is high level, and exports r _i-2, r _i-1potential difference dif, and perform step S5;

S5. following operation is performed:

tmp＝r _i-1＜＜dif；

$r_{i-2}=r_{i-2}\&CirclePlus;tmp;$

$Quotient=Quotient\&CirclePlus;\{9^{\&prime;}b1<<dif\};$

Wherein ' << ' represents shift left operation, represent XOR;

Then step S4 is performed;

S6. Quotient is exported;

S7. following operation is performed:

r _i＝r _i-2-Quotient*r _i-1；

s _i＝s _i-2-Quotient*s _i-1；

t _i＝t _i-2-Quotient*t _i-1；

Wherein '-' is the subtraction in finite field; s _i-2and t _i-2, s _i-1and t _i-1be respectively r _i-2, r _i-1meet the intermediate iteration parameter asking for s and t of condition;

S8. step S2 is returned.

3. the byte replacement method being applied to aes algorithm according to claim 2, is characterized in that: the detailed process of described Affine arithmetic is as follows:

If $t_{i=}\left[\begin{array}{c}{a}_0\\ a_1\\ a_2\\ a_3\\ a_4\\ a_5\\ a_6\\ a_7\end{array}\right];$

Then Affine arithmetic is expressed as follows: $\left[\begin{array}{c}{b}_0\\ b_1\\ b_2\\ b_3\\ b_4\\ b_5\\ b_6\\ b_7\end{array}\right]=\left[\begin{array}{cccccccc}1& 0& 0& 0& 1& 1& 1& 1\\ 1& 1& 0& 0& 0& 1& 1& 1\\ 1& 1& 1& 0& 0& 0& 1& 1\\ 1& 1& 1& 1& 0& 0& 0& 1\\ 1& 1& 1& 1& 1& 0& 0& 0\\ 0& 1& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 1& 1& 1& 0\\ 0& 0& 0& 1& 1& 1& 1& 1\end{array}\right]*\left[\begin{array}{c}{a}_0\\ a_1\\ a_2\\ a_3\\ a_4\\ a_5\\ a_6\\ a_7\end{array}\right]\&CirclePlus;\left[\begin{array}{c}1\\ 1\\ 0\\ 0\\ 0\\ 1\\ 1\\ 0\end{array}\right];$

Wherein $\left[\begin{array}{c}{b}_0\\ b_1\\ b_2\\ b_3\\ b_4\\ b_5\\ b_6\\ b_7\end{array}\right]$ Represent that byte replaces result.

4. according to Claims 2 or 3, be applied to a system for the byte replacement method of aes algorithm, it is characterized in that: comprise potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and Affine arithmetic module;

Wherein potential difference computing module is used for r _i-2, r _i-1the bit wide of highest order carries out potential difference calculating, and according to result of calculation, output enable signal value and potential difference dif;

Finite field division calculation module is used for calculating and exporting Quotient;

Finite field multiplier computing module is owing to calculating q _i-1* r _i-1, q _i-1* s _i-1and q _i-1* t _i-1;

Loop iteration module is for calculating r _i, s _iand t _i, and judge r _iwhether equal 1, if equal 1, by t _iexport Affine arithmetic module to, otherwise make i=i+1;

Affine arithmetic module is used for t _icarry out Affine arithmetic, obtain byte and replace result.