CN105577362B - A kind of byte replacement method and system applied to aes algorithm - Google Patents

A kind of byte replacement method and system applied to aes algorithm Download PDF

Info

Publication number
CN105577362B
CN105577362B CN201511020097.3A CN201511020097A CN105577362B CN 105577362 B CN105577362 B CN 105577362B CN 201511020097 A CN201511020097 A CN 201511020097A CN 105577362 B CN105577362 B CN 105577362B
Authority
CN
China
Prior art keywords
finite field
quotient
module
byte
multiplicative inverse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201511020097.3A
Other languages
Chinese (zh)
Other versions
CN105577362A (en
Inventor
徐永键
陆许明
谭洪舟
张迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SYSU HUADU INDUSTRIAL SCIENCE AND TECHNOLOGY INSTITUTE
Original Assignee
SYSU HUADU INDUSTRIAL SCIENCE AND TECHNOLOGY INSTITUTE
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SYSU HUADU INDUSTRIAL SCIENCE AND TECHNOLOGY INSTITUTE filed Critical SYSU HUADU INDUSTRIAL SCIENCE AND TECHNOLOGY INSTITUTE
Priority to CN201511020097.3A priority Critical patent/CN105577362B/en
Publication of CN105577362A publication Critical patent/CN105577362A/en
Application granted granted Critical
Publication of CN105577362B publication Critical patent/CN105577362B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The present invention relates to a kind of byte replacement methods applied to aes algorithm, it is characterised in that: each byte of aes algorithm internal data paths input data is represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf (28) in multiplicative inverse of the input data based on irreducible function, Affine arithmetic then is carried out to obtained multiplicative inverse, obtains byte replacement result.Alternative provided by the invention seeks multiplicative inverse by Extended Euclidean Algorithm, then multiplicative inverse is subjected to Affine arithmetic to realize the byte replacement function in aes algorithm, compared with prior art, logical resource, and the working frequency of effectively lifting system can be saved to greatest extent.

Description

A kind of byte replacement method and system applied to aes algorithm
Technical field
The invention belongs to wireless communication chips media access control (Media Access Control, MAC) layers to encrypt skill Art field is more particularly related in Advanced Encryption Standard (AdvancedEncryptStandard, AES) algorithm in finite field GF(28) in realize byte replacement method.
Background technique
In October, 2000, U.S. government announce that the Rijndael of selection two Belgian cryptologist joint inventions is calculated Method is as Advanced Encryption Standard (AES) of new generation.AES is sent out by National Institute of Standards and Technology on November 26th, 2001 It is distributed in FIPSPUB197, and formal effectively on May 26th, 2002.Rijndael algorithm is because its safety, performance be good, efficiency High, practical, the good feature of flexibility and be finally selected as AES, as data encryption standards of new generation.AES has been at present Adopted by some International Organization for standardization (ISO, IETF, IEEE802.11i etc.) as standard.
AES is widely used in every field as data encryption standards of new generation.In wireless network application aspect, The opening of wireless communication channel, which to communicate, becomes higher to the requirement of safety.Currently, there are two main in the world Wireless network international standard: first is that the IEEE802.11 agreement (Wi-Fi) of WLAN;Second is that the IEEE802.16 agreement of WMAN (WiMAX).Although the two agreements have selected RC4 and DES (Data Encryption Standard) at formulation initial stage respectively As security mechanism used, but with information security development need and consider safe reason, AES gradually replaces RC4 And DES.In addition to this, some other radio network technique also all uses AES, is used for encryption data safe transmission.
For cryptography encryption technology on the strategy of key, cipher system can be divided into DSE arithmetic and asymmetric close Code system.AES encryption algorithm belongs to DSE arithmetic, plays an important role in information security, there is following advantages:
(1) it is fast to encrypt and decrypt speed, has very high data throughput, is realized convenient for software and hardware;
(2) ciphertext is identical with length of the plaintext;
(3) its algorithm security performance is able to maintain good safety under existing attack.
From AES is proposed, lot of domestic and international scholar expert has carried out every research to it.Wherein, a part is ground Study carefully the attack pattern and analysis method for focusing on AES, a part of then the optimization and application of primary study AES, the purpose of the latter are In order to be better balanced AES hardware realization specifically design in area and speed.There are two types of the implementations of aes algorithm: software Mode and hardware mode.Software realization speed is slow, and there are security risks.The hardware realization of AES can provide strong security, Flexibility and high efficiency, therefore AES high-performance hardware is implemented as research emphasis.
Summary of the invention
The invention proposes a kind of byte replacement method applied to aes algorithm, this method is calculated by extension Euclid Method seeks multiplicative inverse, multiplicative inverse is then carried out Affine arithmetic to realize the byte replacement function in aes algorithm, and existing There is technology to compare, logical resource, and the working frequency of effectively lifting system can be saved to greatest extent.
To realize the above goal of the invention, the technical solution adopted is that:
A kind of byte replacement method applied to aes algorithm, by each word of aes algorithm internal data paths input data Section is represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf (28) in input Then multiplicative inverse of the data based on irreducible function carries out Affine arithmetic to obtained multiplicative inverse, obtain byte replacement As a result.
In above scheme, by GF (28) in multiplicative inverse be used as byte replacement advantage be the provision of the non-thread of height Property, cut-off up to the present known most strong analytical attack can be resisted.And Affine arithmetic destroys the algebra knot of finite field Structure further can effectively resist the attack of the multiplicative inverse for finite field.
Preferably, the Extended Euclidean Algorithm is expressed as follows:
gcd(r0, r) and=s*r0+t*r
Wherein ' * ' is finite field multiplier operation, and '+' is the add operation in finite field;gcd(r0, r) and indicate r0With r two The greatest common divisor of positive integer, wherein r0Indicate irreducible function, r indicates finite field gf (28) any of input data, S and t is unique a pair of of the integer solution for meeting above-mentioned Euclidean algorithm equation, and wherein t is that r is based on r0Multiplicative inverse, s r0 Multiplicative inverse based on r;
And the default setting is m (x)=x for irreducible function8+x4+x3+x+1;
9 ' b100011011 are represented in binary as using 9 to the coefficient of irreducible function, 9 ' b100011011 are changed Calculate is that 10 systems are expressed as 283;Then finite field gf (28) in all input data and 283 greatest common divisor be 1, expand at this time Exhibition Euclidean algorithm is expressed as follows:
s*r0+ t*r=1;
Detailed process is as follows for the calculating multiplicative inverse:
S1. two groups of data s are set0、s1With t0、t1, work as s=s0When=1, and t=t0When=0, s*r0+ t*r=r0=283; Work as s=s1When=0, and t=t1When=1, s*r0+ t*r=r;Two groups of initialization datas are obtained at this time:
(s0, t0, r0)=(1,0,283) and (s1, t1, r)=(0,1, r);
Circulation wheel number is set at this time as i and i is enabled to be initialized as 1;
S2. judge that i-th circulates in finite field gf (28) in choose input data riWhether 1 is equal to, if ri=1 End loop, with riCorresponding tiIt is no to then follow the steps S3 for required multiplicative inverse;
S3. i=i+1 is enabled;
S4. by ri-2、ri-1The bit wide of highest order carries out potential difference calculating, wherein ri-1、ri-2Respectively (i-1)-th time, the i-th -2 times The input data chosen is recycled, if ri-2Bit wide be less than ri-1Bit wide, then export enable signal value be low level, then Execute step S6;If ri-2Bit wide be greater than ri-1Bit wide, then exporting enable signal value is high level, and exports ri-2、 ri-1Potential difference dif, and execute step S5;
S5. following operation is executed:
Tmp=ri-1< < dif;
Wherein ' < < ' indicate shift left operation,Indicate XOR operation;
Then step S4 is executed;
S6. Quotient is exported;
S7. following operation is executed:
ri=ri-2-Quotient*ri-1
si=si-2-Quotient*si-1
ti=ti-2-Quotient*ti-1
Wherein '-' is the subtraction in finite field,;si-2And ti-2、si-1And ti-1Respectively ri-2、ri-1Satisfaction is sought The intermediate iteration parameter of the s and t of condition;
S8. return step S2.
Preferably, detailed process is as follows for the Affine arithmetic:
If
Then Affine arithmetic is expressed as follows:
WhereinIndicate that byte replaces result.
Meanwhile the present invention also provides a kind of system according to the above method, concrete scheme is as follows:
Including potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and Affine arithmetic module;
Wherein potential difference computing module is used for ri-2、ri-1The bit wide of highest order carries out potential difference calculating, and according to calculated result, Export enable signal value and potential difference dif;
Finite field division calculation module is for calculating and exporting Quotient;
Finite field multiplier computing module is for calculating qi-1*ri-1、qi-1*si-1And qi-1*ti-1
Loop iteration module is for calculating ri、siAnd ti, and judge riWhether 1 is equal to, by t if being equal to 1iIt exports to affine Otherwise computing module enables i=i+1;
Affine arithmetic module is used for tiAffine arithmetic is carried out, byte is obtained and replaces result.
Compared with prior art, the beneficial effects of the present invention are:
Alternative provided by the invention seeks multiplicative inverse by Extended Euclidean Algorithm, then by multiplicative inverse Affine arithmetic is carried out to realize the byte replacement function in aes algorithm, compared with prior art, can save and patrol to greatest extent Collect resource, and the working frequency of effectively lifting system.
Detailed description of the invention
The structural schematic diagram of the system of Fig. 1 application replacement method.
The implementation diagram of Fig. 2 potential difference computing module.
The implementation diagram of Fig. 3 finite field division calculation module.
The operating process schematic diagram of Fig. 4 loop iteration module.
Specific embodiment
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;
Below in conjunction with drawings and examples, the present invention is further elaborated.
Embodiment 1
Aes algorithm uses Square (rectangular) algorithm structure of block cipher, is iterated operation to round function.Encryption and decryption In the process other than last wheel, every wheel is carried out identical operation.The round function (wheel unit) of ciphering process includes: byte generation Change (SubBytes), row displacement (ShiftRows), column mixing (MixColumns) and round key exclusive or (AddRoundkey) four Kind basic operation;AES decrypting process round function includes: Retrograde transposition (InvShiftRows), inverse byte substitution (InvSubBytes), round key exclusive or (AddRoundKey) and inverse column mixing (InvMixColumns) four kinds of basic operations.Solution During close round function respectively operate be ciphering process inverse operation, but operation order is different from ciphering process.Wherein, round key is different Or round key used is obtained by cipher key spreading.In ciphering process, cipher key spreading can provide encryption in real time for cryptographic operation After round key;And in decrypting process, it needs first to carry out cipher key spreading, after generating each wheel decryption round key, then operation is decrypted. Wherein, decryption round key is that backward uses encryption round key.
In aes algorithm, row displacement, column mixing, these three modules of round key exclusive or are by a relatively simple.What is occupied patrols It is also less to collect resource.Byte replacement module is unique nonlinear transformation module in aes algorithm, if byte replacement module using S box is tabled look-up if transformation (S-box), and method is also relatively simple.S box look-up table (S-box) is that displacement is finished writing on preparatory ROM Address, by read ROM on address, write data into RAM, then sequentially read data.This hardware implementation method letter It is single, but cost is that a large amount of ROM resources are depleted, and it is larger to integrate area.
In the AES design of 128 byte of high speed, 16 S-box modules in total and 16 inverse S-box moulds are generally required Block.Wherein, the function that 16 S-box modules substitute for realizing byte, 4 S-box for realizing cipher key spreading function, and 16 inverse S-box modules are for realizing inverse byte alternative functions.In this case, if byte substitution and inverse byte substitute Using different lists, a large amount of hardware resource will be occupied.So being highly desirable to a kind of method for reducing hardware complexity.
In aes algorithm, data manipulation carries out in state matrix, and wherein state matrix is the two dimension using byte as element Matrix.Byte substitution is that each byte of state matrix is transformed to another byte.It passes through each byte of input A series of operation is converted to another byte.Length is that the state matrix of 128 bits is as shown in table 1.
1 length of table is the state matrix of 128 bits
A0,0 A0,1 A0,2 A0,3
A1,0 A1,1 A1,2 A1,3
A2,0 a2.1 A2,2 A2,3
A3,0 A3,1 A3,2 A3,3
Each of state matrix element can indicate with 8 bits, the present embodiment a7a6a5a4a3a2ala0 Indicate each value in table, a7It is most significant bit, a0It is least significant bit.
Exhausted big several layers of AES can all use Galois field operations, and Galois Field is otherwise known as finite field, it refers to possessing The set of limited element can carry out adding, subtract, multiplies, inverse operation inside this set.It include 256 members in aes algorithm The finite field of element can be expressed as GF (28).The reason of selecting this finite field is that each element in the domain can use one A byte representation.In byte replacement and in Mixcolumn transformation, each byte of internal data paths is represented as by AES GF(28) in an element, and utilize the arithmetical operation operation data in this finite field.
By GF (28) in inverse element be used as byte substitution layer core function advantage be that it provides the non-thread of height Property, cut-off up to the present known most strong analytical attack can be resisted.And Affine arithmetic destroys the algebra of Galois Field Structure further can effectively resist the attack for Galois Field multiplicative inverse.
As shown in Figure 1, the quick AES encryption algorithm framework of the invention based on loop iteration method includes that potential difference calculates mould Block, finite field division calculation module, finite field multiplier computing module, loop iteration module, Affine arithmetic module, data input mould Block and data outputting module.
Each functional module is described in detail with reference to the accompanying drawing:
One: potential difference computing module
The major function of potential difference computing module is to carry out potential difference calculating to two input datas.Data input module is defeated first Enter two data Data_a and Data_b, then calculates the highest order of two input datas by bit wide judgment module respectively Bit wide a_bit and b_bit.Then determine whether the bit wide a_bit of Data_a is greater than the bit wide b_bit of Data_b again, if a_bit Less than b_bit, then exporting enable signal value is low level, indicates that the difference of bit wide is negative, for polynomial division module Speech, the mark which terminates is exactly the difference of bit wide less than 0.If the bit wide of Data_a is greater than the bit wide of Data_b, output makes Energy signal value is high level, indicates that the difference of bit wide is positive, and export the potential difference dif of Data_a and Data_b.Potential difference calculates The implementation diagram of module is as shown in Figure 2.
Two: finite field division calculation module
The process is a loop iteration process in the algorithm.For the module two input data dividend_a and Divisor_b, first calling potential difference computing module.Then again to call tentiometer calculate the obtained enable signal value of module into Row judgement.If the enable signal value received is low level, terminate the calculating of the module, exports operation result Quotient;If the enable signal value received is high level, continue following operation.
For two input datas dividend_a and divisor_b, the potential difference of the two is obtained by potential difference computing module For dif.Then it follows the steps below respectively.
Tmp=divisor_b < < dif
In the above operation, ' < < ' indicate shift left operation,Indicate XOR operation, ' 9 ' b1 ' are described often in hardware language The method of amount, ' 9 ' bit wides for representing digital constant are 9, and ' b ' represents the describing mode of digital constant as binary system (binary), ' 1 ' specific value for representing digital constant.The purpose for updating dividend_a value is: constantly reducing Until its bit wide is less than or equal to the bit wide of divisor_b, be just able to satisfy tentiometer calculation module terminates the bit wide of dividend_a Condition.And the essence of multiplication, division arithmetic is exactly shift operation.So (formula 5) constantly carries out displacement fortune using potential difference dif It calculates.After carrying out with last round of operation, continue that potential difference computing module is called to input new data dividend_a and former data Divisor_b obtains new potential difference as a result, carrying out positive negative judgement to it again, until the enable signal of potential difference computing module transmitting Until value is low level, the 9 bit Quotient of result of division calculation is exported, Quotient is transferred to circulation Iteration module.The implementation process figure of finite field division calculation module is as shown in Figure 3.
Three: finite field multiplier computing module
Traditional multiplier can be using the method for shifting cumulative addition summation.But add operation is equal in finite field XOR operation, compared with traditional multiplier, polynomial multiplication calculator is using the method for shifting exclusive or.To what is received Data A and B carries out finite field multiplier operation, and the essence of operation is displacement phase exclusive or.Then the result of calculating is passed to Loop iteration module.
Four: loop iteration module
Loop iteration module is the nucleus module of this patent design, and main purpose is to calculate GF (28) domain interior element Multiplicative inverse.The multiplicative inverse of real number field is mathematically calculated frequently with Extended Euclidean Algorithm.The design of this patent is basis Extended Euclidean Algorithm in real number field calculates the process of multiplicative inverse, in GF (28) carry out corresponding transformation in domain and acquire to multiply Method inverse element.
In Extended Euclidean Algorithm, there is following Diophantine equation
gcd(r0, r) and=s*r0+ t*r (formula 1)
The principle of multiplicative inverse is sought according to Extended Euclidean Algorithm, which can be used to ask in GF (28) domain Middle r is based on r0Multiplicative inverse.Required multiplicative inverse is the integer solution for meeting the parameter t of (formula 1) equation.If seeking GF (28) r in domain0Multiplicative inverse based on r, as a result meeting the integer solution of the parameter s of equation.gcd(r0, r) and it is to seek r0With r two The greatest common divisor (gcd, greatest common divisor, greatest common divisor) of a positive integer.The process entirely calculated is The process of one loop iteration.It requires in aes algorithm in GF (28) multiplication of the input data based on irreducible function in domain Inverse element.In GF (28) in domain, irreducible function the default setting is
M (x)=x8+x4+x3+x+1
Polynomial coefficient is represented in binary as 9 ' b100011011 (method that constant is described in hardware, number with 9 ' 9 ' represent digital bit wide, and ' b ', which represents the system of number, indicates digital specific value as 2 systems, ' 100011011 ').By 9 ' It is 283 that b100011011, which is converted into 10 systems,.Namely by finite field gf (28) ask multiplication inverse based on irreducible function in domain The problem of member is converted in finite field gf (28) multiplicative inverse based on decimal number 283 is sought in domain.In GF (28) all in domain The decimal number 283 that number (0-255) and irreducible function coefficient indicate is irreducible, i.e., 283 and GF (28) any number in domain Greatest common divisor is 1.According to the Diophantine equation of (formula 1), because being in GF (28) ask based on decimal number 283 in domain Multiplicative inverse.So the r in setting (formula 1) equation0=283, r are GF (28) any one data to be replaced in domain.Meet The parameter t of equation is that r is based on r0Multiplicative inverse.Because of 283 and GF (28) greatest common divisor of any number is 1 in domain, institute With gcd (r in Diophantine equation equation0, r)=1.The Diophantine equation is actually to seek the equation for meeting following condition.
s*r0+ t*r=1 (formula 2)
Multiplicative inverse is sought according to the equation of (formula 2).Whether there is or not array solutions by the s and t of satisfaction (formula 2) equation.But meet (public Formula 2) integer solution of s and t of equation has and only one group.Seeking multiplicative inverse is exactly the integer for seeking the t of satisfaction (formula 2) equation Solution.Unlike calculating multiplicative inverse in real number field, the multiplying used in (formula 2) ' * ' is finite field multiplier fortune It calculates, rather than common ordinary multiplications calculate.For the add operation in finite field, (its essence is just for add operation '+' in (formula 2) It is XOR operation ' ⊕ '), rather than common common add operation.
Firstly, carrying out initialization procedure.Set two groups of data s0、s1With t0、t1, circulation wheel number is set as i.It is initializing Initiation parameter is set in the process, for multinomial s*r0For+t*r, work as s=s0When=1, and t=t0When=0, s*r0+t*r =r0=283.Work as s=s1When=0, and t=t1When=1, s*r0+ t*r=r.So obtaining two groups of initialization data (s0, t0, r0)=(1,0,283) and (s1, t1, r)=(0,1, r).Wheel number i initialization default i=1 is recycled simultaneously.
After the completion of initialization, into loop iteration process.Successively follow the steps below:
(1) r is first determined whetheriWhether 1 is equal to, if ri=1 end loop.tiFor required multiplicative inverse, output module Export tiValue.If r1=1, then export t1=1, as required multiplicative inverse.If riNot equal to 1.Then continue following step Suddenly.
(2) circulation wheel number is incremented by.I=i+1.
(3) finite field division calculation module is called to calculate qi-1=ri-2/ri-1.I.e. by ri-2Value be assigned to dividend_a, By ri-1Value be assigned to divisor_b.Removing for loop iteration module is returned to after calling finite field division calculation module to be calculated The result Quotient that method calculates.
(4) it recalls finite field multiplier computing module and executes xor operation.
ri=ri-2-qi-1*ri-1
si=si-2-qi-1*si-1
ti=ti-2-qi-1*ti-1
Wherein ' * ' represents finite field multiplier calculating.'-' is the subtraction in finite field, and essence is still XOR operationRespectively by qi-1、si-1And qi-1、ti-1And qi-1、ri-1Three groups of data are transferred to finite field multiplier computing module and are counted It calculates, the result of finite field multiplier computing module is then passed back to loop iteration module again and carries out XOR operation.By this step Obtain new riValue.
(5) return step (1) is judged.
The above are cyclic part contents.After circulation terminates, by obtained inverse element data tiIt is sent to Affine arithmetic module. siData do not need to be transferred to aff iotane models, can be used to and tiThe Diophantine equation for meeting (formula 2) is verified whether together. The implementation flow chart of loop iteration module is as shown in Figure 4.
Five: Affine arithmetic module
Eight multiplicative inverse t of data are obtained in loop iteration modulei, using obtained multiplicative inverse as Affine arithmetic The input of module.I.e. by tiValue be assigned to a7a6a5a4a3a2a1a0
A=(a7a6a5a4a3a2a1a0) it is multiplicative inverse tiStep-by-step vector indicate, and C=(0 110001 1),Represent XOR operation.And Affine arithmetic can be indicated with following mathematic(al) representation:
Result B=(the b obtained by the Affine arithmetic7b6b5b4b3b2b1b0) it is entire byte replacement module as a result, right The result is transferred to data outputting module again afterwards.
Affine arithmetic module receives the multiplicative inverse for having calculated completion from loop iteration module.Then it is carried out affine Operation, the essence of Affine arithmetic are to carry out step-by-step or operation to the result of multiplicative inverse.
Six: data input module, data outputting module
Data input module is the input of byte replacement module, completes the importation of data.Data outputting module is defeated The replacement data obtained later with Affine arithmetic is calculated by multiplicative inverse out.
Obviously, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be pair The restriction of embodiments of the present invention.For those of ordinary skill in the art, may be used also on the basis of the above description To make other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.It is all this Made any modifications, equivalent replacements, and improvements etc., should be included in the claims in the present invention within the spirit and principle of invention Protection scope within.

Claims (3)

1. a kind of byte replacement method applied to aes algorithm, it is characterised in that: aes algorithm internal data paths are inputted number According to each byte be represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf (28) in multiplicative inverse of the input data based on irreducible function, Affine arithmetic then is carried out to obtained multiplicative inverse, is obtained Result is replaced to byte;
The Extended Euclidean Algorithm is expressed as follows:
gcd(r0, r) and=s*r0+t*r
Wherein ' * ' is finite field multiplier operation, and '+' is the add operation in finite field;gcd(r0, r) and indicate r0It is just whole with r two Several greatest common divisors, wherein r0Indicate irreducible function, r indicates finite field gf (28) any of input data, s and t For unique a pair of of the integer solution for meeting above-mentioned Euclidean algorithm equation, wherein t is that r is based on r0Multiplicative inverse, s r0Based on r Multiplicative inverse;
And the default setting is m (x)=x for irreducible function8+x4+x3+x+1;
9 ' b100011011 are represented in binary as using 9 to the coefficient of irreducible function, 9 ' b100011011 are scaled 10 systems are expressed as 283;Then finite field gf (28) in all input data and 283 greatest common divisor be 1, extend Europe at this time It is as follows that algorithmic notation is obtained in several:
s*r0+ t*r=1;
Detailed process is as follows for the calculating multiplicative inverse:
S1. two groups of data s are set0、s1With t0、t1, work as s=s0When=1, and t=t0When=0, s*r0+ t*r=r0=283;Work as s =s1When=0, and t=t1When=1, s*r0+ t*r=r;Two groups of initialization datas are obtained at this time:
(s0, t0, r0)=(1,0,283) and (s1, t1, r)=(0,1, r);
Circulation wheel number is set at this time as i and i is enabled to be initialized as 1;
S2. judge that i-th circulates in finite field gf (28) in choose input data riWhether 1 is equal to, if ri=1 terminates Circulation, with riCorresponding tiIt is no to then follow the steps S3 for required multiplicative inverse;
S3. i=i+1 is enabled;
S4. by ri-2、ri-1The bit wide of highest order carries out potential difference calculating, wherein ri-1、ri-2Respectively (i-1)-th time, the i-th -2 times circulations The input data of selection, if ri-2Bit wide be less than ri-1Bit wide, then export enable signal value be low level, then execute Step S6;If ri-2Bit wide be greater than ri-1Bit wide, then exporting enable signal value is high level, and exports ri-2、ri-1's Potential difference dif, and execute step S5;
S5. following operation is executed:
Tmp=ri-1<<dif;
ri-2=ri-2⊕tmp;
Quotient=Quotient ⊕ { 9 ' b1 < < dif };
Quotient indicates ri-2Divided by ri-1Result;Wherein ' < < ' indicate shift left operation, ' ⊕ ' indicates XOR operation;
Then step S4 is executed;
S6. Quotient is exported;
S7. following operation is executed:
ri=ri-2-Quotient*ri-1
si=si-2-Quotient*si-1
ti=ti-2-Quotient*ti-1
Wherein '-' is the subtraction in finite field,;si-2And ti-2、si-1And ti-1Respectively ri-2、ri-1Satisfaction seeks condition S and t intermediate iteration parameter;
S8. return step S2.
2. the byte replacement method according to claim 1 applied to aes algorithm, it is characterised in that: the Affine arithmetic Detailed process is as follows:
If
Then Affine arithmetic is expressed as follows:
WhereinIndicate that byte replaces result.
3. a kind of system of the byte replacement method according to claim 1 or claim 2 applied to aes algorithm, it is characterised in that: packet Include potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and Affine arithmetic mould Block;
Wherein potential difference computing module is used for ri-2、ri-1The bit wide of highest order carries out potential difference calculating, and according to calculated result, output Enable signal value and potential difference dif;
Finite field division calculation module is for calculating and exporting Quotient;
Finite field multiplier computing module is for calculating Quotient*ri-1、Quotient*si-1And Quotient*ti-1
Loop iteration module is for calculating ri、siAnd ti, and judge riWhether 1 is equal to, by t if being equal to 1iIt exports to Affine arithmetic Otherwise module enables i=i+1;
Affine arithmetic module is used for tiAffine arithmetic is carried out, byte is obtained and replaces result.
CN201511020097.3A 2015-12-28 2015-12-28 A kind of byte replacement method and system applied to aes algorithm Active CN105577362B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511020097.3A CN105577362B (en) 2015-12-28 2015-12-28 A kind of byte replacement method and system applied to aes algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511020097.3A CN105577362B (en) 2015-12-28 2015-12-28 A kind of byte replacement method and system applied to aes algorithm

Publications (2)

Publication Number Publication Date
CN105577362A CN105577362A (en) 2016-05-11
CN105577362B true CN105577362B (en) 2019-04-26

Family

ID=55887081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511020097.3A Active CN105577362B (en) 2015-12-28 2015-12-28 A kind of byte replacement method and system applied to aes algorithm

Country Status (1)

Country Link
CN (1) CN105577362B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958458B (en) * 2019-11-25 2022-03-08 李小平 Digital image encryption method and image decryption method based on modular inverse operation
CN111404943B (en) * 2020-03-18 2021-10-26 腾讯科技(深圳)有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938349A (en) * 2010-10-01 2011-01-05 北京航空航天大学 S box applicable to hardware realization and circuit realization method thereof
CN102006161A (en) * 2010-12-02 2011-04-06 北京航空航天大学 Nonlinear transformation method for symmetric key encryption and implementation method thereof
CN103199999A (en) * 2012-01-06 2013-07-10 上海华虹集成电路有限责任公司 Rapid universal method of module reduction in two-element field

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938349A (en) * 2010-10-01 2011-01-05 北京航空航天大学 S box applicable to hardware realization and circuit realization method thereof
CN102006161A (en) * 2010-12-02 2011-04-06 北京航空航天大学 Nonlinear transformation method for symmetric key encryption and implementation method thereof
CN103199999A (en) * 2012-01-06 2013-07-10 上海华虹集成电路有限责任公司 Rapid universal method of module reduction in two-element field

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于FPGA的AES加密系统设计";刘维杰;《中国优秀硕士学位论文全文数据库(电子期刊)》;20120815;17-20

Also Published As

Publication number Publication date
CN105577362A (en) 2016-05-11

Similar Documents

Publication Publication Date Title
CN106788974B (en) Mask S box, grouping key calculation unit, device and corresponding construction method
CN106850221B (en) Information encryption and decryption method and device
US7899190B2 (en) Security countermeasures for power analysis attacks
CN113940028B (en) Method and device for realizing white box password
US20120170739A1 (en) Method of diversification of a round function of an encryption algorithm
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
US11606189B2 (en) Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm
CN109617671B (en) Encryption and decryption methods, encryption and decryption devices, expansion methods, encryption and decryption systems and terminal
CN103634101A (en) Encryption processing method and encryption processing equipment
CN110311771B (en) SM4 encryption and decryption method and circuit
Cao et al. Related-key differential cryptanalysis of the reduced-round block cipher GIFT
Zong et al. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256
CN105577362B (en) A kind of byte replacement method and system applied to aes algorithm
Liu et al. WARX: efficient white-box block cipher based on ARX primitives and random MDS matrix
CN112564890B (en) Method, device, processor and electronic equipment for accelerating SM4 algorithm
Orhanou et al. SNOW 3G stream cipher operation and complexity study
CN111314054B (en) Lightweight ECEG block cipher realization method, system and storage medium
Luo et al. Optimization of AES-128 encryption algorithm for security layer in zigbee networking of internet of things
CN111478766B (en) Method, device and storage medium for realizing block cipher MEG
Misra et al. A New Encryption/Decryption Approach Using AES
CN101958790A (en) Encryption or decryption method of wireless communication network digital information
Murtaza et al. Fortification of aes with dynamic mix-column transformation
CN104753662B (en) Encryption key stream generation method based on aes algorithm
EP2363974A1 (en) Variable table masking for cryptographic processes
CN103684748B (en) Symmetric encryption and decryption method, and symmetric encryption and decryption system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant