CN105577362B - A kind of byte replacement method and system applied to aes algorithm - Google Patents
A kind of byte replacement method and system applied to aes algorithm Download PDFInfo
- Publication number
- CN105577362B CN105577362B CN201511020097.3A CN201511020097A CN105577362B CN 105577362 B CN105577362 B CN 105577362B CN 201511020097 A CN201511020097 A CN 201511020097A CN 105577362 B CN105577362 B CN 105577362B
- Authority
- CN
- China
- Prior art keywords
- finite field
- quotient
- module
- byte
- multiplicative inverse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The present invention relates to a kind of byte replacement methods applied to aes algorithm, it is characterised in that: each byte of aes algorithm internal data paths input data is represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf (28) in multiplicative inverse of the input data based on irreducible function, Affine arithmetic then is carried out to obtained multiplicative inverse, obtains byte replacement result.Alternative provided by the invention seeks multiplicative inverse by Extended Euclidean Algorithm, then multiplicative inverse is subjected to Affine arithmetic to realize the byte replacement function in aes algorithm, compared with prior art, logical resource, and the working frequency of effectively lifting system can be saved to greatest extent.
Description
Technical field
The invention belongs to wireless communication chips media access control (Media Access Control, MAC) layers to encrypt skill
Art field is more particularly related in Advanced Encryption Standard (AdvancedEncryptStandard, AES) algorithm in finite field
GF(28) in realize byte replacement method.
Background technique
In October, 2000, U.S. government announce that the Rijndael of selection two Belgian cryptologist joint inventions is calculated
Method is as Advanced Encryption Standard (AES) of new generation.AES is sent out by National Institute of Standards and Technology on November 26th, 2001
It is distributed in FIPSPUB197, and formal effectively on May 26th, 2002.Rijndael algorithm is because its safety, performance be good, efficiency
High, practical, the good feature of flexibility and be finally selected as AES, as data encryption standards of new generation.AES has been at present
Adopted by some International Organization for standardization (ISO, IETF, IEEE802.11i etc.) as standard.
AES is widely used in every field as data encryption standards of new generation.In wireless network application aspect,
The opening of wireless communication channel, which to communicate, becomes higher to the requirement of safety.Currently, there are two main in the world
Wireless network international standard: first is that the IEEE802.11 agreement (Wi-Fi) of WLAN;Second is that the IEEE802.16 agreement of WMAN
(WiMAX).Although the two agreements have selected RC4 and DES (Data Encryption Standard) at formulation initial stage respectively
As security mechanism used, but with information security development need and consider safe reason, AES gradually replaces RC4
And DES.In addition to this, some other radio network technique also all uses AES, is used for encryption data safe transmission.
For cryptography encryption technology on the strategy of key, cipher system can be divided into DSE arithmetic and asymmetric close
Code system.AES encryption algorithm belongs to DSE arithmetic, plays an important role in information security, there is following advantages:
(1) it is fast to encrypt and decrypt speed, has very high data throughput, is realized convenient for software and hardware;
(2) ciphertext is identical with length of the plaintext;
(3) its algorithm security performance is able to maintain good safety under existing attack.
From AES is proposed, lot of domestic and international scholar expert has carried out every research to it.Wherein, a part is ground
Study carefully the attack pattern and analysis method for focusing on AES, a part of then the optimization and application of primary study AES, the purpose of the latter are
In order to be better balanced AES hardware realization specifically design in area and speed.There are two types of the implementations of aes algorithm: software
Mode and hardware mode.Software realization speed is slow, and there are security risks.The hardware realization of AES can provide strong security,
Flexibility and high efficiency, therefore AES high-performance hardware is implemented as research emphasis.
Summary of the invention
The invention proposes a kind of byte replacement method applied to aes algorithm, this method is calculated by extension Euclid
Method seeks multiplicative inverse, multiplicative inverse is then carried out Affine arithmetic to realize the byte replacement function in aes algorithm, and existing
There is technology to compare, logical resource, and the working frequency of effectively lifting system can be saved to greatest extent.
To realize the above goal of the invention, the technical solution adopted is that:
A kind of byte replacement method applied to aes algorithm, by each word of aes algorithm internal data paths input data
Section is represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf (28) in input
Then multiplicative inverse of the data based on irreducible function carries out Affine arithmetic to obtained multiplicative inverse, obtain byte replacement
As a result.
In above scheme, by GF (28) in multiplicative inverse be used as byte replacement advantage be the provision of the non-thread of height
Property, cut-off up to the present known most strong analytical attack can be resisted.And Affine arithmetic destroys the algebra knot of finite field
Structure further can effectively resist the attack of the multiplicative inverse for finite field.
Preferably, the Extended Euclidean Algorithm is expressed as follows:
gcd(r0, r) and=s*r0+t*r
Wherein ' * ' is finite field multiplier operation, and '+' is the add operation in finite field;gcd(r0, r) and indicate r0With r two
The greatest common divisor of positive integer, wherein r0Indicate irreducible function, r indicates finite field gf (28) any of input data,
S and t is unique a pair of of the integer solution for meeting above-mentioned Euclidean algorithm equation, and wherein t is that r is based on r0Multiplicative inverse, s r0
Multiplicative inverse based on r;
And the default setting is m (x)=x for irreducible function8+x4+x3+x+1;
9 ' b100011011 are represented in binary as using 9 to the coefficient of irreducible function, 9 ' b100011011 are changed
Calculate is that 10 systems are expressed as 283;Then finite field gf (28) in all input data and 283 greatest common divisor be 1, expand at this time
Exhibition Euclidean algorithm is expressed as follows:
s*r0+ t*r=1;
Detailed process is as follows for the calculating multiplicative inverse:
S1. two groups of data s are set0、s1With t0、t1, work as s=s0When=1, and t=t0When=0, s*r0+ t*r=r0=283;
Work as s=s1When=0, and t=t1When=1, s*r0+ t*r=r;Two groups of initialization datas are obtained at this time:
(s0, t0, r0)=(1,0,283) and (s1, t1, r)=(0,1, r);
Circulation wheel number is set at this time as i and i is enabled to be initialized as 1;
S2. judge that i-th circulates in finite field gf (28) in choose input data riWhether 1 is equal to, if ri=1
End loop, with riCorresponding tiIt is no to then follow the steps S3 for required multiplicative inverse;
S3. i=i+1 is enabled;
S4. by ri-2、ri-1The bit wide of highest order carries out potential difference calculating, wherein ri-1、ri-2Respectively (i-1)-th time, the i-th -2 times
The input data chosen is recycled, if ri-2Bit wide be less than ri-1Bit wide, then export enable signal value be low level, then
Execute step S6;If ri-2Bit wide be greater than ri-1Bit wide, then exporting enable signal value is high level, and exports ri-2、
ri-1Potential difference dif, and execute step S5;
S5. following operation is executed:
Tmp=ri-1< < dif;
Wherein ' < < ' indicate shift left operation,Indicate XOR operation;
Then step S4 is executed;
S6. Quotient is exported;
S7. following operation is executed:
ri=ri-2-Quotient*ri-1;
si=si-2-Quotient*si-1;
ti=ti-2-Quotient*ti-1;
Wherein '-' is the subtraction in finite field,;si-2And ti-2、si-1And ti-1Respectively ri-2、ri-1Satisfaction is sought
The intermediate iteration parameter of the s and t of condition;
S8. return step S2.
Preferably, detailed process is as follows for the Affine arithmetic:
If
Then Affine arithmetic is expressed as follows:
WhereinIndicate that byte replaces result.
Meanwhile the present invention also provides a kind of system according to the above method, concrete scheme is as follows:
Including potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and
Affine arithmetic module;
Wherein potential difference computing module is used for ri-2、ri-1The bit wide of highest order carries out potential difference calculating, and according to calculated result,
Export enable signal value and potential difference dif;
Finite field division calculation module is for calculating and exporting Quotient;
Finite field multiplier computing module is for calculating qi-1*ri-1、qi-1*si-1And qi-1*ti-1;
Loop iteration module is for calculating ri、siAnd ti, and judge riWhether 1 is equal to, by t if being equal to 1iIt exports to affine
Otherwise computing module enables i=i+1;
Affine arithmetic module is used for tiAffine arithmetic is carried out, byte is obtained and replaces result.
Compared with prior art, the beneficial effects of the present invention are:
Alternative provided by the invention seeks multiplicative inverse by Extended Euclidean Algorithm, then by multiplicative inverse
Affine arithmetic is carried out to realize the byte replacement function in aes algorithm, compared with prior art, can save and patrol to greatest extent
Collect resource, and the working frequency of effectively lifting system.
Detailed description of the invention
The structural schematic diagram of the system of Fig. 1 application replacement method.
The implementation diagram of Fig. 2 potential difference computing module.
The implementation diagram of Fig. 3 finite field division calculation module.
The operating process schematic diagram of Fig. 4 loop iteration module.
Specific embodiment
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;
Below in conjunction with drawings and examples, the present invention is further elaborated.
Embodiment 1
Aes algorithm uses Square (rectangular) algorithm structure of block cipher, is iterated operation to round function.Encryption and decryption
In the process other than last wheel, every wheel is carried out identical operation.The round function (wheel unit) of ciphering process includes: byte generation
Change (SubBytes), row displacement (ShiftRows), column mixing (MixColumns) and round key exclusive or (AddRoundkey) four
Kind basic operation;AES decrypting process round function includes: Retrograde transposition (InvShiftRows), inverse byte substitution
(InvSubBytes), round key exclusive or (AddRoundKey) and inverse column mixing (InvMixColumns) four kinds of basic operations.Solution
During close round function respectively operate be ciphering process inverse operation, but operation order is different from ciphering process.Wherein, round key is different
Or round key used is obtained by cipher key spreading.In ciphering process, cipher key spreading can provide encryption in real time for cryptographic operation
After round key;And in decrypting process, it needs first to carry out cipher key spreading, after generating each wheel decryption round key, then operation is decrypted.
Wherein, decryption round key is that backward uses encryption round key.
In aes algorithm, row displacement, column mixing, these three modules of round key exclusive or are by a relatively simple.What is occupied patrols
It is also less to collect resource.Byte replacement module is unique nonlinear transformation module in aes algorithm, if byte replacement module using
S box is tabled look-up if transformation (S-box), and method is also relatively simple.S box look-up table (S-box) is that displacement is finished writing on preparatory ROM
Address, by read ROM on address, write data into RAM, then sequentially read data.This hardware implementation method letter
It is single, but cost is that a large amount of ROM resources are depleted, and it is larger to integrate area.
In the AES design of 128 byte of high speed, 16 S-box modules in total and 16 inverse S-box moulds are generally required
Block.Wherein, the function that 16 S-box modules substitute for realizing byte, 4 S-box for realizing cipher key spreading function, and
16 inverse S-box modules are for realizing inverse byte alternative functions.In this case, if byte substitution and inverse byte substitute
Using different lists, a large amount of hardware resource will be occupied.So being highly desirable to a kind of method for reducing hardware complexity.
In aes algorithm, data manipulation carries out in state matrix, and wherein state matrix is the two dimension using byte as element
Matrix.Byte substitution is that each byte of state matrix is transformed to another byte.It passes through each byte of input
A series of operation is converted to another byte.Length is that the state matrix of 128 bits is as shown in table 1.
1 length of table is the state matrix of 128 bits
A0,0 | A0,1 | A0,2 | A0,3 |
A1,0 | A1,1 | A1,2 | A1,3 |
A2,0 | a2.1 | A2,2 | A2,3 |
A3,0 | A3,1 | A3,2 | A3,3 |
Each of state matrix element can indicate with 8 bits, the present embodiment a7a6a5a4a3a2ala0
Indicate each value in table, a7It is most significant bit, a0It is least significant bit.
Exhausted big several layers of AES can all use Galois field operations, and Galois Field is otherwise known as finite field, it refers to possessing
The set of limited element can carry out adding, subtract, multiplies, inverse operation inside this set.It include 256 members in aes algorithm
The finite field of element can be expressed as GF (28).The reason of selecting this finite field is that each element in the domain can use one
A byte representation.In byte replacement and in Mixcolumn transformation, each byte of internal data paths is represented as by AES
GF(28) in an element, and utilize the arithmetical operation operation data in this finite field.
By GF (28) in inverse element be used as byte substitution layer core function advantage be that it provides the non-thread of height
Property, cut-off up to the present known most strong analytical attack can be resisted.And Affine arithmetic destroys the algebra of Galois Field
Structure further can effectively resist the attack for Galois Field multiplicative inverse.
As shown in Figure 1, the quick AES encryption algorithm framework of the invention based on loop iteration method includes that potential difference calculates mould
Block, finite field division calculation module, finite field multiplier computing module, loop iteration module, Affine arithmetic module, data input mould
Block and data outputting module.
Each functional module is described in detail with reference to the accompanying drawing:
One: potential difference computing module
The major function of potential difference computing module is to carry out potential difference calculating to two input datas.Data input module is defeated first
Enter two data Data_a and Data_b, then calculates the highest order of two input datas by bit wide judgment module respectively
Bit wide a_bit and b_bit.Then determine whether the bit wide a_bit of Data_a is greater than the bit wide b_bit of Data_b again, if a_bit
Less than b_bit, then exporting enable signal value is low level, indicates that the difference of bit wide is negative, for polynomial division module
Speech, the mark which terminates is exactly the difference of bit wide less than 0.If the bit wide of Data_a is greater than the bit wide of Data_b, output makes
Energy signal value is high level, indicates that the difference of bit wide is positive, and export the potential difference dif of Data_a and Data_b.Potential difference calculates
The implementation diagram of module is as shown in Figure 2.
Two: finite field division calculation module
The process is a loop iteration process in the algorithm.For the module two input data dividend_a and
Divisor_b, first calling potential difference computing module.Then again to call tentiometer calculate the obtained enable signal value of module into
Row judgement.If the enable signal value received is low level, terminate the calculating of the module, exports operation result
Quotient;If the enable signal value received is high level, continue following operation.
For two input datas dividend_a and divisor_b, the potential difference of the two is obtained by potential difference computing module
For dif.Then it follows the steps below respectively.
Tmp=divisor_b < < dif
In the above operation, ' < < ' indicate shift left operation,Indicate XOR operation, ' 9 ' b1 ' are described often in hardware language
The method of amount, ' 9 ' bit wides for representing digital constant are 9, and ' b ' represents the describing mode of digital constant as binary system
(binary), ' 1 ' specific value for representing digital constant.The purpose for updating dividend_a value is: constantly reducing
Until its bit wide is less than or equal to the bit wide of divisor_b, be just able to satisfy tentiometer calculation module terminates the bit wide of dividend_a
Condition.And the essence of multiplication, division arithmetic is exactly shift operation.So (formula 5) constantly carries out displacement fortune using potential difference dif
It calculates.After carrying out with last round of operation, continue that potential difference computing module is called to input new data dividend_a and former data
Divisor_b obtains new potential difference as a result, carrying out positive negative judgement to it again, until the enable signal of potential difference computing module transmitting
Until value is low level, the 9 bit Quotient of result of division calculation is exported, Quotient is transferred to circulation
Iteration module.The implementation process figure of finite field division calculation module is as shown in Figure 3.
Three: finite field multiplier computing module
Traditional multiplier can be using the method for shifting cumulative addition summation.But add operation is equal in finite field
XOR operation, compared with traditional multiplier, polynomial multiplication calculator is using the method for shifting exclusive or.To what is received
Data A and B carries out finite field multiplier operation, and the essence of operation is displacement phase exclusive or.Then the result of calculating is passed to
Loop iteration module.
Four: loop iteration module
Loop iteration module is the nucleus module of this patent design, and main purpose is to calculate GF (28) domain interior element
Multiplicative inverse.The multiplicative inverse of real number field is mathematically calculated frequently with Extended Euclidean Algorithm.The design of this patent is basis
Extended Euclidean Algorithm in real number field calculates the process of multiplicative inverse, in GF (28) carry out corresponding transformation in domain and acquire to multiply
Method inverse element.
In Extended Euclidean Algorithm, there is following Diophantine equation
gcd(r0, r) and=s*r0+ t*r (formula 1)
The principle of multiplicative inverse is sought according to Extended Euclidean Algorithm, which can be used to ask in GF (28) domain
Middle r is based on r0Multiplicative inverse.Required multiplicative inverse is the integer solution for meeting the parameter t of (formula 1) equation.If seeking GF
(28) r in domain0Multiplicative inverse based on r, as a result meeting the integer solution of the parameter s of equation.gcd(r0, r) and it is to seek r0With r two
The greatest common divisor (gcd, greatest common divisor, greatest common divisor) of a positive integer.The process entirely calculated is
The process of one loop iteration.It requires in aes algorithm in GF (28) multiplication of the input data based on irreducible function in domain
Inverse element.In GF (28) in domain, irreducible function the default setting is
M (x)=x8+x4+x3+x+1
Polynomial coefficient is represented in binary as 9 ' b100011011 (method that constant is described in hardware, number with 9
' 9 ' represent digital bit wide, and ' b ', which represents the system of number, indicates digital specific value as 2 systems, ' 100011011 ').By 9 '
It is 283 that b100011011, which is converted into 10 systems,.Namely by finite field gf (28) ask multiplication inverse based on irreducible function in domain
The problem of member is converted in finite field gf (28) multiplicative inverse based on decimal number 283 is sought in domain.In GF (28) all in domain
The decimal number 283 that number (0-255) and irreducible function coefficient indicate is irreducible, i.e., 283 and GF (28) any number in domain
Greatest common divisor is 1.According to the Diophantine equation of (formula 1), because being in GF (28) ask based on decimal number 283 in domain
Multiplicative inverse.So the r in setting (formula 1) equation0=283, r are GF (28) any one data to be replaced in domain.Meet
The parameter t of equation is that r is based on r0Multiplicative inverse.Because of 283 and GF (28) greatest common divisor of any number is 1 in domain, institute
With gcd (r in Diophantine equation equation0, r)=1.The Diophantine equation is actually to seek the equation for meeting following condition.
s*r0+ t*r=1 (formula 2)
Multiplicative inverse is sought according to the equation of (formula 2).Whether there is or not array solutions by the s and t of satisfaction (formula 2) equation.But meet (public
Formula 2) integer solution of s and t of equation has and only one group.Seeking multiplicative inverse is exactly the integer for seeking the t of satisfaction (formula 2) equation
Solution.Unlike calculating multiplicative inverse in real number field, the multiplying used in (formula 2) ' * ' is finite field multiplier fortune
It calculates, rather than common ordinary multiplications calculate.For the add operation in finite field, (its essence is just for add operation '+' in (formula 2)
It is XOR operation ' ⊕ '), rather than common common add operation.
Firstly, carrying out initialization procedure.Set two groups of data s0、s1With t0、t1, circulation wheel number is set as i.It is initializing
Initiation parameter is set in the process, for multinomial s*r0For+t*r, work as s=s0When=1, and t=t0When=0, s*r0+t*r
=r0=283.Work as s=s1When=0, and t=t1When=1, s*r0+ t*r=r.So obtaining two groups of initialization data (s0, t0,
r0)=(1,0,283) and (s1, t1, r)=(0,1, r).Wheel number i initialization default i=1 is recycled simultaneously.
After the completion of initialization, into loop iteration process.Successively follow the steps below:
(1) r is first determined whetheriWhether 1 is equal to, if ri=1 end loop.tiFor required multiplicative inverse, output module
Export tiValue.If r1=1, then export t1=1, as required multiplicative inverse.If riNot equal to 1.Then continue following step
Suddenly.
(2) circulation wheel number is incremented by.I=i+1.
(3) finite field division calculation module is called to calculate qi-1=ri-2/ri-1.I.e. by ri-2Value be assigned to dividend_a,
By ri-1Value be assigned to divisor_b.Removing for loop iteration module is returned to after calling finite field division calculation module to be calculated
The result Quotient that method calculates.
(4) it recalls finite field multiplier computing module and executes xor operation.
ri=ri-2-qi-1*ri-1
si=si-2-qi-1*si-1
ti=ti-2-qi-1*ti-1
Wherein ' * ' represents finite field multiplier calculating.'-' is the subtraction in finite field, and essence is still XOR operationRespectively by qi-1、si-1And qi-1、ti-1And qi-1、ri-1Three groups of data are transferred to finite field multiplier computing module and are counted
It calculates, the result of finite field multiplier computing module is then passed back to loop iteration module again and carries out XOR operation.By this step
Obtain new riValue.
(5) return step (1) is judged.
The above are cyclic part contents.After circulation terminates, by obtained inverse element data tiIt is sent to Affine arithmetic module.
siData do not need to be transferred to aff iotane models, can be used to and tiThe Diophantine equation for meeting (formula 2) is verified whether together.
The implementation flow chart of loop iteration module is as shown in Figure 4.
Five: Affine arithmetic module
Eight multiplicative inverse t of data are obtained in loop iteration modulei, using obtained multiplicative inverse as Affine arithmetic
The input of module.I.e. by tiValue be assigned to a7a6a5a4a3a2a1a0。
A=(a7a6a5a4a3a2a1a0) it is multiplicative inverse tiStep-by-step vector indicate, and C=(0 110001
1),Represent XOR operation.And Affine arithmetic can be indicated with following mathematic(al) representation:
Result B=(the b obtained by the Affine arithmetic7b6b5b4b3b2b1b0) it is entire byte replacement module as a result, right
The result is transferred to data outputting module again afterwards.
Affine arithmetic module receives the multiplicative inverse for having calculated completion from loop iteration module.Then it is carried out affine
Operation, the essence of Affine arithmetic are to carry out step-by-step or operation to the result of multiplicative inverse.
Six: data input module, data outputting module
Data input module is the input of byte replacement module, completes the importation of data.Data outputting module is defeated
The replacement data obtained later with Affine arithmetic is calculated by multiplicative inverse out.
Obviously, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be pair
The restriction of embodiments of the present invention.For those of ordinary skill in the art, may be used also on the basis of the above description
To make other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.It is all this
Made any modifications, equivalent replacements, and improvements etc., should be included in the claims in the present invention within the spirit and principle of invention
Protection scope within.
Claims (3)
1. a kind of byte replacement method applied to aes algorithm, it is characterised in that: aes algorithm internal data paths are inputted number
According to each byte be represented as finite field gf (28) in an element, use Extended Euclidean Algorithm calculate finite field gf
(28) in multiplicative inverse of the input data based on irreducible function, Affine arithmetic then is carried out to obtained multiplicative inverse, is obtained
Result is replaced to byte;
The Extended Euclidean Algorithm is expressed as follows:
gcd(r0, r) and=s*r0+t*r
Wherein ' * ' is finite field multiplier operation, and '+' is the add operation in finite field;gcd(r0, r) and indicate r0It is just whole with r two
Several greatest common divisors, wherein r0Indicate irreducible function, r indicates finite field gf (28) any of input data, s and t
For unique a pair of of the integer solution for meeting above-mentioned Euclidean algorithm equation, wherein t is that r is based on r0Multiplicative inverse, s r0Based on r
Multiplicative inverse;
And the default setting is m (x)=x for irreducible function8+x4+x3+x+1;
9 ' b100011011 are represented in binary as using 9 to the coefficient of irreducible function, 9 ' b100011011 are scaled
10 systems are expressed as 283;Then finite field gf (28) in all input data and 283 greatest common divisor be 1, extend Europe at this time
It is as follows that algorithmic notation is obtained in several:
s*r0+ t*r=1;
Detailed process is as follows for the calculating multiplicative inverse:
S1. two groups of data s are set0、s1With t0、t1, work as s=s0When=1, and t=t0When=0, s*r0+ t*r=r0=283;Work as s
=s1When=0, and t=t1When=1, s*r0+ t*r=r;Two groups of initialization datas are obtained at this time:
(s0, t0, r0)=(1,0,283) and (s1, t1, r)=(0,1, r);
Circulation wheel number is set at this time as i and i is enabled to be initialized as 1;
S2. judge that i-th circulates in finite field gf (28) in choose input data riWhether 1 is equal to, if ri=1 terminates
Circulation, with riCorresponding tiIt is no to then follow the steps S3 for required multiplicative inverse;
S3. i=i+1 is enabled;
S4. by ri-2、ri-1The bit wide of highest order carries out potential difference calculating, wherein ri-1、ri-2Respectively (i-1)-th time, the i-th -2 times circulations
The input data of selection, if ri-2Bit wide be less than ri-1Bit wide, then export enable signal value be low level, then execute
Step S6;If ri-2Bit wide be greater than ri-1Bit wide, then exporting enable signal value is high level, and exports ri-2、ri-1's
Potential difference dif, and execute step S5;
S5. following operation is executed:
Tmp=ri-1<<dif;
ri-2=ri-2⊕tmp;
Quotient=Quotient ⊕ { 9 ' b1 < < dif };
Quotient indicates ri-2Divided by ri-1Result;Wherein ' < < ' indicate shift left operation, ' ⊕ ' indicates XOR operation;
Then step S4 is executed;
S6. Quotient is exported;
S7. following operation is executed:
ri=ri-2-Quotient*ri-1;
si=si-2-Quotient*si-1;
ti=ti-2-Quotient*ti-1;
Wherein '-' is the subtraction in finite field,;si-2And ti-2、si-1And ti-1Respectively ri-2、ri-1Satisfaction seeks condition
S and t intermediate iteration parameter;
S8. return step S2.
2. the byte replacement method according to claim 1 applied to aes algorithm, it is characterised in that: the Affine arithmetic
Detailed process is as follows:
If
Then Affine arithmetic is expressed as follows:
WhereinIndicate that byte replaces result.
3. a kind of system of the byte replacement method according to claim 1 or claim 2 applied to aes algorithm, it is characterised in that: packet
Include potential difference computing module, finite field division calculation module, finite field multiplier computing module, loop iteration module and Affine arithmetic mould
Block;
Wherein potential difference computing module is used for ri-2、ri-1The bit wide of highest order carries out potential difference calculating, and according to calculated result, output
Enable signal value and potential difference dif;
Finite field division calculation module is for calculating and exporting Quotient;
Finite field multiplier computing module is for calculating Quotient*ri-1、Quotient*si-1And Quotient*ti-1;
Loop iteration module is for calculating ri、siAnd ti, and judge riWhether 1 is equal to, by t if being equal to 1iIt exports to Affine arithmetic
Otherwise module enables i=i+1;
Affine arithmetic module is used for tiAffine arithmetic is carried out, byte is obtained and replaces result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511020097.3A CN105577362B (en) | 2015-12-28 | 2015-12-28 | A kind of byte replacement method and system applied to aes algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511020097.3A CN105577362B (en) | 2015-12-28 | 2015-12-28 | A kind of byte replacement method and system applied to aes algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105577362A CN105577362A (en) | 2016-05-11 |
CN105577362B true CN105577362B (en) | 2019-04-26 |
Family
ID=55887081
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511020097.3A Active CN105577362B (en) | 2015-12-28 | 2015-12-28 | A kind of byte replacement method and system applied to aes algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105577362B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110958458B (en) * | 2019-11-25 | 2022-03-08 | 李小平 | Digital image encryption method and image decryption method based on modular inverse operation |
CN111404943B (en) * | 2020-03-18 | 2021-10-26 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938349A (en) * | 2010-10-01 | 2011-01-05 | 北京航空航天大学 | S box applicable to hardware realization and circuit realization method thereof |
CN102006161A (en) * | 2010-12-02 | 2011-04-06 | 北京航空航天大学 | Nonlinear transformation method for symmetric key encryption and implementation method thereof |
CN103199999A (en) * | 2012-01-06 | 2013-07-10 | 上海华虹集成电路有限责任公司 | Rapid universal method of module reduction in two-element field |
-
2015
- 2015-12-28 CN CN201511020097.3A patent/CN105577362B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938349A (en) * | 2010-10-01 | 2011-01-05 | 北京航空航天大学 | S box applicable to hardware realization and circuit realization method thereof |
CN102006161A (en) * | 2010-12-02 | 2011-04-06 | 北京航空航天大学 | Nonlinear transformation method for symmetric key encryption and implementation method thereof |
CN103199999A (en) * | 2012-01-06 | 2013-07-10 | 上海华虹集成电路有限责任公司 | Rapid universal method of module reduction in two-element field |
Non-Patent Citations (1)
Title |
---|
"基于FPGA的AES加密系统设计";刘维杰;《中国优秀硕士学位论文全文数据库(电子期刊)》;20120815;17-20 |
Also Published As
Publication number | Publication date |
---|---|
CN105577362A (en) | 2016-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106788974B (en) | Mask S box, grouping key calculation unit, device and corresponding construction method | |
CN106850221B (en) | Information encryption and decryption method and device | |
US7899190B2 (en) | Security countermeasures for power analysis attacks | |
CN113940028B (en) | Method and device for realizing white box password | |
US20120170739A1 (en) | Method of diversification of a round function of an encryption algorithm | |
CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
US11606189B2 (en) | Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm | |
CN109617671B (en) | Encryption and decryption methods, encryption and decryption devices, expansion methods, encryption and decryption systems and terminal | |
CN103634101A (en) | Encryption processing method and encryption processing equipment | |
CN110311771B (en) | SM4 encryption and decryption method and circuit | |
Cao et al. | Related-key differential cryptanalysis of the reduced-round block cipher GIFT | |
Zong et al. | Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256 | |
CN105577362B (en) | A kind of byte replacement method and system applied to aes algorithm | |
Liu et al. | WARX: efficient white-box block cipher based on ARX primitives and random MDS matrix | |
CN112564890B (en) | Method, device, processor and electronic equipment for accelerating SM4 algorithm | |
Orhanou et al. | SNOW 3G stream cipher operation and complexity study | |
CN111314054B (en) | Lightweight ECEG block cipher realization method, system and storage medium | |
Luo et al. | Optimization of AES-128 encryption algorithm for security layer in zigbee networking of internet of things | |
CN111478766B (en) | Method, device and storage medium for realizing block cipher MEG | |
Misra et al. | A New Encryption/Decryption Approach Using AES | |
CN101958790A (en) | Encryption or decryption method of wireless communication network digital information | |
Murtaza et al. | Fortification of aes with dynamic mix-column transformation | |
CN104753662B (en) | Encryption key stream generation method based on aes algorithm | |
EP2363974A1 (en) | Variable table masking for cryptographic processes | |
CN103684748B (en) | Symmetric encryption and decryption method, and symmetric encryption and decryption system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |