CN109951273A - A kind of SM4 algorithm whitepack implementation method and device - Google Patents

A kind of SM4 algorithm whitepack implementation method and device Download PDF

Info

Publication number
CN109951273A
CN109951273A CN201910381849.0A CN201910381849A CN109951273A CN 109951273 A CN109951273 A CN 109951273A CN 201910381849 A CN201910381849 A CN 201910381849A CN 109951273 A CN109951273 A CN 109951273A
Authority
CN
China
Prior art keywords
transformation
bits
output
wheel
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910381849.0A
Other languages
Chinese (zh)
Other versions
CN109951273B (en
Inventor
廖正赟
刘熙胖
刘长河
梁松涛
孙晓鹏
雷宇龙
武宗品
刘武忠
彭金辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201910381849.0A priority Critical patent/CN109951273B/en
Publication of CN109951273A publication Critical patent/CN109951273A/en
Application granted granted Critical
Publication of CN109951273B publication Critical patent/CN109951273B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)

Abstract

The present invention provides a kind of SM4 algorithm whitepack implementation method and device.Cryptographic algorithm is obscured by the wheel scramble transformation in entrance transformation, outlet transformation and complex transformation, and round key is hidden in round function.In entrance transformation, outlet transformation and wheel scramble transformation, the mode for having used linear transformation to combine with nonlinear transformation, the program is set to be difficult to be cracked under conditions of using existing attack method, with very high safety, and the available and duplicate encryption and decryption of SM4 canonical algorithm is as a result, have good versatility.It is converted by the design of the juxtaposition of transformation and with look-up tables'implementation, this programme can more be made to have encryption process speed fast, the characteristics of high safety, be widely used in the various environment needed using SM4 algorithm.

Description

A kind of SM4 algorithm whitepack implementation method and device
Technical field
The present invention relates to information securities and cryptographic applications technical field, and in particular to a kind of SM4 algorithm whitepack realization side Method and device.
Background technique
SM4 algorithm is the grouping symmetric cryptographic algorithm of China's autonomous Design, is issued as quotient by national commercial cipher management board With block cipher canonical algorithm, the protecting data encryption being usually used under WLAN and other environment.SM4 algorithm often needs To be used in fly-by-night environment, and much using SM4 algorithm system and terminal in, there is no configure crypto chip or The hardware cryptographic module of the forms such as person's TF card, USBKey relies only on software code module to complete crypto-operation, and software adds The dynamic process of decryption is visible attacker, and key can only be also stored in user terminal local storage medium, easily quilt Attacker is stolen by some modes.
Chow et al. proposes the concept of white-box attack context, i.e., attacker is to the fully visible ring of the implementation procedure of software Border;And the whitepack cryptographic algorithm that can resist white-box attack is proposed, such as AES whitepack algorithm and DES whitepack algorithm.Xiao Yaying, It also proposed some SM4 whitepack algorithms to learn good, the still researchers such as training.These algorithms are hidden in key the execution of cipher software In the process, the realization process of password is indicated with look-up table, realizes the protection to algorithm secret key.But these algorithms mainly pass through Cryptographic algorithm is obscured in linear transformation, key information is hidden in a lookup table, safety is not high, is easy to pass through BGE The attack methods such as attack calculate hiding key information.Also part SM4 whitepack algorithm uses nonlinear transformation to carry out Obscure, but the essence of algorithm has occurred that change compared with standard SM4 algorithm, that is, uses the ciphertext of whitepack algorithm for encryption, it can not It is decrypted correctly by standard SM4 decipherment algorithm.Such SM4 whitepack algorithm versatility is poor, and use occasion is restricted.
In order to which safely using SM4 cryptographic algorithm, it is necessary to have high securities and versatility in environment complicated and changeable SM4 whitepack algorithm and product, and existing SM4 whitepack algorithm and product are unable to satisfy the demand of practical application.Design safety Reliably, the good SM4 algorithm whitepack implementation method of versatility and product, avoid attacker from illegally obtaining key, are current urgent need solutions Certainly the problem of.
Summary of the invention
In view of the deficiencies of the prior art, it is an object of the present invention to provide a kind of SM4 algorithm whitepack implementation method and devices, lead to It crosses using linear transformation and non-linear S box to obscure cryptographic algorithm, and is combined with look-up table, provide and fill for SM4 algorithm secret key The protection divided, makes existing attack method be difficult to crack, while making the result of SM4 algorithm whitepack implementation method and SM4 canonical algorithm It is consistent, there is good versatility.
To achieve the goals above, the technical scheme adopted by the invention is that: a kind of SM4 algorithm whitepack implementation method, It is characterized in that: the described method comprises the following steps:
S1,128 bit input data (X0,X1,X2,X3) convert to obtain 128 bit data (X by entrance0’,X1’,X2’, X3');
S2、(X0’,X1’,X2’,X3') by 32 wheel complex transformations obtain 128 bit data (X32’,X33’,X34’,X35'); The complex transformation of every wheel is combined by wheel scramble transformation and round function, if 0≤i≤31, the complex transformation of the i-th wheel In, the input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit datas (Mi,0,Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit datas Xi+4';Wherein the round key of every wheel is generated by encryption key, is hidden in the round function;
S3、(X32’,X33’,X34’,X35') by outlet transformation obtain 128 bit output data (Y of SM4 algorithm0,Y1, Y2,Y3);
Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3、X0’、X1’、X2’、X3’、X32’、X33’、X34’、X35' and Mi,0、Mi,1、 Mi,2、Mi,3、Xi’、Xi+1’、Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;The entrance transformation, the outlet convert, are described Wheel scramble transformation and the round function are combined by linear transformation and its inverse transformation, non-linear S box and its inverse transformation.
Based on above-mentioned, setting linear transformation PjAnd its inverse transformation Pj -1, non-linear S box SkAnd its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、Pj -1、Sk、Sk -1、E、E-1It is all that 32 bits input the output of 32 bits Transformation, then:
The entrance transformation are as follows: (X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0 ()=S0(P0()), G1()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、 G2、G3It is the transformation that 32 bits input the output of 32 bits;
The outlet transformation are as follows: (Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)), S7 -1(H3(X35'))), wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1 ()), H3()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiWith round function FiIt is combined, Zi(·) =Fi(Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’, Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3(Xi+3')), it exports and is (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0,Mi,1,Mi,2,Mi,3), Output is Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bit datas, Ri,0、Ri,1、 Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1 ()), R2,3()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3 ()=E (P6 -1(·));
As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3()=E (Pi+3 -1(·));
As 0≤i≤31, the round function FiSpecifically:
T is that 32 bits are defeated The inverible transform for entering the output of 32 bits, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ by The S box that 48 parallel bits input the output of 8 bits is constituted, if the input of τ is A=(a0,a1,a2,a3), it exports as B=(b0, b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));The output B of τ is The input of L, if the output of L is C, then Its Middle A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates 32 bit cyclics N are moved to left,Indicate 32 bit exclusive or.
Based on above-mentioned, the round function FiIt is realized by searching for the form of table, wherein 0≤i≤31.
Based on above-mentioned, in the entrance transformation G0、G1、G2、G3And/or the H in the outlet transformation0、H1、H2、H3, And/or the wheel scramble transformation RiIn Ri,0、Ri,1、Ri,2、Ri,3, it is realized respectively by searching for the form of table, wherein 0≤i≤ 31。
Based on above-mentioned, ciphering process is identical with decryption procedure structure, and the round key hidden in the round function used is different.
Based on above-mentioned, linear transformation E=diag (E0,E1,E2,E3), wherein E0、E1、E2、E3For 8 bits input 8 in GF (2) The reversible affine transformation of bit output.
Based on above-mentioned, the linear transformation PjAnd its inverse transformation Pj -1, linear transformation E and its inverse transformation E-1, respectively by 48 The linear transformation juxtaposition that bit inputs the output of 8 bits forms;The non-linear S box SkAnd its inverse transformation Sk -1Compared respectively by 48 The non-linear S box juxtaposition of spy's input 8 bits output forms;Wherein 0≤k≤7,0≤j≤35.
Technical solution of the present invention also provides a kind of SM4 algorithm whitepack realization device, it is characterised in that: converts including entrance single Member, complex transformation unit and outlet converter unit, the complex transformation unit respectively with the entrance converter unit and it is described go out Mouth converter unit connection;The complex transformation unit includes wheel scramble transformation module and round function module;
The entrance converter unit is by 128 bit input data (X0,X1,X2,X3) entrance transformation is carried out, obtain 128 bits Data (X0’,X1’,X2’,X3');The complex transformation unit is by (X0’,X1’,X2’,X3') 32 wheel complex transformations are carried out, it obtains 128 bit data (X32’,X33’,X34’,X35');The outlet converter unit is by (X32’,X33’,X34’,X35') carry out outlet change It changes, obtains 128 bit output data (Y of SM4 algorithm0,Y1,Y2,Y3);Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3And X0’, X1’,X2’,X3’、X32’、X33’、X34’、X35' it is 32 bit datas;
The complex transformation of every wheel is combined by wheel scramble transformation and round function, and the wheel scramble transformation is by the wheel Scramble transformation module is completed, and the round function is completed by the round function module;If 0≤i≤31, the compound change of the i-th wheel In changing, the input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit datas (Mi,0,Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit datas Xi+4';Wherein the round key of every wheel is generated by encryption key, is hidden in the round function;Mi,0、Mi,1、Mi,2、Mi,3、Xi’、 Xi+1’、Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;
Entrance transformation, the outlet convert, the wheel scramble transformation and the round function by linear transformation and its Inverse transformation, non-linear S box and its inverse transformation are combined.
Based on above-mentioned, setting linear transformation PjAnd its inverse transformation Pj -1, non-linear S box SkAnd its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、Pj -1、Sk、Sk -1、E、E-1It is all that 32 bits input the output of 32 bits Transformation, then:
The entrance transformation are as follows: (X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0 ()=S0(P0()), G1()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、 G2、G3It is the transformation that 32 bits input the output of 32 bits;
The outlet transformation are as follows: (Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)), S7 -1(H3(X35'))), wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1 ()), H3()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiWith round function FiIt is combined, Zi(·) =Fi(Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’, Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3(Xi+3')), it exports and is (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0,Mi,1,Mi,2,Mi,3), Output is Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bit datas, Ri,0、Ri,1、 Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1 ()), R2,3()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3 ()=E (P6 -1(·));
As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3()=E (Pi+3 -1(·));
As 0≤i≤31, the round function FiSpecifically:
T is 32 bits The inverible transform for inputting the output of 32 bits, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ It is made of the S box that 48 parallel bits input the output of 8 bits, if the input of τ is A=(a0,a1,a2,a3), it exports as B= (b0,b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));τ's is defeated B is the input of L out, if the output of L is C, then Wherein A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates that 32 bits follow Ring moves to left n,Indicate 32 bit exclusive or.
Based on above-mentioned, ciphering process is identical with decryption procedure structure, and the round key hidden in the round function used is different;Institute State round function FiIt is realized by searching for the form of table;G in the entrance transformation0、G1、G2、G3And/or in the outlet transformation H0、H1、H2、H3And/or the wheel scramble transformation RiIn Ri,0、Ri,1、Ri,2、Ri,3, real by searching for the form of table respectively It is existing, wherein 0≤i≤31.
The present invention has substantive features and progress compared with the prior art, specifically:
1, technical solution of the present invention provides the whitepack implementation method and device of a kind of SM4 algorithm of high security.It should Technical solution is converted by entrance, the wheel scramble transformation in outlet transformation and complex transformation obscures cryptographic algorithm, and handle Round key is hidden in round function, entrance transformation, outlet transformation and wheel scramble transformation in, used linear transformation with it is non-thread Property the mode that combines of transformation, make the program be difficult to be cracked under conditions of using existing attack method, have very high Safety.
2, technical solution of the present invention is designed by good algorithm, although using to be obscured cryptographic algorithm A variety of transformation, but offset in algorithmic procedure by its inverse transformation, it is finally available just the same with SM4 canonical algorithm Encryption and decryption as a result, have good versatility.
Although the 3, design of technical solution of the present invention algorithm complexity with higher, during realization, due to entering Look-up table can be used to realize for mouth transformation, outlet transformation and the wheel scramble transformation in complex transformation and round transformation, and right The 48 transformation juxtaposition designs gone out into 8 can be used to improve efficiency in the transformation that 32 into 32 go out, thus encryption process speed Fastly, look-up table the space occupied is small, is widely portable in the various environment needed using SM4 algorithm.
Detailed description of the invention
Fig. 1 is the flow diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 2 is the entrance shift theory block diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 3 is the outlet shift theory block diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 4 is the preceding 4 wheel complex transformation functional block diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 5 is the rear 28 wheel complex transformation functional block diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 6 is the round function functional block diagram of SM4 algorithm whitepack implementation method one embodiment of the present invention.
Fig. 7 is the functional block diagram of SM4 algorithm whitepack realization device one embodiment of the present invention.
Specific embodiment
Below by specific embodiment, technical scheme of the present invention will be described in further detail.
Embodiment 1
As shown in Figure 1, a kind of SM4 algorithm whitepack implementation method, comprising the following steps:
S1,128 bit input data (X0,X1,X2,X3) convert to obtain 128 bit data (X by entrance0’,X1’,X2’, X3');
S2、(X0’,X1’,X2’,X3') by 32 wheel complex transformations obtain 128 bit data (X32’,X33’,X34’,X35'); The complex transformation of every wheel is combined by wheel scramble transformation and round function, if 0≤i≤31, the complex transformation of the i-th wheel In, the input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit datas (Mi,0,Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit datas Xi+4';Wherein the round key of every wheel is generated by encryption key, is hidden in the round function;
S3、(X32’,X33’,X34’,X35') by outlet transformation obtain 128 bit output data (Y of SM4 algorithm0,Y1, Y2,Y3);
Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3、X0’、X1’、X2’、X3’、X32’、X33’、X34’、X35' and Mi,0、Mi,1、 Mi,2、Mi,3、Xi’、Xi+1’、Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;The entrance transformation, the outlet convert, are described Wheel scramble transformation and the round function are combined by linear transformation and its inverse transformation, non-linear S box and its inverse transformation.
Preferably, the round key in every wheel complex transformation is calculated by encryption key by the cipher key spreading in SM4 algorithm standard rules Method generates, and is hidden in the round function of the wheel.
A specific embodiment according to the present invention sets linear transformation PjAnd its inverse transformation Pj -1, non-linear S box SkAnd Its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、Pj -1、Sk、Sk -1、E、E-1All it is 32 bits input the transformation of 32 bits output;The entrance transformation is as shown in Figure 2:
(X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0()=S0(P0()), G1 ()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、G2、G3It is the input of 32 bits The transformation of 32 bits output;
Preferably, it is converted shown in 4 dotted line frames in Fig. 2, i.e. G0、G1、G2、G3, can be respectively by searching for the shape of table Formula is realized.The initial phase that look-up table can be realized in algorithm generates, and compiles generation together with other algorithm logics and can hold Style of writing part.
The outlet transformation is as shown in Figure 3:
(Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)),S7 -1(H3(X35'))), Wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1()), H3()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
Preferably, it is converted shown in 4 dotted line frames in Fig. 3, i.e. H0、H1、H2、H3, can be respectively by searching for the shape of table Formula is realized.The initial phase that look-up table can be realized in algorithm generates, and compiles generation together with other algorithm logics and can hold Style of writing part.
Complex transformation shares 32 wheels.If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiAnd round function FiIt is combined, Zi()=Fi(Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’,Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3 (Xi+3')), it exports as (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0, Mi,1,Mi,2,Mi,3), it exports as Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bits Data, Ri,0、Ri,1、Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
Preceding 4 wheel complex transformation is as shown in Figure 4.As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1 ()), R2,3()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3 ()=E (P6 -1(·));
28 wheel complex transformations are as shown in Figure 5 afterwards.As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3()=E (Pi+3 -1(·));
Preferably, it is converted shown in the dotted line frame in Fig. 4 and Fig. 5, i.e. Ri,0、Ri,1、Ri,2、Ri,3(0≤i≤31), can It is realized respectively by searching for the form of table.The initial phase that look-up table can be realized in algorithm generates, and patrols with other algorithms It collects compiling together and generates executable file.
For preceding 4 wheel complex transformation compared with rear 28 wheel complex transformation, the form of wheel scramble transformation therein is not identical.Preceding 4 Taking turns and taking turns the design of scramble transformation in complex transformation is to use R respectively from principlei,0、Ri,1、Ri,2、Ri,3Middle contained change Change P0 -1(S0 -1(·))、P1 -1(S1 -1(·))、P2 -1(S2 -1(·))、P3 -1(S3 -1()), with the G in entrance transformation0、G1、G2、 G3The transformation contained, i.e. S0(P0(·))、S1(P1(·))、S2(P2(·))、S3(P3()) operation offset.Here institute The counteracting said only is offset in principle, during actual algorithm is realized, Ri,0、Ri,1、Ri,2、Ri,3And G0、G1、G2、G3Point It does not realize, can especially be realized by searching for table as a whole.
In addition, in the H of outlet transformation0、H1、H2、H3Middle contained non-linear S box S4、S5、S6、S7, from principle, Also respectively by the S in outlet transformation4 -1、S5 -1、S6 -1、S7 -1It offsets.Similarly, during actual algorithm is realized, H0、H1、H2、 H3Also it realizes, can be especially realized by searching for table as a whole respectively.
In this way, by way of not only progress algorithm is obscured in conjunction with linear transformation nonlinear transformation, make SM4 The security protection of algorithm greatly reinforces, and makes the realization of algorithm compared with standard SM4 algorithm, and essence does not change.
Round function F in every wheel complex transformationiAs shown in Figure 6.When 0≤i≤31, the round function FiSpecifically:
T is 32 bits The inverible transform for inputting the output of 32 bits, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ It is made of the S box that 48 parallel bits input the output of 8 bits, if the input of τ is A=(a0,a1,a2,a3), it exports as B= (b0,b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));The output B of τ It is the input of L, if the output of L is C, then Wherein A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates that 32 bits follow Ring moves to left n,Indicate 32 bit exclusive or.
Preferably, round function FiIt can be realized by searching for the form of table.Preferably, in Fig. 6 shown in maximum dotted line frame Transformation, i.e.,It can be realized by searching for the form of table.The initialization that look-up table can be realized in algorithm Stage generates, and compiles generate executable file together with other algorithm logics.
In addition, 32 take turns the linear transformation P contained in complex transformations from principlei(4≤i≤35), actually All in 32 wheel complex transformations and the calculating process of outlet transformation, by Pi -1It is offset.During actual algorithm is realized, Pi With Pi -1In the transformation realized respectively by lying in as a whole, especially contained in a lookup table respectively.It is such Design, makes the realization of algorithm compared with standard SM4 algorithm, and essence does not change.
By the above process, the key information of SM4 algorithm combined closely be hidden in other words algorithm realize during, It does not need individually to be stored, safety greatly enhances.Along with being combined by linear transformation and nonlinear transformation to algorithm It is protected, the whitepack implementation is made to be difficult to be cracked, there is very high safety.
Preferably, ciphering process is identical with decryption procedure structure, and the round key hidden in the round function used is different.According to SM4 algorithm, the difference is that round key uses sequence.Round key uses sequence when encrypting are as follows: (rk0,rk1,…,rk31), Round key uses sequence when decryption are as follows: (rk31,rk30,…,rk0).Since key information is hidden in round function, so plus solution The round function that close process uses is not identical, needs to be distinguish when algorithm executes.
Preferably, linear transformation E=diag (E0,E1,E2,E3), wherein E0、E1、E2、E3For 8 bits input, 8 ratio in GF (2) The reversible affine transformation of spy's output.Diag indicates diagonal matrix.
Preferably, the linear transformation PjAnd its inverse transformation Pj -1, linear transformation E and its inverse transformation E-1, compared respectively by 48 The linear transformation juxtaposition of spy's input 8 bits output forms;The non-linear S box SkAnd its inverse transformation Sk -1Respectively by 48 bits The non-linear S box juxtaposition for inputting the output of 8 bits forms;Wherein 0≤k≤7,0≤j≤35.
PjDesign with E can be designed based on DDP structure class, and specific method is based on high order DDO structure (F32/32, F64/384) 48 linear transformations gone out into 8 are designed under the control of 32 bit random i lumber control parameters, and gone out by this 48 into 8 The juxtaposition of linear transformation designs one 32 linear transformation gone out into 32.
Operation efficiency can be improved in such design, reduces the occupied space of look-up table.
Embodiment 2
Based on inventive concept same as the above method, as shown in Fig. 2, the present embodiment is a kind of SM4 algorithm whitepack realization Device, including entrance converter unit, complex transformation unit and outlet converter unit, the complex transformation unit respectively with it is described enter Mouth converter unit is connected with the outlet converter unit;The complex transformation unit includes wheel scramble transformation module and round function mould Block;
The entrance converter unit is by 128 bit input data (X0,X1,X2,X3) entrance transformation is carried out, obtain 128 bits Data (X0’,X1’,X2’,X3');The complex transformation unit is by (X0’,X1’,X2’,X3') 32 wheel complex transformations are carried out, it obtains 128 bit data (X32’,X33’,X34’,X35');The outlet converter unit is by (X32’,X33’,X34’,X35') carry out outlet change It changes, obtains 128 bit output data (Y of SM4 algorithm0,Y1,Y2,Y3);Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3And X0’, X1’,X2’,X3’、X32’、X33’、X34’、X35' it is 32 bit datas;
The complex transformation of every wheel is combined by wheel scramble transformation and round function, and the wheel scramble transformation is by the wheel Scramble transformation module is completed, and the round function is completed by the round function module;If 0≤i≤31, the compound change of the i-th wheel In changing, the input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit datas (Mi,0,Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit datas Xi+4';Wherein the round key of every wheel is generated by encryption key, is hidden in the round function;Mi,0、Mi,1、Mi,2、Mi,3、Xi’、 Xi+1’、Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;
Entrance transformation, the outlet convert, the wheel scramble transformation and the round function by linear transformation and its Inverse transformation, non-linear S box and its inverse transformation are combined.
A specific embodiment according to the present invention sets linear transformation PjAnd its inverse transformation Pj -1, non-linear S box SkAnd Its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、Pj -1、Sk、Sk -1、E、E-1All it is 32 bits input the transformation of 32 bits output, then:
The entrance transformation are as follows: (X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0 ()=S0(P0()), G1()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、 G2、G3It is the transformation that 32 bits input the output of 32 bits;
The outlet transformation are as follows: (Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)), S7 -1(H3(X35'))), wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1 ()), H3()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiWith round function FiIt is combined, Zi(·) =Fi(Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’, Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3(Xi+3')), it exports and is (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0,Mi,1,Mi,2,Mi,3), Output is Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bit datas, Ri,0、Ri,1、 Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1 ()), R2,3()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3 ()=E (P6 -1(·));
As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3()=E (Pi+3 -1(·));
As 0≤i≤31, the round function FiSpecifically:
T is 32 bits The inverible transform for inputting the output of 32 bits, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ It is made of the S box that 48 parallel bits input the output of 8 bits, if the input of τ is A=(a0,a1,a2,a3), it exports as B= (b0,b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));The output B of τ It is the input of L, if the output of L is C, then Wherein A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates that 32 bits follow Ring moves to left n,Indicate 32 bit exclusive or.
A specific embodiment according to the present invention, ciphering process is identical with decryption procedure structure, the round function used In the round key hidden it is different;The round function FiIt is realized by searching for the form of table;G in the entrance transformation0、G1、G2、 G3And/or the H in the outlet transformation0、H1、H2、H3And/or the wheel scramble transformation RiIn Ri,0、Ri,1、Ri,2、Ri,3, point It is not realized by searching for the form of table, wherein 0≤i≤31.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent The present invention is described in detail with reference to preferred embodiments for pipe, it should be understood by those ordinary skilled in the art that: still It can modify to a specific embodiment of the invention or some technical features can be equivalently replaced, without departing from this hair The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.

Claims (10)

1. a kind of SM4 algorithm whitepack implementation method, it is characterised in that: the described method comprises the following steps:
S1,128 bit input data (X0,X1,X2,X3) convert to obtain 128 bit data (X by entrance0’,X1’,X2’,X3');
S2、(X0’,X1’,X2’,X3') by 32 wheel complex transformations obtain 128 bit data (X32’,X33’,X34’,X35');Every wheel The complex transformation be combined by wheel scramble transformation and round function, if 0≤i≤31, i-th wheel the complex transformation in, The input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit data (Mi,0, Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit data Xi+4';Its In the round key of every wheel generated by encryption key, be hidden in the round function;
S3、(X32’,X33’,X34’,X35') by outlet transformation obtain 128 bit output data (Y of SM4 algorithm0,Y1,Y2, Y3);
Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3、X0’、X1’、X2’、X3’、X32’、X33’、X34’、X35' and Mi,0、Mi,1、Mi,2、 Mi,3、Xi’、Xi+1’、Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;The entrance transformation, outlet transformation, the wheel are set Disorderly transformation and the round function are combined by linear transformation and its inverse transformation, non-linear S box and its inverse transformation.
2. SM4 algorithm whitepack implementation method according to claim 1, it is characterised in that: setting linear transformation PjAnd its inversion Change Pj -1, non-linear S box SkAnd its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、 Pj -1、Sk、Sk -1、E、E-1It is all the transformation that 32 bits input the output of 32 bits, then:
The entrance transformation are as follows: (X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0()=S0 (P0()), G1()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、G2、G3It is 32 bits input the transformation of 32 bits output;
The outlet transformation are as follows: (Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)),S7 -1 (H3(X35'))), wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1()), H3 ()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiWith round function FiIt is combined, Zi()=Fi (Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’, Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3(Xi+3')), it exports and is (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0,Mi,1,Mi,2,Mi,3), Output is Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bit datas, Ri,0、Ri,1、 Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1()), R2,3 ()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3(·) =E (P6 -1(·));
As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3(·) =E (Pi+3 -1(·));
As 0≤i≤31, the round function FiSpecifically:
Fi(Mi,0,Mi,1,Mi,2,Mi,3)=Mi,0⊕Pi+4(T(E-1(Mi,1⊕Mi,2⊕Mi,3)⊕rki)), T is a 32 bits input The inverible transform of 32 bits output, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ is by 4 The S box that a 8 parallel bits input the output of 8 bits is constituted, if the input of τ is A=(a0,a1,a2,a3), it exports as B=(b0, b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));The output B of τ is The input of L, if the output of L is C, then C=L (B)=B ⊕ (B < < < 2) ⊕ (B < < < 10) ⊕ (B < < < 18) ⊕ (B < < < 24);Wherein A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates that 32 bit cyclics are left N are moved, ⊕ indicates 32 bit exclusive or.
3. SM4 algorithm whitepack implementation method according to claim 2, it is characterised in that: the round function FiBy searching for table Form realize, wherein 0≤i≤31.
4. SM4 algorithm whitepack implementation method according to claim 2, it is characterised in that: the G in the entrance transformation0、G1、 G2、G3And/or the H in the outlet transformation0、H1、H2、H3And/or the wheel scramble transformation RiIn Ri,0、Ri,1、Ri,2、 Ri,3, realized respectively by searching for the form of table, wherein 0≤i≤31.
5. SM4 algorithm whitepack implementation method according to claim 1 or 2, it is characterised in that: ciphering process and decrypting process Structure is identical, and the round key hidden in the round function used is different.
6. SM4 algorithm whitepack implementation method according to claim 2, it is characterised in that: linear transformation E=diag (E0,E1, E2,E3), wherein E0、E1、E2、E3The reversible affine transformation of 8 bits output is inputted for 8 bits in GF (2).
7. SM4 algorithm whitepack implementation method according to claim 2, it is characterised in that: the linear transformation PjAnd its inversion Change Pj -1, linear transformation E and its inverse transformation E-1, formed respectively by the linear transformation juxtaposition that 48 bits input the output of 8 bits;Institute State non-linear S box SkAnd its inverse transformation Sk -1It is formed respectively by the non-linear S box juxtaposition that 48 bits input the output of 8 bits;Wherein 0≤k≤7,0≤j≤35.
8. a kind of SM4 algorithm whitepack realization device, it is characterised in that: including entrance converter unit, complex transformation unit and outlet Converter unit, the complex transformation unit are connect with the entrance converter unit and the outlet converter unit respectively;It is described multiple Closing converter unit includes wheel scramble transformation module and round function module;
The entrance converter unit is by 128 bit input data (X0,X1,X2,X3) entrance transformation is carried out, obtain 128 bit datas (X0’,X1’,X2’,X3');The complex transformation unit is by (X0’,X1’,X2’,X3') 32 wheel complex transformations are carried out, obtain 128 ratios Special data (X32’,X33’,X34’,X35');The outlet converter unit is by (X32’,X33’,X34’,X35') outlet transformation is carried out, it obtains To 128 bit output data (Y of SM4 algorithm0,Y1,Y2,Y3);Wherein X0、X1、X2、X3、Y0、Y1、Y2、Y3And X0’,X1’, X2’,X3’、X32’、X33’、X34’、X35' it is 32 bit datas;
The complex transformation of every wheel is combined by wheel scramble transformation and round function, and the wheel scramble transformation is by the wheel scramble Conversion module is completed, and the round function is completed by the round function module;If 0≤i≤31, in the complex transformation of the i-th wheel, The input of the wheel scramble transformation is 128 bit data (Xi’,Xi+1’,Xi+2’,Xi+3'), it exports as 128 bit data (Mi,0, Mi,1,Mi,2,Mi,3), the input of the wheel round function is (Mi,0,Mi,1,Mi,2,Mi,3), it exports as 32 bit data Xi+4';Its In the round key of every wheel generated by encryption key, be hidden in the round function;Mi,0、Mi,1、Mi,2、Mi,3、Xi’、Xi+1’、 Xi+2’、Xi+3’、Xi+4' it is 32 bit datas;
The entrance transformation, outlet transformation, the wheel scramble transformation and the round function are by linear transformation and its inversion It changes, non-linear S box and its inverse transformation are combined.
9. SM4 algorithm whitepack realization device according to claim 8, it is characterised in that: setting linear transformation PjAnd its inversion Change Pj -1, non-linear S box SkAnd its inverse transformation Sk -1, linear transformation E and its inverse transformation E-1, wherein 0≤j≤35,0≤k≤7, Pj、 Pj -1、Sk、Sk -1、E、E-1It is all the transformation that 32 bits input the output of 32 bits, then:
The entrance transformation are as follows: (X0’,X1’,X2’,X3')=(G0(X0),G1(X1),G2(X2),G3(X3)), wherein G0()=S0 (P0()), G1()=S1(P1()), G2()=S2(P2()), G3()=S3(P3()), G0、G1、G2、G3It is 32 bits input the transformation of 32 bits output;
The outlet transformation are as follows: (Y0,Y1,Y2,Y3)=(S4 -1(H0(X32’)),S5 -1(H1(X33’)),S6 -1(H2(X34’)),S7 -1 (H3(X35'))), wherein H0()=S4(P32 -1()), H1()=S5(P33 -1()), H2()=S6(P34 -1()), H3 ()=S7(P35 -1()), H0、H1、H2、H3It is the transformation that 32 bits input the output of 32 bits;
If 0≤i≤31, the i-th wheel complex transformation ZiBy wheel scramble transformation RiWith round function FiIt is combined, Zi()=Fi (Ri()), wherein ZiAnd RiThe transformation of 128 bits output is inputted for 128 bits, input is (Xi’,Xi+1’,Xi+2’, Xi+3');Ri(Xi’,Xi+1’,Xi+2’,Xi+3')=(Ri,0(Xi’),Ri,1(Xi+1’),Ri,2(Xi+2’),Ri,3(Xi+3')), it exports and is (Mi,0,Mi,1,Mi,2,Mi,3);FiThe transformation of 32 bits output is inputted for 128 bits, input is (Mi,0,Mi,1,Mi,2,Mi,3), Output is Xi+4', wherein Xi’,Xi+1’,Xi+2’,Xi+3’、Xi+4’、Mi,0、Mi,1、Mi,2、Mi,3It is 32 bit datas, Ri,0、Ri,1、 Ri,2、Ri,3The transformation of 32 bits output is inputted for 32 bits;
As 0≤i≤3, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
R0,0()=P4(P0 -1(S0 -1())), R0,1()=E (P1 -1(S1 -1())), R0,2()=E (P2 -1(S2 -1 ())), R0,3()=E (P3 -1(S3 -1(·)));
R1,0()=P5(P1 -1(S1 -1())), R1,1()=E (P2 -1(S2 -1())), R1,2()=E (P3 -1(S3 -1 ())), R1,3()=E (P4 -1(·));
R2,0()=P6(P2 -1(S2 -1())), R2,1()=E (P3 -1(S3 -1())), R2,2()=E (P4 -1()), R2,3 ()=E (P5 -1(·));
R3,0()=P7(P3 -1(S3 -1())), R3,1()=E (P4 -1()), R3,2()=E (P5 -1()), R3,3(·) =E (P6 -1(·));
As 4≤i≤31, Ri,0、Ri,1、Ri,2、Ri,3Specifically it is respectively as follows:
Ri,0()=Pi+4((Pi -1())), Ri,1()=E (Pi+1 -1()), Ri,2()=E (Pi+2 -1()), Ri,3(·) =E (Pi+3 -1(·));
As 0≤i≤31, the round function FiSpecifically:
Fi(Mi,0,Mi,1,Mi,2,Mi,3)=Mi,0⊕Pi+4(T(E-1(Mi,1⊕Mi,2⊕Mi,3)⊕rki)), T is a 32 bits input The inverible transform of 32 bits output, is combined by nonlinear transformation τ and linear transformation L, i.e. T ()=L (τ ());τ is by 4 The S box that a 8 parallel bits input the output of 8 bits is constituted, if the input of τ is A=(a0,a1,a2,a3), it exports as B=(b0, b1,b2,b3), then (b0,b1,b2,b3)=τ (A)=(Sbox (a0),Sbox(a1),Sbox(a2),Sbox(a3));The output B of τ is The input of L, if the output of L is C, then C=L (B)=B ⊕ (B < < < 2) ⊕ (B < < < 10) ⊕ (B < < < 18) ⊕ (B < < < 24);Wherein A, B, C are the data of 32 bits, a0、a1、a2、a3、b0、b1、b2、b3It is 8 bit datas, < < < n indicates that 32 bit cyclics are left N are moved, ⊕ indicates 32 bit exclusive or.
10. SM4 algorithm whitepack realization device according to claim 9, it is characterised in that: ciphering process and decrypting process knot Structure is identical, and the round key hidden in the round function used is different;The round function FiIt is realized by searching for the form of table;It is described enter G in mouth transformation0、G1、G2、G3And/or the H in the outlet transformation0、H1、H2、H3And/or the wheel scramble transformation RiIn Ri,0、Ri,1、Ri,2、Ri,3, realized respectively by searching for the form of table, wherein 0≤i≤31.
CN201910381849.0A 2019-05-08 2019-05-08 SM4 algorithm white box implementation method and device Active CN109951273B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910381849.0A CN109951273B (en) 2019-05-08 2019-05-08 SM4 algorithm white box implementation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910381849.0A CN109951273B (en) 2019-05-08 2019-05-08 SM4 algorithm white box implementation method and device

Publications (2)

Publication Number Publication Date
CN109951273A true CN109951273A (en) 2019-06-28
CN109951273B CN109951273B (en) 2022-03-25

Family

ID=67017223

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910381849.0A Active CN109951273B (en) 2019-05-08 2019-05-08 SM4 algorithm white box implementation method and device

Country Status (1)

Country Link
CN (1) CN109951273B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784306A (en) * 2019-11-01 2020-02-11 成都卫士通信息产业股份有限公司 SM4 algorithm white box implementation method and device, electronic equipment and computer medium
CN113824548A (en) * 2021-08-05 2021-12-21 国网江苏省电力有限公司信息通信分公司 Nonlinear white box SM4 implementation method applied to edge Internet of things proxy
CN114337993A (en) * 2022-03-15 2022-04-12 国网江苏省电力有限公司信息通信分公司 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681025A (en) * 2016-01-29 2016-06-15 中国科学院信息工程研究所 Security white box realizing method and device for national cipher standard algorithm SM4
CN106411518A (en) * 2016-09-26 2017-02-15 北京洋浦伟业科技发展有限公司 Symmetric white box encryption method with unfixed key and apparatus
CN106850603A (en) * 2017-01-19 2017-06-13 北京洋浦伟业科技发展有限公司 A kind of whitepack password Bidirectional identity authentication method, terminal, service end and system
CN107070636A (en) * 2016-12-23 2017-08-18 中国电子科技集团公司第三十研究所 A kind of whitepack software implementation method of the close SM4 algorithms of the business of standard ciphertext output format
CN108809626A (en) * 2018-05-30 2018-11-13 北京安如山文化科技有限公司 A kind of whitepack SM4 cryptographic algorithms scheme and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681025A (en) * 2016-01-29 2016-06-15 中国科学院信息工程研究所 Security white box realizing method and device for national cipher standard algorithm SM4
CN106411518A (en) * 2016-09-26 2017-02-15 北京洋浦伟业科技发展有限公司 Symmetric white box encryption method with unfixed key and apparatus
CN107070636A (en) * 2016-12-23 2017-08-18 中国电子科技集团公司第三十研究所 A kind of whitepack software implementation method of the close SM4 algorithms of the business of standard ciphertext output format
CN106850603A (en) * 2017-01-19 2017-06-13 北京洋浦伟业科技发展有限公司 A kind of whitepack password Bidirectional identity authentication method, terminal, service end and system
CN108809626A (en) * 2018-05-30 2018-11-13 北京安如山文化科技有限公司 A kind of whitepack SM4 cryptographic algorithms scheme and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SIHANG PU等: "Boolean Matrix Masking for SM4 Block Cipher Algorithm", 《IEEE》 *
尚培: "SMS4算法的白盒密码算法设计与实现", 《中国硕士学位论文全文数据库 信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784306A (en) * 2019-11-01 2020-02-11 成都卫士通信息产业股份有限公司 SM4 algorithm white box implementation method and device, electronic equipment and computer medium
CN110784306B (en) * 2019-11-01 2023-10-27 成都卫士通信息产业股份有限公司 SM4 algorithm white box implementation method and device, electronic equipment and computer medium
CN113824548A (en) * 2021-08-05 2021-12-21 国网江苏省电力有限公司信息通信分公司 Nonlinear white box SM4 implementation method applied to edge Internet of things proxy
CN113824548B (en) * 2021-08-05 2023-08-29 国网江苏省电力有限公司信息通信分公司 Nonlinear white box SM4 implementation method applied to edge internet of things proxy
CN114337993A (en) * 2022-03-15 2022-04-12 国网江苏省电力有限公司信息通信分公司 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy
CN114337993B (en) * 2022-03-15 2022-06-14 国网江苏省电力有限公司信息通信分公司 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Also Published As

Publication number Publication date
CN109951273B (en) 2022-03-25

Similar Documents

Publication Publication Date Title
CN106411518B (en) A kind of unfixed symmetrical whitepack encryption method of key and device
CN1993922B (en) Stream cipher combining system and method
CN101447870B (en) Safe storage method of private key based on technology of distributed password
CN102461058B (en) White-box cryptographic system with input dependent encodings
CN101350714B (en) Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX
CN105024803B (en) Behavior fingerprint in white box realization
US20120170739A1 (en) Method of diversification of a round function of an encryption algorithm
CN113940028B (en) Method and device for realizing white box password
CN109951273A (en) A kind of SM4 algorithm whitepack implementation method and device
CN102904710B (en) Hyper-chaos encryption method for weak password based on quantum cellular neural network
CN107239708A (en) It is a kind of that the image encryption method converted with score field is mapped based on quantum chaos
US10721059B2 (en) Apparatus and method for data encryption, apparatus and method for data decryption
CN105095695B (en) The incorrect behaviour realized via white box, which is realized, to be authorized
CN106059752B (en) A kind of whitepack password encipher-decipher method based on expansion ciphertext
CN105184115B (en) For including to the method in white box realization by implicit integrality or credibility check
CN105099666A (en) White-box cryptography system for confusing wheel boundary and method
CN107257279A (en) A kind of clear data encryption method and equipment
CN109450632A (en) Key recovery method based on whitepack block cipher CLEFIA analysis
KR20170097509A (en) Operation method based on white-box cryptography and security apparatus for performing the method
CN105373739A (en) Hyperchaotic system based quantum image encryption method
CN112929151B (en) Entity alignment method based on privacy protection and computer storage medium
CN107453866A (en) A kind of method that data are encrypted
CN109743162A (en) A kind of operated using ideal lattice carries out the matched encryption method of identity attribute
CN108133447A (en) A kind of chaos encrypting method of coloured image
Zhang Cryptanalyzing an image cryptosystem based on circular inter-intra pixels bit-level permutation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A White Box Implementation Method and Device for SM4 Algorithm

Effective date of registration: 20230412

Granted publication date: 20220325

Pledgee: China Construction Bank Corporation Zhengzhou Jinshui sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2023980037751