CN110166223B - Rapid implementation method of cryptographic block cipher algorithm SM4 - Google Patents

Rapid implementation method of cryptographic block cipher algorithm SM4 Download PDF

Info

Publication number
CN110166223B
CN110166223B CN201910428748.4A CN201910428748A CN110166223B CN 110166223 B CN110166223 B CN 110166223B CN 201910428748 A CN201910428748 A CN 201910428748A CN 110166223 B CN110166223 B CN 110166223B
Authority
CN
China
Prior art keywords
data
bit
groups
bits
ith
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910428748.4A
Other languages
Chinese (zh)
Other versions
CN110166223A (en
Inventor
王闯
郭华
张笑从
郜雅
高莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201910428748.4A priority Critical patent/CN110166223B/en
Publication of CN110166223A publication Critical patent/CN110166223A/en
Application granted granted Critical
Publication of CN110166223B publication Critical patent/CN110166223B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a quick implementation method of a cryptographic block cipher algorithm SM4, which comprises the following steps: the method comprises a data arrangement step, a key arrangement step, an iterative calculation step, a data reverse arrangement step and a reverse order calculation step. The invention uses bit slicing technique, SIMD technique and composite domain technique to realize parallel encryption of 256 groups of plaintext messages, realizes the nonlinear transformation in SM4 in composite domain, and compresses and combines the nonlinear transformation and linear transformation, so that the computation of synthetic permutation T in SM4 encryption algorithm is performed by GF (2) once8) The above inversion operation, two affine transformations, 4 round left shift and 4 exclusive or operations are simplified into one GF (2)4) Inverse operation of (2), two affine transformations, three finite fields GF4) The multiplication and the 4 later operations reduce the calculation complexity and improve the execution efficiency.

Description

Rapid implementation method of cryptographic block cipher algorithm SM4
Technical Field
The invention relates to the technical field of computer security, in particular to an SM4 encryption method
Background
The basic task of cryptographic systems in data encryption. According to the relationship between encryption key and decryption key, the current various data encryption systems can be divided into two categories: a symmetric cipher encryption system and a public key cipher encryption system. Common symmetric cryptographic methods are DES, AES, IDEA, RC6, etc.
The SM4 is a block cipher algorithm, the plaintext, the secret key and the ciphertext are all 128 bits, and the encryption key and the decryption key are the same. Encryption and decryption are achieved by a nonlinear iterative round function of 32 cycles. The method comprises a nonlinear transformation S box and a linear transformation composed of cyclic exclusive OR. In addition to the 256 byte S-box, two additional sets of parameters FK and CK (data specific reference to the cipher bureau site) are defined. The basic process is that firstly, 128-bit keys are divided into 4 groups according to 32-bit groups, and then 32 groups of 32-bit round keys are generated according to a key expansion algorithm; the input 128-bit data is also divided into 4 groups according to 32-bit groups for circular operation.
Disclosure of Invention
Aiming at the defects in the conventional software implementation method, the invention provides an improved software optimization method as follows.
A quick implementation method of a cryptographic algorithm SM4 comprises the following steps:
a data arranging step of representing 256 groups of 128-bit data as X[256][128],X[i]Denotes the ith set of data, i ═ 0, 1.., 255, there is a bit matrix transpose transform TRANS256(·): x[128][256]=TRANS(X[256][128]) The method is characterized in that the input is 256 bits by 128 bits, the output is 128 bits by 256 bits, and the same bits of 256 groups of data are gathered in the same memory block;
a step of arranging keys, which is to record the k-th round encryption key as RKk,[32]K-0, 1.., 31, there is a transformation TRANS32(·): TRKk,[32][256]=TRANS32(RKk,[32]) Characterised by defining {. cndot. }256Indicating that the elements are repeated 256 times and spliced together, TRKk,[i]={RKk,[i]}256Copying the ith bit of the key RK 256 times and storing the ith bit into the ith item of the TRK;
iterative computation step, recording the data after data arrangement as
Figure GDA0002794612040000011
X256Representing a two-dimensional array X[128][256]
Figure GDA0002794612040000012
Point direction X[128][256]The ith 32 item, i is 0, 1, 2, 3, and the k round encryption key after being encrypted is recorded as
Figure GDA0002794612040000021
32 iterative calculations were performed:
Figure GDA0002794612040000022
Figure GDA0002794612040000023
wherein the content of the first and second substances,
Figure GDA0002794612040000024
is an exclusive or operation;
presence of a bit matrix transpose TRANS 256' (. cndot.) X[256][128]=TRANS256′(X[128][256]) Restoring the data after iterative computation from the 128 groups of 256-bit data after slicing to the normal 256 groups of 128-bit data in an organization mode;
and (3) calculating in a reverse order:
the reverse order of the calculation steps
Figure GDA0002794612040000025
The output 256 sets of 128-bit encrypted data are represented as
Figure GDA0002794612040000026
The input and output of the synthesis permutation T are both 32 × 256 bits, and T (·) ═ L (τ (·) is compounded by the nonlinear transformation τ and the linear transformation L.
Furthermore, 256 groups of 128-bit data are regarded as two 128 groups of 128-bit data, data arrangement and data reverse arrangement are realized in parallel by using the SIMD idea, and 7 groups of masks are utilized to complete bit matrix transposition. The 16-ary representation of the 7-group mask is:
MASK0=5555555555555555555555555555555555555555555555555555555555555555
MASK1=3333333333333333333333333333333333333333333333333333333333333333
MASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F
MASK3=00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF
MASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF
MASK5=00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF
MASK6=0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF
each set of masks is 128 bits.
Further, 256 sets of 32-bit input data are represented as:
Figure GDA0002794612040000027
wherein the content of the first and second substances,
Figure GDA0002794612040000028
all 8 x 256 bits, then
Figure GDA0002794612040000029
Further, the function S (-) in the nonlinear transformation τ in the synthesis transformation T is: s (x)256)=I(x256*A1+C1)*A2+C2Wherein I (-) is a composite domain GF ((2)4)2) The inverse operation of (a) above, x256Is a row vector of 8 x 256 bits, A1,C1,A2,C2The form of (A) is as follows:
Figure GDA0002794612040000031
C1={1 0 0 0 1 1 1 0}
Figure GDA0002794612040000032
C2={1 1 0 1 0 0 1 1}
further, in the present invention,
Figure GDA0002794612040000033
selecting h, g.epsilon.GF ((2)4)2),h=(h1*x+h0) Is g ═ g1*x+g0) In which h is1,h0,g1,g0∈GF(24). Then there are
Figure GDA0002794612040000034
Wherein the size of h, g is 8 x 256 bits,
Figure GDA0002794612040000035
for XOR operations, multiplication and inversion into finite fields GF (2)4) Is calculated to combine the fields GF ((2)4)2) The inversion in (2) is converted into a finite field GF (2)4) Multiplication and inversion of (c).
Definition of
Figure GDA0002794612040000036
Figure GDA0002794612040000037
<<<A circular left-shift operation is shown,
Figure GDA0002794612040000038
representing an exclusive or operation; it is known that
Figure GDA0002794612040000039
Figure GDA00027946120400000310
Order to
Figure GDA00027946120400000311
Then
Figure GDA00027946120400000312
Let B256=τ(A256) Then, then
Figure GDA00027946120400000313
Figure GDA00027946120400000314
The following can be obtained:
Figure GDA00027946120400000315
Figure GDA00027946120400000316
Figure GDA00027946120400000317
Figure GDA00027946120400000318
Figure GDA0002794612040000041
Figure GDA0002794612040000042
Figure GDA0002794612040000043
Figure GDA0002794612040000044
Figure GDA0002794612040000045
Figure GDA0002794612040000046
Figure GDA0002794612040000047
Figure GDA0002794612040000048
Figure GDA0002794612040000049
Figure GDA00027946120400000410
Figure GDA00027946120400000411
Figure GDA00027946120400000412
Figure GDA00027946120400000413
Figure GDA00027946120400000414
Figure GDA00027946120400000415
Figure GDA00027946120400000416
Figure GDA00027946120400000417
Figure GDA00027946120400000418
Figure GDA00027946120400000419
Figure GDA00027946120400000420
Figure GDA00027946120400000421
Figure GDA00027946120400000422
Figure GDA0002794612040000051
Figure GDA0002794612040000052
Figure GDA0002794612040000053
Figure GDA0002794612040000054
Figure GDA0002794612040000055
Figure GDA0002794612040000056
wherein the content of the first and second substances,
Figure GDA0002794612040000057
is exclusive or addition, so that the linear transformation can be optimized.
Further, let a256,b256,c256∈GF(24) And c is and c256=a256*b256GF (2)4) The multiplication operation above is:
Figure GDA0002794612040000058
wherein the content of the first and second substances,
Figure GDA0002794612040000059
for exclusive or addition, and operation is represented by default.
Further, let a256,c256∈GF(24) And c is and c256=(a256)-1GF (2)4) The inversion operation above is:
Figure GDA00027946120400000510
where + is OR, and-is not, and is represented by default.
The invention has the technical effects that: combining with the SIMD thought, using the bit slicing technology, using the AVX2 instruction to process 256 groups of data in parallel, using the composite domain decomposition technology to decompose the computation in the synthesis permutation T in the SM4, so that the nonlinear transformation computation in the SM4 encryption algorithm is simplified from the original one GF (2^8) inversion and two affine transformations into one GF (2^4) inversion, two affine transformations and three GF (2^4) multiplications, thereby reducing the computation complexity, maximizing the parallel processing data and improving the execution efficiency.
Drawings
FIG. 1 is a system architecture diagram of the SM4 encryption method contemplated by the present invention;
fig. 2 is a diagram of the complex domain inversion algorithm of the present invention.
Detailed Description
The following detailed description is made with reference to the accompanying drawings 1 and 2
Fig. 1 shows an SM4 encryption method designed by the present invention, which includes:
a data arranging step of representing 256 groups of 128-bit data as X[256][128],X[i]Denotes the ith set of data, i ═ 0, 1.., 255, there is a bit matrix transpose transform TRANS256(·): x[128][256]=TRANS(X[256][128]) The method is characterized in that the input is 256 bits by 128 bits, the output is 128 bits by 256 bits, and the same bits of 256 groups of data are gathered in the same memory block;
a step of arranging keys, which is to record the k-th round encryption key as RKk,[32]K-0, 1.., 31, there is a transformation TRANS32(·): TRKk,[32][256]=TRANS32(RKk,[32]) Characterised by defining {. cndot. }256Indicating that the elements are repeated 256 times and spliced together, TRKk,[i]={RKk,[i]}256Copying the ith bit of the key RK 256 times and storing the ith bit into the ith item of the TRK;
iterative computation step, recording the data after data arrangement as
Figure GDA0002794612040000061
X256Representing a two-dimensional array X[128][256]
Figure GDA0002794612040000062
Point direction X[128][256]The ith 32 item, i is 0, 1, 2, 3, and the k round encryption key after being encrypted is recorded as
Figure GDA0002794612040000063
32 iterative calculations were performed:
Figure GDA0002794612040000064
Figure GDA0002794612040000065
wherein the content of the first and second substances,
Figure GDA0002794612040000066
is an exclusive or operation;
a data reverse arrangement step, in which there is the same bit matrix transpose TRANS 256' (. cndot.) X[256][128]=TRANS256′(X[128][256]) The method is characterized in that the data after iterative computation is restored to normal 256 groups of 128-bit data from 128 groups of 256-bit data after slicing in an organization mode;
the reverse order of the calculation steps
Figure GDA0002794612040000067
The output 256 sets of 128-bit encrypted data are represented as
Figure GDA0002794612040000068
The input and output of the synthesis permutation T are both 32 × 256 bits, and T (·) ═ L (τ (·) is compounded by the nonlinear transformation τ and the linear transformation L.
In the data layout step, bit matrix transposition needs to be done with 7 sets of masks. 256 groups of 128-bit data are regarded as two 128 groups of 128-bit data, data arrangement and data reverse arrangement are realized in parallel by using a SIMD idea, and 7 groups of masks are utilized to complete bit matrix transposition. The 16-ary representation of the 7-group mask is:
MASK0=5555555555555555555555555555555555555555555555555555555555555555
MASK1=3333333333333333333333333333333333333333333333333333333333333333
MASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F
MASK3=00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF
MASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF
MASK5=00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF
MASK6=0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF
each set of masks is 128 bits.
In actual cryptographic calculations, 256 sets of 32-bit input data are represented as:
Figure GDA0002794612040000071
wherein the content of the first and second substances,
Figure GDA0002794612040000072
all 8 x 256 bits, then
Figure GDA0002794612040000073
The following is the focus of the present invention, the finite field GF (2)8) The inversion in (c) is converted into the composite domain GF ((2)4)2) The inversion of (3) reduces the computational complexity. The function S (-) in the nonlinear transformation τ in the synthesis transformation T is: s (x)256)=I(x256*A1+C1)*A2+C2Wherein I (-) is a composite domain GF ((2)4)2) The inverse operation of (a) above, x256Is a row vector of 8 x 256 bits, A1,C1,A2,C2The form of (A) is as follows:
Figure GDA0002794612040000074
C1={1 0 0 0 1 1 1 0}
Figure GDA0002794612040000075
C2={1 1 0 1 0 0 1 1}
further, in the present invention,
Figure GDA0002794612040000081
selecting h, g.epsilon.GF ((2)4)2),h=(h1*x+h0) Is g ═ g1*x+g0) In which h is1,h0,g1,g0∈GF(24). Then there are
Figure GDA0002794612040000082
Wherein the size of h, g is 8 x 256 bits,
Figure GDA0002794612040000083
for XOR operations, multiplication and inversion into finite fields GF (2)4) Is calculated to combine the fields GF ((2)4)2) The inversion in (2) is converted into a finite field GF (2)4) Multiplication and inversion of (c).
Since bit slicing is used, the result of the linear shift can be directly xored with the target, thereby optimizing the shift operation. Definition of
Figure GDA0002794612040000084
<<<A circular left-shift operation is shown,
Figure GDA0002794612040000085
representing an exclusive or operation; it is known that
Figure GDA0002794612040000086
Figure GDA0002794612040000087
Order to
Figure GDA0002794612040000088
Then
Figure GDA0002794612040000089
Let B256=τ(A256) Then, then
Figure GDA00027946120400000810
Figure GDA00027946120400000811
The following can be obtained:
Figure GDA00027946120400000812
Figure GDA00027946120400000813
Figure GDA00027946120400000814
Figure GDA00027946120400000815
Figure GDA00027946120400000816
Figure GDA00027946120400000817
Figure GDA00027946120400000818
Figure GDA0002794612040000091
Figure GDA0002794612040000092
Figure GDA0002794612040000093
Figure GDA0002794612040000094
Figure GDA0002794612040000095
Figure GDA0002794612040000096
Figure GDA0002794612040000097
Figure GDA0002794612040000098
Figure GDA0002794612040000099
Figure GDA00027946120400000910
Figure GDA00027946120400000911
Figure GDA00027946120400000912
Figure GDA0002794612040000101
Figure GDA0002794612040000102
Figure GDA0002794612040000103
Figure GDA0002794612040000104
Figure GDA0002794612040000105
Figure GDA0002794612040000106
Figure GDA0002794612040000107
Figure GDA0002794612040000108
Figure GDA0002794612040000109
Figure GDA00027946120400001010
Figure GDA00027946120400001011
Figure GDA00027946120400001012
Figure GDA00027946120400001013
further, let a256,b256,c256∈GF(24) And c is and c256=a256*b256GF (2)4) The multiplication operation above is:
Figure GDA0002794612040000111
wherein the content of the first and second substances,
Figure GDA0002794612040000112
for exclusive or addition, and operation is represented by default.
Let a256,c256∈GF(24) And c is and c256=(a256)-1GF (2)4) The inversion operation above is:
Figure GDA0002794612040000113
where + is OR, and-is not, and is represented by default.
One fast technique for implementing block cipher algorithms by software is a composite domain decomposition method: the complex finite field operation of the S box is isomorphically mapped into the composite domain to be realized, and the table lookup is not needed during the encryption and decryption operation, and the result is obtained through the operation, so that the memory overhead is avoided. The input data of the S-box table look-up algorithm is 8 bits, the output data is also 8 bits, and the software table look-up algorithm of the SM4 algorithm needs to occupy a space of 256x8 bits-2048 bits in the memory. The method maps the S-box operation into the composite domain to realize the S-box operation, does not need to store any lookup table in advance, and finishes the S-box operation through logic operation, thereby greatly reducing the computational complexity and improving the execution efficiency.
Finally, it should be noted that: although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that: the present invention may be modified or modified to include equivalents thereof without departing from the spirit and scope of the invention, which should be construed as being limited only by the claims appended hereto.

Claims (2)

1. A quick implementation method of a cryptographic algorithm SM4 is characterized by comprising the following steps:
a data arrangement step:
representing 256 groups of 128 bits of data as X[256][128],X[i]Denotes the ith set of data, i ═ 0, 1.., 255, there is a bit matrix transpose transform TRANS256(·): so that X[128][256]=TRANS(X[256][128]) The input is 256 × 128 bits, the output is 128 × 256 bits, and the same bits of 256 groups of data are gathered in the same memory block;
and key arrangement step:
recording the k round encryption key as RKk,[32]K-0, 1.., 31, there is a transformation TRANS32(·): TRKk[32][256]=TRANS32(RKk[32]) Define { }256Indicating that the elements are repeated 256 times and spliced together, TRKk[i]={RKk[i]}256Copying the ith bit of the key RK 256 times and storing the ith bit into the ith item of the TRK; and (3) iterative calculation:
recording the data after data arrangement
Figure DEST_PATH_IMAGE002
,X256Representing a two-dimensional array X[128][256]
Figure DEST_PATH_IMAGE004
Point direction X[128][256]The ith 32 item, i is 0, 1, 2, 3, and the k round encryption key after being encrypted is recorded as
Figure DEST_PATH_IMAGE006
And 32 iterative calculations are performed:
Figure DEST_PATH_IMAGE008
wherein, in the step (A),
Figure FDA0002794612030000015
is an exclusive or operation;
data reverse arrangement:
presence of a bit matrix transpose TRANS 256' (. cndot.) X[256][128]=TRANS256′(X[128][256]) Restoring the data after iterative computation from the 128 groups of 256-bit data after slicing to the normal 256 groups of 128-bit data in an organization mode; and (3) calculating in a reverse order:
order to
Figure DEST_PATH_IMAGE010
Then 256 sets of 128-bit encrypted data are output as
Figure DEST_PATH_IMAGE012
The input and output of the synthesis permutation T are both 32 × 256 bits, and T (·) ═ L (τ (·) is compounded by the nonlinear transformation τ and the linear transformation L.
2. The method for rapidly realizing the SM4 cryptographic algorithm of the national cryptographic group as the claim 1, wherein 256 groups of 128-bit data are regarded as two 128 groups of 128-bit data, data arrangement and data reverse arrangement are realized, and 7 groups of masks are utilized to complete bit matrix transposition; the 16-ary representation of the 7-group mask is:
MASK0=5555555555555555555555555555555555555555555555555555555555555555
MASK1=3333333333333333333333333333333333333333333333333333333333333333
MASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F
MASK3=00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF
MASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF
MASK5=00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF
MASK6=0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF
each set of masks is 128 bits.
CN201910428748.4A 2019-05-22 2019-05-22 Rapid implementation method of cryptographic block cipher algorithm SM4 Active CN110166223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910428748.4A CN110166223B (en) 2019-05-22 2019-05-22 Rapid implementation method of cryptographic block cipher algorithm SM4

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910428748.4A CN110166223B (en) 2019-05-22 2019-05-22 Rapid implementation method of cryptographic block cipher algorithm SM4

Publications (2)

Publication Number Publication Date
CN110166223A CN110166223A (en) 2019-08-23
CN110166223B true CN110166223B (en) 2021-08-13

Family

ID=67631792

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910428748.4A Active CN110166223B (en) 2019-05-22 2019-05-22 Rapid implementation method of cryptographic block cipher algorithm SM4

Country Status (1)

Country Link
CN (1) CN110166223B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865559B (en) * 2020-06-16 2022-02-18 郑州信大捷安信息技术股份有限公司 Rapid realization method and device for SM4 algorithm
CN111736902B (en) * 2020-07-16 2022-04-19 北京炼石网络技术有限公司 Parallel computing method and device of SM4 based on SIMD (Single instruction multiple data) instructions and readable storage medium
CN112507644B (en) * 2020-12-03 2021-05-14 湖北大学 Optimized SM4 algorithm linear layer circuit
CN113922948B (en) * 2021-10-13 2023-10-03 中国人民解放军国防科技大学 SM4 data encryption method and system based on composite domain round function
CN114143413B (en) * 2021-11-26 2023-11-03 佛山芯珠微电子有限公司 Image data PUF (physical unclonable function) secure encryption system and encryption method
CN114244496B (en) * 2021-12-01 2023-07-18 华南师范大学 SM4 encryption and decryption algorithm parallelization realization method based on tower domain optimization S box
CN114091086A (en) * 2022-01-14 2022-02-25 麒麟软件有限公司 Rapid realization method of SM4 algorithm based on bit slice
CN114710285B (en) * 2022-05-19 2022-08-23 北京大学 High-performance SM4 bit slice optimization method for heterogeneous parallel architecture

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9734127B2 (en) * 2015-02-05 2017-08-15 Weng Tianxiang Systematic method of synthesizing wave-pipelined circuits in HDL

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SM4分组密码算法可编程实现研究;李军 等;《通信技术》;20180630;第51卷(第6期);第1400-1403页 *
SM4的快速软件实现技术;郎欢 等;《中国科学院大学学报》;20180331;第35卷(第2期);第180-187页 *
基于复合域的SM4算法的设计与实现;梁浩 等;《微电子学与计算机》;20150531;第32卷(第5期);第16-20页 *

Also Published As

Publication number Publication date
CN110166223A (en) 2019-08-23

Similar Documents

Publication Publication Date Title
CN110166223B (en) Rapid implementation method of cryptographic block cipher algorithm SM4
EP0725511B1 (en) Method for data encryption/decryption using cipher block chaining (CBC) and message authentication codes (MAC)
US11546135B2 (en) Key sequence generation for cryptographic operations
US7532721B2 (en) Implementation of a switch-box using a subfield method
CN101350714B (en) Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX
Belazi et al. Algebraic analysis of a RGB image encryption algorithm based on DNA encoding and chaotic map
US20060023875A1 (en) Enhanced stream cipher combining function
US20070116272A1 (en) Method and apparatus for data encryption
CN110880967B (en) Method for parallel encryption and decryption of multiple messages by adopting packet symmetric key algorithm
CN107257279B (en) Plaintext data encryption method and device
TW201545524A (en) Technologies for modifying a first cryptographic cipher with operations of a second cryptographic cipher
US8804953B2 (en) Extensive ciphertext feedback
Acharya Image encryption using a new chaos based encryption algorithm
Buell Modern symmetric ciphers—Des and Aes
Chalob et al. A new block cipher for image encryption based on multi chaotic systems
Bajaj et al. AES algorithm for encryption
Venkatesha et al. AES based algorithm for image encryption and decryption
WO2004070510A2 (en) Device and method of manipulating masked data
Dalakoti et al. Hardware efficient AES for image processing with high throughput
US7142673B1 (en) Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks
Shylashree et al. FPGA implementations of advanced encryption standard: A survey
KR100494560B1 (en) Real time block data encryption/decryption processor using Rijndael block cipher and method therefor
Kambali et al. Secure Cloud Storage Using Hybrid Cryptography
JP2013205437A (en) Method and apparatus for calculating nonlinear function s-box
US20240113871A1 (en) Encryption processing apparatus, encryption processing method for encryption processing apparatus, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant