CN110266470A - The make of novel block cipher round function - Google Patents

The make of novel block cipher round function Download PDF

Info

Publication number
CN110266470A
CN110266470A CN201910546990.1A CN201910546990A CN110266470A CN 110266470 A CN110266470 A CN 110266470A CN 201910546990 A CN201910546990 A CN 201910546990A CN 110266470 A CN110266470 A CN 110266470A
Authority
CN
China
Prior art keywords
round function
box
bit
word
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910546990.1A
Other languages
Chinese (zh)
Other versions
CN110266470B (en
Inventor
贾珂婷
董晓阳
魏淙洺
丛天硕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201910546990.1A priority Critical patent/CN110266470B/en
Publication of CN110266470A publication Critical patent/CN110266470A/en
Application granted granted Critical
Publication of CN110266470B publication Critical patent/CN110266470B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a kind of make of novel block cipher round function, round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and round function uses SPN structure, and the block length of round function is n;Obscure a layer S box for n/4 4 bits of parallel query, diffusion layer carries out the hybrid operation that word length is n/4 based on word, the round key of exclusive or n-bit in InvAddRoundKey operation;Round function longitudinally inquires S box, lateral word hybrid operation, pseudocode are as follows: Y=SubNibble (X), Z=MixWord (Y), W=Z ⊕ RKi+1, wherein the input of round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.According to the technical solution of the present invention, new S box and word hybrid operation are proposed, there is strong security feature, provides strong avalanche, while realizing convenient for software and hardware.

Description

The make of novel block cipher round function
Technical field
The present invention relates to art of cryptography more particularly to a kind of makes of novel block cipher round function.
Background technique
Block cipher is most important a kind of symmetric cryptographic algorithm, is widely used in network communication, SPN (Substitution-Permutation Network, replacement-permutation network) is the block cipher structure being widely used at present, Important cryptographic algorithm standard AES, PRESENT etc. all uses the structure in the world.SPN structure is real by successive ignition round function Existing, round function is the key that design.Round function includes obscuring layer and diffusion layer, obscures layer and is made of nonlinear operation such as S box, mould Add operation and operation etc., diffusion layer is made of reversible linear operation.S box is nonlinear, most common obfuscation, root According to the input and output length of S box, 8 bits and 4 bits are most common two kinds, and wherein algorithm uses the S box of 8 bits, and hardware accounts for Larger with area, software realization efficiency is higher;And the S box of 4 bits is used, hardware area occupied is small, and software realization efficiency is lower. The efficiency of S box lookup can be improved for 4 bit S box bit-slice technologies.Linear operation needs to have stronger diffusivity, leads to It is constituted frequently with operations such as MDS matrix, bit permutation, exclusive or and cyclic shifts.Round function will have strong avalanche, by round function The algorithm of grey iterative generation wants that the attack of difference, linear, intermediate equal part analysis method of meeting, the realization effect that also had can be resisted Rate.
The construction of round function is most important link in block cipher design, wherein combining S box and linear layer most common Round function building method is convenient for the security intensity assessment of algorithm, provides strong safety, while round function is also to influence to calculate The critical component of method encryption/decryption speed.Modern block cipher follows the design criteria that round function takes turns iteration more mostly, in original In some block cipher designs, the wheel number of a part of algorithm setting is longer, and efficiency is lower, this is generally derived from round function design Complexity is insufficient, and the round function of another part algorithm is excessively complicated, and it is more to occupy hardware realization resource.
Summary of the invention
At least one of regarding to the issue above, the present invention provides a kind of constructions of novel block cipher round function Mode proposes new S box, has strong safety by carrying out fining research to round function and its component S box and diffusion layer Feature;Construct new diffusion layer operation-word hybrid operation;It is longitudinal to search S box and lateral word mixing diffusion layer combination, it provides strong Avalanche, while convenient for software and hardware realize.
To achieve the above object, described the present invention provides a kind of make of novel block cipher round function Round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and the round function uses SPN structure, the grouping of the round function Length is n;Described to obscure a layer S box for n/4 4 bits of parallel query, it is the mixed of n/4 that the diffusion layer, which carries out word length based on word, Operation is closed, the round key of exclusive or n-bit in InvAddRoundKey operation;The round function longitudinal direction inquiry S box, lateral word hybrid operation, Pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
Wherein, the input of the round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.
In the above-mentioned technical solutions, it is preferable that branch's number of the diffusion layer is that the replaced state Y of 5, S box is divided into (y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0,z1,z2,z3)=MixWord (Y).
In the above-mentioned technical solutions, it is preferable that the expression formula of the word hybrid operation of the diffusion layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3
In the above-mentioned technical solutions, it is preferable that it is described obscure layer 4 bits input for (x0i | | x1i | | x2i | | x3i), By S box replacement after, 4 bits output for (y0i | | y1i | | y2i | | y3i).
In the above-mentioned technical solutions, it is preferable that the bit-slice of the S box replacement realizes instruction are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3.
In the above-mentioned technical solutions, it is preferable that the block length n of the round function is 64,128 or 256.
Compared with prior art, the invention has the benefit that by round function and its progress of component S box and diffusion layer Fining research, proposes new S box, has strong security feature;Construct new diffusion layer operation-word hybrid operation;It is vertical To S box and lateral word mixing diffusion layer combination is searched, strong avalanche is provided, while realizing convenient for software and hardware.
Detailed description of the invention
Fig. 1 is the logical schematic of round function disclosed in an embodiment of the present invention;
Fig. 2 is the logical schematic of the word hybrid operation of diffusion layer disclosed in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The present invention is described in further detail with reference to the accompanying drawing:
As depicted in figs. 1 and 2, a kind of make of the novel block cipher round function provided according to the present invention, The round function using SPN structure as algorithm overall structure, realized by successive ignition round function by SPN structure, and round function is supported 64, the block length of 128 and 256 bits, indicates block length with n.Round function includes obscuring layer (SubNibble), diffusion layer (MixWord) and InvAddRoundKey operation, obscure layer and be made of the S box of 4 bits, the S box of n/4 4 bits of parallel query, diffusion layer The hybrid operation that word length is n/4 is carried out based on word, is reversible linear operation.The wheel of exclusive or n-bit in InvAddRoundKey operation Key, InvAddRoundKey operation are exactly that round key and plaintext (state) are carried out exclusive or by bit.As shown in Figure 1, round function is longitudinal S box, lateral word hybrid operation are inquired, the input of round function is the X of n-bit and the round key RK of n-biti+1, export as n-bit W, pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
In the above embodiment, it is preferable that obscure layer 4 bits input for (x0i | | x1i | | x2i | | x3i), by S box After replacement, 4 bits output for (y0i | | y1i | | y2i | | y3i).Specifically, S box security intensity is high, not only considers differential probability Up to optimal, deviation from linearity probability reaches optimal, algebraic degree 3, it is thus also avoided that input and output Hamming weight is the difference feelings of 1 bit Condition, while input and output Hamming weight is only 4 for the linear mask quantity of 1 bit.S box also fills while meeting safety Divide the problem of implementation for considering S box, there is Parallel Implementation, may be implemented using 15 instructions of bit-slice technology, improves software Performance.In the above embodiment, it is preferable that S box substitution table is as shown in table 1:
1 S box substitution table of table
Input 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Output 3 13 15 10 0 7 12 1 4 2 9 5 11 14 6 8
In the above embodiment, it is preferable that 4 bits input for (x0i | | x1i | | x2i | | x3i), S box replacement bit- Slice realizes instruction are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3
Finally obtain S box 4 bits output for (y0i | | y1i | | y2i | | y3i).
In the above embodiment, it is preferable that branch's number of diffusion layer is 5, that is, output and input at least 5 active cassettes. State Y replaced for S box is divided into four word (y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0,z1,z2, z3)=MixWord (Y).
In the above embodiment, it is preferable that the expression formula of the word hybrid operation of diffusion layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3,
The schematic diagram of word hybrid operation is as shown in Fig. 2, the shifted constant a0 ... ..., a7 of word hybrid operation are shown in Table 2:
2 word hybrid parameter of table
Version a0 a1 a2 a3 a4 a5 a6 a7
N=128 29 13 4 21 15 19 25 6
N=256 58 33 8 1 17 44 5 9
In the above-described embodiments, the structure of diffusion layer is fixed, but its parameter is searched in combination with the feature and strong diffusivity of S box The diffusion layer parameter of Suo Xin.
In the above embodiment, it is preferable that the block length n of round function is 64,128 or 256, in the specific implementation process Specific block length can be chosen as needed.
These are only the preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification, Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (6)

1. a kind of make of novel block cipher round function, it is characterised in that:
The round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and the round function uses SPN structure, the wheel letter Several block lengths is n;
Described to obscure a layer S box for n/4 4 bits of parallel query, it is the linear mixed of n/4 that the diffusion layer, which carries out word length based on word, Operation is closed, the round key of exclusive or n-bit in InvAddRoundKey operation;
The round function longitudinally inquires S box, lateral word hybrid operation, pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
Wherein, the input of the round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.
2. the make of novel block cipher round function according to claim 1, which is characterized in that the diffusion Branch's number of layer is that the replaced state Y of 5, S box is divided into (y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0, z1,z2,z3)=MixWord (Y).
3. the make of novel block cipher round function according to claim 2, which is characterized in that the diffusion The expression formula of the word hybrid operation of layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3
4. the make of novel block cipher round function according to claim 1, which is characterized in that described to obscure Layer 4 bits input for (x0i | | x1i | | x2i | | x3i), by S box replacement after, 4 bits output for (y0i | | y1i | | y2i | | y3i)。
5. the make of novel block cipher round function according to claim 4, which is characterized in that the S box The bit slice of replacement instructs are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3.
6. the make of novel block cipher round function according to claim 1, which is characterized in that the wheel letter Several block length n is 64,128 or 256.
CN201910546990.1A 2019-06-24 2019-06-24 Novel block cipher algorithm round function construction mode Active CN110266470B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910546990.1A CN110266470B (en) 2019-06-24 2019-06-24 Novel block cipher algorithm round function construction mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910546990.1A CN110266470B (en) 2019-06-24 2019-06-24 Novel block cipher algorithm round function construction mode

Publications (2)

Publication Number Publication Date
CN110266470A true CN110266470A (en) 2019-09-20
CN110266470B CN110266470B (en) 2020-09-18

Family

ID=67920722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910546990.1A Active CN110266470B (en) 2019-06-24 2019-06-24 Novel block cipher algorithm round function construction mode

Country Status (1)

Country Link
CN (1) CN110266470B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487410A (en) * 2020-12-02 2021-03-12 中国电子科技集团公司第三十研究所 Method for constructing cipher structure model based on cyclic shift and XOR operation
CN112511293A (en) * 2020-09-21 2021-03-16 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158796A (en) * 2014-07-11 2014-11-19 中国科学院信息工程研究所 Method for evaluating block cipher linear attack resistant safety
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN108449171A (en) * 2018-02-09 2018-08-24 中国科学院软件研究所 A kind of lightweight hash cryptographic summary generation method
CN109274483A (en) * 2018-10-10 2019-01-25 衡阳师范学院 A kind of recombination S box Parallel Implementation method of Gray code arrangement pattern

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158796A (en) * 2014-07-11 2014-11-19 中国科学院信息工程研究所 Method for evaluating block cipher linear attack resistant safety
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN108449171A (en) * 2018-02-09 2018-08-24 中国科学院软件研究所 A kind of lightweight hash cryptographic summary generation method
CN109274483A (en) * 2018-10-10 2019-01-25 衡阳师范学院 A kind of recombination S box Parallel Implementation method of Gray code arrangement pattern

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MAHMOOD DEYPIR: "ANovel Block Cipher Algorithm with Feistel-Like Structure", 《JCOMSEC》 *
RICCARDO ARAGON: "Generalised Round Functions for Block Ciphers and their Security", 《ARXIV.ORG/MATH》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511293A (en) * 2020-09-21 2021-03-16 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112636899A (en) * 2020-09-21 2021-04-09 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN112636899B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN112511293B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN112487410A (en) * 2020-12-02 2021-03-12 中国电子科技集团公司第三十研究所 Method for constructing cipher structure model based on cyclic shift and XOR operation

Also Published As

Publication number Publication date
CN110266470B (en) 2020-09-18

Similar Documents

Publication Publication Date Title
CN110266470A (en) The make of novel block cipher round function
D'souza et al. Advanced encryption standard (AES) security enhancement using hybrid approach
CN107707343B (en) SP network structure lightweight block cipher realization method with consistent encryption and decryption
CN104333446B (en) A kind of novel ultra-light magnitude QTL block cipher implementation method
US10461924B2 (en) Format-preserving cipher
CN101383703B (en) Dynamic ciphering method based on broad sense information field
Ben-Aroya et al. Differential cryptanalysis of Lucifer
CN101394268B (en) Advanced ciphering system and method based on broad sense information field
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
US20170048059A1 (en) Format-Preserving Cipher
CN108173640A (en) The character string symmetric cryptography and decryption method of a kind of high security
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
CN101034978A (en) Table splitting for cryptographic processes
CN110011798A (en) The initial method and device and communication means of a kind of ZUC-256 stream cipher arithmetic
CN103051442A (en) Cipher device adopting Feistel-PG structure and encryption method
CN104518865B (en) A kind of data ciphering method based on code book
CN108134664A (en) A kind of implementation method of data encryption
Wu et al. Encryption of accounting data using DES algorithm in computing environment
CN105939190A (en) AES data encryption method for offline key generation based on FPGA
CN108449171A (en) A kind of lightweight hash cryptographic summary generation method
CN103310157B (en) Based on the image encryption method of RT-DNA cellular automaton
CN105959100A (en) Field programmable gate array (FPGA)-based online generated key advanced encryption standard (AES) data encryption method
CN102013974B (en) Randomly varying nonlinear step-based encryption method
CN107171782B (en) AES private log encryption method based on reversible logic circuit
CN111614457B (en) P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant