CN110266470A - The make of novel block cipher round function - Google Patents
The make of novel block cipher round function Download PDFInfo
- Publication number
- CN110266470A CN110266470A CN201910546990.1A CN201910546990A CN110266470A CN 110266470 A CN110266470 A CN 110266470A CN 201910546990 A CN201910546990 A CN 201910546990A CN 110266470 A CN110266470 A CN 110266470A
- Authority
- CN
- China
- Prior art keywords
- round function
- box
- bit
- word
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The invention discloses a kind of make of novel block cipher round function, round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and round function uses SPN structure, and the block length of round function is n;Obscure a layer S box for n/4 4 bits of parallel query, diffusion layer carries out the hybrid operation that word length is n/4 based on word, the round key of exclusive or n-bit in InvAddRoundKey operation;Round function longitudinally inquires S box, lateral word hybrid operation, pseudocode are as follows: Y=SubNibble (X), Z=MixWord (Y), W=Z ⊕ RKi+1, wherein the input of round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.According to the technical solution of the present invention, new S box and word hybrid operation are proposed, there is strong security feature, provides strong avalanche, while realizing convenient for software and hardware.
Description
Technical field
The present invention relates to art of cryptography more particularly to a kind of makes of novel block cipher round function.
Background technique
Block cipher is most important a kind of symmetric cryptographic algorithm, is widely used in network communication, SPN
(Substitution-Permutation Network, replacement-permutation network) is the block cipher structure being widely used at present,
Important cryptographic algorithm standard AES, PRESENT etc. all uses the structure in the world.SPN structure is real by successive ignition round function
Existing, round function is the key that design.Round function includes obscuring layer and diffusion layer, obscures layer and is made of nonlinear operation such as S box, mould
Add operation and operation etc., diffusion layer is made of reversible linear operation.S box is nonlinear, most common obfuscation, root
According to the input and output length of S box, 8 bits and 4 bits are most common two kinds, and wherein algorithm uses the S box of 8 bits, and hardware accounts for
Larger with area, software realization efficiency is higher;And the S box of 4 bits is used, hardware area occupied is small, and software realization efficiency is lower.
The efficiency of S box lookup can be improved for 4 bit S box bit-slice technologies.Linear operation needs to have stronger diffusivity, leads to
It is constituted frequently with operations such as MDS matrix, bit permutation, exclusive or and cyclic shifts.Round function will have strong avalanche, by round function
The algorithm of grey iterative generation wants that the attack of difference, linear, intermediate equal part analysis method of meeting, the realization effect that also had can be resisted
Rate.
The construction of round function is most important link in block cipher design, wherein combining S box and linear layer most common
Round function building method is convenient for the security intensity assessment of algorithm, provides strong safety, while round function is also to influence to calculate
The critical component of method encryption/decryption speed.Modern block cipher follows the design criteria that round function takes turns iteration more mostly, in original
In some block cipher designs, the wheel number of a part of algorithm setting is longer, and efficiency is lower, this is generally derived from round function design
Complexity is insufficient, and the round function of another part algorithm is excessively complicated, and it is more to occupy hardware realization resource.
Summary of the invention
At least one of regarding to the issue above, the present invention provides a kind of constructions of novel block cipher round function
Mode proposes new S box, has strong safety by carrying out fining research to round function and its component S box and diffusion layer
Feature;Construct new diffusion layer operation-word hybrid operation;It is longitudinal to search S box and lateral word mixing diffusion layer combination, it provides strong
Avalanche, while convenient for software and hardware realize.
To achieve the above object, described the present invention provides a kind of make of novel block cipher round function
Round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and the round function uses SPN structure, the grouping of the round function
Length is n;Described to obscure a layer S box for n/4 4 bits of parallel query, it is the mixed of n/4 that the diffusion layer, which carries out word length based on word,
Operation is closed, the round key of exclusive or n-bit in InvAddRoundKey operation;The round function longitudinal direction inquiry S box, lateral word hybrid operation,
Pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
Wherein, the input of the round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.
In the above-mentioned technical solutions, it is preferable that branch's number of the diffusion layer is that the replaced state Y of 5, S box is divided into
(y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0,z1,z2,z3)=MixWord (Y).
In the above-mentioned technical solutions, it is preferable that the expression formula of the word hybrid operation of the diffusion layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3。
In the above-mentioned technical solutions, it is preferable that it is described obscure layer 4 bits input for (x0i | | x1i | | x2i | | x3i),
By S box replacement after, 4 bits output for (y0i | | y1i | | y2i | | y3i).
In the above-mentioned technical solutions, it is preferable that the bit-slice of the S box replacement realizes instruction are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3.
In the above-mentioned technical solutions, it is preferable that the block length n of the round function is 64,128 or 256.
Compared with prior art, the invention has the benefit that by round function and its progress of component S box and diffusion layer
Fining research, proposes new S box, has strong security feature;Construct new diffusion layer operation-word hybrid operation;It is vertical
To S box and lateral word mixing diffusion layer combination is searched, strong avalanche is provided, while realizing convenient for software and hardware.
Detailed description of the invention
Fig. 1 is the logical schematic of round function disclosed in an embodiment of the present invention;
Fig. 2 is the logical schematic of the word hybrid operation of diffusion layer disclosed in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The present invention is described in further detail with reference to the accompanying drawing:
As depicted in figs. 1 and 2, a kind of make of the novel block cipher round function provided according to the present invention,
The round function using SPN structure as algorithm overall structure, realized by successive ignition round function by SPN structure, and round function is supported
64, the block length of 128 and 256 bits, indicates block length with n.Round function includes obscuring layer (SubNibble), diffusion layer
(MixWord) and InvAddRoundKey operation, obscure layer and be made of the S box of 4 bits, the S box of n/4 4 bits of parallel query, diffusion layer
The hybrid operation that word length is n/4 is carried out based on word, is reversible linear operation.The wheel of exclusive or n-bit in InvAddRoundKey operation
Key, InvAddRoundKey operation are exactly that round key and plaintext (state) are carried out exclusive or by bit.As shown in Figure 1, round function is longitudinal
S box, lateral word hybrid operation are inquired, the input of round function is the X of n-bit and the round key RK of n-biti+1, export as n-bit
W, pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
In the above embodiment, it is preferable that obscure layer 4 bits input for (x0i | | x1i | | x2i | | x3i), by S box
After replacement, 4 bits output for (y0i | | y1i | | y2i | | y3i).Specifically, S box security intensity is high, not only considers differential probability
Up to optimal, deviation from linearity probability reaches optimal, algebraic degree 3, it is thus also avoided that input and output Hamming weight is the difference feelings of 1 bit
Condition, while input and output Hamming weight is only 4 for the linear mask quantity of 1 bit.S box also fills while meeting safety
Divide the problem of implementation for considering S box, there is Parallel Implementation, may be implemented using 15 instructions of bit-slice technology, improves software
Performance.In the above embodiment, it is preferable that S box substitution table is as shown in table 1:
1 S box substitution table of table
Input | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
Output | 3 | 13 | 15 | 10 | 0 | 7 | 12 | 1 | 4 | 2 | 9 | 5 | 11 | 14 | 6 | 8 |
In the above embodiment, it is preferable that 4 bits input for (x0i | | x1i | | x2i | | x3i), S box replacement bit-
Slice realizes instruction are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3
Finally obtain S box 4 bits output for (y0i | | y1i | | y2i | | y3i).
In the above embodiment, it is preferable that branch's number of diffusion layer is 5, that is, output and input at least 5 active cassettes.
State Y replaced for S box is divided into four word (y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0,z1,z2,
z3)=MixWord (Y).
In the above embodiment, it is preferable that the expression formula of the word hybrid operation of diffusion layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3,
The schematic diagram of word hybrid operation is as shown in Fig. 2, the shifted constant a0 ... ..., a7 of word hybrid operation are shown in Table 2:
2 word hybrid parameter of table
Version | a0 | a1 | a2 | a3 | a4 | a5 | a6 | a7 |
N=128 | 29 | 13 | 4 | 21 | 15 | 19 | 25 | 6 |
N=256 | 58 | 33 | 8 | 1 | 17 | 44 | 5 | 9 |
In the above-described embodiments, the structure of diffusion layer is fixed, but its parameter is searched in combination with the feature and strong diffusivity of S box
The diffusion layer parameter of Suo Xin.
In the above embodiment, it is preferable that the block length n of round function is 64,128 or 256, in the specific implementation process
Specific block length can be chosen as needed.
These are only the preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art
For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification,
Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (6)
1. a kind of make of novel block cipher round function, it is characterised in that:
The round function includes obscuring layer, diffusion layer and InvAddRoundKey operation, and the round function uses SPN structure, the wheel letter
Several block lengths is n;
Described to obscure a layer S box for n/4 4 bits of parallel query, it is the linear mixed of n/4 that the diffusion layer, which carries out word length based on word,
Operation is closed, the round key of exclusive or n-bit in InvAddRoundKey operation;
The round function longitudinally inquires S box, lateral word hybrid operation, pseudocode are as follows:
Y=SubNibble (X),
Z=MixWord (Y),
Wherein, the input of the round function is the X of n-bit and the round key K of n-biti+1, export the W for n-bit.
2. the make of novel block cipher round function according to claim 1, which is characterized in that the diffusion
Branch's number of layer is that the replaced state Y of 5, S box is divided into (y0,y1,y2,y3), Z=(z is obtained after executing word hybrid operation0,
z1,z2,z3)=MixWord (Y).
3. the make of novel block cipher round function according to claim 2, which is characterized in that the diffusion
The expression formula of the word hybrid operation of layer are as follows:
T=y1
y1=y2
y2=t
z0=y0
z1=y2
z2=y1
z3=y3。
4. the make of novel block cipher round function according to claim 1, which is characterized in that described to obscure
Layer 4 bits input for (x0i | | x1i | | x2i | | x3i), by S box replacement after, 4 bits output for (y0i | | y1i | | y2i | |
y3i)。
5. the make of novel block cipher round function according to claim 4, which is characterized in that the S box
The bit slice of replacement instructs are as follows:
R0=x1i
R1=x2i
R2=x0i
R3=x3i
R4=r0 ∨ r2
R4=r3 ∨ r1
R4=r0 ∧ r2
R4=~r2
R4=r4 ∨ r3
R4=~r0
R4=r4 ∨ r1
Y0i=r2
Y1i=r0
Y2i=r1
Y3i=r3.
6. the make of novel block cipher round function according to claim 1, which is characterized in that the wheel letter
Several block length n is 64,128 or 256.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910546990.1A CN110266470B (en) | 2019-06-24 | 2019-06-24 | Novel block cipher algorithm round function construction mode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910546990.1A CN110266470B (en) | 2019-06-24 | 2019-06-24 | Novel block cipher algorithm round function construction mode |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110266470A true CN110266470A (en) | 2019-09-20 |
CN110266470B CN110266470B (en) | 2020-09-18 |
Family
ID=67920722
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910546990.1A Active CN110266470B (en) | 2019-06-24 | 2019-06-24 | Novel block cipher algorithm round function construction mode |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110266470B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112487410A (en) * | 2020-12-02 | 2021-03-12 | 中国电子科技集团公司第三十研究所 | Method for constructing cipher structure model based on cyclic shift and XOR operation |
CN112511293A (en) * | 2020-09-21 | 2021-03-16 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104158796A (en) * | 2014-07-11 | 2014-11-19 | 中国科学院信息工程研究所 | Method for evaluating block cipher linear attack resistant safety |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN108449171A (en) * | 2018-02-09 | 2018-08-24 | 中国科学院软件研究所 | A kind of lightweight hash cryptographic summary generation method |
CN109274483A (en) * | 2018-10-10 | 2019-01-25 | 衡阳师范学院 | A kind of recombination S box Parallel Implementation method of Gray code arrangement pattern |
-
2019
- 2019-06-24 CN CN201910546990.1A patent/CN110266470B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104158796A (en) * | 2014-07-11 | 2014-11-19 | 中国科学院信息工程研究所 | Method for evaluating block cipher linear attack resistant safety |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN108449171A (en) * | 2018-02-09 | 2018-08-24 | 中国科学院软件研究所 | A kind of lightweight hash cryptographic summary generation method |
CN109274483A (en) * | 2018-10-10 | 2019-01-25 | 衡阳师范学院 | A kind of recombination S box Parallel Implementation method of Gray code arrangement pattern |
Non-Patent Citations (2)
Title |
---|
MAHMOOD DEYPIR: "ANovel Block Cipher Algorithm with Feistel-Like Structure", 《JCOMSEC》 * |
RICCARDO ARAGON: "Generalised Round Functions for Block Ciphers and their Security", 《ARXIV.ORG/MATH》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112511293A (en) * | 2020-09-21 | 2021-03-16 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112636899A (en) * | 2020-09-21 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
CN112636899B (en) * | 2020-09-21 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Lightweight S box design method |
CN112511293B (en) * | 2020-09-21 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | S-box parameterization design method based on bit sum operation and storage medium |
CN112487410A (en) * | 2020-12-02 | 2021-03-12 | 中国电子科技集团公司第三十研究所 | Method for constructing cipher structure model based on cyclic shift and XOR operation |
Also Published As
Publication number | Publication date |
---|---|
CN110266470B (en) | 2020-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110266470A (en) | The make of novel block cipher round function | |
D'souza et al. | Advanced encryption standard (AES) security enhancement using hybrid approach | |
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
CN104333446B (en) | A kind of novel ultra-light magnitude QTL block cipher implementation method | |
US10461924B2 (en) | Format-preserving cipher | |
CN101383703B (en) | Dynamic ciphering method based on broad sense information field | |
Ben-Aroya et al. | Differential cryptanalysis of Lucifer | |
CN101394268B (en) | Advanced ciphering system and method based on broad sense information field | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
US20170048059A1 (en) | Format-Preserving Cipher | |
CN108173640A (en) | The character string symmetric cryptography and decryption method of a kind of high security | |
CN107204841B (en) | Method for realizing multiple S boxes of block cipher for resisting differential power attack | |
CN101034978A (en) | Table splitting for cryptographic processes | |
CN110011798A (en) | The initial method and device and communication means of a kind of ZUC-256 stream cipher arithmetic | |
CN103051442A (en) | Cipher device adopting Feistel-PG structure and encryption method | |
CN104518865B (en) | A kind of data ciphering method based on code book | |
CN108134664A (en) | A kind of implementation method of data encryption | |
Wu et al. | Encryption of accounting data using DES algorithm in computing environment | |
CN105939190A (en) | AES data encryption method for offline key generation based on FPGA | |
CN108449171A (en) | A kind of lightweight hash cryptographic summary generation method | |
CN103310157B (en) | Based on the image encryption method of RT-DNA cellular automaton | |
CN105959100A (en) | Field programmable gate array (FPGA)-based online generated key advanced encryption standard (AES) data encryption method | |
CN102013974B (en) | Randomly varying nonlinear step-based encryption method | |
CN107171782B (en) | AES private log encryption method based on reversible logic circuit | |
CN111614457B (en) | P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |