CN110784307A - Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium - Google Patents
Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium Download PDFInfo
- Publication number
- CN110784307A CN110784307A CN201911070142.4A CN201911070142A CN110784307A CN 110784307 A CN110784307 A CN 110784307A CN 201911070142 A CN201911070142 A CN 201911070142A CN 110784307 A CN110784307 A CN 110784307A
- Authority
- CN
- China
- Prior art keywords
- round
- bits
- matrix
- key
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a storage medium for realizing a lightweight cryptographic algorithm SCENERY, wherein the method comprises the steps of obtaining a plaintext to be encrypted, and sequentially carrying out IP1 initial replacement, round function, key expansion and IP2 replacement, wherein the round function comprises the steps of sequentially carrying out round key addition operation, S box replacement and M matrix replacement on data, and the key expansion comprises the steps of sequentially carrying out S box replacement, circular left shift, round constant addition operation and DP dynamic replacement on a key. The round function adopts an F function with an SPN structure, and a binary matrix M is constructed with the aim of realizing high dependency when an F function linear layer is designed; the key expansion selects a round constant and a key expansion intermediate result as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, and the new key expansion mode is a new key expansion mode, so that the relevance of single key iteration to front-wheel input is reduced, the decoding difficulty is increased, the safety is improved, and differential attack, linear attack and algebraic attack can be particularly effectively resisted.
Description
Technical Field
The invention relates to the field of computer encryption, in particular to a lightweight cryptographic algorithm SCENERY implementation method, a device and a storage medium.
Background
In recent years, small embedded devices (e.g., wireless sensors, smart cards, radio frequency tags) have been widely used in many fields. These devices often have significant cost limitations such as area, power, energy consumption in hardware, etc. Because traditional cryptographic algorithms such as AES are not suitable for such extremely limited devices, lightweight block cipher algorithms adapted to resource constrained environments have attracted high attention from broad scholars.
Since 2007, several papers on lightweight block cipher algorithm were proposed in the international academia. There are some lightweight block cipher algorithms, typically represented by PRESETNT, twin, Piccolo, LED, LBlock, RECTANGLE, KLEIN, etc.
The current lightweight algorithm has the following problems:
1) some lightweight block cipher algorithms have complex decryption processes, and when decryption is realized, modules in the encryption process cannot be completely reused, so that extra resources are consumed; some encryption algorithms still occupy large resources, have low encryption performance and are not convenient to realize in equipment with limited resources;
2) the lightweight block cipher algorithm has the problem of low security. In order to seek smaller implementation resource area for some light-weight block cipher algorithms at present, the encryption process of the algorithms is simple in design, and meanwhile, the key expansion mode is simplified or even not expanded, so that the algorithms designed by the method have potential safety hazards. Many recent studies have shown that some algorithms are weak against attacks, especially common differential, linear, and algebraic attacks.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a lightweight block cipher algorithm SCENERY, which aim to solve the problems that the lightweight block cipher algorithm in the prior art is low in encryption performance, relatively simple in key expansion operation, low in flexibility and easy to attack.
The invention provides a lightweight cryptographic algorithm SCENERY implementation method, which comprises the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, and performing encryption operation;
the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P
0P
1P
2P
3;
Step A2: carrying out IP1 initial replacement on the data P in the step A1, and determining a round number Nr according to the number of key bits, wherein the initial value of a round number control signal is 1; when the number of key bits is 64 bits, the number of rounds is 28;
step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit;
step A4: the 32-bit data block L in the step A3
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to R
rPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box in F round function operation;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round L obtained in step A4 d)
r、R
rIP2 substitution is performed and then the encryption result is output.
The algorithm structure is highly symmetrical, the encryption module can be reused in algorithm decryption, decryption can be carried out by exchanging the use sequence of the encryption round keys, the operation is simple and convenient, additional resources are not consumed in decryption, and the encryption algorithm module has similar symmetrical components, so that the encryption algorithm module can be mutually multiplexed in the implementation process, and the purpose of reducing the implementation resources is achieved. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
Further, the IP1 initial replacement process in the step a2 is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as { P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33};
The 4 × 4 matrix is expressed by { P
00,P
12,P
33,P
21,P
11,P
03,P
22,P
30,P
23,P
31,P
10,P
02,P
32,P
20,P
01,P
13And sequentially outputting to obtain data P' after initial replacement by IP 1.
Specifically, let 4 × 4 matrix N be { P ═ P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33}; dividing the matrix N into 4 matrices N of 2 × 2 in sequence
0、N
1、N
2、N
3;N
0={P
00,P
01,P
10,P
11},N
1={P
02,P
03,P
12,P
13},N
2={P
20,P
21,P
30,P
31},N
3={P
22,P
23,P
32,P
33};
Respectively taking N
0、N
3Diagonal line (P) of
00,P
11) And (P)
23,P
32) The first column of data constituting the IP1 permutation, i.e. (P)
00,P
11,P
23,P
32)
T;
Respectively taking N
1、N
2Diagonal line (P) of
12,P
03) And (P)
31,P
20) Second column data constituting a permutation of IP1, i.e. (P)
12,P
03,P
31,P
20)
T;
Respectively taking N
3、N
0Diagonal line (P) of
33,P
22) And (P)
10,P
01) The third column of data constituting the IP1 permutation, i.e. (P)
33,P
22,P
10,P
01)
T;
Respectively taking N
2、N
1Diagonal line (P) of
21,P
30) And (P)
02,P
13) The fourth column of data constituting the IP1 permutation, i.e. (P)
21,P
30,P
02,P
13)
T。
From the above, it can be seen that each column of data after the initial replacement of IP1 is: (P)
00,P
11,P
23,P
32)
T、(P
12,P
03,P
31,P
20)
T、(P
33,P
22,P
10,P
01)
T、(P
21,P
30,P
02,P
13)
T;
The IP1 initial replacement structure is novel in design, so that algorithm data replacement has a good effect, and only hardware connection is needed for implementation, and resources do not need to be consumed.
Further, the operation result of step A2 is divided into 4 × 8 matrix data blocks L in the step A3
r、R
rThe division process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into L
rThe first row of the data block, the last 8 bits are divided into R
rThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix L
r、R
rAs follows:
further, the keys are sequentially ordered from the upper bit to the lower bit by 16 bits to form a4 × 16 matrix, which is denoted as K ═ K
0K
1K
2K
3;
To R
rPerforming round key addition operation, specifically, adding the data block R
rThe 32 bits from high bit to low bit and the front 32 bits of the round key, namely K
0、K
1Exclusive OR operation is carried out to obtain R'
r。
Performing S-box replacement on the operation result obtained in the step a), specifically: S-Box referenced to the algorithm-encrypted S-box of RECTANGLE, {6,5, C, A,1, E,7,9, B,0,3, D,8, F,4,2}, with the substitution of S-boxes applied to R'
rEach column of the matrix is given R ″
r。
Performing M matrix permutation on the operation result obtained in the step b), specifically: the resulting R ″)
rPerforming M matrix permutation according to the following formula to obtain R ″)
r:
R′″
r=R″
rM;
The M matrix permutation is implemented by using a 32 × 32 binary matrix M with a branch number of 4, where the matrix M is expressed as:
wherein M is
0And M
1Is a 16 × 16 binary matrix, and M
0And M
1The number of branches being 4, i.e. M
0And M
1The number of 1 in each row and each column is 3;
matrix M
0A matrix M of the first 16 bits for permuting the result of the operation obtained in b)
1For replacing the last 16 bits of the result of the operation obtained in b).
The design of the M matrix in the algorithm can be realized by using a bit-slice technology, and the specific realization formula is as follows:
further, the key expansion operation in step a5 specifically includes the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K
0K
1K
2K
3,
K
0={k
63,k
62,……,k
49,k
48},K
1={k
47,k
46,……,k
33,k
32},
K
2={k
31,k
30,……,k
17,k
16},K
3={k
15,k
14,……,k
1,k
0};
e) To K
0Low 4 bits (k)
51,k
50,k
49,k
48) And K
1Low 4 bits (k)
35,k
34,k
33,k
32) Alternately forming two 4-bit data (k)
51,k
35,k
50,k
34) And (k)
49,k
33,k
48,k
32) And performing S-box replacement respectively, wherein the S-box used in the S-box replacement is the same as the S-box in F-round function operation;
f) circularly left shifting the operation result of e) by 11 bits;
g) performing round constant addition operation on the first 16 bits from the high bit to the low bit of the f) operation result, specifically, performing exclusive or operation on the round constant by taking the current round number r and the low 5 bits from the high bit to the low bit of the first 16 bits from the high bit to the low bit of the f) operation result bit by bit;
h) and performing DP dynamic replacement on the operation result of the g), and using the obtained result as a round key of the next round.
Further, the performing DP dynamic replacement on the result in g) specifically includes:
dividing the current wheel number r by 4 to obtain m 'of the row data K' of the operation result matrix K 'of g) by taking m as a remainder, wherein m is more than or equal to 0 and less than or equal to 3'
mCorresponding { k'
61-m*16,k′
60-m*16},{k′
57-m*16,k′
56-m*16},{k′
53-m*16,k′
52-m*16},{k′
49-m*16,k′
48-m*16And its corresponding value is defined as v in turn
0,v
1,v
2,v
3,0≤v
0,v
1,v
2,v
33 or less, namely:
v
0={k′
61-m*16,k′
60-m*16};
v
1={k′
57-m*16,k′
56-m*16};
v
2={k′
53-m*16,k′
52-m*16};
v
3={k′
49-m*16,k′
48-m*16};
prepared from K'
0、K′
1、K′
2、K′
3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'
0、K′
1、K′
2、K′
3For example, v0 ═ 1, represents the first element in line 0, i.e., K'
01(ii) a Therefore, the values corresponding to the v0, v1, v2 and v3 positions are K 'in sequence'
0v0、K′
1v1、K′
2v2、K′
3v3;
By one sequential permutation, { K'
0v0、K′
1v1、K′
2v2、K′
3v3Replacement by { K'
2v2、K′
3v3、K′
0v0、K′
1v1And fourthly, obtaining a result which is the expanded round key.
Further, the IP2 replacement in the step a6 includes:
using the next round L obtained in step A4 d)
r、R
rConstructing a4 × 16 matrix of L
rAssigns R to the eight upper bits of the corresponding row of the matrix
rAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
The design of the IP2 permutation can ensure the high symmetry of the algorithm, specifically, the IP2 permutation is exchanged according to 4 bits as a unit, and the input is expressed as { P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33Via IP2 permutation exchange, data exchange with{P
02,P
30,P
21,P
13,P
20,P
12,P
03,P
31,P
33,P
01,P
10,P
22,P
11,P
23,P
32,P
00And (5) outputting in sequence.
Further, a decryption process is included, the decryption process including the steps of:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C
0C
1C
2C
3;
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) performing round key addition operation on the R;
j) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
l) combining the result obtained in k) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
The round keys in each round of F-round function operation are multiplexed with the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process;
step B5: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, for the next round L obtained in step B4
r、R
rIP2 substitution is performed and then the decryption result is output.
In a second aspect of the present invention, an apparatus for implementing a lightweight cryptographic algorithm SCENERY is provided, including:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation;
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1;
f round function processing unit: for dividing the data after IP1 permutation into left and right two parts, namely 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low order
rThe last 8 bits of each row of the operation result of the IP1 replacement unit are sequentially arranged from high order to low order;
then the data block L
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to R
rPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rParticipating F-round functions as the next roundCalculated L
r;
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box used by the F round function processing unit;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the last result of the round function processing unit is subjected to IP2 substitution, and then an encryption result is output.
In a third aspect of the present invention, a computer-readable storage medium is provided, which includes a stored program, and the program is adapted to be loaded by a processor and execute the above-mentioned lightweight cryptographic algorithm SCENERY implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a lightweight cryptographic algorithm SCENERY, the algorithm has highly symmetrical structure, the algorithm decrypts and multiplexes an encryption module, and exchanges the use sequence of encryption round keys, so that decryption can be carried out, the operation is simple and convenient, no extra resource is consumed for realizing decryption, and the cryptographic algorithm modules have similar symmetrical components, so that the cryptographic algorithm modules can be mutually multiplexed during realization, and the purpose of reducing the realization resources is achieved. The initial replacement structure of the algorithm is novel in design, so that the algorithm data replacement has a good effect, only hardware connection is needed for realization, and resources do not need to be consumed. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
The novel safe and efficient lightweight SCENERY block cipher realization method, the device and the storage medium reflect good attack resistance in security verification, and are particularly effective in resisting differential and linear attacks and algebraic attacks compared with the prior art.
Drawings
Fig. 1 is an encryption structure diagram of a lightweight cryptographic algorithm SCENERY implementation method provided in an embodiment of the present invention;
fig. 2 is a decryption structure diagram of a lightweight cryptographic algorithm SCENERY implementation method provided in the embodiment of the present invention;
FIG. 3 is a block diagram of a round function transformation provided by an embodiment of the present invention;
FIG. 4 is a diagram of an F function structure provided by an embodiment of the present invention;
FIG. 5 is a diagram of a round key expansion structure provided by an embodiment of the present invention;
fig. 6 is a diagram of IP1 replacement process provided by an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention provides a lightweight cryptographic algorithm SCENERY implementation method, including the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, loading the data P to a register, and performing encryption operation;
the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P
0P
1P
2P
3;
P
0={p
63,p
62,……,p
49,p
48},P
1={p
47,p
46,……,p
33,p
32},
P
2={p
31,p
30,……,p
17,p
16},P
3={p
15,p
14,……,p
1,p
0};
Step A2: carrying out IP1 initial replacement on the data P to be encrypted, which is obtained in the step A1, to obtain P', and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1; in this embodiment, the key length is 64 bits, and the round number Nr is 28;
the IP1 initial replacement procedure is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as { P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33};
The 4 × 4 matrix is expressed by { P
00,P
12,P
33,P
21,P
11,P
03,P
22,P
30,P
23,P
31,P
10,P
02,P
32,P
20,P
01,P
13And sequentially outputting to obtain data P' after initial replacement by IP 1.
In detail, the construction process is as follows:
let 4 × 4 matrix N ═ P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33}; dividing the matrix N into 4 matrices N of 2 × 2 in sequence
0、N
1、N
2、N
3;N
0={P
00,P
01,P
10,P
11},N
1={P
02,P
03,P
12,P
13},N
2={P
20,P
21,P
30,P
31},N
3={P
22,P
23,P
32,P
33}; for convenience of explanation, { P }
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33The expression is replaced by {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15} as shown in fig. 6 (1).
As shown in FIG. 6(2), at N
0And N
3The diagonal lines a and b with directions are marked in the middle, and the diagonal direction of a is from left to right and from top to bottom, namely (0 and 5); b, the diagonal direction is from right to left, and from top to bottom, namely (11, 14); the first column of data, i.e., (0, 5, 11, 14), permuted by IP1 is formed by the diagonal lines a, b
T;
N in FIG. 6(2)
0Is rotated by 90 degrees in a counterclockwise direction around the center point to obtain a matrix N
1The diagonal line c of (6, 3); n is a radical of
3Is rotated clockwise by 90 DEG around the center point to obtain N
2The upper diagonal d is (13, 8); the second column of data, i.e. (6, 3, 13, 8) replaced by IP1 is formed by the diagonal lines c, d
TAs shown in fig. 6 (3);
n in FIG. 6(3)
1Is rotated by 90 degrees counterclockwise around the center point to obtain N
3The upper diagonal e is (15, 10); n is a radical of
2Is rotated clockwise by 90 DEG around the center point to obtain N
0The upper diagonal f is (4, 1); the third column of data, i.e., (15, 10, 4, 1), permuted by IP1 is formed by the diagonals e, f
TAs shown in fig. 6 (4);
n in FIG. 6(4)
3Is rotated by 90 DEG counterclockwise around the center point to obtain N
2The upper diagonal g is (9, 12); n is a radical of
0Is rotated clockwise by 90 DEG around the center point to obtain N
1The upper diagonal line h is (2, 7); the fourth column of data, i.e., (9, 12, 2, 7), permuted by IP1 is formed by the diagonals g, h
TAs shown in fig. 6 (5);
from the above, the data of each column initially replaced by IP1 are: (0, 5, 11, 14)
T、(6、3、13、8)
T、(15、10、4、1)
T、(9、12、2、7)
T(ii) a The IP1 initial substitution table is as follows:
0 | 6 | 15 | 9 |
5 | 3 | 10 | 12 |
11 | 13 | 4 | 2 |
14 | 8 | 1 | 7 |
the IP1 initial replacement structure is novel in design, a new replacement mode is provided by utilizing the characteristic of a central symmetry graph, the algorithm data replacement has a good effect, and only hardware connection is needed for realizing the replacement without consuming resources.
Step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
rRespectively denoted as L
r=L
r0L
r1L
r2L
r3R is recorded as
r=R
r0R
r1R
r2R
r3;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit; namely:
L
r={P′
00,P′
01,P′
10,P′
11,P′
20,P′
21,P′
30,P′
31,};R
r={P′
02,P′
03,P′
12,P′
13,P′
22,P′
23,P′
32,P′
33,};
the dividing process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into L
rThe first row of the data block, the last 8 bits are divided into R
rThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix L
r、R
rAs follows:
step A4: the 32-bit data block L in the step A3
rAnd R
rPerforming F-round function operations according to a Feistel structure, as shown in fig. 3 and 4, each F-round function operation includes:
a) to R
rRunning round keyAdding to obtain R'
r;
The keys are sequentially ordered from high to low bits by 16 bits to form a4 × 16 matrix, which is denoted as K ═ K
0K
1K
2K
3;
To R
rPerforming round key addition operation, specifically, adding the data block R
rThe 32 bits of the key are gradually changed from high bit to low bit and the first 32 bits of the round key from high bit to low bit, namely K
0、K
1Exclusive OR operation is carried out to obtain R'
r。
b) Carrying out S box replacement on the operation result obtained in the step a) to obtain R ″
r;
The S-box permutation is the only nonlinear component of SCENERY algorithm, and the S-box of SCENERY algorithm refers to RECTANGLE algorithm 4-bit input and 4-bit output encryption S-box, as shown in the following table; the S-box permutation transform in the F function applies the S-box permutation to each column of the 4 x 8 data matrix. The S-box permutation transform is implemented by simple logic gate operations, i.e. a 32-bit 4 x 8 data matrix is divided into 8 4 bits, denoted as a, by column standard
0、a
1、a
2、a
3、a
4、a
5、a
6、a
7B is obtained by replacement of 8S boxes
0、b
1、b
2、b
3、b
4、b
5、b
6、b
7The S-box permutation formula is expressed as:
|
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
S[x] | 6 | 5 | C | A | 1 | |
7 | 9 | |
0 | 3 | D | 8 | |
4 | 2 |
c) performing M matrix permutation on the operation result obtained in the step b) to obtain R' ″
r;
The resulting R ″)
rPerforming M matrix permutation according to the following formula to obtain R' ″
r:
R′″
r=R″
rM;
In order to better meet the implementation of the Sbox layer bit slicing, improve the diffusion speed of the algorithm and realize high dependency of the implementation method, the linear layer constructs a 32 x 32 binary matrix M matrix to realize the linear layer with high dependency. Meanwhile, in order to reduce the search range, the M matrix is realized by using the blocking idea of the matrix in the following form:
wherein M is
0And M
1Is a 16 × 16 binary matrix, binary M
0The matrix is used for replacing the first 16 bits, M of the operation result obtained in b)
1The matrix is used for replacing the last 16 bits of the operation result obtained in the step b), so that the searching task is reduced to find two 16 × 16 matrixes to form a 32 × 32 matrix in the form so as to replace the whole operation result obtained in the step b);
M
0and M
1The number of branches being 4, i.e. M is required
0And M
1The number of 1 in each row and each column is 3;
the design of the M matrix in the algorithm can be realized by using a bit-slice technology, and the specific realization formula is as follows:
specifically, 32-bit data R' participating in matrix permutation of F function M
rA4 x 8 data matrix, the first 16 bits of the operation result obtained by the permutation b) are R ″
r0、R″
r1The last 16 bits of the result of the substitution b) are R ″
r2、R″
r3(ii) a Namely M
0The first 8 columns are R ″)
r0、R″
r1Diffuse to R' ″
r0The last 8 columns are R ″)
r0、R″
r1Diffuse to R' ″
r1;M
1The first 8 columns are R ″)
r2、R″
r3Diffuse to R' ″
r2The last 8 columns are R ″)
r2、R″
r3Diffuse to R' ″
r3(ii) a To better achieve fast diffusion using fewer resources, for M
0And M
1The 3 1s per row/column cannot fully concentrate the front/top 8 bits or the back/bottom 8 bits;
according to the above requirements, two vectors a, b of 8-bit binary data are first defined, wherein one of the two vectors has a hamming weight of 1 and one of the two vectors has a hamming weight of 2; assuming that the hamming weight of the a vector is 1 and the hamming weight of the b vector is 2, the possible values of the a vector and the b vector can be derived.
Then pairing the a and b vectors meeting the condition that b ═ a ^ c (wherein the Hamming weight of the vector c is 1); such as: when the vector a is (0,0,0,0,0,0,0,1), the pair (a, b) satisfying the condition includes: 7 pairs of { (0,0,0,0,0,0,0,1), (0,0,0,0,0,1, 1) }, { (0,0,0,0, 1), (0,0,0,0,0,0,0,1, 0,1) } … { (0,0,0,0,0,0,0,1), (1,0,0,0,0, 1) }; from the possible values of vector a, it can be deduced that a total of 56 pairs of vectors (a, b) satisfy the condition.
Constructing 8 multiplied by 16 binary matrix sample N according to the pairing of (a, b), wherein the 0 th row of data is a, b; the 1 st line of data is a circularly shifted by 1 bit in the left direction, and b circularly shifted by 1 bit in the left direction; the 2 nd row data is a, left circularly shifted by 2 bits, and b, left circularly shifted by 2 bits; in the same way, obtaining a data array B of 8 multiplied by 16; for example, a, B pairs { (0,0,0,0,0,0,0,1), (0,0,0,0,0,1, 1) }, corresponding to an 8 × 16 data array B:
similarly, an 8 × 16 binary matrix sample N is constructed according to the (b, a) pairing
1;
From partial samples N and N
1Respectively selecting two different 8 x 16 data matrixes to construct M
0And M
1Applying it to a matrix permutation module and testing the performance of the algorithm; the following matrixes are obtained through testing, so that the realization resources are relatively less, and the diffusion speed is relatively high:
d) mixing the result R' "obtained in c)
rAnd L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K
0K
1K
2K
3,
K
0={k
63,k
62,……,k
49,k
48},K
1={k
47,k
46,……,k
33,k
32},
K
2={k
31,k
30,……,k
17,k
16},K
3={k
15,k
14,……,k
1,k
0};
e) Performing S-box replacement on the current round key, specifically performing S-box replacement on data of an 8-bit fixed position in the current round key by adopting an S box in F-round function operation;
to K
0Low 4 bits (k)
51,k
50,k
49,k
48) And K
1Low 4 bits (k)
35,k
34,k
33,k
32) Alternately forming two 4-bit data (k)
51,k
35,k
50,k
34) And (k)
49,k
33,k
48,k
32) And performing S box replacement respectively, namely:
k
51k
35k
50k
34=S(k
51k
35k
50k
34),
k
49k
33k
48k
32=S(k
49k
33k
48k
32);
f) circularly shifting the operation result obtained by the step e) by x bits left;
in specific implementation, the value of x is set as required, and in this embodiment, the loop left shift is selected to be 11 bits, that is:
K′(k′
63,k′
62,……,k′
1,k′
0)=K(k
52,k
51,……,k
54,k
53);
g) performing round constant addition operation on the operation result obtained in the step f);
specifically, the wheel constant is the first 16K 'from the high order to the low order of the calculation result obtained by taking the current wheel number r and f)'
0The low 5 bits of the bit sequence are subjected to exclusive OR operation bit by bit;
h) performing DP dynamic replacement on the operation result of g), and taking the obtained result as a round key of the next round;
specifically, as shown in fig. 5, the m-th row data K ' of the operation result matrix K ' of g) is obtained by dividing the current wheel number r by 4 to obtain a remainder m, where m is 0 or more and m is less than or equal to 3 '
mCorresponding { k'
61-m*16,k′
60-m*16},{k′
57-m*16,k′
56-m*16},{k′
53-m*16,k′
52-m*16},{k′
49-m*16,k′
48-m*16And its corresponding value is defined as v in turn
0,v
1,v
2,v
3,0≤v
0,v
1,v
2,v
33 or less, namely:
v
0={k′
61-m*16,k′
60-m*16};
v
1={k′
57-m*16,k′
56-m*16};
v
2={k′
53-m*16,k′
52-m*16};
v
3={k′
49-m*16,k′
48-m*16};
prepared from K'
0、K′
1、K′
2、K′
3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'
0、K′
1、K′
2、K′
3For example, v0 ═ 1, represents the first element in line 0, i.e., K'
01(ii) a Therefore, the values corresponding to the v0, v1, v2 and v3 positions are K 'in sequence'
0v0、K′
1v1、K′
2v2、K′
3v3;
By a sequential permutation, i.e. { K'
0v0、K′
1v1、K′
2v2、K′
3v3Replacement by { K'
2v2、K′
3v3、K′
0v0、K′
1v1And fourthly, obtaining a result which is the expanded round key.
In the F round function operation process, the round key used in the first round of operation is the first 32 bits of data from the high order to the low order of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round L obtained in step A4 d)
r、R
rIP2 substitution is performed and then the encryption result is output.
Wherein the IP2 permutation comprises:
using the next round L obtained in step A4 d)
r、R
rConstructing a4 × 16 matrix of L
rAssigns R to the eight upper bits of the corresponding row of the matrix
rAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
The Feistel structure is in the round function operation process, and the last round of L
r、R
rThe method does not carry out interchange, but the algorithm carries out interchange in the last round, and in order to ensure the high symmetry of the algorithm, L needs to be carried out after the last round
r、R
rThe interchange and IP1 inverse initial permutation operations are performed, so the IP2 permutation is made by combining the two permutation operations. The IP2 permutation is switched in units of 4 bits, with the input denoted as P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33Permute the data with { P over IP2
02,P
30,P
21,P
13,P
20,P
12,P
03,P
31,P
33,P
01,P
10,P
22,P
11,P
23,P
32,P
00And (5) outputting in sequence. The IP2 substitution positions are shown in the table below.
2 | 12 | 9 | 7 |
8 | 6 | 3 | 13 |
15 | 1 | 4 | 10 |
5 | 11 | 14 | 0 |
The algorithm structure is highly symmetrical, the encryption module can be reused in algorithm decryption, decryption can be carried out by exchanging the use sequence of the encryption round keys, the operation is simple and convenient, additional resources are not consumed in decryption, and the encryption algorithm module has similar symmetrical components, so that the encryption algorithm module can be mutually multiplexed in the implementation process, and the purpose of reducing the implementation resources is achieved. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
In this embodiment, a decryption process is further included, as shown in fig. 2, the decryption process includes the following steps:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C
0C
1C
2C
3;
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) to R
rPerforming round key addition operation;
j) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
l) combining the result obtained in k) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Wherein, in each round of F round function operationThe round key is used for multiplexing the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process; in this embodiment, the encryption round key K
rUse is changed to K
27-rThe decryption process of the algorithm can be completed;
step B5: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, for the next round L obtained in step B4
r、R
rIP2 substitution is performed and then the decryption result is output. The specific details of the decryption process can be found in the encryption process.
SCENERY block cipher algorithm pseudo code description:
algorithm 1: SCENERY cipher encryption process
Inputting: plain text (P), key (K);
and (3) outputting: a ciphertext (C);
and 2, algorithm: SCENERY cipher decryption process
Inputting: c, K;
and (3) outputting: p;
the embodiment of the present invention further provides a device for implementing lightweight cryptographic algorithm SCENERY, including:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation;
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1;
f round function processing unit: for dividing the data after IP1 permutation into left and right two parts, namely 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low order
rPut by IP1The last 8 bits of each row of the operation result of the conversion unit are sequentially arranged from high bit to low bit;
then the data block L
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to R
rPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box used in the F round function processing unit;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, round keys used in the first round of operation are the first 32 bit data of the initial key from high order to low order, and the first 32 bit data of the round keys obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the last result of the round function processing unit is subjected to IP2 substitution, and then an encryption result is output.
The specific technology for implementing the functions of each module in the lightweight cryptographic algorithm sceery implementing device may refer to the lightweight cryptographic algorithm sceery implementing method, and is not described herein again.
The embodiment of the invention also provides a computer readable storage medium, which comprises a stored program, wherein the program is suitable for a processor to load and execute the lightweight cryptographic algorithm SCENERY implementation method.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The method provided by the embodiment of the invention is tested, wherein SCENERY-64 algorithm data provided by the invention is shown in table 1:
TABLE 1SCENERY-64 Algorithm Experimental test data
Plaintext | Key | Ciphertext |
0000-0000-0000-0000 | 0000-0000-0000-0000 | 28BC-2A7A-4782-E797 |
0000-0000-0000-0000 | FFFF-FFFF-FFFF-FFFF | D759-FF83-9E1F-29E8 |
FFFF-FFFF-FFFF-FFFF | 0000-0000-0000-0000 | CD28-5DC5-CB1B-297D |
FFFF-FFFF-FFFF-FFFF | FFFF-FFFF-FFFF-FFFF | D02B-7F5B-04A7-99F7 |
68B1-0045-F4BC-1775 | 7FE7-AB97-9608-717F | 224C-81E9-13AF-1EF2 |
The SCENERY cryptographic algorithm provided by the invention is realized in Xilinx Virtex-4 ML405 FPGA hardware, the clock cycle of the SCENERY-64 algorithm is 8.508ns, the clock frequency is 117.536MHz, and the throughput rate is 268.654 Mbps;
the SCENERY cryptographic algorithm provided by the invention is realized in ASIC hardware, and the comprehensive process library is 0.18mm of SMIC. The resource area occupied by the algorithm SCENERY-64 is 1190 GE.
Table 2 shows typical lightweight cryptographic algorithm FPGA hardware implementation with minimum key length, and table 3 shows typical lightweight cryptographic algorithm ASIC hardware implementation with minimum key length, and data comparison between table 2 and table 3 shows that scheery occupies small area resources compared to current lightweight cryptographic algorithms, and the frequency and throughput have high performance.
TABLE 2 implementation of the lightweight cryptographic algorithms FPGA
TABLE 3 lightweight cryptographic algorithm ASIC implementation
Algorithm | Structure of the product | Packet length (bits) | Key length (bits) | Area of resources (GE) |
Piccolo-80 | GFN | 64 | 80 | 1136 |
PRESNET-80 | SPN | 64 | 80 | 1570 |
KLEIN-64 | SPN | 64 | 64 | 1220 |
LBlock | Feistel | 64 | 80 | 1320 |
Twine-80 | Feistel | 64 | 80 | 1503 |
LED-64 | SPN | 64 | 80 | 1040 |
MIBS-64 | Feistel | 64 | 64 | 1396 |
SCENERY-64 | Feistel | 64 | 64 | 1190 |
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A lightweight cryptographic algorithm SCENERY implementation method is characterized by comprising the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, and performing encryption operation;
the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P
0P
1P
2P
3;
Step A2: carrying out IP1 initial replacement on the data P in the step A1, and determining a round number Nr according to the number of key bits, wherein the initial value of a round number control signal is 1;
step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit;
step A4: the 32-bit data block L in the step A3
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to R
rPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
e) performing S box replacement on the current round key;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round L obtained in step A4 d)
r、R
rIP2 substitution is performed and then the encryption result is output.
2. The method for implementing the lightweight cryptographic algorithm SCENERY of claim 1, wherein the IP1 initial replacement procedure in step A2 is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as N ═ P
00,P
01,P
02,P
03,P
10,P
11,P
12,P
13,P
20,P
21,P
22,P
23,P
30,P
31,P
32,P
33};
Dividing the matrix N into 4 matrices N of 2 × 2 in sequence
0、N
1、N
2、N
3;N
0={P
00,P
01,P
10,P
11},N
1={P
02,P
03,P
12,P
13},N
2={P
20,P
21,P
30,P
31},N
3={P
22,P
23,P
32,P
33};
Respectively taking N
0、N
3Diagonal line (P) of
00,P
11) And (P)
23,P
32) The first column of data constituting the IP1 permutation, i.e. (P)
00,P
11,P
23,P
32)
T;
Respectively taking N
1、N
2Diagonal line (P) of
12,P
03) And (P)
31,P
20) Second column data constituting a permutation of IP1, i.e. (P)
12,P
03,P
31,P
20)
T;
Respectively taking N
3、N
0Pair ofAngular line (P)
33,P
22) And (P)
10,P
01) The third column of data constituting the IP1 permutation, i.e. (P)
33,P
22,P
10,P
01)
T;
Respectively taking N
2、N
1Diagonal line (P) of
21,P
30) And (P)
02,P
13) The fourth column of data constituting the IP1 permutation, i.e. (P)
21,P
30,P
02,P
13)
T;
The 4 x 4 matrix N is initially permuted by IP1 to form P
00,P
12,P
33,P
21,P
11,P
03,P
22,P
30,P
23,P
31,P
10,P
02,P
32,P
20,P
01,P
13Sequentially outputting to obtain data P after initial replacement by IP1
′。
3. The method for implementing the lightweight cryptographic algorithm SCENERY of claim 1, wherein said step A3 is to divide the operation result of step A2 into 4 x 8 matrix data blocks L
r、R
rThe division process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into L
rThe first row of the data block, the last 8 bits are divided into R
rThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix L
r、R
rAs follows:
4. the method for implementing the lightweight cryptographic algorithm SCENERY according to claim 1, wherein the M matrix permutation of the F round function operation in the step A4 is implemented by a 32 x 32 binary matrix M with a branch number of 4, where the matrix M is represented as:
wherein M is
0And M
1Is a 16 × 16 binary matrix, and M
0And M
1The number of branches being 4, i.e. M
0And M
1The number of 1 in each row and each column is 3;
matrix M
0A matrix M of the first 16 bits for permuting the result of the operation obtained in b)
1For replacing the last 16 bits of the result of the operation obtained in b).
5. The method for implementing the lightweight cryptographic algorithm SCENERY according to claim 1, wherein the key expansion operation in the step A5 specifically includes the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K
0K
1K
2K
3,
K
0={k
63,k
62,……,k
49,k
48},K
1={k
47,k
46,……,k
33,k
32},
K
2={k
31,k
30,……,k
17,k
16},K
3={k
15,k
14,……,k
1,k
0};
e) To K
0Low 4 bits (k)
51,k
50,k
49,k
48) And K
1Low 4 bits (k)
35,k
34,k
33,k
32) Alternately forming two 4-bit data (k)
51,k
35,k
50,k
34) And (k)
49,k
33,k
48,k
32) And performing S box replacement respectively;
f) circularly left shifting the operation result of e) by 11 bits;
g) performing round constant addition operation on the first 16 bits from the high bit to the low bit of the operation result of f);
h) and performing DP dynamic replacement on the operation result of the g), and using the obtained result as a round key of the next round.
6. The method for implementing the lightweight cryptographic algorithm SCENERY according to claim 5, wherein the performing DP dynamic permutation on the result in g) specifically comprises:
dividing the current wheel number r by 4 to obtain m 'of the row data K' of the operation result matrix K 'of g) by taking m as a remainder, wherein m is more than or equal to 0 and less than or equal to 3'
mCorresponding { k'
61-m*16,k′
60-m*16},{k′
57-m*16,k′
56-m*16},{k′
53-m*16,k′
52-m*16},{k′
49-m*16,k′
48-m*16And its corresponding value is defined as v in turn
0,v
1,v
2,v
3,0≤v
0,v
1,v
2,v
33 or less, namely:
v
0={k′
61-m*16,k′
60-m*16};
v
1={k′
57-m*16,k′
56-m*16};
v
2={k′
53-m*16,k′
52-m*16};
v
3={k′
49-m*16,k′
48-m*16};
prepared from K'
0、K′
1、K′
2、K′
3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'
0、K′
1、K′
2、K′
3The corresponding positions in the sequence of v0, v1, v2 and v3 are K'
0v0、K′
1v1、K′
2v2、K′
3v3;
By one sequential permutation, { K'
0v0、K′
1v1、K′
2v2、K′
3v3Replacement by { K'
2v2、K′
3v3、K′
0v0、K′
1v1Get the result finallyI.e. the expanded round key.
7. The method for implementing the lightweight cryptographic algorithm SCENERY of claim 1, wherein the IP2 permutation in the step A6 comprises:
using the next round L obtained in step A4 d)
r、R
rConstructing a4 × 16 matrix of L
rAssigns R to the eight upper bits of the corresponding row of the matrix
rAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
8. The method for implementing the lightweight cryptographic algorithm SCENERY according to any one of claims 1 to 7, further comprising a decryption process, said decryption process comprising the steps of:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C
0C
1C
2C
3;
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bit
rThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3
rAnd R
rF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) to R
rPerforming round key addition operation;
j) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
l) combining the result obtained in k) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
The round keys in each round of F-round function operation are multiplexed with the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process;
step B5: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, for the next round L obtained in step B4
r、R
rIP2 substitution is performed and then the decryption result is output.
9. A lightweight cryptographic algorithm SCENERY implementation device is characterized by comprising:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation;
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1;
f round function processing unit: for dividing the data after IP1 permutation into left and right two parts, namely 4X 8 matrix data block L
r、R
r;
Where r represents the current round number, data block L
rThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low order
rThe last 8 bits of each row of the operation result of the IP1 replacement unit are sequentially arranged from high order to low order;
then the data block L
rAnd R
rAccording to FThe eisel structure performs F-round function operations, each round of F-round function operation comprising:
a) to R
rPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with L
rPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next round
r(ii) a Input data block R for simultaneously participating current round in F round function operation
rL participating in F-round function operations as the next round
r;
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the last result of the F round function processing unit is subjected to IP2 replacement, and then an encryption result is output.
10. A computer-readable storage medium, characterized in that it comprises a stored program adapted to be loaded and executed by a processor to implement the lightweight cryptographic algorithm SCENERY implementation of any of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911070142.4A CN110784307B (en) | 2019-11-05 | 2019-11-05 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911070142.4A CN110784307B (en) | 2019-11-05 | 2019-11-05 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110784307A true CN110784307A (en) | 2020-02-11 |
CN110784307B CN110784307B (en) | 2020-06-09 |
Family
ID=69389090
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911070142.4A Active CN110784307B (en) | 2019-11-05 | 2019-11-05 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110784307B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245598A (en) * | 2020-03-31 | 2020-06-05 | 衡阳师范学院 | Method for realizing lightweight AEROGEL block cipher |
CN111431697A (en) * | 2020-03-31 | 2020-07-17 | 衡阳师范学院 | Novel method for realizing lightweight block cipher COR L |
CN113660620A (en) * | 2021-10-20 | 2021-11-16 | 北京卓建智菡科技有限公司 | Data anti-counterfeiting encryption method and device, computer equipment and storage medium |
CN113691364A (en) * | 2021-08-31 | 2021-11-23 | 衡阳师范学院 | Encryption and decryption method of dynamic S-box block cipher based on bit slice technology |
CN117118596A (en) * | 2023-10-09 | 2023-11-24 | 无锡车联天下信息技术有限公司 | Round key generation method and device, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102195773A (en) * | 2010-03-03 | 2011-09-21 | 中国人民解放军信息工程大学 | Method and system for analyzing block cipher algorithm |
CN105959107A (en) * | 2016-06-24 | 2016-09-21 | 衡阳师范学院 | Novel and highly secure lightweight SFN block cipher implementation method |
KR20190037980A (en) * | 2017-09-29 | 2019-04-08 | 한밭대학교 산학협력단 | System and method for efficient lightweight block cipher in pervasive computing |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
-
2019
- 2019-11-05 CN CN201911070142.4A patent/CN110784307B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102195773A (en) * | 2010-03-03 | 2011-09-21 | 中国人民解放军信息工程大学 | Method and system for analyzing block cipher algorithm |
CN105959107A (en) * | 2016-06-24 | 2016-09-21 | 衡阳师范学院 | Novel and highly secure lightweight SFN block cipher implementation method |
KR20190037980A (en) * | 2017-09-29 | 2019-04-08 | 한밭대학교 산학협력단 | System and method for efficient lightweight block cipher in pervasive computing |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
Non-Patent Citations (3)
Title |
---|
BO-TAO LIU ET AL.: "Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure", 《IEEE ACCESS》 * |
李浪等: "HBcipher:一种高效的轻量级分组密码", 《密码学报》 * |
李浪等: "Surge:一种新型、低资源、高效的轻量级分组密码算法", 《计算机科学》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245598A (en) * | 2020-03-31 | 2020-06-05 | 衡阳师范学院 | Method for realizing lightweight AEROGEL block cipher |
CN111431697A (en) * | 2020-03-31 | 2020-07-17 | 衡阳师范学院 | Novel method for realizing lightweight block cipher COR L |
CN111245598B (en) * | 2020-03-31 | 2022-06-14 | 衡阳师范学院 | Method for realizing lightweight AEROGEL block cipher |
CN113691364A (en) * | 2021-08-31 | 2021-11-23 | 衡阳师范学院 | Encryption and decryption method of dynamic S-box block cipher based on bit slice technology |
CN113691364B (en) * | 2021-08-31 | 2024-02-09 | 衡阳师范学院 | Encryption and decryption method of dynamic S-box block cipher based on bit slice technology |
CN113660620A (en) * | 2021-10-20 | 2021-11-16 | 北京卓建智菡科技有限公司 | Data anti-counterfeiting encryption method and device, computer equipment and storage medium |
CN117118596A (en) * | 2023-10-09 | 2023-11-24 | 无锡车联天下信息技术有限公司 | Round key generation method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110784307B (en) | 2020-06-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110784307B (en) | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium | |
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
US20140169553A1 (en) | Masking with shared random bits | |
JP5682525B2 (en) | Cryptographic processing apparatus, cryptographic processing method, and program | |
CN110572255B (en) | Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
CN105959107B (en) | A kind of lightweight SFN block cipher implementation method of new high safety | |
CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
CN102025484A (en) | Block cipher encryption and decryption method | |
JPWO2009075337A1 (en) | ENCRYPTION METHOD, DECRYPTION METHOD, DEVICE, AND PROGRAM | |
US20240187212A1 (en) | Method & apparatus for an ultra low power vlsi implementation of the 128-bit aes algorithm using a novel approach to the shiftrow transformation | |
CN112134691B (en) | NLCS block cipher realization method, device and medium with repeatable components | |
Biglari et al. | Maestro: A high performance AES encryption/decryption system | |
CN111614457B (en) | P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium | |
CN111478766B (en) | Method, device and storage medium for realizing block cipher MEG | |
KR20060012002A (en) | A hardware implementation of the mixcolumn/invmixcolumn functions | |
CN113691364B (en) | Encryption and decryption method of dynamic S-box block cipher based on bit slice technology | |
Bajaj et al. | AES algorithm for encryption | |
EP2651070B1 (en) | Code processing device, code processing method, and program | |
Mohanraj et al. | High performance GCM architecture for the security of high speed network | |
US20180054307A1 (en) | Encryption device | |
CN113343276B (en) | Encryption method of light-weight block cipher algorithm GCM based on generalized two-dimensional cat mapping | |
US11750369B2 (en) | Circuit module of single round advanced encryption standard | |
CN109936440B (en) | Multiplexing round conversion operation unit in AES decryption circuit and construction method | |
Siddesh et al. | AN EFFICIENT VLSI ARCHITECTURE FOR AES AND its FPGA IMPLEMENTATION |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |