CN110784307B - Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium - Google Patents

Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium Download PDF

Info

Publication number
CN110784307B
CN110784307B CN201911070142.4A CN201911070142A CN110784307B CN 110784307 B CN110784307 B CN 110784307B CN 201911070142 A CN201911070142 A CN 201911070142A CN 110784307 B CN110784307 B CN 110784307B
Authority
CN
China
Prior art keywords
round
matrix
bits
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911070142.4A
Other languages
Chinese (zh)
Other versions
CN110784307A (en
Inventor
李浪
冯景亚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN201911070142.4A priority Critical patent/CN110784307B/en
Publication of CN110784307A publication Critical patent/CN110784307A/en
Application granted granted Critical
Publication of CN110784307B publication Critical patent/CN110784307B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a method, a device and a storage medium for realizing a lightweight cryptographic algorithm SCENERY, wherein the method comprises the steps of obtaining a plaintext to be encrypted, and sequentially carrying out IP1 initial replacement, round function, key expansion and IP2 replacement, wherein the round function comprises the steps of sequentially carrying out round key addition operation, S box replacement and M matrix replacement on data, and the key expansion comprises the steps of sequentially carrying out S box replacement, circular left shift, round constant addition operation and DP dynamic replacement on a key. The round function adopts an F function with an SPN structure, and a binary matrix M is constructed with the aim of realizing high dependency when an F function linear layer is designed; the key expansion selects a round constant and a key expansion intermediate result as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, and the new key expansion mode is a new key expansion mode, so that the relevance of single key iteration to front-wheel input is reduced, the decoding difficulty is increased, the safety is improved, and differential attack, linear attack and algebraic attack can be particularly effectively resisted.

Description

Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium
Technical Field
The invention relates to the field of computer encryption, in particular to a lightweight cryptographic algorithm SCENERY implementation method, a device and a storage medium.
Background
In recent years, small embedded devices (e.g., wireless sensors, smart cards, radio frequency tags) have been widely used in many fields. These devices often have significant cost limitations such as area, power, energy consumption in hardware, etc. Because traditional cryptographic algorithms such as AES are not suitable for such extremely limited devices, lightweight block cipher algorithms adapted to resource constrained environments have attracted high attention from broad scholars.
Since 2007, several papers on lightweight block cipher algorithm were proposed in the international academia. There are some lightweight block cipher algorithms, typically represented by PRESETNT, twin, Piccolo, LED, LBlock, RECTANGLE, KLEIN, etc.
The current lightweight algorithm has the following problems:
1) some lightweight block cipher algorithms have complex decryption processes, and when decryption is realized, modules in the encryption process cannot be completely reused, so that extra resources are consumed; some encryption algorithms still occupy large resources, have low encryption performance and are not convenient to realize in equipment with limited resources;
2) the lightweight block cipher algorithm has the problem of low security. In order to seek smaller implementation resource area for some light-weight block cipher algorithms at present, the encryption process of the algorithms is simple in design, and meanwhile, the key expansion mode is simplified or even not expanded, so that the algorithms designed by the method have potential safety hazards. Many recent studies have shown that some algorithms are weak against attacks, especially common differential, linear, and algebraic attacks.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a lightweight block cipher algorithm SCENERY, which aim to solve the problems that the lightweight block cipher algorithm in the prior art is low in encryption performance, relatively simple in key expansion operation, low in flexibility and easy to attack.
The invention provides a lightweight cryptographic algorithm SCENERY implementation method, which comprises the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, and performing encryption operation;
the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P0P1P2P3
Step A2: carrying out IP1 initial replacement on the data P in the step A1, and determining a round number Nr according to the number of key bits, wherein the initial value of a round number control signal is 1; when the number of key bits is 64 bits, the number of rounds is 28;
step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit;
step A4: the 32-bit data block L in the step A3rAnd RrAccording to Feisthe tel structure performs F-round function operations, each round of the F-round function operations includes:
a) to RrPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box in F round function operation;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round L obtained in step A4 d)r、RrIP2 substitution is performed and then the encryption result is output.
The algorithm structure is highly symmetrical, the encryption module can be reused in algorithm decryption, decryption can be carried out by exchanging the use sequence of the encryption round keys, the operation is simple and convenient, additional resources are not consumed in decryption, and the encryption algorithm module has similar symmetrical components, so that the encryption algorithm module can be mutually multiplexed in the implementation process, and the purpose of reducing the implementation resources is achieved. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
Further, the IP1 initial replacement process in the step a2 is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as { P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33};
The 4 × 4 matrix is expressed by { P00,P12,P33,P21,P11,P03,P22,P30,P23,P31,P10,P02,P32,P20,P01,P13And sequentially outputting to obtain data P' after initial replacement by IP 1.
Specifically, let 4 × 4 matrix N be { P ═ P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33}; dividing the matrix N into 4 matrices N of 2 × 2 in sequence0、N1、N2、N3;N0={P00,P01,P10,P11},N1={P02,P03,P12,P13},N2={P20,P21,P30,P31},N3={P22,P23,P32,P33};
Respectively taking N0、N3Diagonal line (P) of00,P11) And (P)23,P32) The first column of data constituting the IP1 permutation, i.e. (P)00,P11,P23,P32)T
Respectively taking N1、N2Diagonal line (P) of12,P03) And (P)31,P20) Second column data constituting a permutation of IP1, i.e. (P)12,P03,P31,P20)T
Respectively taking N3、N0Diagonal line (P) of33,P22) And (P)10,P01) The third column of data constituting the IP1 permutation, i.e. (P)33,P22,p10,P01)T
Respectively taking N2、N1Diagonal line (P) of21,P30) And (P)02,P13) The fourth column of data constituting the IP1 permutation, i.e. (P)21,P30,P02,P13)T
From the above, it can be seen that each column of data after the initial replacement of IP1 is: (P)00,P11,P23,P32)T、(P12,P03,P31,P20)T、(P33,P22,P10,P01)T、(P21,P30,P02,P13)T
The IP1 initial replacement structure is novel in design, so that algorithm data replacement has a good effect, and only hardware connection is needed for implementation, and resources do not need to be consumed.
Further, the operation result of step A2 is divided into 4 × 8 matrix data blocks L in the step A3r、RrThe division process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into LrThe first row of the data block, the last 8 bits are divided into RrThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix Lr、RrAs follows:
Figure GDA0002452873450000031
further, the keys are sequentially ordered from the upper bit to the lower bit by 16 bits to form a4 × 16 matrix, which is denoted as K ═ K0K1K2K3
To RrPerforming round key addition operation, specifically, adding the data block RrThe 32 bits from high bit to low bit and the front 32 bits of the round key, namely K0、K1Exclusive OR operation is carried out to obtain R'r
Performing S-box replacement on the operation result obtained in the step a), specifically: S-Box referenced to the algorithm-encrypted S-box of RECTANGLE, {6, 5, C, A, 1, E, 7, 9, B, 0, 3, D, 8, F, 4, 2}, with the substitution of S-boxes applied to R'rEach column of the matrix is given R ″r
Performing M matrix permutation on the operation result obtained in the step b), specifically: the resulting R ″)rPerforming M matrix permutation according to the following formula to obtain R'r
R″′r=R″rM;
The M matrix permutation is implemented by using a 32 × 32 binary matrix M with a branch number of 4, where the matrix M is expressed as:
Figure GDA0002452873450000041
wherein M is0And M1Is a binary matrix of 16 x 16,and M0And M1The number of branches being 4, i.e. M0And M1The number of 1 in each row and each column is 3;
matrix M0A matrix M of the first 16 bits for permuting the result of the operation obtained in b)1For replacing the last 16 bits of the result of the operation obtained in b).
The design of the M matrix in the algorithm can be realized by using a bit-slice technology, and the specific realization formula is as follows:
Figure GDA0002452873450000042
Figure GDA0002452873450000043
Figure GDA0002452873450000044
Figure GDA0002452873450000045
further, the key expansion operation in step a5 specifically includes the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K0K1K2K3
K0={k63,k62,……,k49,k48},K1={k47,k46,……,k33,k32},
K2={k31,k30,……,k17,k16},K3={k15,k14,……,k1,k0};
e) To K0Low 4 bits (k)51,k50,k49,k48) And K1Low 4 bits (k)35,k34,k33,k32) Alternately forming two 4-bit data (k)51,k35,k50,k34) And (k)49,k33,k48,k32) And performing S-box replacement respectively, wherein the S-box used in the S-box replacement is the same as the S-box in F-round function operation;
f) circularly left shifting the operation result of e) by 11 bits;
g) performing round constant addition operation on the first 16 bits from the high bit to the low bit of the f) operation result, specifically, performing exclusive or operation on the round constant by taking the current round number r and the low 5 bits from the high bit to the low bit of the first 16 bits from the high bit to the low bit of the f) operation result bit by bit;
h) and performing DP dynamic replacement on the operation result of the g), and using the obtained result as a round key of the next round.
Further, the performing DP dynamic replacement on the result in g) specifically includes:
dividing the current wheel number r by 4 to obtain m 'of the row data K' of the operation result matrix K 'of g) by taking m as a remainder, wherein m is more than or equal to 0 and less than or equal to 3'mCorresponding { k'61-m*16,k′60-m*16},{k′57-m*16,k′56-m*16},{k′53-m*16,k′52-m*16},{k′49-m*16,k′48-m*16And its corresponding value is defined as v in turn0,v1,v2,v3,0≤v0,v1,v2v 33 or less, namely:
v0={k′61-m*16,k′60-m*16};
v1={k′57-m*16,k′56-m*16};
v2={k′53-m*16,k′52-m*16};
v3={k′49-m*16,k′48-m*16};
prepared from K'0、K′1、K′2、K′3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
Figure GDA0002452873450000051
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'0、K′1、K′2、K′3For example, v0 ═ 1, represents the first element in line 0, i.e., K'01(ii) a Therefore, the values corresponding to the v0, v1, v2 and v3 positions are K 'in sequence'0v0、K′1v1、K′2v2、K′3v3
By one sequential permutation, { K'0v0、K′1v1、K′2v2、K′3v3Replacement by { K'2v2、K′3v3、K′0v0、K′1v1And fourthly, obtaining a result which is the expanded round key.
Further, the IP2 replacement in the step a6 includes:
using the next round L obtained in step A4 d)r、RrConstructing a4 × 16 matrix of LrAssigning each row of data to the upper eight bits of the corresponding row of the matrix, and assigning each row of data Rr to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
The design of the IP2 permutation can ensure the high symmetry of the algorithm, specifically, the IP2 permutation is exchanged according to 4 bits as a unit, and the input is expressed as { P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33Permute the data with { P over IP202,P30,P21,P13,P20,P12,P03,P31,P33,P01,P10,P22,P11,P23,P32,P00And (5) outputting in sequence.
Further, a decryption process is included, the decryption process including the steps of:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C0C1C2C3
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3rAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) to RrPerforming round key addition operation;
i) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
l) combining the result obtained in k) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
The round keys in each round of F-round function operation are multiplexed with the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process;
step B5: judging whether the current round number signal r is less than the round number NrIf the value is less than the threshold value, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, the next round L obtained in the step B4 in 1) is processedr、RrIP2 substitution is performed and then the decryption result is output.
In a second aspect of the present invention, an apparatus for implementing a lightweight cryptographic algorithm SCENERY is provided, including:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation;
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1;
f round function processing unit: for dividing the data after IP1 permutation into left and right two parts, namely 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low orderrThe last 8 bits of each row of the operation result of the IP1 replacement unit are sequentially arranged from high order to low order;
then the data block LrAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to RrPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box used by the F round function processing unit;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the last result of the round function processing unit is subjected to IP2 substitution, and then an encryption result is output.
In a third aspect of the present invention, a computer-readable storage medium is provided, which stores a computer program, the computer program being loaded by a processor and executing the above-mentioned lightweight cryptographic algorithm SCENERY implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a lightweight cryptographic algorithm SCENERY, the algorithm has highly symmetrical structure, the algorithm decrypts and multiplexes an encryption module, and exchanges the use sequence of encryption round keys, so that decryption can be carried out, the operation is simple and convenient, no extra resource is consumed for realizing decryption, and the cryptographic algorithm modules have similar symmetrical components, so that the cryptographic algorithm modules can be mutually multiplexed during realization, and the purpose of reducing the realization resources is achieved. The initial replacement structure of the algorithm is novel in design, so that the algorithm data replacement has a good effect, only hardware connection is needed for realization, and resources do not need to be consumed. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
The novel safe and efficient lightweight SCENERY block cipher realization method, the device and the storage medium reflect good attack resistance in security verification, and are particularly effective in resisting differential and linear attacks and algebraic attacks compared with the prior art.
Drawings
Fig. 1 is an encryption structure diagram of a lightweight cryptographic algorithm SCENERY implementation method provided in an embodiment of the present invention;
fig. 2 is a decryption structure diagram of a lightweight cryptographic algorithm SCENERY implementation method provided in the embodiment of the present invention;
FIG. 3 is a block diagram of a round function transformation provided by an embodiment of the present invention;
FIG. 4 is a diagram of an F function structure provided by an embodiment of the present invention;
FIG. 5 is a diagram of a round key expansion structure provided by an embodiment of the present invention;
fig. 6 is a diagram of IP1 replacement process provided by an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention provides a lightweight cryptographic algorithm SCENERY implementation method, including the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, loading the data P to a register, and performing encryption operation;
wherein, the data P to be encrypted is grouped into 16 bits from high bit to low bitThe sub-sequences form a4 × 16 data matrix, denoted as P ═ P0P1P2P3
P0={p63,p62,……,p49,p48},P1={p47,p46,……,p33,p32},
P2={p31,p30,……,p17,p16},P3={p15,p14,……,p1,p0};
Step A2: carrying out IP1 initial replacement on the data P to be encrypted, which is obtained in the step A1, to obtain P', and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1; in this embodiment, the key length is 64 bits, and the round number Nr is 28;
the IP1 initial replacement procedure is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as { P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33};
The 4 × 4 matrix is expressed by { P00,P12,P33,P21,P11,P03,P22,P30,P23,P31,P10,P02,P32,P20,P01,P13And sequentially outputting to obtain data P' after initial replacement by IP 1.
In detail, the construction process is as follows:
let 4 × 4 matrix N ═ P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33}; dividing the matrix N into 4 matrices N of 2 × 2 in sequence0、N1、N2、N3;N0={P00,P01,P10,P11},N1={P02,P03,P12,P13},N2={P20,P21,P30,P31},N3={P22,P23,P32,P33}; for convenience of explanation, { P }00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33The expression is replaced by {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} as shown in fig. 6 (1).
As shown in FIG. 6(2), at N0And N3The diagonal lines a and b with directions are marked in the middle, and the diagonal direction of a is from left to right and from top to bottom, namely (0 and 5); b, the diagonal direction is from right to left, and from top to bottom, namely (11, 14); the first column of data, i.e., (0, 5, 11, 14), permuted by IP1 is formed by the diagonal lines a, bT
N in FIG. 6(2)0Is rotated by 90 degrees in a counterclockwise direction around the center point to obtain a matrix N1The diagonal line c of (6, 3); n is a radical of3Is rotated clockwise by 90 DEG around the center point to obtain N2The upper diagonal d is (13, 8); the second column of data, i.e. (6, 3, 13, 8) replaced by IP1 is formed by the diagonal lines c, dTAs shown in fig. 6 (3);
n in FIG. 6(3)1Is rotated by 90 degrees counterclockwise around the center point to obtain N3The upper diagonal e is (15, 10); n is a radical of2Is rotated clockwise by 90 DEG around the center point to obtain N0The upper diagonal f is (4, 1); the third column of data, i.e., (15, 10, 4, 1), permuted by IP1 is formed by the diagonals e, fTAs shown in fig. 6 (4);
n in FIG. 6(4)3Is rotated by 90 DEG counterclockwise around the center point to obtain N2The upper diagonal g is (9, 12); n is a radical of0Is rotated clockwise by 90 DEG around the center point to obtain N1The upper diagonal line h is (2, 7); the fourth column of data, i.e., (9, 12, 2, 7), permuted by IP1 is formed by the diagonals g, hTAs shown in fig. 6 (5);
from the above, the data of each column initially replaced by IP1 are: (0, 5, 11, 14)T、(6、3、13、8)T、(15、10、4、1)T、(9、12、2、7)T(ii) a The IP1 initial substitution table is as follows:
0 6 15 9
5 3 10 12
11 13 4 2
14 8 1 7
the IP1 initial replacement structure is novel in design, a new replacement mode is provided by utilizing the characteristic of a central symmetry graph, the algorithm data replacement has a good effect, and only hardware connection is needed for realizing the replacement without consuming resources.
Step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block Lr、RrRespectively denoted as Lr=Lr0Lr1Lr2Lr3R is recorded asr=Rr0Rr1Rr2Rr3
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit; namely:
Lr={P′00,P′01,P′10,P′11,P′20,P′21,P′30,P′31,};Rr={P′02,P′03,P′12,P′13,P′22,P′23,P′32,P′33,};
the dividing process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into LrThe first row of the data block, the last 8 bits are divided into RrThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix Lr、RrAs follows:
Figure GDA0002452873450000091
step A4: the 32-bit data block L in the step A3rAnd RrPerforming F-round function operations according to a Feistel structure, as shown in fig. 3 and 4, each F-round function operation includes:
a) to RrPerforming round key addition to obtain R′r
The keys are sequentially ordered from high to low bits by 16 bits to form a4 × 16 matrix, which is denoted as K ═ K0K1K2K3
To RrPerforming round key addition operation, specifically, adding the data block RrThe 32 bits of the key are gradually changed from high bit to low bit and the first 32 bits of the round key from high bit to low bit, namely K0、K1Exclusive OR operation is carried out to obtain R'r
b) Carrying out S box replacement on the operation result obtained in the step a) to obtain R ″r
The S-box permutation is the only nonlinear component of SCENERY algorithm, and the S-box of SCENERY algorithm refers to RECTANGLE algorithm 4-bit input and 4-bit output encryption S-box, as shown in the following table; the S-box permutation transform in the F function applies the S-box permutation to each column of the 4 x 8 data matrix. The S-box permutation transform is implemented by simple logic gate operations, i.e. a 32-bit 4 x 8 data matrix is divided into 8 4 bits, denoted as a, by column standard0、a1、a2、a3、a4、a5、a6、a7B is obtained by replacement of 8S boxes0、b1、b2、b3、b4、b5、b6、b7The S-box permutation formula is expressed as:
a finite field S:
Figure GDA0002452873450000101
ai→bi=S(ai) Wherein i is more than or equal to 0 and less than or equal to 7;
X 0 1 2 3 4 5 6 7 8 9 A B C D E F
S[x] 6 5 C A 1 E 7 9 B 0 3 D 8 F 4 2
c) performing M matrix permutation on the operation result obtained in the step b) to obtain R'r
The resulting R ″)rPerforming M matrix permutation according to the following formula to obtain R'r
R″′r=R″rM;
In order to better meet the implementation of the Sbox layer bit slicing, improve the diffusion speed of the algorithm and realize high dependency of the implementation method, the linear layer constructs a 32 x 32 binary matrix M matrix to realize the linear layer with high dependency. Meanwhile, in order to reduce the search range, the M matrix is realized by using the blocking idea of the matrix in the following form:
Figure GDA0002452873450000102
wherein M is0And M1Is a 16 × 16 binary matrix, binary M0The matrix is used for replacing the first 16 bits, M of the operation result obtained in b)1The matrix is used for replacing the last 16 bits of the operation result obtained in the step b), so that the searching task is reduced to find two 16 × 16 matrixes to form a 32 × 32 matrix in the form so as to replace the whole operation result obtained in the step b);
M0and M1The number of branches being 4, i.e. M is required0And M1The number of 1 in each row and each column is 3;
the design of the M matrix in the algorithm can be realized by using a bit-slice technology, and the specific realization formula is as follows:
Figure GDA0002452873450000103
Figure GDA0002452873450000104
Figure GDA0002452873450000111
Figure GDA0002452873450000112
specifically, 32-bit data R' participating in matrix permutation of F function MrA4 x 8 data matrix, the first 16 bits of the operation result obtained by the permutation b) are R ″r0、R″r1The last 16 bits of the result of the substitution b) are R ″r2、R″r3(ii) a Namely M0The first 8 columns are R ″)r0、R″r1Diffused to R'r0The last 8 columns are R ″)r0、R″r1Diffused to R'r1;M1The first 8 columns are R ″)r2、R″r3Diffused to R'r2The last 8 columns are R ″)r2、R″r3Diffused to R'r3(ii) a To better achieve fast diffusion using fewer resources, for M0And M1The 3 1s per row/column cannot fully concentrate the front/top 8 bits or the back/bottom 8 bits;
according to the above requirements, two vectors a, b of 8-bit binary data are first defined, wherein one of the two vectors has a hamming weight of 1 and one of the two vectors has a hamming weight of 2; assuming that the hamming weight of the a vector is 1 and the hamming weight of the b vector is 2, the possible values of the a vector and the b vector can be derived.
Then pairing the a and b vectors meeting the condition that b ═ a ^ c (wherein the Hamming weight of the vector c is 1); such as: when the vector a is (0, 0, 0, 0, 0, 0, 0, 1), the pair (a, b) satisfying the condition includes: 7 pairs of { (0, 0, 0, 0, 0, 0, 0, 1), (0, 0, 0, 0, 0, 1, 1) }, { (0, 0, 0, 0, 1), (0, 0, 0, 0, 0, 0, 0, 1, 0, 1) } … { (0, 0, 0, 0, 0, 0, 0, 1), (1, 0, 0, 0, 0, 1) }; from the possible values of vector a, it can be deduced that a total of 56 pairs of vectors (a, b) satisfy the condition.
Constructing 8 multiplied by 16 binary matrix sample N according to the pairing of (a, b), wherein the 0 th row of data is a, b; the 1 st line of data is a circularly shifted by 1 bit in the left direction, and b circularly shifted by 1 bit in the left direction; the 2 nd row data is a, left circularly shifted by 2 bits, and b, left circularly shifted by 2 bits; in the same way, obtaining a data array B of 8 multiplied by 16; for example, a, B pairs { (0, 0, 0, 0, 0, 0, 0, 1), (0, 0, 0, 0, 0, 1, 1) }, corresponding to an 8 × 16 data array B:
Figure GDA0002452873450000113
similarly, an 8 × 16 binary matrix sample N is constructed according to the (b, a) pairing1
From partial samples N and N1Respectively selecting two different 8 x 16 data matrixes to construct M0And M1Applying it to a matrix permutation module and testing the performance of the algorithm; the following matrixes are obtained through testing, so that the realization resources are relatively less, and the diffusion speed is relatively high:
Figure GDA0002452873450000121
d) the result R 'obtained in c)'rAnd LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K0K1K2K3
K0={k63,k62,……,k49,k48},K1={k47,k46,……,k33,k32},
K2={k31,k30,……,k17,k16},K3={k15,k14,……,k1,k0};
e) Performing S-box replacement on the current round key, specifically performing S-box replacement on data of an 8-bit fixed position in the current round key by adopting an S box in F-round function operation;
to K0Low 4 bits (k)51,k50,k49,k48) And K1Low 4 bits (k)35,k34,k33,k32) Alternately forming two 4-bit data (k)51,k35,k50,k34) And (k)49,k33,k48,k32) And performing S box replacement respectively, namely:
k51k35k50k34=S(k51k35k50k34),
k49k33k48k32=S(k49k33k48k32);
f) circularly shifting the operation result obtained by the step e) by x bits left;
in specific implementation, the value of x is set as required, and in this embodiment, the loop left shift is selected to be 11 bits, that is:
K′(k′63,k′62,……,k′1,k′0)=K(k52,k51,……,k54,k53);
g) performing round constant addition operation on the operation result obtained in the step f);
specifically, the wheel constant is the first 16K 'from the high order to the low order of the calculation result obtained by taking the current wheel number r and f)'0The low 5 bits of the bit sequence are subjected to exclusive OR operation bit by bit;
h) performing DP dynamic replacement on the operation result of g), and taking the obtained result as a round key of the next round;
specifically, as shown in fig. 5, the m-th row data K ' of the operation result matrix K ' of g) is obtained by dividing the current wheel number r by 4 to obtain a remainder m, where m is 0 or more and m is less than or equal to 3 'mCorresponding { k'61-m*16,k′60-m*16},{k′57-m*16,k′56-m*16},{k′53-m*16,k′52-m*16},{k′49-m*16,k′48-m*16And its corresponding value is defined as v in turn0,v1,v2,v3,0≤v0,v1,v2v 33 or less, namely:
v0={k′61-m*16,k′60-m*16};
v1={k′57-m*16,k′56-m*16};
v2={k′53-m*16,k′52-m*16};
v3={k′49-m*16,k′48-m*16};
prepared from K'0、K′1、K′2、K′3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
Figure GDA0002452873450000131
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'0、K′1、K′2、K′3For example, v0 ═ 1, represents the first element in line 0, i.e., K'01(ii) a Therefore, the values corresponding to the v0, v1, v2 and v3 positions are K 'in sequence'0v0、K′1v1、K′2v2、K′3v3
By a sequential permutation, i.e. { K'0v0、K′1v1、K′2v2、K′3v3Replacement by { K'2v2、K′3v3、K′0v0、K′1v1And fourthly, obtaining a result which is the expanded round key.
In the F round function operation process, the round key used in the first round of operation is the first 32 bits of data from the high order to the low order of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round L obtained in step A4 d)r、RrIP2 substitution is performed and then the encryption result is output.
Wherein the IP2 permutation comprises:
using the next round L obtained in step A4 d)r、RrConstructing a4 × 16 matrix of LrAssigns R to the eight upper bits of the corresponding row of the matrixrAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
The Feistel structure is in the round function operation process, and the last round of Lr、RrThe method does not carry out interchange, but the algorithm carries out interchange in the last round, and in order to ensure the high symmetry of the algorithm, L needs to be carried out after the last roundr、RrThe interchange and IP1 inverse initial permutation operations are performed, so the IP2 permutation is made by combining the two permutation operations. The IP2 permutation is switched in units of 4 bits, with the input denoted as P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33Permute the data with { P over IP202,P30,P21,P13,P20,P12,P03,P31,P33,P01,P10,P22,P11,P23,P32,P00And (5) outputting in sequence. The IP2 substitution positions are shown in the table below.
2 12 9 7
8 6 3 13
15 1 4 10
5 11 14 0
The algorithm structure is highly symmetrical, the encryption module can be reused in algorithm decryption, decryption can be carried out by exchanging the use sequence of the encryption round keys, the operation is simple and convenient, additional resources are not consumed in decryption, and the encryption algorithm module has similar symmetrical components, so that the encryption algorithm module can be mutually multiplexed in the implementation process, and the purpose of reducing the implementation resources is achieved. The round operation adopts an F function with an SPN structure, and the transformation process is round key addition → S box replacement → M matrix replacement; and the S box permutation and the M matrix permutation are realized by using a bit-slice technology so as to improve the encryption efficiency of the algorithm. Meanwhile, a new key expansion mode is provided for the algorithm, a round constant r and a key expansion intermediate result are selected as control signals, DP dynamic replacement is carried out on the current round key expansion intermediate result to obtain a round key, the relevance of single key iteration to front wheel input is reduced, the decoding difficulty is increased, and the safety of the algorithm is improved. Therefore, the method has the advantages of low resource, high performance and high safety.
In this embodiment, a decryption process is further included, as shown in fig. 2, the decryption process includes the following steps:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C0C1C2C3
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3rAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) to RrPerforming round key addition operation;
j) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
1) combining the result obtained in k) with LrPerforming XOR operation and doing the XOR resultR participating in F round function operation for next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
The round keys in each round of F-round function operation are multiplexed with the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process; in this embodiment, the encryption round key KrUse is changed to K27-rThe decryption process of the algorithm can be completed;
step B5: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, the next round L obtained in the step B4 in 1) is processedr、RrIP2 substitution is performed and then the decryption result is output. The specific details of the decryption process can be found in the encryption process.
SCENERY block cipher algorithm pseudo code description:
algorithm 1: SCENERY cipher encryption process
Inputting: plain text (P), key (K);
and (3) outputting: a ciphertext (C);
Figure GDA0002452873450000151
and 2, algorithm: SCENERY cipher decryption process
Inputting: c, K;
and (3) outputting: p;
the embodiment of the present invention further provides a device for implementing lightweight cryptographic algorithm SCENERY, including:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation;
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1;
f round function processing unit: for dividing the data after IP1 replacement into left and right parts, i.e. 4 x 8 momentsArray data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low orderrThe last 8 bits of each row of the operation result of the IP1 replacement unit are sequentially arranged from high order to low order;
then the data block LrAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to RrPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key, wherein the S box used in the S box replacement is the same as the S box used in the F round function processing unit;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, round keys used in the first round of operation are the first 32 bit data of the initial key from high order to low order, and the first 32 bit data of the round keys obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the last result of the round function processing unit is subjected to IP2 substitution, and then an encryption result is output.
The specific technology for implementing the functions of each module in the lightweight cryptographic algorithm sceery implementing device may refer to the lightweight cryptographic algorithm sceery implementing method, and is not described herein again.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program, and the computer program is loaded by a processor and executes the lightweight cryptographic algorithm SCENERY implementation method.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The method provided by the embodiment of the invention is tested, wherein SCENERY-64 algorithm data provided by the invention is shown in table 1:
TABLE 1SCENERY-64 Algorithm Experimental test data
Plaintext Key Ciphertext
0000-0000-0000-0000 0000-0000-0000-0000 28BC-2A7A-4782-E797
0000-0000-0000-0000 FFFF-FFFF-FFFF-FFFF D759-FF83-9E1F-29E8
FFFF-FFFF-FFFF-FFFF 0000-0000-0000-0000 CD28-5DC5-CB1B-297D
FFFF-FFFF-FFFF-FFFF FFFF-FFFF-FFFF-FFFF D02B-7F5B-04A7-99F7
68B1-0045-F4BC-1775 7FE7-AB97-9608-717F 224C-81E9-13AF-1EF2
The SCENERY cryptographic algorithm provided by the invention is realized in Xilinx Virtex-4 ML405 FPGA hardware, the clock cycle of the SCENERY-64 algorithm is 8.508ns, the clock frequency is 117.536MHz, and the throughput rate is 268.654 Mbps;
the SCENERY cryptographic algorithm provided by the invention is realized in ASIC hardware, and the comprehensive process library is 0.18 μm of SMIC. The resource area occupied by the algorithm SCENERY-64 is 1190 GE.
Table 2 shows typical lightweight cryptographic algorithm FPGA hardware implementation with minimum key length, and table 3 shows typical lightweight cryptographic algorithm ASIC hardware implementation with minimum key length, and data comparison between table 2 and table 3 shows that scheery occupies small area resources compared to current lightweight cryptographic algorithms, and the frequency and throughput have high performance.
TABLE 2 implementation of the lightweight cryptographic algorithms FPGA
Figure GDA0002452873450000181
TABLE 3 lightweight cryptographic algorithm ASIC implementation
Algorithm Structure of the product Packet length (bits) Key length (bits) Area of resources (GE)
Piccolo-80 GFN 64 80 1136
PRESNET-80 SPN 64 80 1570
KLEIN-64 SPN 64 64 1220
LBlock Feistel 64 80 1320
Twine-80 Feistel 64 80 1503
LED-64 SPN 64 80 1040
MIBS-64 Feistel 64 64 1396
SCENERY-64 Feistel 64 64 1190
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A lightweight cryptographic algorithm SCENERY implementation method is characterized by comprising the following steps:
step A1: acquiring 64-bit plaintext as data P to be encrypted, and performing encryption operation;
the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P0P1P2P3
Step A2: carrying out IP1 initial replacement on the data P in the step A1, and determining a round number Nr according to the number of key bits, wherein the initial value of a round number control signal is 1; wherein, the IP1 initial replacement process is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as N ═ P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33};
Dividing the matrix N into 4 matrices N of 2 × 2 in sequence0、N1、N2、N3;N0={P00,P01,P10,P11},N1={P02,P03,P12,P13},N2={P20,P21,P30,P31},N3={P22,P23,P32,P33};
Respectively taking N0、N3Diagonal line (P) of00,P11) And (P)23,P32) The first column of data constituting the IP1 permutation, i.e. (P)00,P11,P23,P32)T
Respectively taking N1、N2Diagonal line (P) of12,P03) And (P)31,P20) Second column data constituting a permutation of IP1, i.e. (P)12,P03,P31,P20)T
Respectively taking N3、N0Diagonal line (P) of33,P22) And (P)10,P01) The third column of data constituting the IP1 permutation, i.e. (P)33,P22,P10,P01)T
Respectively taking N2、N1Diagonal line (P) of21,P30) And (P)02,P13) Fourth number of columns constituting IP1 permutationAccording to, i.e. (P)21,P30,P02,P13)T
The 4 x 4 matrix N is initially permuted by IP1 to form P00,P12,P33,P21,P11,P03,P22,P30,P23,P31,P10,P02,P32,P20,P01,P13Sequentially outputting to obtain data P' after initial replacement by IP 1;
step A3: the operation result of the step A2 is divided into two parts, namely a 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step A2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step A2 are sequentially arranged from high bit to low bit;
step A4: the 32-bit data block L in the step A3rAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to RrPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Step A5: and performing next round of key expansion operation according to the current round of keys and the round number control signal, wherein the operation comprises the following steps:
e) performing S box replacement on the current round key;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
step A6: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps A4 and A5 as input data of a new round of operation, and returning to the step A4; otherwise, for the next round l obtained in step A4 d)r、RrPerforming IP2 replacement, and then outputting an encryption result; wherein the IP2 permutation comprises:
using the next round L obtained in step A4 d)r、RrConstructing a4 × 16 matrix of LrAssigns R to the upper 8 bits of the corresponding row of the matrixrAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
2. The method for implementing the lightweight cryptographic algorithm SCENERY of claim 1, wherein said step A3 is to divide the operation result of step A2 into 4 x 8 matrix data blocks Lr、RrThe division process is as follows:
dividing the first 8 bits of the 4 × 16 matrix, which is the operation result of step A2, into LrThe first row of the data block, the last 8 bits are divided into RrThe first row, the second, the third and the fourth rows of the data block are analogized in turn to obtain a4 multiplied by 8 matrix Lr、RrAs follows:
Figure FDA0002452873440000021
3. the method for implementing the lightweight cryptographic algorithm SCENERY according to claim 1, wherein the M matrix permutation of the F round function operation in the step A4 is implemented by a 32 x 32 binary matrix M with a branch number of 4, where the matrix M is represented as:
Figure FDA0002452873440000022
wherein M is0And M1Is a 16 × 16 binary matrix, and M0And M1The number of branches being 4, i.e. M0And M1The number of 1 in each row and each column is 3;
matrix M0A matrix M of the first 16 bits for permuting the result of the operation obtained in b)1For replacing the last 16 bits of the result of the operation obtained in b).
4. The method for implementing the lightweight cryptographic algorithm SCENERY according to claim 1, wherein the key expansion operation in the step A5 specifically includes the following steps:
an initial key having a length of 64 bits is arranged in order from the upper to the lower bits to form a4 × 16 key matrix, which is denoted as K ═ K0K1K2K3
K0={k63,k62,……,k49,k48},K1={k47,k46,……,k33,k32},
K2={k31,k30,……,k17,k16},K3={k15,k14,……,k1,k0};
e) To K0Low 4 bits (k)51,k50,k49,k48) And K1Low 4 bits (k)35,k34,k33,k32) Alternately forming two 4-bit data (k)51,k35,k50,k34) And (k)49,k33,k48,k32) And performing S box replacement respectively;
f) circularly left shifting the operation result of e) by 11 bits;
g) performing round constant addition operation on the first 16 bits from the high bit to the low bit of the operation result of f);
h) and performing DP dynamic replacement on the operation result of the g), and using the obtained result as a round key of the next round.
5. The method for implementing the lightweight cryptographic algorithm SCENERY according to claim 4, wherein the performing DP dynamic permutation on the result in g) specifically comprises:
dividing the current wheel number r by 4 to obtain m 'of the row data K' of the operation result matrix K 'of g) by taking m as a remainder, wherein m is more than or equal to 0 and less than or equal to 3'mCorresponding { k'61-m*16,k′60-m*16},{k′57-m*16,k′56-m*16},{k′53-m*16,k′52-m*16},{k′49-m*16,k′48-m*16And its corresponding value is defined as v in turn0,v1,v2,v3,0≤v0,v1,v2,v33 or less, namely:
v0={k′61-m*16,k′60-m*16};
v1={k′57-m*16,k′56-m*16};
v2={k′53-m*16,k′52-m*16};
v3={k′49-m*16,k′48-m*16};
prepared from K'0、K′1、K′2、K′3The division is performed with 4 bits as a unit to form a4 × 4 matrix as follows:
Figure FDA0002452873440000031
v0, v1, v2 and v3 values are sequentially expressed as a matrix K 'of 4 multiplied by 4'0、K′1、K′2、K′3So the v0, v1, v2 and v3 positionsCorresponding values are K'0v0、K′1v1、K′2v2、K′3v3
By one sequential permutation, { K'0v0、K′1v1、K′2v2、K′3v3Replacement by { K'2v2、K′3v3、K′0v0、K′1v1And fourthly, obtaining a result which is the expanded round key.
6. The method for implementing the lightweight cryptographic algorithm SCENERY according to any one of claims 1 to 5, further comprising a decryption process, said decryption process comprising the steps of:
step B1: acquiring 64-bit ciphertext as data C to be decrypted, and performing decryption operation;
the data C to be decrypted is sequentially ordered from high order to low order by 16 bits to form a4 × 16 data matrix, which is denoted as C ═ C0C1C2C3
Step B2: carrying out IP1 initial replacement on the data C to be decrypted, which is described in the step B1, and determining the round number Nr according to the number of bits of the key, wherein the initial value of the round number control signal is 1;
step B3: the operation result of step B2 is divided into two parts, namely a 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the step B2 from high bit to low bitrThe last 8 bits of each row of the operation result of the step B2 are sequentially arranged from high bit to low bit;
step B4: the 32-bit data block L in the step B3rAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
i) to RrPerforming round key addition operation;
j) carrying out S box replacement on the operation result obtained in the step i);
k) performing M matrix permutation on the operation result obtained by the j);
l) combining the result obtained in k) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
The round keys in each round of F-round function operation are multiplexed with the round keys in the encryption process, and the use sequence of the round keys in the decryption process is opposite to that of the round keys in the encryption process;
step B5: judging whether the current round number signal r is smaller than the round number Nr, if so, making r equal to r +1, taking the results of the steps B4 and B5 as input data of a new round of operation, and returning to the step B4; otherwise, for the next round L obtained in step B4r、RrIP2 substitution is performed and then the decryption result is output.
7. A lightweight cryptographic algorithm SCENERY implementation device is characterized by comprising:
an initialization unit: the encryption device is used for acquiring 64-bit plaintext as data P to be encrypted and carrying out encryption operation; the data P to be encrypted is sequentially ordered from high to low bits by 16 bits to form a4 × 16 data matrix, which is denoted as P0P1P2P3
IP1 substitution unit: the encryption device is used for carrying out IP1 replacement on data P to be encrypted, determining a round number Nr according to the number of bits of a key, and setting an initial value of a round number control signal to be 1; wherein, the IP1 initial replacement process is as follows:
a4 × 16 data matrix P is formed into a4 × 4 matrix with 4 bits per row as a small unit, and the 4 × 4 matrix is expressed as N ═ P00,P01,P02,P03,P10,P11,P12,P13,P20,P21,P22,P23,P30,P31,P32,P33};
Dividing the matrix N into 4 matrices N of 2 × 2 in sequence0、N1、N2、N3;N0={P00,P01,P10,P11},N1={P02,P03,P12,P13},N2={P20,P21,P30,P31},N3={P22,P23,P32,P33};
Respectively taking N0、N3Diagonal line (P) of00,P11) And (P)23,P32) The first column of data constituting the IP1 permutation, i.e. (P)00,P11,P23,P32)T
Respectively taking N1、N2Diagonal line (P) of12,P03) And (P)31,P20) Second column data constituting a permutation of IP1, i.e. (P)12,P03,P31,P20)T
Respectively taking N3、N0Diagonal line (P) of33,P22) And (P)10,P01) The third column of data constituting the IP1 permutation, i.e. (P)33,P22,P10,P01)T
Respectively taking N2、N1Diagonal line (P) of21,P30) And (P)02,P13) The fourth column of data constituting the IP1 permutation, i.e. (P)21,P30,P02,P13)T
The 4 x 4 matrix N is initially permuted by IP1 to form P00,P12,P33,P21,P11,P03,P22,P30,P23,P31,P10,P02,P32,P20,P01,P13Sequentially outputting to obtain data P' after initial replacement by IP 1;
f round function processing unit: for dividing the data after IP1 permutation into left and right two parts, namely 4X 8 matrix data block Lr、Rr
Where r represents the current round number, data block LrThe data block R is obtained by arranging the first 8 bits of each line of the operation result of the IP1 permutation unit from high order to low orderrOperation of permutation unit by IP1The last 8 bits of each row of results are sequentially arranged from high bit to low bit;
then the data block LrAnd RrF round function operation is carried out according to a Feistel structure, and each round of F round function operation comprises the following steps:
a) to RrPerforming round key addition operation;
b) performing S-box replacement on the operation result obtained in the step a);
c) performing M matrix permutation on the operation result obtained in the step b);
d) combining the result obtained in c) with LrPerforming XOR operation and taking the XOR result as the R participating in F round function operation in the next roundr(ii) a Input data block R for simultaneously participating current round in F round function operationrL participating in F-round function operations as the next roundr
Round key expansion unit: the method is used for performing next round of key expansion operation according to the current round of keys and the round number control signal, and comprises the following steps:
e) performing S box replacement on the current round key;
f) circularly shifting the operation result obtained by the step e) by x bits left;
g) performing round constant addition operation on the operation result obtained in the step f);
h) performing DP dynamic replacement on the result in the step g), and taking the obtained result as a round key of the next round;
in the F round function operation process, the round key used in the first round of operation is the first 32 bits of data of the initial key, and the first 32 bits of data of the round key obtained in the previous round of key expansion operation are sequentially obtained from the second round; the DP dynamic replacement is to dynamically replace the result of the step g) by taking the current round number r and the result of the step g) as control signals;
a ciphertext generation unit: the round key expansion unit is used for judging whether the current round number signal r is less than the round number Nr or not, if so, making r equal to r +1, taking results of the F round function processing unit and the round key expansion unit as input data of a new round of operation, and returning to an F round function process of the F round function processing unit and a round key expansion process of the round key expansion unit; otherwise, the final result of the F round function processing unit is subjected to IP2 replacement, and then an encryption result is output; wherein the IP2 permutation comprises:
using the next round L obtained in step A4 d)r、RrConstructing a4 × 16 matrix of LrAssigns R to the upper 8 bits of the corresponding row of the matrixrAssigning each row of data to the lower 8 bits of the corresponding row of the matrix;
then interchanging the high 8 bits and the low 8 bits of each row of the 4 x 16 matrix;
finally, the 4 × 16 matrix after interchange is subjected to IP1 inverse initial permutation.
8. A computer-readable storage medium storing a computer program, wherein the computer program is loaded by a processor and executes the lightweight cryptographic algorithm SCENERY implementation method of any one of claims 1 to 6.
CN201911070142.4A 2019-11-05 2019-11-05 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium Active CN110784307B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911070142.4A CN110784307B (en) 2019-11-05 2019-11-05 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911070142.4A CN110784307B (en) 2019-11-05 2019-11-05 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Publications (2)

Publication Number Publication Date
CN110784307A CN110784307A (en) 2020-02-11
CN110784307B true CN110784307B (en) 2020-06-09

Family

ID=69389090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911070142.4A Active CN110784307B (en) 2019-11-05 2019-11-05 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Country Status (1)

Country Link
CN (1) CN110784307B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245598B (en) * 2020-03-31 2022-06-14 衡阳师范学院 Method for realizing lightweight AEROGEL block cipher
CN111431697B (en) * 2020-03-31 2022-06-21 衡阳师范学院 Novel method for realizing lightweight block cipher CORL
CN113691364B (en) * 2021-08-31 2024-02-09 衡阳师范学院 Encryption and decryption method of dynamic S-box block cipher based on bit slice technology
CN113660620B (en) * 2021-10-20 2022-01-21 北京卓建智菡科技有限公司 Data anti-counterfeiting encryption method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195773A (en) * 2010-03-03 2011-09-21 中国人民解放军信息工程大学 Method and system for analyzing block cipher algorithm
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method
KR20190037980A (en) * 2017-09-29 2019-04-08 한밭대학교 산학협력단 System and method for efficient lightweight block cipher in pervasive computing
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195773A (en) * 2010-03-03 2011-09-21 中国人民解放军信息工程大学 Method and system for analyzing block cipher algorithm
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method
KR20190037980A (en) * 2017-09-29 2019-04-08 한밭대학교 산학협력단 System and method for efficient lightweight block cipher in pervasive computing
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HBcipher:一种高效的轻量级分组密码;李浪等;《密码学报》;20190630;第6卷(第3期);全文 *
Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure;BO-TAO LIU et al.;《IEEE Access》;20190910;全文 *
Surge:一种新型、低资源、高效的轻量级分组密码算法;李浪等;《计算机科学》;20180228;第45卷(第2期);全文 *

Also Published As

Publication number Publication date
CN110784307A (en) 2020-02-11

Similar Documents

Publication Publication Date Title
CN110784307B (en) Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium
TWI402675B (en) Low latency block cipher
US20140169553A1 (en) Masking with shared random bits
CN110572255B (en) Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium
US20030223580A1 (en) Advanced encryption standard (AES) hardware cryptographic engine
US20080260145A1 (en) Selection of a lookup table with data masked with a combination of an additive and multiplicative mask
JP5682525B2 (en) Cryptographic processing apparatus, cryptographic processing method, and program
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN105959107B (en) A kind of lightweight SFN block cipher implementation method of new high safety
CN107707343A (en) The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
JPWO2009075337A1 (en) ENCRYPTION METHOD, DECRYPTION METHOD, DEVICE, AND PROGRAM
CN111431697A (en) Novel method for realizing lightweight block cipher COR L
WO2011123575A1 (en) Cryptographic processor with dynamic update of encryption state
US10237066B1 (en) Multi-channel encryption and authentication
US11838403B2 (en) Method and apparatus for an ultra low power VLSI implementation of the 128-bit AES algorithm using a novel approach to the shiftrow transformation
CN111478766B (en) Method, device and storage medium for realizing block cipher MEG
Gandh et al. FPGA implementation of enhanced key expansion algorithm for Advanced Encryption Standard
Bajaj et al. AES algorithm for encryption
CN113691364A (en) Encryption and decryption method of dynamic S-box block cipher based on bit slice technology
EP2651070B1 (en) Code processing device, code processing method, and program
Mohanraj et al. High performance GCM architecture for the security of high speed network
US20180054307A1 (en) Encryption device
KR20060014420A (en) Method and apparatus for a low memory hardware implementation of the key expansion function
CN113343276B (en) Encryption method of light-weight block cipher algorithm GCM based on generalized two-dimensional cat mapping
Kristianti et al. Finding an efficient FPGA implementation of the DES algorithm to support the processor chip on smartcard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant