CN111245598A - Method for realizing lightweight AEROGEL block cipher - Google Patents
Method for realizing lightweight AEROGEL block cipher Download PDFInfo
- Publication number
- CN111245598A CN111245598A CN202010244240.1A CN202010244240A CN111245598A CN 111245598 A CN111245598 A CN 111245598A CN 202010244240 A CN202010244240 A CN 202010244240A CN 111245598 A CN111245598 A CN 111245598A
- Authority
- CN
- China
- Prior art keywords
- key
- group
- equal
- round
- bits
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for realizing a lightweight AEROGEL block cipher, which is used for encrypting data in an environment with limited resources. The invention designs a self-reflexive FP displacement method on a linear layer, and the design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The key expansion part of the invention utilizes the techniques of cyclic shift, nonlinear transformation, linear transformation and round number dynamic XOR to ensure that the bit flipping time of key expansion is longer than the time required by encryption, enhance the diffusivity, and ensure that the key in the 23 rd round is a nonlinear function of the initial key. The decryption algorithm of the invention only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box, and the encryption and the decryption are basically consistent. The invention has the characteristics of simple structure, low implementation cost, easy and quick implementation of software and hardware and capability of resisting known attacks.
Description
Technical Field
The invention belongs to the field of cryptography, and particularly relates to a method for realizing a lightweight AEROGEL block cipher.
Background
With the development of the internet of things (loT), miniature electronic devices such as Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID) are widely used in daily life, and light-weight block ciphers have been developed due to the limited conditions of weak computing power, small storage space and the like.
The lightweight cryptographic algorithm mainly comprises three sub-algorithms, namely an encryption algorithm, a decryption algorithm and a key expansion algorithm, and the encryption and the decryption are operated by using the same key. Typically, the lightweight cryptographic algorithm is a block cipher, which is a cipher that divides an input message or plaintext into fixed plaintext blocks of equal length, typically 64 bits and 128 bits in length. Diffusibility and confusability are two major principles of block ciphers, the safety of block cipher algorithms is effectively guaranteed, algorithm structures of lightweight block ciphers are generally SPN structures and Feistel structures, wherein the diffusibility of the SPN structures is superior to that of the Feistel structures, but the confusability of the Feistel structures is better. Common lightweight block cipher algorithms are PRESENT, Piccolo, RECTANGLE, Roadrunnr, etc. The main problem of the existing lightweight block cipher is how to adapt to resource-limited equipment, and the lightweight block cipher is easy to realize software and hardware quickly and has the capability of resisting some classical attacks.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the data security in the environment with limited resources, the invention provides a method for realizing a lightweight AEROGEL block cipher, which has the advantages of low realization cost, easy and quick realization of software and hardware, and guarantee of the security of data encryption.
The invention designs a self-reflexive FP replacement method on a linear layer, so that the encryption and the decryption are more compact. The design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The FP replacement adopts 4-bit word-by-word ranking, which is easy to realize by hardware and software of 8-bit and 32-bit microprocessor platforms.
The invention designs a key expansion method. By using the techniques of cyclic displacement, nonlinear transformation and round number dynamic XOR and combining a perfect mathematical theory, the bit flipping time of key expansion is ensured to be larger than the time required by encryption, and the key in the 23 rd round is a nonlinear function of the initial key, thereby improving the security.
The encryption and decryption of the invention are basically consistent. The decryption algorithm only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box.
The technical scheme of the invention is as follows:
an encryption implementation method for a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data group, taking the intermediate key as a key data group, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the value of Nr is 28, so as to obtain an encryption result.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step C includes the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
in the method for implementing encryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step C is to perform square matrix arrangement on the data result, and then to perform an exclusive or confusion mode on the square matrix, and the steps are as follows:
c 1: obtaining intermediate result after FP replacement operation in encryption, recording 64 bits in each group as X, and arranging by using square matrixWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n(,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) Is expressed by a multiplication ofThe operational expression is as follows,
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, whereL1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, and selecting each group of second intermediate round keys obtained in the step e3Get K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
A decryption implementation method of a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1 to 6, and the initial key is the initial key in the method of any one of claims 1 to 6;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1 to 6;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
In the method for implementing decryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step D is to perform square matrix arrangement on ciphertext data, and then perform exclusive or confusion on a square matrix column, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtainWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, whereL1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step D includes the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
the method for realizing decryption of the lightweight AEROGEL block cipher comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
The method for realizing decryption of the lightweight AEROGEL block cipher comprises the following steps of:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
The method, S box transformation, is an S box using Piccolo algorithm.
The invention has the technical effects that the invention provides a method for realizing the lightweight AEROGEL block cipher, which adopts an SPN structure, and adopts a 4-bit word-by-word permutation technology for FP replacement in order to realize hardware easily and software easily; in order to maximize the utilization of resources, the FP replacement adopts a two-dimensional transformation technology and has reflexibility. The column confusion transformation adopts an exclusive OR technology for confusion, and from the perspective of linear algebra, a mode of combining 4 involution matrixes based on GF (2^2) is adopted, so that the S box of a nonlinear layer is only replaced by an inverse S box when data is decrypted, and round key addition, FP replacement, column confusion transformation and encryption are consistent; the implementation method of the invention is superior to the diffusivity of the PRESENT algorithm to the plaintext, and the implementation method of the invention has the advantages that the encryption and the decryption of the linear layer part are consistent, and the implementation method is more compact compared with the PRESENT algorithm; the key expansion part ensures that the bit flipping time of the key expansion is longer than the time required by encryption by using the techniques of cyclic shift, nonlinear transformation and round number dynamic XOR, enhances the diffusivity, and ensures that the key in the 23 rd round is a nonlinear function of the initial key.
In summary, the encryption algorithm and the decryption algorithm of the present invention are substantially consistent, and have the characteristics of simple structure, low implementation cost, easy and fast implementation of software and hardware, and resistance to known attacks.
Drawings
Fig. 1 is an encryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 2 is a decryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 3 is a diagram of a two-dimensional transformation technique for implementing the method of the present invention;
fig. 4 is a schematic diagram of key expansion of the implementation method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The lightweight block cipher AEROGEL adopts the SPN structure. The plaintext/ciphertext block length is 64 bits, the key block length is 64 bits, and the iteration round number Nr is 28 rounds.
Encryption structure as shown in fig. 1, the encrypted round function includes a linear Layer containing round key Add (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transform (Mix _ Column), and a nonlinear Layer containing S-box transform (Sub _ Swap).
Decryption structure as shown in fig. 2, the decrypted round function includes a linear Layer and a non-linear Layer, wherein the linear Layer includes round key addition (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transformation (Mix _ Column), and the non-linear Layer includes inverse S-box transformation (rSub _ Swap).
The AEROGEL encryption is described as algorithm 1 below;
algorithm 1: aerogel encryption
Inputting: p (plaintext), K (key);
and (3) outputting: c (ciphertext);
1.V←P;
2.for i=1 to Nr=28 do;
3.Add_RoundKey(V,K);
4.Sub_Swap(V);
5.FP_Layer(V);
6.Mix_Column(V);
7.end for
8.C←V;
linear layer:
1. round keys plus:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by the upper 64 bits of each group of initial keys in sequence, and outputting a result P' which is P ⊕ K to obtain an intermediate result;
if Nr is more than or equal to 1 and less than or equal to 28, recording the intermediate data obtained in the previous iteration as ViMiddle round Key recording Keyi(i is more than or equal to 1 and less than or equal to 28), each group of high 64 bits are taken in turn, and exclusive OR operation is carried out on the intermediate data of 64 bits, so that the output result V' is V(Nr-1)⊕Key(Nr-1)Obtaining an intermediate result;
the middle round key is generated by a key expansion operation, and fig. 4 is a key expansion diagram, which includes the following specific steps:
1) if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits (j is more than or equal to 0 and less than or equal to 3), KiRecord as ith bit of initial key (1 ≦ i ≦ 79), example: k79Bit 79 of the initial key, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0the upper 20 bits of the initial key);
if 1 is<Nr is less than or equal to 28, the intermediate key group obtained in the previous iteration is used,each group is marked as K ═ H0||H1||H2||H3In which H isjIs 20 bits (0)<j≤3),KiRecord as ith bit of each group of intermediate keys (i is more than or equal to 0 and less than or equal to 79), for example: k79For bit 79 of each set of intermediate keys, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0for the upper 20 bits of each set of intermediate keys);
2) cyclic shift techniques. Each group is taken as H0||H1And performing left cyclic shift, wherein the shift number is 9, and obtaining a first middle round key, namely the input is as follows:
K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40,
the output is:
K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60||K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40||K79||K78||K77||K76||K75||K74||K73||K72||K71;
the circular displacement technology ensures that the bit flipping time of the key expansion is longer than the time required by encryption, and the encryption security is improved.
3) And (4) dynamic XOR of the round numbers. Converting the round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Are dynamically XOR-ed with the number of wheels in turn, K'39||K′38||K′37||K′36||K′35=(K39||K38||K37||K36||K35) ⊕ Nr, to obtain a second middle round key;
4) non-linear transformation techniques. Selecting K from each group of second middle round keys obtained in step 33、K2、K1、K0Is subjected to nonlinear transformation, K'3||K′2||K′1||K′0=Sbox(K3||K2||K1||K0) Obtaining a third middle round key, wherein the adopted S box is consistent with the S box used in the step C; in this embodiment, an S box using Piccolo algorithm is adopted, and other S boxes may be adopted according to the configuration.
The non-linear transformation technique makes the key at round 23 a non-linear function of the initial key.
5) Linear transformation techniques. Each group of third middle round keys obtained in the step 4 is subdivided into (H)0,H1,H2,H3)4, performing linear transformation operation, and then K ═ H0||H2||H3||H1And obtaining the middle round key.
FP substitutions:
the S-boxes are transformed to obtain intermediate results, each group of 64 bits is denoted as Z, and every 4 bits is denoted as a ZiWherein i is 0-15, then Z ═ Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15. The transformation rule in this embodiment is to use the vertices of a square to transform Z0、Z1、Z2、Z3、Z4、Z5、Z6、Z7、Z8、Z9、Z10、Z11、Z12、Z13、Z14、Z15Divided into 4 groups, each being { Z0、Z1、Z2、Z3}、{Z4、Z5、Z6、Z7}、{Z8、Z9、Z10、Z11}、{Z12、Z13、Z14、Z15One set per vertex, arranged clockwise, with the first Z of each setiArranged at the vertex of the square, the other three in the group are arranged in turn in clockwise rotation, the arrangement state is as shown in figure 3, and the point 0 at the upper left corner in figure 3 represents Z0And the rest are analogized in turn.
When the transformation is carried out, the transformation is carried out according to the positions of various points in different groups on the graph shown in FIG. 3, if 2 points Q exist, R is located on the same line and represents that the points Q are associated with the points R, and after the two-dimensional transformation, Q is replaced to the position where R is located, and R is replaced to the position where Q is located; assuming that the T point has no point associated with it, the two-dimensional transformed position is unchanged. Here, the four sides of the square and the two diagonal lines are considered to be on the same line, with the first point being disposed at the vertex for each set of points disposed clockwise, and the other three corresponding in sequence to the two sides and diagonal lines of the square, with the first set, Z0The vertex is arranged at one end of the side corresponding to the top of the square, and the diagonal line from the top left to the bottom right is arranged at one end of the side corresponding to the left side of the square. Then correspond to, Z1And Z7Is positioned on the same line, namely the uppermost side of the square, Z is obtained after two-dimensional transformation1By substitution to Z7At the position, Z7By substitution to Z1The position of the location. But of each groupOf the points, those disposed at the vertex position are considered not to be associated with other points. That is, Z0If no point is associated with the position, the position is unchanged after the two-dimensional transformation;
as can be seen from the above, Z' ═ Z is obtained after two-dimensional conversion0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9. And different permutation forms can be expanded according to different point arrangement forms, such as counterclockwise arrangement of points on four vertexes of a square according to each group, or sequential change. The rule of FP permutation is to divide the cipher equally into 16 blocks, each 4 blocks forming a group, each group being arranged on one vertex of the rectangle, the block on each vertex representing the vertex of the rectangle and one end of two edges and one diagonal connecting the vertex, the block representing the vertex not being permuted at the time of permutation, the block representing one end of an edge or a diagonal being swapped with the other end. The two-dimensional transformation technology enables FP replacement to have reflexibility, can be used together during encryption and decryption, does not need additional inverse replacement, and has a replacement table shown in a table 1;
TABLE 1 FP substitutions
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
0 | 7 | 10 | 13 | 4 | 11 | 14 | 1 | 8 | 15 | 2 | 5 | 12 | 3 | 6 | 9 |
3. Column obfuscation transformation:
the data result is arranged in a square matrix, and then the array of the square matrix is subjected to an exclusive-or confusion mode, wherein the method comprises the following steps:
1) intermediate results are obtained after FP replacement operation in encryption/decryption, each group of 64 bits is marked as X, and then the intermediate results can be arranged by adopting a square matrixWherein Y isnIs 4 bit (1)<n≤15);
2) The result of the XOR confusion is recorded as Y'n(1<n is less than or equal to 15), adding Y0、Y1、Y2、Y3The following operations are carried out in the following manner,
obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3The complaint operation is transferred to be based on the finite field GF (2)2) The above multiplication transform, the operational expression is,
3) For the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where(L1,L2,L3And L0The matrix size is the same);
non-linear layer:
s, box conversion: adopting an S box of a Piccolo algorithm, wherein the S box is { e, 4, b, 2, 3, 8, 0, 9, 1, a, 7, f, 6, c, 5, d }, and obtaining a second intermediate result;
the 64 bits of the first intermediate result are denoted as U, and if U is equal to V', then U is equal to U0||U1||U2||U3||U4||U5||U6||U7;
The result is output as U ═ Sbox (U) after S box conversion0)||Sbox(U1)||Sbox(U2)||Sbox(U3)||Sbox(U4)||Sbox(U5)||Sbox(U6)||Sbox(U7);
The AEROGEL decryption is described as algorithm 2 below;
and 2, algorithm: AEROGEL decryption
Inputting: c (ciphertext), K (key);
and (3) outputting: p (plaintext);
1.T←C;
2.for i=1 to Nr=28 do;
3.Mix_Column(T);
4.FP_Layer(T);
5.rSub_Swap(T);
6.Add_RoundKey(T,K);
7.end for
8.P←T;
linear layer: consistent with the linear layer operation in the encryption operation referred to above.
In the decryption iteration process, the sequence of the wheel key group used in the wheel key encryption is opposite to that in the encryption iteration process;
non-linear layer:
inverse S-box transformation: the inverse S box of the S box adopting the Piccolo algorithm is {6, 8, 3, 4, 1, e, c, a, 5, 7, 9, 2, d, f, 0, b }, and the output result after the inverse S box transformation is:
U′=rSbox(U0)||rSbox(U1)||rSbox(U2)||rSbox(U3)||rSbox(U4)||rSbox(U5)||rSbox(U6)||rSbox(U7) (ii) a The AEROGEL algorithm test data of the invention are shown in Table 2:
TABLE 2 AEROGEL-64 test vectors
The AEROGEL cryptographic algorithm is realized in Xilinx Virtex-5XC5VLX50T FPGA hardware, the SLC of the AEROGEL-64 algorithm is 149, the LUT is 199, the FF is 149, the Max-Fre is 476.563MHz, and the Power is 567.50 mW;
table 3 shows the implementation of each lightweight block cipher algorithm FPGA hardware, and data comparison in table 3 shows that the AEROGEL algorithm has the advantages of high efficiency and small implementation area;
TABLE 3 respective lightweight cryptographic algorithm FPGA implementation
Algorithm | State(bit) | Key(bit) | FF | LUT | SLC | Max-Fre(MHz) |
PRESENT-80 | 64 | 80 | 152 | 222 | 153 | 455.31 |
PRESENT-128 | 64 | 128 | 200 | 270 | 201 | 455.311 |
Piccolo-80 | 64 | 80 | 112 | 302 | 113 | 331.400 |
Piccolo-128 | 64 | 128 | 200 | 384 | 201 | 322.997 |
RECTANGLE-128 | 64 | 128 | 191 | 253 | 192 | 501.153 |
AEROGEL-64 | 64 | 80 | 149 | 199 | 149 | 476.563 |
The present invention has been described in detail with reference to the specific embodiments, which should not be construed as limiting the invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered within the scope of the present invention.
Claims (11)
1. An encryption implementation method for a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data group, taking the intermediate key as a key data group, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the value of Nr is 28, so as to obtain an encryption result.
2. The method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said round key addition of step C comprises the steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
3. The method of claim 1, wherein the FP permutation of step C comprises the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
4. the method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said column confusion transformation of step C is to arrange the data result in a square matrix, and then to perform xor confusion on the square matrix, the steps are as follows:
c 1: will addIntermediate results are obtained after the dense FP replacement operation, each group of 64 bits is marked as X, and the intermediate results are arranged by adopting a square matrixWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n(,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
5. The method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5: linear transformation, each group of third middle round keys obtained in step e4 is subdivided into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
6. A decryption implementation method of a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1 to 6, and the initial key is the initial key in the method of any one of claims 1 to 6;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1 to 6;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
7. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 6, wherein the column confusion transform of step D is to arrange the ciphertext data in a square matrix, and then to perform xor confusion on the square matrix, and the steps are as follows:
dl: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtainWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
8. The method of claim 1, wherein the FP permutation of step D comprises the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
9. the method for implementing decryption of a lightweight AEROGEL block cipher according to claim 1, wherein said step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5: linear transformation, each group of third middle round keys obtained in step e4 is subdivided into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
10. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 6, wherein the round key addition of step D comprises the following steps:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
11. The method of claim 1 or 6, wherein the S-box transform is an S-box using Piccolo' S algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244240.1A CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244240.1A CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111245598A true CN111245598A (en) | 2020-06-05 |
CN111245598B CN111245598B (en) | 2022-06-14 |
Family
ID=70878999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010244240.1A Active CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111245598B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202547A (en) * | 2020-11-11 | 2021-01-08 | 衡阳师范学院 | Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium |
CN114024675A (en) * | 2021-11-24 | 2022-02-08 | 衡阳师范学院 | Lightweight group password IoVCipher implementation method and system suitable for Internet of vehicles terminal |
CN115208626A (en) * | 2022-06-02 | 2022-10-18 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012154129A1 (en) * | 2011-05-10 | 2012-11-15 | Nanyang Technological University | Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods |
US20150039904A1 (en) * | 2012-03-02 | 2015-02-05 | Sony Corporation | Information processing apparatus, information processing method, and program |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
CN110784307A (en) * | 2019-11-05 | 2020-02-11 | 衡阳师范学院 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
-
2020
- 2020-03-31 CN CN202010244240.1A patent/CN111245598B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012154129A1 (en) * | 2011-05-10 | 2012-11-15 | Nanyang Technological University | Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods |
US20150039904A1 (en) * | 2012-03-02 | 2015-02-05 | Sony Corporation | Information processing apparatus, information processing method, and program |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
CN110784307A (en) * | 2019-11-05 | 2020-02-11 | 衡阳师范学院 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Non-Patent Citations (5)
Title |
---|
BO-TAO LIU ETAL: "《Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure》", 《IEEE ACCESS》 * |
张文哲等: "LED轻量级密码算法芯片的功耗优化", 《电子设计工程》 * |
李浪 等: "《Magpie一种高安全的轻量级分组密码算法》", 《电子学报》 * |
李浪 等: "《PRESENT密码硬件语言实现及其优化研究》", 《小型微型计算机系统》 * |
李浪等: "Surge:一种新型、低资源、高效的轻量级分组密码算法", 《计算机科学》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202547A (en) * | 2020-11-11 | 2021-01-08 | 衡阳师范学院 | Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium |
CN114024675A (en) * | 2021-11-24 | 2022-02-08 | 衡阳师范学院 | Lightweight group password IoVCipher implementation method and system suitable for Internet of vehicles terminal |
CN114024675B (en) * | 2021-11-24 | 2024-01-23 | 衡阳师范学院 | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal |
CN115208626A (en) * | 2022-06-02 | 2022-10-18 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
CN115208626B (en) * | 2022-06-02 | 2023-12-01 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
Also Published As
Publication number | Publication date |
---|---|
CN111245598B (en) | 2022-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3186802B1 (en) | Encryption function and decryption function generating method, encryption and decryption method and related apparatuses | |
JP3992742B2 (en) | Encryption method and apparatus for nonlinearly combining data blocks and keys | |
CN111245598B (en) | Method for realizing lightweight AEROGEL block cipher | |
Anees et al. | Designing secure substitution boxes based on permutation of symmetric group | |
US20080304664A1 (en) | System and a method for securing information | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
US11606189B2 (en) | Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm | |
US20070214361A1 (en) | Device, System and Method for Fast Secure Message Encryption Without Key Distribution | |
US7912213B2 (en) | Device, system and method for fast secure message encryption without key distribution | |
KR100800468B1 (en) | Hardware cryptographic engine and method improving power consumption and operation speed | |
WO2007083528A1 (en) | Encryption/decryption device, encryption/decryption method, and computer program | |
Agrawal et al. | Elliptic curve cryptography with hill cipher generation for secure text cryptosystem | |
Kuang et al. | Quantum safe lightweight cryptography with quantum permutation pad | |
Ahmed et al. | Strongest AES with S-Boxes bank and dynamic key MDS matrix (SDK-AES) | |
US10666437B2 (en) | Customizable encryption/decryption algorithm | |
CN113728583B (en) | Enhanced randomness for digital systems | |
Gangadari et al. | FPGA implementation of compact S-box for AES algorithm using composite field arithmetic | |
JP6052166B2 (en) | ENCRYPTION METHOD, ENCRYPTION DEVICE, AND ENCRYPTION PROGRAM | |
Gangadari et al. | Analysis and algebraic construction of S-Box for AES algorithm using irreducible polynomials | |
CN116980194A (en) | Safe and efficient data transmission method and system based on cloud edge end cooperation | |
Rentería-Mejía et al. | Lattice-based cryptoprocessor for CCA-secure identity-based encryption | |
CN115811398A (en) | Dynamic S-box-based block cipher algorithm, device, system and storage medium | |
Somasagar et al. | Clefia-a encryption algorithm using novel s-box architecture | |
VG et al. | Implementation of lightweight cryptographic algorithms in FPGA | |
JP5578422B2 (en) | ENCRYPTED COMMUNICATION SYSTEM, TRANSMISSION DEVICE, RECEPTION DEVICE, ENCRYPTION / DECRYPTION METHOD, AND PROGRAM THEREOF |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |