CN111245598A - Method for realizing lightweight AEROGEL block cipher - Google Patents

Method for realizing lightweight AEROGEL block cipher Download PDF

Info

Publication number
CN111245598A
CN111245598A CN202010244240.1A CN202010244240A CN111245598A CN 111245598 A CN111245598 A CN 111245598A CN 202010244240 A CN202010244240 A CN 202010244240A CN 111245598 A CN111245598 A CN 111245598A
Authority
CN
China
Prior art keywords
key
group
equal
round
bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010244240.1A
Other languages
Chinese (zh)
Other versions
CN111245598B (en
Inventor
李浪
黄现彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN202010244240.1A priority Critical patent/CN111245598B/en
Publication of CN111245598A publication Critical patent/CN111245598A/en
Application granted granted Critical
Publication of CN111245598B publication Critical patent/CN111245598B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for realizing a lightweight AEROGEL block cipher, which is used for encrypting data in an environment with limited resources. The invention designs a self-reflexive FP displacement method on a linear layer, and the design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The key expansion part of the invention utilizes the techniques of cyclic shift, nonlinear transformation, linear transformation and round number dynamic XOR to ensure that the bit flipping time of key expansion is longer than the time required by encryption, enhance the diffusivity, and ensure that the key in the 23 rd round is a nonlinear function of the initial key. The decryption algorithm of the invention only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box, and the encryption and the decryption are basically consistent. The invention has the characteristics of simple structure, low implementation cost, easy and quick implementation of software and hardware and capability of resisting known attacks.

Description

Method for realizing lightweight AEROGEL block cipher
Technical Field
The invention belongs to the field of cryptography, and particularly relates to a method for realizing a lightweight AEROGEL block cipher.
Background
With the development of the internet of things (loT), miniature electronic devices such as Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID) are widely used in daily life, and light-weight block ciphers have been developed due to the limited conditions of weak computing power, small storage space and the like.
The lightweight cryptographic algorithm mainly comprises three sub-algorithms, namely an encryption algorithm, a decryption algorithm and a key expansion algorithm, and the encryption and the decryption are operated by using the same key. Typically, the lightweight cryptographic algorithm is a block cipher, which is a cipher that divides an input message or plaintext into fixed plaintext blocks of equal length, typically 64 bits and 128 bits in length. Diffusibility and confusability are two major principles of block ciphers, the safety of block cipher algorithms is effectively guaranteed, algorithm structures of lightweight block ciphers are generally SPN structures and Feistel structures, wherein the diffusibility of the SPN structures is superior to that of the Feistel structures, but the confusability of the Feistel structures is better. Common lightweight block cipher algorithms are PRESENT, Piccolo, RECTANGLE, Roadrunnr, etc. The main problem of the existing lightweight block cipher is how to adapt to resource-limited equipment, and the lightweight block cipher is easy to realize software and hardware quickly and has the capability of resisting some classical attacks.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the data security in the environment with limited resources, the invention provides a method for realizing a lightweight AEROGEL block cipher, which has the advantages of low realization cost, easy and quick realization of software and hardware, and guarantee of the security of data encryption.
The invention designs a self-reflexive FP replacement method on a linear layer, so that the encryption and the decryption are more compact. The design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The FP replacement adopts 4-bit word-by-word ranking, which is easy to realize by hardware and software of 8-bit and 32-bit microprocessor platforms.
The invention designs a key expansion method. By using the techniques of cyclic displacement, nonlinear transformation and round number dynamic XOR and combining a perfect mathematical theory, the bit flipping time of key expansion is ensured to be larger than the time required by encryption, and the key in the 23 rd round is a nonlinear function of the initial key, thereby improving the security.
The encryption and decryption of the invention are basically consistent. The decryption algorithm only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box.
The technical scheme of the invention is as follows:
an encryption implementation method for a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data group, taking the intermediate key as a key data group, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the value of Nr is 28, so as to obtain an encryption result.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step C includes the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
in the method for implementing encryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step C is to perform square matrix arrangement on the data result, and then to perform an exclusive or confusion mode on the square matrix, and the steps are as follows:
c 1: obtaining intermediate result after FP replacement operation in encryption, recording 64 bits in each group as X, and arranging by using square matrix
Figure BDA0002433544240000021
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n(,0≤n≤15:
Figure BDA0002433544240000031
Figure BDA0002433544240000032
Figure BDA0002433544240000033
Figure BDA0002433544240000034
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) Is expressed by a multiplication ofThe operational expression is as follows,
matrix array
Figure BDA0002433544240000035
Then
Figure BDA0002433544240000036
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure BDA0002433544240000037
L1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, and selecting each group of second intermediate round keys obtained in the step e3Get K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
A decryption implementation method of a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1 to 6, and the initial key is the initial key in the method of any one of claims 1 to 6;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1 to 6;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
In the method for implementing decryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step D is to perform square matrix arrangement on ciphertext data, and then perform exclusive or confusion on a square matrix column, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtain
Figure BDA0002433544240000041
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Figure BDA0002433544240000042
Figure BDA0002433544240000043
Figure BDA0002433544240000044
Figure BDA0002433544240000045
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure BDA0002433544240000046
Then
Figure BDA0002433544240000047
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure BDA0002433544240000051
L1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step D includes the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
the method for realizing decryption of the lightweight AEROGEL block cipher comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
The method for realizing decryption of the lightweight AEROGEL block cipher comprises the following steps of:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
The method, S box transformation, is an S box using Piccolo algorithm.
The invention has the technical effects that the invention provides a method for realizing the lightweight AEROGEL block cipher, which adopts an SPN structure, and adopts a 4-bit word-by-word permutation technology for FP replacement in order to realize hardware easily and software easily; in order to maximize the utilization of resources, the FP replacement adopts a two-dimensional transformation technology and has reflexibility. The column confusion transformation adopts an exclusive OR technology for confusion, and from the perspective of linear algebra, a mode of combining 4 involution matrixes based on GF (2^2) is adopted, so that the S box of a nonlinear layer is only replaced by an inverse S box when data is decrypted, and round key addition, FP replacement, column confusion transformation and encryption are consistent; the implementation method of the invention is superior to the diffusivity of the PRESENT algorithm to the plaintext, and the implementation method of the invention has the advantages that the encryption and the decryption of the linear layer part are consistent, and the implementation method is more compact compared with the PRESENT algorithm; the key expansion part ensures that the bit flipping time of the key expansion is longer than the time required by encryption by using the techniques of cyclic shift, nonlinear transformation and round number dynamic XOR, enhances the diffusivity, and ensures that the key in the 23 rd round is a nonlinear function of the initial key.
In summary, the encryption algorithm and the decryption algorithm of the present invention are substantially consistent, and have the characteristics of simple structure, low implementation cost, easy and fast implementation of software and hardware, and resistance to known attacks.
Drawings
Fig. 1 is an encryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 2 is a decryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 3 is a diagram of a two-dimensional transformation technique for implementing the method of the present invention;
fig. 4 is a schematic diagram of key expansion of the implementation method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The lightweight block cipher AEROGEL adopts the SPN structure. The plaintext/ciphertext block length is 64 bits, the key block length is 64 bits, and the iteration round number Nr is 28 rounds.
Encryption structure as shown in fig. 1, the encrypted round function includes a linear Layer containing round key Add (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transform (Mix _ Column), and a nonlinear Layer containing S-box transform (Sub _ Swap).
Decryption structure as shown in fig. 2, the decrypted round function includes a linear Layer and a non-linear Layer, wherein the linear Layer includes round key addition (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transformation (Mix _ Column), and the non-linear Layer includes inverse S-box transformation (rSub _ Swap).
The AEROGEL encryption is described as algorithm 1 below;
algorithm 1: aerogel encryption
Inputting: p (plaintext), K (key);
and (3) outputting: c (ciphertext);
1.V←P;
2.for i=1 to Nr=28 do;
3.Add_RoundKey(V,K);
4.Sub_Swap(V);
5.FP_Layer(V);
6.Mix_Column(V);
7.end for
8.C←V;
linear layer:
1. round keys plus:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by the upper 64 bits of each group of initial keys in sequence, and outputting a result P' which is P ⊕ K to obtain an intermediate result;
if Nr is more than or equal to 1 and less than or equal to 28, recording the intermediate data obtained in the previous iteration as ViMiddle round Key recording Keyi(i is more than or equal to 1 and less than or equal to 28), each group of high 64 bits are taken in turn, and exclusive OR operation is carried out on the intermediate data of 64 bits, so that the output result V' is V(Nr-1)⊕Key(Nr-1)Obtaining an intermediate result;
the middle round key is generated by a key expansion operation, and fig. 4 is a key expansion diagram, which includes the following specific steps:
1) if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits (j is more than or equal to 0 and less than or equal to 3), KiRecord as ith bit of initial key (1 ≦ i ≦ 79), example: k79Bit 79 of the initial key, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0the upper 20 bits of the initial key);
if 1 is<Nr is less than or equal to 28, the intermediate key group obtained in the previous iteration is used,each group is marked as K ═ H0||H1||H2||H3In which H isjIs 20 bits (0)<j≤3),KiRecord as ith bit of each group of intermediate keys (i is more than or equal to 0 and less than or equal to 79), for example: k79For bit 79 of each set of intermediate keys, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0for the upper 20 bits of each set of intermediate keys);
2) cyclic shift techniques. Each group is taken as H0||H1And performing left cyclic shift, wherein the shift number is 9, and obtaining a first middle round key, namely the input is as follows:
K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40
the output is:
K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60||K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40||K79||K78||K77||K76||K75||K74||K73||K72||K71
the circular displacement technology ensures that the bit flipping time of the key expansion is longer than the time required by encryption, and the encryption security is improved.
3) And (4) dynamic XOR of the round numbers. Converting the round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Are dynamically XOR-ed with the number of wheels in turn, K'39||K′38||K′37||K′36||K′35=(K39||K38||K37||K36||K35) ⊕ Nr, to obtain a second middle round key;
4) non-linear transformation techniques. Selecting K from each group of second middle round keys obtained in step 33、K2、K1、K0Is subjected to nonlinear transformation, K'3||K′2||K′1||K′0=Sbox(K3||K2||K1||K0) Obtaining a third middle round key, wherein the adopted S box is consistent with the S box used in the step C; in this embodiment, an S box using Piccolo algorithm is adopted, and other S boxes may be adopted according to the configuration.
The non-linear transformation technique makes the key at round 23 a non-linear function of the initial key.
5) Linear transformation techniques. Each group of third middle round keys obtained in the step 4 is subdivided into (H)0,H1,H2,H3)4, performing linear transformation operation, and then K ═ H0||H2||H3||H1And obtaining the middle round key.
FP substitutions:
the S-boxes are transformed to obtain intermediate results, each group of 64 bits is denoted as Z, and every 4 bits is denoted as a ZiWherein i is 0-15, then Z ═ Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15. The transformation rule in this embodiment is to use the vertices of a square to transform Z0、Z1、Z2、Z3、Z4、Z5、Z6、Z7、Z8、Z9、Z10、Z11、Z12、Z13、Z14、Z15Divided into 4 groups, each being { Z0、Z1、Z2、Z3}、{Z4、Z5、Z6、Z7}、{Z8、Z9、Z10、Z11}、{Z12、Z13、Z14、Z15One set per vertex, arranged clockwise, with the first Z of each setiArranged at the vertex of the square, the other three in the group are arranged in turn in clockwise rotation, the arrangement state is as shown in figure 3, and the point 0 at the upper left corner in figure 3 represents Z0And the rest are analogized in turn.
When the transformation is carried out, the transformation is carried out according to the positions of various points in different groups on the graph shown in FIG. 3, if 2 points Q exist, R is located on the same line and represents that the points Q are associated with the points R, and after the two-dimensional transformation, Q is replaced to the position where R is located, and R is replaced to the position where Q is located; assuming that the T point has no point associated with it, the two-dimensional transformed position is unchanged. Here, the four sides of the square and the two diagonal lines are considered to be on the same line, with the first point being disposed at the vertex for each set of points disposed clockwise, and the other three corresponding in sequence to the two sides and diagonal lines of the square, with the first set, Z0The vertex is arranged at one end of the side corresponding to the top of the square, and the diagonal line from the top left to the bottom right is arranged at one end of the side corresponding to the left side of the square. Then correspond to, Z1And Z7Is positioned on the same line, namely the uppermost side of the square, Z is obtained after two-dimensional transformation1By substitution to Z7At the position, Z7By substitution to Z1The position of the location. But of each groupOf the points, those disposed at the vertex position are considered not to be associated with other points. That is, Z0If no point is associated with the position, the position is unchanged after the two-dimensional transformation;
as can be seen from the above, Z' ═ Z is obtained after two-dimensional conversion0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9. And different permutation forms can be expanded according to different point arrangement forms, such as counterclockwise arrangement of points on four vertexes of a square according to each group, or sequential change. The rule of FP permutation is to divide the cipher equally into 16 blocks, each 4 blocks forming a group, each group being arranged on one vertex of the rectangle, the block on each vertex representing the vertex of the rectangle and one end of two edges and one diagonal connecting the vertex, the block representing the vertex not being permuted at the time of permutation, the block representing one end of an edge or a diagonal being swapped with the other end. The two-dimensional transformation technology enables FP replacement to have reflexibility, can be used together during encryption and decryption, does not need additional inverse replacement, and has a replacement table shown in a table 1;
TABLE 1 FP substitutions
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 7 10 13 4 11 14 1 8 15 2 5 12 3 6 9
3. Column obfuscation transformation:
the data result is arranged in a square matrix, and then the array of the square matrix is subjected to an exclusive-or confusion mode, wherein the method comprises the following steps:
1) intermediate results are obtained after FP replacement operation in encryption/decryption, each group of 64 bits is marked as X, and then the intermediate results can be arranged by adopting a square matrix
Figure BDA0002433544240000091
Wherein Y isnIs 4 bit (1)<n≤15);
2) The result of the XOR confusion is recorded as Y'n(1<n is less than or equal to 15), adding Y0、Y1、Y2、Y3The following operations are carried out in the following manner,
Figure BDA0002433544240000092
Figure BDA0002433544240000093
Figure BDA0002433544240000094
Figure BDA0002433544240000095
obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3The complaint operation is transferred to be based on the finite field GF (2)2) The above multiplication transform, the operational expression is,
matrix array
Figure BDA0002433544240000096
Then
Figure BDA0002433544240000097
3) For the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure BDA0002433544240000098
(L1,L2,L3And L0The matrix size is the same);
non-linear layer:
s, box conversion: adopting an S box of a Piccolo algorithm, wherein the S box is { e, 4, b, 2, 3, 8, 0, 9, 1, a, 7, f, 6, c, 5, d }, and obtaining a second intermediate result;
the 64 bits of the first intermediate result are denoted as U, and if U is equal to V', then U is equal to U0||U1||U2||U3||U4||U5||U6||U7
The result is output as U ═ Sbox (U) after S box conversion0)||Sbox(U1)||Sbox(U2)||Sbox(U3)||Sbox(U4)||Sbox(U5)||Sbox(U6)||Sbox(U7);
The AEROGEL decryption is described as algorithm 2 below;
and 2, algorithm: AEROGEL decryption
Inputting: c (ciphertext), K (key);
and (3) outputting: p (plaintext);
1.T←C;
2.for i=1 to Nr=28 do;
3.Mix_Column(T);
4.FP_Layer(T);
5.rSub_Swap(T);
6.Add_RoundKey(T,K);
7.end for
8.P←T;
linear layer: consistent with the linear layer operation in the encryption operation referred to above.
In the decryption iteration process, the sequence of the wheel key group used in the wheel key encryption is opposite to that in the encryption iteration process;
non-linear layer:
inverse S-box transformation: the inverse S box of the S box adopting the Piccolo algorithm is {6, 8, 3, 4, 1, e, c, a, 5, 7, 9, 2, d, f, 0, b }, and the output result after the inverse S box transformation is:
U′=rSbox(U0)||rSbox(U1)||rSbox(U2)||rSbox(U3)||rSbox(U4)||rSbox(U5)||rSbox(U6)||rSbox(U7) (ii) a The AEROGEL algorithm test data of the invention are shown in Table 2:
TABLE 2 AEROGEL-64 test vectors
Figure BDA0002433544240000101
Figure BDA0002433544240000111
The AEROGEL cryptographic algorithm is realized in Xilinx Virtex-5XC5VLX50T FPGA hardware, the SLC of the AEROGEL-64 algorithm is 149, the LUT is 199, the FF is 149, the Max-Fre is 476.563MHz, and the Power is 567.50 mW;
table 3 shows the implementation of each lightweight block cipher algorithm FPGA hardware, and data comparison in table 3 shows that the AEROGEL algorithm has the advantages of high efficiency and small implementation area;
TABLE 3 respective lightweight cryptographic algorithm FPGA implementation
Algorithm State(bit) Key(bit) FF LUT SLC Max-Fre(MHz)
PRESENT-80 64 80 152 222 153 455.31
PRESENT-128 64 128 200 270 201 455.311
Piccolo-80 64 80 112 302 113 331.400
Piccolo-128 64 128 200 384 201 322.997
RECTANGLE-128 64 128 191 253 192 501.153
AEROGEL-64 64 80 149 199 149 476.563
The present invention has been described in detail with reference to the specific embodiments, which should not be construed as limiting the invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered within the scope of the present invention.

Claims (11)

1. An encryption implementation method for a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data group, taking the intermediate key as a key data group, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the value of Nr is 28, so as to obtain an encryption result.
2. The method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said round key addition of step C comprises the steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
3. The method of claim 1, wherein the FP permutation of step C comprises the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
4. the method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said column confusion transformation of step C is to arrange the data result in a square matrix, and then to perform xor confusion on the square matrix, the steps are as follows:
c 1: will addIntermediate results are obtained after the dense FP replacement operation, each group of 64 bits is marked as X, and the intermediate results are arranged by adopting a square matrix
Figure FDA0002433544230000021
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n(,0≤n≤15:
Figure FDA0002433544230000022
Figure FDA0002433544230000023
Figure FDA0002433544230000024
Figure FDA0002433544230000025
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure FDA0002433544230000026
Then
Figure FDA0002433544230000027
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure FDA0002433544230000028
L1,L2,L3And L0The matrices are of the same size.
5. The method for implementing encryption of lightweight AEROGEL block cipher according to claim 1, wherein said step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5: linear transformation, each group of third middle round keys obtained in step e4 is subdivided into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
6. A decryption implementation method of a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1 to 6, and the initial key is the initial key in the method of any one of claims 1 to 6;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1 to 6;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
7. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 6, wherein the column confusion transform of step D is to arrange the ciphertext data in a square matrix, and then to perform xor confusion on the square matrix, and the steps are as follows:
dl: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtain
Figure FDA0002433544230000031
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Figure FDA0002433544230000032
Figure FDA0002433544230000033
Figure FDA0002433544230000034
Figure FDA0002433544230000035
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure FDA0002433544230000041
Then
Figure FDA0002433544230000042
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure FDA0002433544230000043
L1,L2,L3And L0The matrices are of the same size.
8. The method of claim 1, wherein the FP permutation of step D comprises the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
9. the method for implementing decryption of a lightweight AEROGEL block cipher according to claim 1, wherein said step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5: linear transformation, each group of third middle round keys obtained in step e4 is subdivided into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
10. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 6, wherein the round key addition of step D comprises the following steps:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
11. The method of claim 1 or 6, wherein the S-box transform is an S-box using Piccolo' S algorithm.
CN202010244240.1A 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher Active CN111245598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010244240.1A CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010244240.1A CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Publications (2)

Publication Number Publication Date
CN111245598A true CN111245598A (en) 2020-06-05
CN111245598B CN111245598B (en) 2022-06-14

Family

ID=70878999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010244240.1A Active CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Country Status (1)

Country Link
CN (1) CN111245598B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202547A (en) * 2020-11-11 2021-01-08 衡阳师范学院 Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN114024675A (en) * 2021-11-24 2022-02-08 衡阳师范学院 Lightweight group password IoVCipher implementation method and system suitable for Internet of vehicles terminal
CN115208626A (en) * 2022-06-02 2022-10-18 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012154129A1 (en) * 2011-05-10 2012-11-15 Nanyang Technological University Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods
US20150039904A1 (en) * 2012-03-02 2015-02-05 Sony Corporation Information processing apparatus, information processing method, and program
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel
CN110784307A (en) * 2019-11-05 2020-02-11 衡阳师范学院 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012154129A1 (en) * 2011-05-10 2012-11-15 Nanyang Technological University Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods
US20150039904A1 (en) * 2012-03-02 2015-02-05 Sony Corporation Information processing apparatus, information processing method, and program
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel
CN110784307A (en) * 2019-11-05 2020-02-11 衡阳师范学院 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
BO-TAO LIU ETAL: "《Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure》", 《IEEE ACCESS》 *
张文哲等: "LED轻量级密码算法芯片的功耗优化", 《电子设计工程》 *
李浪 等: "《Magpie一种高安全的轻量级分组密码算法》", 《电子学报》 *
李浪 等: "《PRESENT密码硬件语言实现及其优化研究》", 《小型微型计算机系统》 *
李浪等: "Surge:一种新型、低资源、高效的轻量级分组密码算法", 《计算机科学》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202547A (en) * 2020-11-11 2021-01-08 衡阳师范学院 Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN114024675A (en) * 2021-11-24 2022-02-08 衡阳师范学院 Lightweight group password IoVCipher implementation method and system suitable for Internet of vehicles terminal
CN114024675B (en) * 2021-11-24 2024-01-23 衡阳师范学院 Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal
CN115208626A (en) * 2022-06-02 2022-10-18 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system
CN115208626B (en) * 2022-06-02 2023-12-01 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system

Also Published As

Publication number Publication date
CN111245598B (en) 2022-06-14

Similar Documents

Publication Publication Date Title
EP3186802B1 (en) Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
JP3992742B2 (en) Encryption method and apparatus for nonlinearly combining data blocks and keys
CN111245598B (en) Method for realizing lightweight AEROGEL block cipher
Anees et al. Designing secure substitution boxes based on permutation of symmetric group
US20080304664A1 (en) System and a method for securing information
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
US11606189B2 (en) Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm
US20070214361A1 (en) Device, System and Method for Fast Secure Message Encryption Without Key Distribution
US7912213B2 (en) Device, system and method for fast secure message encryption without key distribution
KR100800468B1 (en) Hardware cryptographic engine and method improving power consumption and operation speed
WO2007083528A1 (en) Encryption/decryption device, encryption/decryption method, and computer program
Agrawal et al. Elliptic curve cryptography with hill cipher generation for secure text cryptosystem
Kuang et al. Quantum safe lightweight cryptography with quantum permutation pad
Ahmed et al. Strongest AES with S-Boxes bank and dynamic key MDS matrix (SDK-AES)
US10666437B2 (en) Customizable encryption/decryption algorithm
CN113728583B (en) Enhanced randomness for digital systems
Gangadari et al. FPGA implementation of compact S-box for AES algorithm using composite field arithmetic
JP6052166B2 (en) ENCRYPTION METHOD, ENCRYPTION DEVICE, AND ENCRYPTION PROGRAM
Gangadari et al. Analysis and algebraic construction of S-Box for AES algorithm using irreducible polynomials
CN116980194A (en) Safe and efficient data transmission method and system based on cloud edge end cooperation
Rentería-Mejía et al. Lattice-based cryptoprocessor for CCA-secure identity-based encryption
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
Somasagar et al. Clefia-a encryption algorithm using novel s-box architecture
VG et al. Implementation of lightweight cryptographic algorithms in FPGA
JP5578422B2 (en) ENCRYPTED COMMUNICATION SYSTEM, TRANSMISSION DEVICE, RECEPTION DEVICE, ENCRYPTION / DECRYPTION METHOD, AND PROGRAM THEREOF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant