CN111245598B - Method for realizing lightweight AEROGEL block cipher - Google Patents

Method for realizing lightweight AEROGEL block cipher Download PDF

Info

Publication number
CN111245598B
CN111245598B CN202010244240.1A CN202010244240A CN111245598B CN 111245598 B CN111245598 B CN 111245598B CN 202010244240 A CN202010244240 A CN 202010244240A CN 111245598 B CN111245598 B CN 111245598B
Authority
CN
China
Prior art keywords
key
group
equal
round
transformation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010244240.1A
Other languages
Chinese (zh)
Other versions
CN111245598A (en
Inventor
李浪
黄现彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN202010244240.1A priority Critical patent/CN111245598B/en
Publication of CN111245598A publication Critical patent/CN111245598A/en
Application granted granted Critical
Publication of CN111245598B publication Critical patent/CN111245598B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention provides a method for realizing a lightweight AEROGEL block cipher, which is used for encrypting data in an environment with limited resources. The invention designs a self-reflexive FP displacement method on a linear layer, and the design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The key expansion part of the invention utilizes the techniques of cyclic shift, nonlinear transformation, linear transformation and round number dynamic XOR to ensure that the bit flipping time of key expansion is longer than the time required by encryption, enhance the diffusivity, and ensure that the key in the 23 rd round is a nonlinear function of the initial key. The decryption algorithm of the invention only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box, and the encryption and the decryption are basically consistent. The invention has the characteristics of simple structure, low implementation cost, easy and quick implementation of software and hardware and capability of resisting known attacks.

Description

Method for realizing lightweight AEROGEL block cipher
Technical Field
The invention belongs to the field of cryptography, and particularly relates to a method for realizing a lightweight AEROGEL block cipher.
Background
With the development of the internet of things (loT), miniature electronic devices such as Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID) are widely used in daily life, and light-weight block ciphers have been developed due to the limited conditions of weak computing power, small storage space and the like.
The lightweight cryptographic algorithm mainly comprises three sub-algorithms, namely an encryption algorithm, a decryption algorithm and a key expansion algorithm, and the encryption and the decryption are operated by using the same key. Typically, the lightweight cryptographic algorithm is a block cipher, which is a cipher that divides an input message or plaintext into fixed plaintext blocks of equal length, typically 64 bits and 128 bits in length. Diffusibility and confusability are two major principles of block ciphers, the safety of block cipher algorithms is effectively guaranteed, algorithm structures of lightweight block ciphers are generally SPN structures and Feistel structures, wherein the diffusibility of the SPN structures is superior to that of the Feistel structures, but the confusability of the Feistel structures is better. Common lightweight block cipher algorithms are PRESENT, Piccolo, RECTANGLE, Roadrunnr, etc. The main problem of the existing lightweight block cipher is how to adapt to resource-limited equipment, and the lightweight block cipher is easy to realize software and hardware quickly and has the capability of resisting some classical attacks.
Disclosure of Invention
The invention aims at: aiming at the data security in the environment with limited resources, the invention provides a method for realizing a lightweight AEROGEL block cipher, which has the advantages of low realization cost, easy and quick realization of software and hardware, and guarantee of the security of data encryption.
The invention designs a self-reflexive FP replacement method on a linear layer, so that the encryption and the decryption are more compact. The design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The FP replacement adopts 4-bit word-by-word ranking, which is easy to realize by hardware and software of 8-bit and 32-bit microprocessor platforms.
The invention designs a key expansion method. By using the techniques of cyclic displacement, nonlinear transformation and round number dynamic XOR and combining a perfect mathematical theory, the bit flipping time of key expansion is ensured to be larger than the time required by encryption, and the key in the 23 rd round is a nonlinear function of the initial key, thereby improving the security.
The encryption and decryption of the invention are basically consistent. The decryption algorithm only needs to replace the S box of the nonlinear layer in the encryption algorithm with an inverse S box.
The technical scheme of the invention is as follows:
an encryption implementation method for a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data set, taking the intermediate key as a key data set, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the Nr value is 28, so as to obtain an encryption result.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step C includes the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
in the method for implementing encryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step C is to perform square matrix arrangement on the data result, and then to perform an exclusive or confusion mode on the square matrix, and the steps are as follows:
c 1: obtaining intermediate result after FP replacement operation in encryption, recording 64 bits in each group as X, and arranging by using square matrix
Figure GDA0003608639310000021
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Are subjected to exclusive OR confusion, and the result is recorded as Y'n(,0≤n≤15:
Figure GDA0003608639310000031
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure GDA0003608639310000032
Then
Figure GDA0003608639310000033
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure GDA0003608639310000034
L1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following processing steps:
e1:if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, each group of second middle round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
A decryption implementation method of a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained according to the encryption implementation method of the lightweight AEROGEL block cipher, and the initial key is the initial key in the encryption implementation method of the lightweight AEROGEL block cipher;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one group of initial key data, and the corresponding relation is consistent with the corresponding relation in the encryption implementation method of the lightweight AEROGEL block cipher;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
In the method for implementing decryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step D is to perform square matrix arrangement on ciphertext data, and then perform exclusive or confusion on a square matrix column, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtain
Figure GDA0003608639310000041
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Figure GDA0003608639310000042
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure GDA0003608639310000043
Then
Figure GDA0003608639310000044
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure GDA0003608639310000051
L1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step D includes the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
the method for realizing decryption of the lightweight AEROGEL block cipher comprises the following processing steps:
e1:if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, each group of second middle round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys from step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
The method for realizing decryption of the lightweight AEROGEL block cipher comprises the following steps of:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
The method, S box transformation, is an S box using Piccolo algorithm.
The invention has the technical effects that the invention provides a method for realizing the lightweight AEROGEL block cipher, which adopts an SPN structure, and adopts a 4-bit word-by-word permutation technology for FP replacement in order to realize hardware easily and software easily; in order to maximize the utilization of resources, the FP replacement adopts a two-dimensional transformation technology and has reflexibility. The column confusion transformation adopts an exclusive OR technology for confusion, and from the perspective of linear algebra, a mode of combining 4 involution matrixes based on GF (2^2) is adopted, so that the S box of a nonlinear layer is only replaced by an inverse S box when data is decrypted, and round key addition, FP replacement, column confusion transformation and encryption are consistent; the implementation method of the linear layer part is superior to the diffusivity of a PRESENT algorithm to a plaintext, and the encryption and decryption of the linear layer part are consistent, so that the implementation method is more compact relative to the PRESENT algorithm; the key expansion part ensures that the bit flipping time of the key expansion is longer than the time required by encryption by using the techniques of cyclic shift, nonlinear transformation and round number dynamic exclusive OR, enhances the diffusivity, and enables the key in the 23 rd round to be a nonlinear function of the initial key.
In summary, the encryption algorithm and the decryption algorithm of the present invention are substantially consistent, and have the characteristics of simple structure, low implementation cost, easy and fast implementation of software and hardware, and resistance to known attacks.
Drawings
Fig. 1 is an encryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 2 is a decryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 3 is a diagram of a two-dimensional transformation technique for implementing the method of the present invention;
fig. 4 is a schematic diagram of key expansion of the implementation method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The lightweight block cipher AEROGEL adopts the SPN structure. The plaintext/ciphertext block length is 64 bits, the key block length is 64 bits, and the iteration round number Nr is 28 rounds.
Encryption structure as shown in fig. 1, the encrypted round function includes a linear Layer containing round key Add (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transform (Mix _ Column), and a nonlinear Layer containing S-box transform (Sub _ Swap).
Decryption structure as shown in fig. 2, the decrypted round function includes a linear Layer and a non-linear Layer, wherein the linear Layer includes round key addition (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transformation (Mix _ Column), and the non-linear Layer includes inverse S-box transformation (rSub _ Swap).
The AEROGEL encryption is described as algorithm 1 below;
algorithm 1: aerogel encryption
Inputting: p (plaintext), K (key);
and (3) outputting: c (ciphertext);
1.V←P;
2.for i=1 to Nr=28 do;
3.Add_RoundKey(V,K);
4.Sub_Swap(V);
5.FP_Layer(V);
6.Mix_Column(V);
7.end for
8.C←V;
linear layer:
1. round keys plus:
if Nr is 1, carrying out exclusive-OR operation on the 64-bit plain texts by the upper 64 bits of each group of initial keys in sequence, and outputting the result
Figure GDA0003608639310000071
Obtaining an intermediate result;
if Nr is more than or equal to 1 and less than or equal to 28, recording the intermediate data obtained in the previous iteration as ViMiddle round Key recording Keyi(i is more than or equal to 1 and less than or equal to 28), each group sequentially takes the upper 64 bits to carry out exclusive OR operation on the intermediate data of the 64 bits, and then the result is output
Figure GDA0003608639310000072
Obtaining an intermediate result;
the middle round key is generated by a key expansion operation, and fig. 4 is a key expansion diagram, which includes the following specific steps:
1) if Nr is 1, the initial key of each group with 80 bits is denoted as K-H0||H1||H2||H3In which H isjIs 20 bits (j is more than or equal to 0 and less than or equal to 3), KiRecord as ith bit of initial key (1 ≦ i ≦ 79), example: k79Bit 79 of the initial key, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0the upper 20 bits of the initial key);
if 1<Nr is less than or equal to 28, and the intermediate key groups obtained in the previous iteration are recorded as K-H0||H1||H2||H3In which HjIs 20 bits (0)<j≤3),KiRecord as the ith bit (i is more than or equal to 0 and less than or equal to 79) of each group of intermediate keys, for example: k79For bit 79 of each set of intermediate keys, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0for the upper 20 bits of each set of intermediate keys);
2) cyclic shift techniques. Each group is taken as H0||H1Performing left cyclic shift, wherein the shift number is 9, and obtaining a first middle round key, namely the input is:
K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40
the output is:
K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60||K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40||K79||K78||K77||K76||K75||K74||K73||K72||K71
the circular displacement technology ensures that the bit flipping time of the key expansion is longer than the time required by encryption, and the encryption security is improved.
3) Dynamic exclusive or technique of round number. Converting the round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35And then the data are dynamically XOR-ed with the number of the rounds in turn,
Figure GDA0003608639310000081
Figure GDA0003608639310000082
obtaining a second middle round key;
4) non-linear transformation techniques. Selecting K from each group of second middle round keys obtained in step 33、K2、K1、K0Is subjected to nonlinear transformation, K'3||K′2||K′1||K′0=Sbox(K3||K2||K1||K0) Obtaining a third middle round key, wherein the adopted S box is consistent with the S box used in the step C; in this embodiment, an S box using Piccolo algorithm is adopted, and other S boxes may be adopted according to the configuration.
The non-linear transformation technique makes the key at round 23 a non-linear function of the initial key.
5) Linear transformation techniques. Each group of third middle round keys obtained in the step 4 is subdivided into (H)0,H1,H2,H3)4, performing linear transformation operation, and then K ═ H0||H2||H3||H1And obtaining the middle round key.
FP substitutions:
the S-boxes are transformed to obtain intermediate results, each group of 64 bits is denoted as Z, and every 4 bits is denoted as a ZiWherein i is 0-15, then Z ═ Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15. The transformation rule in this embodiment is to use the vertices of a square to transform Z0、Z1、Z2、Z3、Z4、Z5、Z6、Z7、Z8、Z9、Z10、Z11、Z12、Z13、Z14、Z15Divided into 4 groups, each being { Z0、Z1、Z2、Z3}、{Z4、Z5、Z6、Z7}、{Z8、Z9、Z10、Z11}、{Z12、Z13、Z14、Z15One set per vertex, arranged clockwise, with the first Z of each setiArranged at the vertex of the square, the other three in the group are arranged in turn in clockwise rotation, the arrangement state is as shown in figure 3, and the point 0 at the upper left corner in figure 3 represents Z0Position ofPut, and the others are analogized in turn.
When the transformation is carried out, the transformation is carried out according to the positions of various points in different groups on the graph shown in FIG. 3, if 2 points Q exist, R is located on the same line and represents that the points Q are associated with the points R, and after the two-dimensional transformation, Q is replaced to the position where R is located, and R is replaced to the position where Q is located; assuming that the T point has no point associated with it, the two-dimensional transformed position is unchanged. Here, the four sides of the square and the two diagonal lines are considered to be on the same line, with the first point being disposed at the vertex for each set of clockwise disposed points, and the other three corresponding in turn to the two sides and diagonal lines of the square, with the first set, Z0The vertex is arranged at one end of the side corresponding to the top of the square, and the diagonal line from the top left to the bottom right is arranged at one end of the side corresponding to the left side of the square. Then correspond to, Z1And Z7Is positioned on the same line, namely the uppermost side of the square, Z is obtained after two-dimensional transformation1By substitution to Z7At the position, Z7By substitution to Z1The position of the location. But of the points of each group, those disposed at the vertex position are considered not to be associated with other points. That is, Z0If no point is associated with the position, the position is unchanged after the two-dimensional transformation;
as can be seen from the above, Z ═ Z after two-dimensional conversion0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9. And different permutation forms can be expanded according to different point arrangement forms, such as counterclockwise arrangement of points on four vertexes of a square according to each group, or sequential change. The rule of FP permutation is to divide the cipher equally into 16 blocks, each 4 blocks forming a group, each group being arranged on one vertex of the rectangle, the block on each vertex representing the vertex of the rectangle and one end of two edges and one diagonal connecting the vertex, the block representing the vertex not being permuted at the time of permutation, the block representing one end of an edge or a diagonal being swapped with the other end. Such two-dimensional transformationThe replacement technology enables FP replacement to have self-reflexibility, can be used together during encryption and decryption, does not need additional reverse replacement, and a replacement table is shown in a table 1;
TABLE 1 FP substitutions
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 7 10 13 4 11 14 1 8 15 2 5 12 3 6 9
3. Column obfuscation transformation:
the data result is arranged in a square matrix, and then the array of the square matrix is subjected to an exclusive-or confusion mode, wherein the method comprises the following steps:
1) intermediate results are obtained after FP replacement operation in encryption/decryption, each group of 64 bits is marked as X, and then the intermediate results can be arranged by adopting a square matrix
Figure GDA0003608639310000091
Wherein Y isnIs 4 bit (1)<n≤15);
2) The result of XOR scrambling is denoted as Y'n(1<n is less than or equal to 15), adding Y0、Y1、Y2、Y3The following operations are carried out in the following manner,
Figure GDA0003608639310000092
obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3The complaint operation is transferred to be based on the finite field GF (2)2) The above multiplicative transformation, the operational expression is,
matrix array
Figure GDA0003608639310000093
Then
Figure GDA0003608639310000094
3) For the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y ═ X × M, where
Figure GDA0003608639310000095
(L1,L2,L3And L0The matrix size is the same);
non-linear layer:
s, box conversion: adopting an S box of a Piccolo algorithm, wherein the S box is { e, 4, b, 2, 3, 8, 0, 9, 1, a, 7, f, 6, c, 5, d }, and obtaining a second intermediate result;
the 64 bits of the first intermediate result are denoted as U, and if U is equal to V', then U is equal to U0||U1||U2||U3||U4||U5||U6||U7
The result is output as U ═ Sbox (U) after S box conversion0)||Sbox(U1)||Sbox(U2)||Sbox(U3)||Sbox(U4)||Sbox(U5)||Sbox(U6)||Sbox(U7);
The AEROGEL decryption is described as algorithm 2 below;
and 2, algorithm: AEROGEL decryption
Inputting: c (ciphertext), K (key);
and (3) outputting: p (plaintext);
1.T←C;
2.for i=1 to Nr=28 do;
3.Mix_Column(T);
4.FP_Layer(T);
5.rSub_Swap(T);
6.Add_RoundKey(T,K);
7.end for
8.P←T;
linear layer: consistent with the linear layer operation in the encryption operation referred to above.
In the decryption iteration process, the sequence of the wheel key group used in the wheel key encryption is opposite to that in the encryption iteration process;
non-linear layer:
inverse S-box transformation: the inverse S box of the S box adopting the Piccolo algorithm is {6, 8, 3, 4, 1, e, c, a, 5, 7, 9, 2, d, f, 0, b }, and the output result after the inverse S box transformation is:
U′=rSbox(U0)||rSbox(U1)||rSbox(U2)||rSbox(U3)||rSbox(U4)||rSbox(U5)||rSbox(U6)||rSbox(U7) (ii) a The AEROGEL algorithm test data of the invention are shown in Table 2:
TABLE 2AEROGEL-64 test vectors
Figure GDA0003608639310000101
Figure GDA0003608639310000111
The AEROGEL cryptographic algorithm is realized in Xilinx Virtex-5XC5VLX50T FPGA hardware, the SLC of the AEROGEL-64 algorithm is 149, the LUT is 199, the FF is 149, the Max-Fre is 476.563MHz, and the Power is 567.50 mW;
table 3 shows the implementation of each lightweight block cipher algorithm FPGA hardware, and data comparison in table 3 shows that the AEROGEL algorithm has the advantages of high efficiency and small implementation area;
TABLE 3 respective lightweight cryptographic algorithm FPGA implementation
Algorithm State(bit) Key(bit) FF LUT SLC Max-Fre(MHz)
PRESENT-80 64 80 152 222 153 455.31
PRESENT-128 64 128 200 270 201 455.311
Piccolo-80 64 80 112 302 113 331.400
Piccolo-128 64 128 200 384 201 322.997
RECTANGLE-128 64 128 191 253 192 501.153
AEROGEL-64 64 80 149 199 149 476.563
The present invention has been described in detail with reference to the specific embodiments, which should not be construed as limiting the invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered within the scope of the present invention.

Claims (5)

1. An encryption implementation method for a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: taking the intermediate data as a plaintext data set, taking the intermediate key as a key data set, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the Nr value is 28, so as to obtain an encryption result;
the method comprises the following steps:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
if Nr is more than 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result;
the FP replacement of the step C comprises the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
the column confusion transformation in the step C is to arrange the data results in a square matrix, and then adopt an exclusive-or confusion mode for the square matrix, and the steps are as follows:
c 1: obtaining an intermediate result after FP replacement operation in encryption, marking 64 bits in each group as X, and arranging by adopting a square matrix
Figure FDA0003586945980000011
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Figure FDA0003586945980000012
Figure FDA0003586945980000021
Figure FDA0003586945980000022
Figure FDA0003586945980000023
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure FDA0003586945980000024
Then
Figure FDA0003586945980000025
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y ═ X × M, where
Figure FDA0003586945980000026
L1,L2,L3And L0The matrix sizes are the same;
the step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Sequentially carrying out dynamic XOR with the round number to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein MjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation is carried outAs K ═ M0||M2||M3||M1And obtaining an intermediate key.
2. The method of claim 1, wherein the S-box transformation is an S-box using Piccolo' S algorithm.
3. A decryption implementation method of a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1-2, and the initial key is the initial key in the method of any one of claims 1-2;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1-2;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing the column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing the round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when the round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the like in sequence, so as to obtain a decryption result;
the column confusion transformation in the step D is to perform square matrix arrangement on the ciphertext data and then adopt an exclusive or confusion mode on the square matrix, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtain
Figure FDA0003586945980000031
Wherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Figure FDA0003586945980000032
Figure FDA0003586945980000033
Figure FDA0003586945980000034
Figure FDA0003586945980000035
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
matrix array
Figure FDA0003586945980000036
Then
Figure FDA0003586945980000037
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, where
Figure FDA0003586945980000041
L1,L2,L3And L0The matrix sizes are the same;
the FP replacement of the step D comprises the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9
the step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group with 80 bits is denoted as K-H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which HjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and then performing step e2 to obtain the first round number of each groupInterval round key, select K39、K38、K37、K36、K35Sequentially carrying out dynamic XOR with the round number to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
4. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 3, wherein the round key addition of step D comprises the following steps:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
5. The method of claim 3, wherein the S-box transform is an S-box using Piccolo' S algorithm.
CN202010244240.1A 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher Active CN111245598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010244240.1A CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010244240.1A CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Publications (2)

Publication Number Publication Date
CN111245598A CN111245598A (en) 2020-06-05
CN111245598B true CN111245598B (en) 2022-06-14

Family

ID=70878999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010244240.1A Active CN111245598B (en) 2020-03-31 2020-03-31 Method for realizing lightweight AEROGEL block cipher

Country Status (1)

Country Link
CN (1) CN111245598B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202547B (en) * 2020-11-11 2022-04-12 衡阳师范学院 Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN114024675B (en) * 2021-11-24 2024-01-23 衡阳师范学院 Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal
CN115208626B (en) * 2022-06-02 2023-12-01 北京交大微联科技有限公司 Communication method and device based on secure communication ciphertext transmission in railway signal system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012154129A1 (en) * 2011-05-10 2012-11-15 Nanyang Technological University Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel
CN110784307A (en) * 2019-11-05 2020-02-11 衡阳师范学院 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2822215A1 (en) * 2012-03-02 2015-01-07 Sony Corporation Information processing device, information processing method, and programme

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012154129A1 (en) * 2011-05-10 2012-11-15 Nanyang Technological University Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN109768854A (en) * 2019-03-29 2019-05-17 衡阳师范学院 A kind of implementation method of lightweight block cipher Wheel
CN110784307A (en) * 2019-11-05 2020-02-11 衡阳师范学院 Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
《Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure》;BO-TAO LIU ETAL;《IEEE ACCESS》;20191001;全文 *
《Magpie一种高安全的轻量级分组密码算法》;李浪 等;《电子学报》;20171031;全文 *
《PRESENT密码硬件语言实现及其优化研究》;李浪 等;《小型微型计算机系统》;20131031;全文 *
LED轻量级密码算法芯片的功耗优化;张文哲等;《电子设计工程》;20200305(第05期);全文 *
Surge:一种新型、低资源、高效的轻量级分组密码算法;李浪等;《计算机科学》;20180215(第02期);全文 *

Also Published As

Publication number Publication date
CN111245598A (en) 2020-06-05

Similar Documents

Publication Publication Date Title
JP3992742B2 (en) Encryption method and apparatus for nonlinearly combining data blocks and keys
EP3186802B1 (en) Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
CN111245598B (en) Method for realizing lightweight AEROGEL block cipher
US7801307B2 (en) Method of symmetric key data encryption
US20080304664A1 (en) System and a method for securing information
Anees et al. Designing secure substitution boxes based on permutation of symmetric group
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
EP1081889A2 (en) Extended key generator, encryption / decryption unit, extended key generation method, and storage medium
US11606189B2 (en) Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm
US20070214361A1 (en) Device, System and Method for Fast Secure Message Encryption Without Key Distribution
KR100800468B1 (en) Hardware cryptographic engine and method improving power consumption and operation speed
US20070189518A1 (en) 3-D quaternion quantum fractal encryption
TW201545524A (en) Technologies for modifying a first cryptographic cipher with operations of a second cryptographic cipher
US20170346622A1 (en) System And Method For Secure Communications And Data Storage Using Multidimensional Encryption
US10666437B2 (en) Customizable encryption/decryption algorithm
Ahmed et al. Strongest AES with S-Boxes bank and dynamic key MDS matrix (SDK-AES)
CN113728583B (en) Enhanced randomness for digital systems
JP6052166B2 (en) ENCRYPTION METHOD, ENCRYPTION DEVICE, AND ENCRYPTION PROGRAM
Gandh et al. FPGA implementation of enhanced key expansion algorithm for Advanced Encryption Standard
Gangadari et al. Analysis and algebraic construction of S-Box for AES algorithm using irreducible polynomials
CN116980194A (en) Safe and efficient data transmission method and system based on cloud edge end cooperation
Gangadari et al. FPGA implementation of compact S-box for AES algorithm using composite field arithmetic
CN107493164B (en) DES encryption method and system based on chaotic system
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
CN110247754B (en) Method and device for realizing block cipher FBC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant