CN111245598B - Method for realizing lightweight AEROGEL block cipher - Google Patents
Method for realizing lightweight AEROGEL block cipher Download PDFInfo
- Publication number
- CN111245598B CN111245598B CN202010244240.1A CN202010244240A CN111245598B CN 111245598 B CN111245598 B CN 111245598B CN 202010244240 A CN202010244240 A CN 202010244240A CN 111245598 B CN111245598 B CN 111245598B
- Authority
- CN
- China
- Prior art keywords
- key
- group
- equal
- round
- transformation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The invention provides a method for realizing a lightweight AEROGEL block cipher, which is used for encrypting data in an environment with limited resources. The invention designs a self-reflexive FP displacement method on a linear layer, and the design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The key expansion part of the invention utilizes the techniques of cyclic shift, nonlinear transformation, linear transformation and round number dynamic XOR to ensure that the bit flipping time of key expansion is longer than the time required by encryption, enhance the diffusivity, and ensure that the key in the 23 rd round is a nonlinear function of the initial key. The decryption algorithm of the invention only needs to replace the S box of the nonlinear layer in the encryption algorithm with the inverse S box, and the encryption and the decryption are basically consistent. The invention has the characteristics of simple structure, low implementation cost, easy and quick implementation of software and hardware and capability of resisting known attacks.
Description
Technical Field
The invention belongs to the field of cryptography, and particularly relates to a method for realizing a lightweight AEROGEL block cipher.
Background
With the development of the internet of things (loT), miniature electronic devices such as Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID) are widely used in daily life, and light-weight block ciphers have been developed due to the limited conditions of weak computing power, small storage space and the like.
The lightweight cryptographic algorithm mainly comprises three sub-algorithms, namely an encryption algorithm, a decryption algorithm and a key expansion algorithm, and the encryption and the decryption are operated by using the same key. Typically, the lightweight cryptographic algorithm is a block cipher, which is a cipher that divides an input message or plaintext into fixed plaintext blocks of equal length, typically 64 bits and 128 bits in length. Diffusibility and confusability are two major principles of block ciphers, the safety of block cipher algorithms is effectively guaranteed, algorithm structures of lightweight block ciphers are generally SPN structures and Feistel structures, wherein the diffusibility of the SPN structures is superior to that of the Feistel structures, but the confusability of the Feistel structures is better. Common lightweight block cipher algorithms are PRESENT, Piccolo, RECTANGLE, Roadrunnr, etc. The main problem of the existing lightweight block cipher is how to adapt to resource-limited equipment, and the lightweight block cipher is easy to realize software and hardware quickly and has the capability of resisting some classical attacks.
Disclosure of Invention
The invention aims at: aiming at the data security in the environment with limited resources, the invention provides a method for realizing a lightweight AEROGEL block cipher, which has the advantages of low realization cost, easy and quick realization of software and hardware, and guarantee of the security of data encryption.
The invention designs a self-reflexive FP replacement method on a linear layer, so that the encryption and the decryption are more compact. The design adopts a two-dimensional transformation technology, so that one bit is input in the method, each bit of ciphertext can be influenced after 2 rounds of encryption, the diffusion degree is enhanced, and the security of data encryption is improved. The FP replacement adopts 4-bit word-by-word ranking, which is easy to realize by hardware and software of 8-bit and 32-bit microprocessor platforms.
The invention designs a key expansion method. By using the techniques of cyclic displacement, nonlinear transformation and round number dynamic XOR and combining a perfect mathematical theory, the bit flipping time of key expansion is ensured to be larger than the time required by encryption, and the key in the 23 rd round is a nonlinear function of the initial key, thereby improving the security.
The encryption and decryption of the invention are basically consistent. The decryption algorithm only needs to replace the S box of the nonlinear layer in the encryption algorithm with an inverse S box.
The technical scheme of the invention is as follows:
an encryption implementation method for a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: and D, taking the intermediate data as a plaintext data set, taking the intermediate key as a key data set, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the Nr value is 28, so as to obtain an encryption result.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following steps of:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
and if the Nr is more than or equal to 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step C includes the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
in the method for implementing encryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step C is to perform square matrix arrangement on the data result, and then to perform an exclusive or confusion mode on the square matrix, and the steps are as follows:
c 1: obtaining intermediate result after FP replacement operation in encryption, recording 64 bits in each group as X, and arranging by using square matrixWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Are subjected to exclusive OR confusion, and the result is recorded as Y'n(,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, whereL1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher comprises the following processing steps:
e1:if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, each group of second middle round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
A decryption implementation method of a lightweight AEROGEL block cipher comprises the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained according to the encryption implementation method of the lightweight AEROGEL block cipher, and the initial key is the initial key in the encryption implementation method of the lightweight AEROGEL block cipher;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one group of initial key data, and the corresponding relation is consistent with the corresponding relation in the encryption implementation method of the lightweight AEROGEL block cipher;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: and D, performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the decryption result is obtained by analogy in sequence.
In the method for implementing decryption of the lightweight AEROGEL block cipher, the column confusion transformation in the step D is to perform square matrix arrangement on ciphertext data, and then perform exclusive or confusion on a square matrix column, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtainWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, whereL1,L2,L3And L0The matrices are of the same size.
The encryption implementation method of the lightweight AEROGEL block cipher, the FP permutation of step D includes the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9。
the method for realizing decryption of the lightweight AEROGEL block cipher comprises the following processing steps:
e1:if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Carrying out dynamic XOR with the round numbers in sequence to obtain a second middle round key;
e 4: non-linear transformation, each group of second middle round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys from step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
The method for realizing decryption of the lightweight AEROGEL block cipher comprises the following steps of:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
The method, S box transformation, is an S box using Piccolo algorithm.
The invention has the technical effects that the invention provides a method for realizing the lightweight AEROGEL block cipher, which adopts an SPN structure, and adopts a 4-bit word-by-word permutation technology for FP replacement in order to realize hardware easily and software easily; in order to maximize the utilization of resources, the FP replacement adopts a two-dimensional transformation technology and has reflexibility. The column confusion transformation adopts an exclusive OR technology for confusion, and from the perspective of linear algebra, a mode of combining 4 involution matrixes based on GF (2^2) is adopted, so that the S box of a nonlinear layer is only replaced by an inverse S box when data is decrypted, and round key addition, FP replacement, column confusion transformation and encryption are consistent; the implementation method of the linear layer part is superior to the diffusivity of a PRESENT algorithm to a plaintext, and the encryption and decryption of the linear layer part are consistent, so that the implementation method is more compact relative to the PRESENT algorithm; the key expansion part ensures that the bit flipping time of the key expansion is longer than the time required by encryption by using the techniques of cyclic shift, nonlinear transformation and round number dynamic exclusive OR, enhances the diffusivity, and enables the key in the 23 rd round to be a nonlinear function of the initial key.
In summary, the encryption algorithm and the decryption algorithm of the present invention are substantially consistent, and have the characteristics of simple structure, low implementation cost, easy and fast implementation of software and hardware, and resistance to known attacks.
Drawings
Fig. 1 is an encryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 2 is a decryption structure diagram of a method for implementing a lightweight AEROGEL block cipher according to the present invention;
FIG. 3 is a diagram of a two-dimensional transformation technique for implementing the method of the present invention;
fig. 4 is a schematic diagram of key expansion of the implementation method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The lightweight block cipher AEROGEL adopts the SPN structure. The plaintext/ciphertext block length is 64 bits, the key block length is 64 bits, and the iteration round number Nr is 28 rounds.
Encryption structure as shown in fig. 1, the encrypted round function includes a linear Layer containing round key Add (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transform (Mix _ Column), and a nonlinear Layer containing S-box transform (Sub _ Swap).
Decryption structure as shown in fig. 2, the decrypted round function includes a linear Layer and a non-linear Layer, wherein the linear Layer includes round key addition (Add _ RoundKey), FP permutation (FP _ Layer), and Column obfuscation transformation (Mix _ Column), and the non-linear Layer includes inverse S-box transformation (rSub _ Swap).
The AEROGEL encryption is described as algorithm 1 below;
algorithm 1: aerogel encryption
Inputting: p (plaintext), K (key);
and (3) outputting: c (ciphertext);
1.V←P;
2.for i=1 to Nr=28 do;
3.Add_RoundKey(V,K);
4.Sub_Swap(V);
5.FP_Layer(V);
6.Mix_Column(V);
7.end for
8.C←V;
linear layer:
1. round keys plus:
if Nr is 1, carrying out exclusive-OR operation on the 64-bit plain texts by the upper 64 bits of each group of initial keys in sequence, and outputting the resultObtaining an intermediate result;
if Nr is more than or equal to 1 and less than or equal to 28, recording the intermediate data obtained in the previous iteration as ViMiddle round Key recording Keyi(i is more than or equal to 1 and less than or equal to 28), each group sequentially takes the upper 64 bits to carry out exclusive OR operation on the intermediate data of the 64 bits, and then the result is outputObtaining an intermediate result;
the middle round key is generated by a key expansion operation, and fig. 4 is a key expansion diagram, which includes the following specific steps:
1) if Nr is 1, the initial key of each group with 80 bits is denoted as K-H0||H1||H2||H3In which H isjIs 20 bits (j is more than or equal to 0 and less than or equal to 3), KiRecord as ith bit of initial key (1 ≦ i ≦ 79), example: k79Bit 79 of the initial key, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0the upper 20 bits of the initial key);
if 1<Nr is less than or equal to 28, and the intermediate key groups obtained in the previous iteration are recorded as K-H0||H1||H2||H3In which HjIs 20 bits (0)<j≤3),KiRecord as the ith bit (i is more than or equal to 0 and less than or equal to 79) of each group of intermediate keys, for example: k79For bit 79 of each set of intermediate keys, then:
H0=K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60(H0for the upper 20 bits of each set of intermediate keys);
2) cyclic shift techniques. Each group is taken as H0||H1Performing left cyclic shift, wherein the shift number is 9, and obtaining a first middle round key, namely the input is:
K79||K78||K77||K76||K75||K74||K73||K72||K71||K70||K69||K68||K67||K66||K65||K64||K63||K62K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40,
the output is:
K70||K69||K68||K67||K66||K65||K64||K63||K62||K61||K60||K59||K58||K57||K56||K55||K54||K53||K52||K51||K50||K49||K48||K47||K46||K45||K44||K43||K42||K41||K40||K79||K78||K77||K76||K75||K74||K73||K72||K71;
the circular displacement technology ensures that the bit flipping time of the key expansion is longer than the time required by encryption, and the encryption security is improved.
3) Dynamic exclusive or technique of round number. Converting the round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35And then the data are dynamically XOR-ed with the number of the rounds in turn, obtaining a second middle round key;
4) non-linear transformation techniques. Selecting K from each group of second middle round keys obtained in step 33、K2、K1、K0Is subjected to nonlinear transformation, K'3||K′2||K′1||K′0=Sbox(K3||K2||K1||K0) Obtaining a third middle round key, wherein the adopted S box is consistent with the S box used in the step C; in this embodiment, an S box using Piccolo algorithm is adopted, and other S boxes may be adopted according to the configuration.
The non-linear transformation technique makes the key at round 23 a non-linear function of the initial key.
5) Linear transformation techniques. Each group of third middle round keys obtained in the step 4 is subdivided into (H)0,H1,H2,H3)4, performing linear transformation operation, and then K ═ H0||H2||H3||H1And obtaining the middle round key.
FP substitutions:
the S-boxes are transformed to obtain intermediate results, each group of 64 bits is denoted as Z, and every 4 bits is denoted as a ZiWherein i is 0-15, then Z ═ Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15. The transformation rule in this embodiment is to use the vertices of a square to transform Z0、Z1、Z2、Z3、Z4、Z5、Z6、Z7、Z8、Z9、Z10、Z11、Z12、Z13、Z14、Z15Divided into 4 groups, each being { Z0、Z1、Z2、Z3}、{Z4、Z5、Z6、Z7}、{Z8、Z9、Z10、Z11}、{Z12、Z13、Z14、Z15One set per vertex, arranged clockwise, with the first Z of each setiArranged at the vertex of the square, the other three in the group are arranged in turn in clockwise rotation, the arrangement state is as shown in figure 3, and the point 0 at the upper left corner in figure 3 represents Z0Position ofPut, and the others are analogized in turn.
When the transformation is carried out, the transformation is carried out according to the positions of various points in different groups on the graph shown in FIG. 3, if 2 points Q exist, R is located on the same line and represents that the points Q are associated with the points R, and after the two-dimensional transformation, Q is replaced to the position where R is located, and R is replaced to the position where Q is located; assuming that the T point has no point associated with it, the two-dimensional transformed position is unchanged. Here, the four sides of the square and the two diagonal lines are considered to be on the same line, with the first point being disposed at the vertex for each set of clockwise disposed points, and the other three corresponding in turn to the two sides and diagonal lines of the square, with the first set, Z0The vertex is arranged at one end of the side corresponding to the top of the square, and the diagonal line from the top left to the bottom right is arranged at one end of the side corresponding to the left side of the square. Then correspond to, Z1And Z7Is positioned on the same line, namely the uppermost side of the square, Z is obtained after two-dimensional transformation1By substitution to Z7At the position, Z7By substitution to Z1The position of the location. But of the points of each group, those disposed at the vertex position are considered not to be associated with other points. That is, Z0If no point is associated with the position, the position is unchanged after the two-dimensional transformation;
as can be seen from the above, Z ═ Z after two-dimensional conversion0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9. And different permutation forms can be expanded according to different point arrangement forms, such as counterclockwise arrangement of points on four vertexes of a square according to each group, or sequential change. The rule of FP permutation is to divide the cipher equally into 16 blocks, each 4 blocks forming a group, each group being arranged on one vertex of the rectangle, the block on each vertex representing the vertex of the rectangle and one end of two edges and one diagonal connecting the vertex, the block representing the vertex not being permuted at the time of permutation, the block representing one end of an edge or a diagonal being swapped with the other end. Such two-dimensional transformationThe replacement technology enables FP replacement to have self-reflexibility, can be used together during encryption and decryption, does not need additional reverse replacement, and a replacement table is shown in a table 1;
TABLE 1 FP substitutions
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
0 | 7 | 10 | 13 | 4 | 11 | 14 | 1 | 8 | 15 | 2 | 5 | 12 | 3 | 6 | 9 |
3. Column obfuscation transformation:
the data result is arranged in a square matrix, and then the array of the square matrix is subjected to an exclusive-or confusion mode, wherein the method comprises the following steps:
1) intermediate results are obtained after FP replacement operation in encryption/decryption, each group of 64 bits is marked as X, and then the intermediate results can be arranged by adopting a square matrixWherein Y isnIs 4 bit (1)<n≤15);
2) The result of XOR scrambling is denoted as Y'n(1<n is less than or equal to 15), adding Y0、Y1、Y2、Y3The following operations are carried out in the following manner,
obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3The complaint operation is transferred to be based on the finite field GF (2)2) The above multiplicative transformation, the operational expression is,
3) For the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y ═ X × M, where(L1,L2,L3And L0The matrix size is the same);
non-linear layer:
s, box conversion: adopting an S box of a Piccolo algorithm, wherein the S box is { e, 4, b, 2, 3, 8, 0, 9, 1, a, 7, f, 6, c, 5, d }, and obtaining a second intermediate result;
the 64 bits of the first intermediate result are denoted as U, and if U is equal to V', then U is equal to U0||U1||U2||U3||U4||U5||U6||U7;
The result is output as U ═ Sbox (U) after S box conversion0)||Sbox(U1)||Sbox(U2)||Sbox(U3)||Sbox(U4)||Sbox(U5)||Sbox(U6)||Sbox(U7);
The AEROGEL decryption is described as algorithm 2 below;
and 2, algorithm: AEROGEL decryption
Inputting: c (ciphertext), K (key);
and (3) outputting: p (plaintext);
1.T←C;
2.for i=1 to Nr=28 do;
3.Mix_Column(T);
4.FP_Layer(T);
5.rSub_Swap(T);
6.Add_RoundKey(T,K);
7.end for
8.P←T;
linear layer: consistent with the linear layer operation in the encryption operation referred to above.
In the decryption iteration process, the sequence of the wheel key group used in the wheel key encryption is opposite to that in the encryption iteration process;
non-linear layer:
inverse S-box transformation: the inverse S box of the S box adopting the Piccolo algorithm is {6, 8, 3, 4, 1, e, c, a, 5, 7, 9, 2, d, f, 0, b }, and the output result after the inverse S box transformation is:
U′=rSbox(U0)||rSbox(U1)||rSbox(U2)||rSbox(U3)||rSbox(U4)||rSbox(U5)||rSbox(U6)||rSbox(U7) (ii) a The AEROGEL algorithm test data of the invention are shown in Table 2:
TABLE 2AEROGEL-64 test vectors
The AEROGEL cryptographic algorithm is realized in Xilinx Virtex-5XC5VLX50T FPGA hardware, the SLC of the AEROGEL-64 algorithm is 149, the LUT is 199, the FF is 149, the Max-Fre is 476.563MHz, and the Power is 567.50 mW;
table 3 shows the implementation of each lightweight block cipher algorithm FPGA hardware, and data comparison in table 3 shows that the AEROGEL algorithm has the advantages of high efficiency and small implementation area;
TABLE 3 respective lightweight cryptographic algorithm FPGA implementation
Algorithm | State(bit) | Key(bit) | FF | LUT | SLC | Max-Fre(MHz) |
PRESENT-80 | 64 | 80 | 152 | 222 | 153 | 455.31 |
PRESENT-128 | 64 | 128 | 200 | 270 | 201 | 455.311 |
Piccolo-80 | 64 | 80 | 112 | 302 | 113 | 331.400 |
Piccolo-128 | 64 | 128 | 200 | 384 | 201 | 322.997 |
RECTANGLE-128 | 64 | 128 | 191 | 253 | 192 | 501.153 |
AEROGEL-64 | 64 | 80 | 149 | 199 | 149 | 476.563 |
The present invention has been described in detail with reference to the specific embodiments, which should not be construed as limiting the invention. Many variations and modifications may be made by one of ordinary skill in the art without departing from the principles of the present invention, which should also be considered within the scope of the present invention.
Claims (5)
1. An encryption implementation method for a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring plaintext data and an initial key;
b: dividing the plaintext data and the initial key into 64-bit plaintext data groups and 80-bit initial key data groups respectively, wherein each plaintext data group corresponds to one initial key data group;
c: performing encryption operation through a round function, wherein the encrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP permutation and column confusion transformation, and the nonlinear layer comprises S-box transformation; the round function operation of encryption is that round key addition is carried out on each group of plaintext data through corresponding group of key data, and then S-box transformation, FP replacement and column confusion transformation are carried out in sequence to obtain an intermediate data group;
d: respectively executing key expansion operation on each group of initial keys to obtain an 80-bit intermediate key group;
e: taking the intermediate data as a plaintext data set, taking the intermediate key as a key data set, and repeating the step C and the step D to perform Nr-round iterative encryption, wherein the Nr value is 28, so as to obtain an encryption result;
the method comprises the following steps:
if Nr is 1, carrying out exclusive-or operation on the 64-bit plain texts by using the high 64 bits of each group of initial keys in sequence to obtain an intermediate result as an intermediate data group;
if Nr is more than 1 and less than or equal to 28, carrying out exclusive OR operation on the intermediate data groups of 64 bits by sequentially taking the upper 64 bits from each intermediate key group obtained in the previous iteration to obtain an intermediate result;
the FP replacement of the step C comprises the following steps:
the result obtained after S-box transformation is recorded as Z for 64 bits in each group, and then Z is equal to Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9;
the column confusion transformation in the step C is to arrange the data results in a square matrix, and then adopt an exclusive-or confusion mode for the square matrix, and the steps are as follows:
c 1: obtaining an intermediate result after FP replacement operation in encryption, marking 64 bits in each group as X, and arranging by adopting a square matrixWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
c 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
c 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y ═ X × M, whereL1,L2,L3And L0The matrix sizes are the same;
the step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group of 80 bits is denoted as K H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which H isjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and selecting K from each group of first intermediate round keys obtained in step e239、K38、K37、K36、K35Sequentially carrying out dynamic XOR with the round number to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3) In total 4 moieties, wherein MjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation is carried outAs K ═ M0||M2||M3||M1And obtaining an intermediate key.
2. The method of claim 1, wherein the S-box transformation is an S-box using Piccolo' S algorithm.
3. A decryption implementation method of a lightweight AEROGEL block cipher is characterized by comprising the following steps:
a: acquiring ciphertext data and an initial key, wherein the ciphertext data is an encryption result obtained by the method of any one of claims 1-2, and the initial key is the initial key in the method of any one of claims 1-2;
b: dividing the ciphertext data and the initial key into 64-bit ciphertext data groups and 80-bit initial key data groups respectively, wherein each ciphertext data group corresponds to one initial key data group, and the corresponding relation is consistent with that in the method of any one of claims 1-2;
c: sequentially executing key expansion operation on each group of initial keys, repeating iterative expansion for Nr times, and recording an 80-bit intermediate key group obtained by each iteration;
d: performing decryption operation, wherein the decrypted round function comprises a linear layer and a nonlinear layer, the linear layer comprises round key addition, FP replacement and column confusion transformation, the nonlinear layer comprises inverse S-box transformation, the decrypted round function operation comprises the steps of sequentially performing the column confusion transformation, FP replacement and inverse S-box transformation on each group of data to be decrypted, then performing the round key addition on each group of ciphertext data groups through corresponding groups of key data to obtain intermediate data, and then repeating the step D to perform Nr round iterative decryption, wherein the value of Nr is 28, and in the iterative process, when the round key addition is performed, the intermediate key group obtained by iteratively expanding Nr times in the step C is used for the first time, the intermediate key group obtained by iteratively expanding Nr-1 times in the step C is used for the second time, and the like in sequence, so as to obtain a decryption result;
the column confusion transformation in the step D is to perform square matrix arrangement on the ciphertext data and then adopt an exclusive or confusion mode on the square matrix, and the steps are as follows:
d 1: recording 64 bits of each group of the ciphertext data as X, and arranging by adopting a square matrix to obtainWherein Y isnIs 4 bits, n is more than or equal to 0 and less than or equal to 15;
d 2: will Y0、Y1、Y2、Y3Exclusive OR and obfuscation are performed, and the result is recorded as Y'n,0≤n≤15:
Obtaining exclusive or confused Y'0、Y′1、Y′2、Y′3Operate as based on the finite field GF (2)2) The above multiplicative transformation represents that, the operational expression is,
d 3: for the rest Y4-Y15The same xor aliasing is performed in sequence to yield 64-bit Y' ═ X × M, whereL1,L2,L3And L0The matrix sizes are the same;
the FP replacement of the step D comprises the following steps:
the result obtained after the column aliasing transformation is recorded as Z for each group of 64 bits, and is divided into 4 bits from high bit to low bit, wherein Z is Z0||Z1||Z2||Z3||Z4||Z5||Z6||Z7||Z8||Z9||Z10||Z11||Z12||Z13||Z14||Z15,
After FP substitution:
Z′=Z0||Z7||Z10||Z13||Z4||Z11||Z14||Z1||Z8||Z15||Z2||Z5||Z12||Z3||Z6||Z9;
the step D comprises the following processing steps:
e 1: if Nr is 1, the initial key of each group with 80 bits is denoted as K-H0||H1||H2||H3In which H isjIs 20 bits, j is more than or equal to 0 and less than or equal to 3, KiThe ith bit is marked as the initial key, and i is more than or equal to 0 and less than or equal to 79;
if Nr is more than or equal to 2 and less than or equal to 27, the intermediate key groups obtained in the previous iteration are marked as K-H0||H1||H2||H3In which HjComprises 20 bits, j is more than or equal to 0 and less than or equal to 3, KiRecording the ith bit of each group of intermediate keys, wherein i is more than or equal to 0 and less than or equal to 79;
setting K' as each group of intermediate key results after key expansion;
e 2: cyclic shift, taking H for each group0||H1Performing left cyclic displacement, wherein the displacement number is 9, and obtaining a first middle round key;
e 3: dynamic XOR of the round numbers, converting the current round number Nr into a binary number of 5 bits, and then performing step e2 to obtain the first round number of each groupInterval round key, select K39、K38、K37、K36、K35Sequentially carrying out dynamic XOR with the round number to obtain a second middle round key;
e 4: nonlinear transformation, each group of second intermediate round keys obtained in the step e3 is selected to be K3、K2、K1、K0Performing nonlinear transformation to obtain a third middle round key, wherein the adopted S box is consistent with the S box used in the step C;
e5 Linear transformation, subdividing each set of third middle round keys obtained in step e4 into M0,M1,M2,M3In total 4 moieties, wherein Mj20 bits, j is more than or equal to 0 and less than or equal to 3, and linear transformation operation K' is performed to M0||M2||M3||M1And obtaining an intermediate key.
4. The method for implementing decryption of a lightweight AEROGEL block cipher according to claim 3, wherein the round key addition of step D comprises the following steps:
and carrying out exclusive OR operation on the 64-bit plain texts by the high 64 bits of the corresponding intermediate key group in sequence to obtain an operation result of round key addition.
5. The method of claim 3, wherein the S-box transform is an S-box using Piccolo' S algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244240.1A CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244240.1A CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111245598A CN111245598A (en) | 2020-06-05 |
CN111245598B true CN111245598B (en) | 2022-06-14 |
Family
ID=70878999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010244240.1A Active CN111245598B (en) | 2020-03-31 | 2020-03-31 | Method for realizing lightweight AEROGEL block cipher |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111245598B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202547B (en) * | 2020-11-11 | 2022-04-12 | 衡阳师范学院 | Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium |
CN114024675B (en) * | 2021-11-24 | 2024-01-23 | 衡阳师范学院 | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal |
CN115208626B (en) * | 2022-06-02 | 2023-12-01 | 北京交大微联科技有限公司 | Communication method and device based on secure communication ciphertext transmission in railway signal system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012154129A1 (en) * | 2011-05-10 | 2012-11-15 | Nanyang Technological University | Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
CN110784307A (en) * | 2019-11-05 | 2020-02-11 | 衡阳师范学院 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2822215A1 (en) * | 2012-03-02 | 2015-01-07 | Sony Corporation | Information processing device, information processing method, and programme |
-
2020
- 2020-03-31 CN CN202010244240.1A patent/CN111245598B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012154129A1 (en) * | 2011-05-10 | 2012-11-15 | Nanyang Technological University | Devices for computer-based generating of a mixing matrix for cryptographic processing of data, encrypting devices, methods for computer-based generating of a mixing matrix for cryptographic processing of data and encrypting methods |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN109768854A (en) * | 2019-03-29 | 2019-05-17 | 衡阳师范学院 | A kind of implementation method of lightweight block cipher Wheel |
CN110784307A (en) * | 2019-11-05 | 2020-02-11 | 衡阳师范学院 | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium |
Non-Patent Citations (5)
Title |
---|
《Loong: A Family of Involutional Lightweight Block Cipher Based on SPN Structure》;BO-TAO LIU ETAL;《IEEE ACCESS》;20191001;全文 * |
《Magpie一种高安全的轻量级分组密码算法》;李浪 等;《电子学报》;20171031;全文 * |
《PRESENT密码硬件语言实现及其优化研究》;李浪 等;《小型微型计算机系统》;20131031;全文 * |
LED轻量级密码算法芯片的功耗优化;张文哲等;《电子设计工程》;20200305(第05期);全文 * |
Surge:一种新型、低资源、高效的轻量级分组密码算法;李浪等;《计算机科学》;20180215(第02期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111245598A (en) | 2020-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP3992742B2 (en) | Encryption method and apparatus for nonlinearly combining data blocks and keys | |
EP3186802B1 (en) | Encryption function and decryption function generating method, encryption and decryption method and related apparatuses | |
CN111245598B (en) | Method for realizing lightweight AEROGEL block cipher | |
US7801307B2 (en) | Method of symmetric key data encryption | |
US20080304664A1 (en) | System and a method for securing information | |
Anees et al. | Designing secure substitution boxes based on permutation of symmetric group | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
EP1081889A2 (en) | Extended key generator, encryption / decryption unit, extended key generation method, and storage medium | |
US11606189B2 (en) | Method and apparatus for improving the speed of advanced encryption standard (AES) decryption algorithm | |
US20070214361A1 (en) | Device, System and Method for Fast Secure Message Encryption Without Key Distribution | |
KR100800468B1 (en) | Hardware cryptographic engine and method improving power consumption and operation speed | |
US20070189518A1 (en) | 3-D quaternion quantum fractal encryption | |
TW201545524A (en) | Technologies for modifying a first cryptographic cipher with operations of a second cryptographic cipher | |
US20170346622A1 (en) | System And Method For Secure Communications And Data Storage Using Multidimensional Encryption | |
US10666437B2 (en) | Customizable encryption/decryption algorithm | |
Ahmed et al. | Strongest AES with S-Boxes bank and dynamic key MDS matrix (SDK-AES) | |
CN113728583B (en) | Enhanced randomness for digital systems | |
JP6052166B2 (en) | ENCRYPTION METHOD, ENCRYPTION DEVICE, AND ENCRYPTION PROGRAM | |
Gandh et al. | FPGA implementation of enhanced key expansion algorithm for Advanced Encryption Standard | |
Gangadari et al. | Analysis and algebraic construction of S-Box for AES algorithm using irreducible polynomials | |
CN116980194A (en) | Safe and efficient data transmission method and system based on cloud edge end cooperation | |
Gangadari et al. | FPGA implementation of compact S-box for AES algorithm using composite field arithmetic | |
CN107493164B (en) | DES encryption method and system based on chaotic system | |
CN115811398A (en) | Dynamic S-box-based block cipher algorithm, device, system and storage medium | |
CN110247754B (en) | Method and device for realizing block cipher FBC |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |