CN111478766B - Method, device and storage medium for realizing block cipher MEG - Google Patents
Method, device and storage medium for realizing block cipher MEG Download PDFInfo
- Publication number
- CN111478766B CN111478766B CN202010068953.7A CN202010068953A CN111478766B CN 111478766 B CN111478766 B CN 111478766B CN 202010068953 A CN202010068953 A CN 202010068953A CN 111478766 B CN111478766 B CN 111478766B
- Authority
- CN
- China
- Prior art keywords
- key
- transformation
- matrix
- round
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The adopted extended generalized Feistel structure generates an optimal diffusion layer for column aliasing operation after 4 iterations. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved. When the technical scheme is implemented by hardware, the matrix used for key expansion is a circular matrix, and the original key can be expanded by only storing 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Description
Technical Field
The invention belongs to the field of computers, and particularly relates to a method and a device for realizing a block cipher MEG and a storage medium.
Background
With the rapid development of the information age, the information security technology plays an increasingly important role in the social life of people, and cryptography is a basis of the information security technology and receives more and more attention. Block cipher algorithms are widely used in computer communications and information system security because of their advantages in encryption speed, amount of encrypted data, design criteria, and software and hardware implementation.
However, with the application of micro-computing storage devices such as infrared sensing devices, Radio Frequency Identification Devices (RFID), Wireless Sensors (WSN), personal digital assistant terminals (PDA) and other micro embedded devices in recent years, the technology of internet of things is advanced to the aspect of people's life, and it also bears a great amount of private information of countries, enterprises and individuals, and how to ensure the security of these resource-limited devices on the internet of things has become an urgent problem to be solved. In this context, research on lightweight block ciphers has been ongoing.
Compared with the traditional block cipher, the lightweight block cipher focuses more on how to improve the encryption efficiency, how to reduce the computing resources, and how to provide the encryption function on the equipment with small storage space and weak computing power and limited resources. In recent years, a batch of lightweight block ciphers are designed, such as LED, TWINE, PRESENT, Piccolo, LBlock, microdori, and the like, and these lightweight block cipher algorithms have a good fit with the encryption environment under resource-limited devices in the internet of things, but sometimes the security is reduced to some extent in order to reduce the resource occupation, or the encryption and decryption efficiency is reduced to ensure a lower resource area, so the designed lightweight block ciphers are vulnerable.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, aiming at overcoming the problem that the security is not high and the MEG is easy to be attacked on the premise of ensuring that the occupied area of the resources of the existing lightweight block cipher algorithm is not high.
The technical scheme of the invention is as follows:
on one hand, a method for implementing a block cipher MEG comprises the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
M in the block cipher MEG refers to a maximum distance separable code generator matrix (MDS matrix), and EG refers to an Extended generalized Feistel Structure (Extended generalized Feistel Structure).
Further, the specific process of expanding the original key by using the maximum distance separable generator matrix is as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
The matrix W (MDS matrix) can be used to construct an optimal diffusion layer that is best able to resist differential analysis and linear analysis, thus further ensuring the security of the key. Meanwhile, the diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, which description is exactly the same as diffusion.
Further, the matrix used by the EFG column hybrid transformation operation adopts a 4 × 4 MDS matrix formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In the technical scheme, two construction modes of the MDS matrix exist, including a generation mode of applying maximum distance divisible codes and a generation mode of iterating 4 times by utilizing an extended generalized Feistel structure.
And the MDS matrix constructed by the generating matrix applying the maximum distance separable codes is used for performing key expansion operation, which is the first time that the MDS matrix is used for performing key expansion. The MDS matrix is constructed in an iterative mode and is firstly proposed in 2011 LED block ciphers, but a linear feedback shift register is adopted for iterative construction at the moment, a novel extended generalized Feistel structure which can be used for iteratively constructing the MDS matrix is proposed in the technical scheme of the invention and is used in column confusion operation, an optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, and therefore the safety of the algorithm can be further improved.
In one aspect, an apparatus for implementing a block cipher MEG includes:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
Further, the expanded key module is to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
Further, the matrix structure used by the EFG column hybrid transformation module is a 4 × 4 MDS matrix structure formed after 4 iterations using an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In another aspect, a computer storage medium includes a computer program that, when executed by a processing terminal, causes the processing terminal to perform a block cipher MEG implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, and this description is exactly consistent with the diffusion definition. The optimal diffusion layer can better resist differential analysis and linear analysis, so that the safety of the algorithm can be further improved.
The technical scheme of the invention also provides an extended generalized Feistel structure, and an optimal diffusion layer is generated after 4 iterations, which corresponds to the column confusion operation in the encryption algorithm. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved.
According to the technical scheme, when hardware is implemented, the matrix corresponding to the key expansion algorithm is a circular matrix, so that all elements do not need to be stored, and the seed key can be expanded only by storing the 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Drawings
FIG. 1 is a MEG lightweight block cipher algorithm encryption flow chart of the method of the present invention;
FIG. 2 is a MEG lightweight block cipher algorithm decryption flow chart of the method of the present invention;
fig. 3 is a diagram of a corresponding extended generalized Feistel structure in a column hybrid transform operation according to the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples.
A method for realizing a block cipher MEG is characterized in that the MEG algorithm has a block length of 64 bits and a key length of 64 bits, and comprises 32 rounds of operation. As shown in fig. 1, the encryption operation includes six modules, namely, a key expansion algorithm (KeyExpansion), round key addition transformation (addroundkey), constant addition transformation (addrontents), S-box substitution transformation (SubCell), shift transformation (ShiftRow), and column obfuscation transformation (mixcolumns), and after the round key addition transformation is started once, every 2 rounds of constant addition transformation, S-box substitution transformation, shift transformation, and column hybrid transformation are performed once. Decryption operation flow as shown in fig. 2, the algorithm decryption round operation includes six modules, namely, column confusion inverse transform (InvMixColumns), row shift inverse transform (InvShiftRows), S-box replacement inverse transform (InvSubCells), constant plus inverse transform (invaddcondonstants), round key plus transform (addroundkey) and key expansion algorithm (KeyExpansion).
The block cipher MEG algorithm pseudo-code is described below.
Algorithm 1: block cipher MEG algorithm encryption process
Inputting: plaintext, Key;
and (3) outputting: ciphertext;
1.State←Plaintext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.AddConstants(State);
7.SubCells(State);
8.ShiftRows(State);
9.MixColumns(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs the corresponding round key; if i is even, KeyiIs an original Key, if i is an odd number, KeyiIs an expanded key.
And (3) key expansion operation: the original key is represented as 16 finite fields GF (2) of 4-bit one bit4) The above elements, and arranged in a 4 × 4 matrix as follows.
And applying a generating matrix W of the following maximum distance divisible codes to perform matrix multiplication operation on a finite field with the seed key so as to obtain a new round key K'. Namely, it is
Wherein the data in the matrix W is in 16-ary representation.
Round key addition: performing XOR operation on the 64-bit plaintext or the intermediate value of each 2 rounds and the ith (i is more than or equal to 1 and less than or equal to 17) round key 64-bit, and performing XOR operation on the 64-bit plaintext or the intermediate value State (State) of each 2 rounds0,…,state15) I-th round keyHas an operational relationship ofWherein, if i is odd, KeyiIs the original Key, i is even number, KeyiIs the expanded key.
Constant addition transformation: the intermediate state matrix is exclusive-or-ed by a round constant matrix; the wheel constants are specifically defined as shown in the following matrix,for 6 bits, the initial value takes 0. Is shifted to the left and willAs new rc0The value of (c).
S box replacement transformation: the S-box of the PRESENT algorithm is used, 16 4-bits of the intermediate state matrix are used for S-box conversion of each 4-bit, and the conversion relation is shown in a table 1.
TABLE 1 MEG S-Box
Line shift conversion: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle is left unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells.
Column mixing transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
The column hybrid transformation operation is that a 4 x 4 matrix composed of 16 units in a column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (1), where the data is represented in 16-ary form.
The block cipher MEG decryption algorithm is described as follows.
Inputting: cipertext, Key;
and (3) outputting: plaintext;
1.State←Ciphertext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.InvMixColumns(State);
7.InvShiftRows(State);
8.InvSubCells(State);
9.InvAddConstants(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs a round key; when i is even, KeyiIs an original Key, when i is odd, KeyiIs an expanded key.
The MEG decryption uses four inverse transformations in encryption transformation, round key addition transformation and key expansion transformation, wherein the round key addition, constant addition operation and key expansion operation inverse transformation are performed to the MEG decryption; and decrypting the ciphertext in the reverse order of the encryption operation, wherein the key used in the decryption process is the same as the encryption process.
S-box replacement inverse transformation: the inverse transformation of the S-box using the PRESENT algorithm is followed, 16 4-bits of the intermediate state matrix are subjected to S-box transformation for each 4-bit, and the transformation relation thereof is shown in Table 2
TABLE 2 inverse S-box transform of MEG
And (3) row shift inverse transformation: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the right cycle, the 0 th row cycle is left unchanged, the 1 st row cycle is shifted to the right by 1 cell, the 2 nd row is shifted to the right by 2 cells, and the 3 rd row cycle is shifted to the right by 3 cells.
Column hybrid inverse transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m' below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
The column hybrid transformation operation is that a 4 x 4 matrix composed of 16 units in a column hybrid transformation matrix M and State is in a finite field GF (2)4) A multiplication transformation of (2) corresponding toEquation (2) is transformed, where the data is represented in 16-ary.
MEG-64 Algorithm test data is shown in Table 3:
TABLE 3 Block cipher MEG Algorithm test data
Plaintext | key | CiPhertext |
0000-0000-0000-0000 | 0000-0000-0000-0000 | A481-5A45-1DA0-C5F2 |
0000-0000-0000-0000 | FFFF-FFFF-FFFF-FFFF | BBDE-C811-2B31-E305 |
FFFF-FFFF-FFFF-FFFF | 0000-0000-0000-0000 | 524E-898B-B3C5-C9A2 |
FFFF-FFFF-FFFF-FFFF | FFFF-FFFF-FFFF-FFFF | 57A3-5E98-A4F2-3AF2 |
6666-6666-6666-6666 | 0123-4567-89AB-CDEF | EF8E-9A7F-760B-3EAD |
The block cipher MEG algorithm is realized by hardware in an ASIC, and is synthesized in a Synopsys Design Compiler Version B-6008.09, wherein a comprehensive process library is SMIC 0.18umCMOS, and in a comprehensive experiment, the unit of area resources is GE. The resource area occupied by the MEG-64 algorithm is 1318 GE. The area comparison for each lightweight block cipher algorithm implementation is shown in table 4.
TABLE 4 area comparison for lightweight block cipher algorithms
Based on the above method, an embodiment of the present invention further provides an apparatus for implementing a block cipher MEG, including:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
The expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
The matrix structure used by the EFG column hybrid transformation module is a 4 × 4 MDS matrix structure formed after 4 iterations of an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
It should be understood that the functional unit modules in the embodiments of the present invention may be integrated into one processing unit, or each unit module may exist alone physically, or two or more unit modules are integrated into one unit module, and may be implemented in the form of hardware or software.
The embodiment of the present invention further provides a computer storage medium, which includes a computer program, and when the computer program instruction is executed by a processing terminal, the processing terminal executes a method for implementing a block cipher MEG, which has the beneficial effects of the method part, and is not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (7)
1. A method for realizing a block cipher MEG is characterized by comprising the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, performing one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iteration operation, and performing one-time key addition transformation after the 32-time iteration operation is completed to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way;
round key addition transformation: carrying out XOR operation on 64-bit plaintext/64-bit ciphertext or the intermediate value of each 2 rounds and the ith 64-bit round key, wherein the State of the 64-bit plaintext/64-bit ciphertext or the intermediate value of each 2 rounds is equal to State0,…,state15I-th round keyHas an operational relationship ofWherein, if i is odd, KeyiIs the original Key, i is even number, KeyiThe expanded key is the key, wherein i is more than or equal to 1 and less than or equal to 17, and j is more than or equal to 0 and less than or equal to 15;
constant addition transformation: XOR the intermediate state matrix by a round constant matrix; the wheel constant matrix is specifically defined as shown in the following matrix, (r)c5,rc4,rc3,rc2,rc1,rc0) For 6 bits, the initial value takes 0; is shifted to the left and willAs new rc0A value of (d);
s, box conversion: 16 4 bits of the intermediate state matrix, and performing S-box transformation on each 4 bits, wherein the transformation relationship is that S [ x ] ═ { C, 5,6, B, 9,0, a, D, 3, E, F, 8, 4, 7, 1, 2}, and x takes a value of {0,1,2,3,4,5,6,7,8,9, a, B, C, D, E, F };
line shift conversion: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle remains unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row cycle is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells;
EFG column hybrid transform: the 4 x 4 matrix composed of 16 units in the column mixed transformation matrix M and State is in the finite field GF (2)4) A multiplicative transformation above, corresponding to the transformation formula below, where the data is represented in 16-ary;
2. the method of claim 1, wherein the original key is expanded by using the maximum distance separable generator matrix as follows:
the original key is divided from high order to low order to obtain 16 finite fields GF (2) with 4 bits4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
using the maximum distance code-divisible generating matrix W to perform matrix multiplication operation on a limited domain with the original key matrix K, thereby obtaining a new key matrix K’:
Wherein, the elements in W are in 16-system representation.
3. The method of claim 1, wherein the EFG column mixture transform operation uses a matrix MDS matrix that is a 4 x 4 maximum distance separable code generator formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
4. A block cipher MEG implementation device is characterized by comprising:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iteration round operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules;
round key adds transform module: carrying out XOR operation on 64 bits of plaintext/64 bits of ciphertext or intermediate value of each 2 rounds and 64 bits of the ith round key, wherein the State of the 64 bits of plaintext/64 bits of ciphertext or intermediate value of each 2 rounds is equal to State0,…,state15I th round keyHas an operational relationship ofWherein, if i is odd, KeyiIs the original Key, i is even number, KeyiThe expanded key is the key, wherein i is more than or equal to 1 and less than or equal to 17, and j is more than or equal to 0 and less than or equal to 15;
a constant plus transformation module: differentiating the intermediate state matrixOr a round constant matrix; the wheel constant matrix is specifically defined as shown in the following matrix, (rc)5,rc4,rc3,rc2,rc1,rc0) For 6 bits, the initial value takes 0; is shifted to the left and willAs new rc0A value of (d);
s box conversion module: 16 4 bits of the intermediate state matrix, and performing S-box transformation on each 4 bits, wherein the transformation relationship is that S [ x ] ═ { C, 5,6, B, 9,0, a, D, 3, E, F, 8, 4, 7, 1, 2}, and x takes a value of {0,1,2,3,4,5,6,7,8,9, a, B, C, D, E, F };
a row shift conversion module: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle remains unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row cycle is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells;
EFG column hybrid transform module: the 4 x 4 matrix composed of 16 units in the column mixed transformation matrix M and State is in the finite field GF (2)4) A multiplicative transformation above, corresponding to the transformation formula below, where the data is represented in 16-ary;
5. the apparatus of claim 4, wherein the expanded key module is configured to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
the original key is divided from high order to low order to obtain 16 finite fields GF (2) with 4 bits4) The elements above, and arranged in sequence as a 4 × 4 original key matrixK:
Applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
6. The apparatus of claim 4, wherein the matrix structure used by the EFG column hybrid transform module is a 4 x 4 MDS matrix structure formed after 4 iterations with an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
7. A computer storage medium comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 3 when executed by a processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068953.7A CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068953.7A CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111478766A CN111478766A (en) | 2020-07-31 |
CN111478766B true CN111478766B (en) | 2021-09-28 |
Family
ID=71747039
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010068953.7A Active CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111478766B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112134691B (en) * | 2020-10-27 | 2023-07-04 | 衡阳师范学院 | NLCS block cipher realization method, device and medium with repeatable components |
CN113645615B (en) * | 2021-08-12 | 2023-12-22 | 衡阳师范学院 | Lightweight block cipher encryption and decryption method |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8130946B2 (en) * | 2007-03-20 | 2012-03-06 | Michael De Mare | Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation |
CN102025484B (en) * | 2010-12-17 | 2012-07-04 | 北京航空航天大学 | Block cipher encryption and decryption method |
CN104065474B (en) * | 2014-07-14 | 2015-04-08 | 衡阳师范学院 | Novel low-resource efficient lightweight Surge block cipher implementation method |
US9960908B1 (en) * | 2015-06-19 | 2018-05-01 | Amazon Technologies, Inc. | Reduced-latency packet ciphering |
CN105959107B (en) * | 2016-06-24 | 2017-03-08 | 衡阳师范学院 | A kind of lightweight SFN block cipher implementation method of new high safety |
US10742405B2 (en) * | 2016-12-16 | 2020-08-11 | The Boeing Company | Method and system for generation of cipher round keys by bit-mixers |
CN107707343B (en) * | 2017-11-08 | 2020-10-16 | 贵州大学 | SP network structure lightweight block cipher realization method with consistent encryption and decryption |
CN108206736B (en) * | 2018-01-11 | 2019-03-15 | 衡阳师范学院 | A kind of lightweight cryptographic algorithm HBcipher implementation method and device |
-
2020
- 2020-01-21 CN CN202010068953.7A patent/CN111478766B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111478766A (en) | 2020-07-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Guo et al. | The PHOTON family of lightweight hash functions | |
Turan et al. | Status report on the second round of the NIST lightweight cryptography standardization process | |
CN112202547B (en) | Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium | |
CN110572255B (en) | Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium | |
CN109450632B (en) | Key recovery method based on white-box block cipher CLEFIA analysis | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
CN105959107B (en) | A kind of lightweight SFN block cipher implementation method of new high safety | |
CN103634101A (en) | Encryption processing method and encryption processing equipment | |
CN110784307B (en) | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium | |
CN111478766B (en) | Method, device and storage medium for realizing block cipher MEG | |
Zhang et al. | Differential cryptanalysis on block cipher skinny with MILP program | |
Li et al. | Keyed hash function based on a dynamic lookup table of functions | |
CN111245598A (en) | Method for realizing lightweight AEROGEL block cipher | |
CN111614457B (en) | P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium | |
CN111314054B (en) | Lightweight ECEG block cipher realization method, system and storage medium | |
Gueron et al. | Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8) | |
CN112134691B (en) | NLCS block cipher realization method, device and medium with repeatable components | |
Faraoun | Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata | |
Muhalhal et al. | A hybrid modified lightweight algorithm for achieving data integrity and confidentiality | |
CN106921486A (en) | The method and apparatus of data encryption | |
CN114826560A (en) | Method and system for realizing lightweight block cipher CREF | |
Orhanou et al. | Analytical evaluation of the stream cipher ZUC | |
CN115102685A (en) | Physical layer information encryption method based on infinite dimension hyperchaos | |
Loidreau | Analysis of a public-key encryption scheme based on distorted Gabidulin codes | |
Kim et al. | Low power circuit architecture of AES crypto module for wireless sensor network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |