CN111478766B - Method, device and storage medium for realizing block cipher MEG - Google Patents

Method, device and storage medium for realizing block cipher MEG Download PDF

Info

Publication number
CN111478766B
CN111478766B CN202010068953.7A CN202010068953A CN111478766B CN 111478766 B CN111478766 B CN 111478766B CN 202010068953 A CN202010068953 A CN 202010068953A CN 111478766 B CN111478766 B CN 111478766B
Authority
CN
China
Prior art keywords
key
transformation
matrix
round
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010068953.7A
Other languages
Chinese (zh)
Other versions
CN111478766A (en
Inventor
李秋萍
李浪
刘波涛
赵军霞
张剑
李康满
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN202010068953.7A priority Critical patent/CN111478766B/en
Publication of CN111478766A publication Critical patent/CN111478766A/en
Application granted granted Critical
Publication of CN111478766B publication Critical patent/CN111478766B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The adopted extended generalized Feistel structure generates an optimal diffusion layer for column aliasing operation after 4 iterations. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved. When the technical scheme is implemented by hardware, the matrix used for key expansion is a circular matrix, and the original key can be expanded by only storing 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.

Description

Method, device and storage medium for realizing block cipher MEG
Technical Field
The invention belongs to the field of computers, and particularly relates to a method and a device for realizing a block cipher MEG and a storage medium.
Background
With the rapid development of the information age, the information security technology plays an increasingly important role in the social life of people, and cryptography is a basis of the information security technology and receives more and more attention. Block cipher algorithms are widely used in computer communications and information system security because of their advantages in encryption speed, amount of encrypted data, design criteria, and software and hardware implementation.
However, with the application of micro-computing storage devices such as infrared sensing devices, Radio Frequency Identification Devices (RFID), Wireless Sensors (WSN), personal digital assistant terminals (PDA) and other micro embedded devices in recent years, the technology of internet of things is advanced to the aspect of people's life, and it also bears a great amount of private information of countries, enterprises and individuals, and how to ensure the security of these resource-limited devices on the internet of things has become an urgent problem to be solved. In this context, research on lightweight block ciphers has been ongoing.
Compared with the traditional block cipher, the lightweight block cipher focuses more on how to improve the encryption efficiency, how to reduce the computing resources, and how to provide the encryption function on the equipment with small storage space and weak computing power and limited resources. In recent years, a batch of lightweight block ciphers are designed, such as LED, TWINE, PRESENT, Piccolo, LBlock, microdori, and the like, and these lightweight block cipher algorithms have a good fit with the encryption environment under resource-limited devices in the internet of things, but sometimes the security is reduced to some extent in order to reduce the resource occupation, or the encryption and decryption efficiency is reduced to ensure a lower resource area, so the designed lightweight block ciphers are vulnerable.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, aiming at overcoming the problem that the security is not high and the MEG is easy to be attacked on the premise of ensuring that the occupied area of the resources of the existing lightweight block cipher algorithm is not high.
The technical scheme of the invention is as follows:
on one hand, a method for implementing a block cipher MEG comprises the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
M in the block cipher MEG refers to a maximum distance separable code generator matrix (MDS matrix), and EG refers to an Extended generalized Feistel Structure (Extended generalized Feistel Structure).
Further, the specific process of expanding the original key by using the maximum distance separable generator matrix is as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
Figure GDA0002540920860000021
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure GDA0002540920860000022
wherein, the elements in W are in 16-system representation.
The matrix W (MDS matrix) can be used to construct an optimal diffusion layer that is best able to resist differential analysis and linear analysis, thus further ensuring the security of the key. Meanwhile, the diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, which description is exactly the same as diffusion.
Further, the matrix used by the EFG column hybrid transformation operation adopts a 4 × 4 MDS matrix formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
Figure GDA0002540920860000031
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In the technical scheme, two construction modes of the MDS matrix exist, including a generation mode of applying maximum distance divisible codes and a generation mode of iterating 4 times by utilizing an extended generalized Feistel structure.
And the MDS matrix constructed by the generating matrix applying the maximum distance separable codes is used for performing key expansion operation, which is the first time that the MDS matrix is used for performing key expansion. The MDS matrix is constructed in an iterative mode and is firstly proposed in 2011 LED block ciphers, but a linear feedback shift register is adopted for iterative construction at the moment, a novel extended generalized Feistel structure which can be used for iteratively constructing the MDS matrix is proposed in the technical scheme of the invention and is used in column confusion operation, an optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, and therefore the safety of the algorithm can be further improved.
In one aspect, an apparatus for implementing a block cipher MEG includes:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
Further, the expanded key module is to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
Figure GDA0002540920860000041
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure GDA0002540920860000042
wherein, the elements in W are in 16-system representation.
Further, the matrix structure used by the EFG column hybrid transformation module is a 4 × 4 MDS matrix structure formed after 4 iterations using an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure GDA0002540920860000043
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In another aspect, a computer storage medium includes a computer program that, when executed by a processing terminal, causes the processing terminal to perform a block cipher MEG implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, and this description is exactly consistent with the diffusion definition. The optimal diffusion layer can better resist differential analysis and linear analysis, so that the safety of the algorithm can be further improved.
The technical scheme of the invention also provides an extended generalized Feistel structure, and an optimal diffusion layer is generated after 4 iterations, which corresponds to the column confusion operation in the encryption algorithm. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved.
According to the technical scheme, when hardware is implemented, the matrix corresponding to the key expansion algorithm is a circular matrix, so that all elements do not need to be stored, and the seed key can be expanded only by storing the 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Drawings
FIG. 1 is a MEG lightweight block cipher algorithm encryption flow chart of the method of the present invention;
FIG. 2 is a MEG lightweight block cipher algorithm decryption flow chart of the method of the present invention;
fig. 3 is a diagram of a corresponding extended generalized Feistel structure in a column hybrid transform operation according to the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples.
A method for realizing a block cipher MEG is characterized in that the MEG algorithm has a block length of 64 bits and a key length of 64 bits, and comprises 32 rounds of operation. As shown in fig. 1, the encryption operation includes six modules, namely, a key expansion algorithm (KeyExpansion), round key addition transformation (addroundkey), constant addition transformation (addrontents), S-box substitution transformation (SubCell), shift transformation (ShiftRow), and column obfuscation transformation (mixcolumns), and after the round key addition transformation is started once, every 2 rounds of constant addition transformation, S-box substitution transformation, shift transformation, and column hybrid transformation are performed once. Decryption operation flow as shown in fig. 2, the algorithm decryption round operation includes six modules, namely, column confusion inverse transform (InvMixColumns), row shift inverse transform (InvShiftRows), S-box replacement inverse transform (InvSubCells), constant plus inverse transform (invaddcondonstants), round key plus transform (addroundkey) and key expansion algorithm (KeyExpansion).
The block cipher MEG algorithm pseudo-code is described below.
Algorithm 1: block cipher MEG algorithm encryption process
Inputting: plaintext, Key;
and (3) outputting: ciphertext;
1.State←Plaintext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.AddConstants(State);
7.SubCells(State);
8.ShiftRows(State);
9.MixColumns(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs the corresponding round key; if i is even, KeyiIs an original Key, if i is an odd number, KeyiIs an expanded key.
And (3) key expansion operation: the original key is represented as 16 finite fields GF (2) of 4-bit one bit4) The above elements, and arranged in a 4 × 4 matrix as follows.
Figure GDA0002540920860000061
And applying a generating matrix W of the following maximum distance divisible codes to perform matrix multiplication operation on a finite field with the seed key so as to obtain a new round key K'. Namely, it is
Figure GDA0002540920860000062
Wherein the data in the matrix W is in 16-ary representation.
Round key addition: performing XOR operation on the 64-bit plaintext or the intermediate value of each 2 rounds and the ith (i is more than or equal to 1 and less than or equal to 17) round key 64-bit, and performing XOR operation on the 64-bit plaintext or the intermediate value State (State) of each 2 rounds0,…,state15) I-th round key
Figure GDA0002540920860000063
Has an operational relationship of
Figure GDA0002540920860000064
Wherein, if i is odd, KeyiIs the original Key, i is even number, KeyiIs the expanded key.
Constant addition transformation: the intermediate state matrix is exclusive-or-ed by a round constant matrix; the wheel constants are specifically defined as shown in the following matrix,
Figure GDA0002540920860000066
for 6 bits, the initial value takes 0. Is shifted to the left and will
Figure GDA0002540920860000065
As new rc0The value of (c).
Figure GDA0002540920860000071
S box replacement transformation: the S-box of the PRESENT algorithm is used, 16 4-bits of the intermediate state matrix are used for S-box conversion of each 4-bit, and the conversion relation is shown in a table 1.
TABLE 1 MEG S-Box
Figure GDA0002540920860000072
Line shift conversion: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle is left unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells.
Column mixing transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
Figure GDA0002540920860000073
The column hybrid transformation operation is that a 4 x 4 matrix composed of 16 units in a column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (1), where the data is represented in 16-ary form.
Figure GDA0002540920860000074
The block cipher MEG decryption algorithm is described as follows.
Inputting: cipertext, Key;
and (3) outputting: plaintext;
1.State←Ciphertext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.InvMixColumns(State);
7.InvShiftRows(State);
8.InvSubCells(State);
9.InvAddConstants(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs a round key; when i is even, KeyiIs an original Key, when i is odd, KeyiIs an expanded key.
The MEG decryption uses four inverse transformations in encryption transformation, round key addition transformation and key expansion transformation, wherein the round key addition, constant addition operation and key expansion operation inverse transformation are performed to the MEG decryption; and decrypting the ciphertext in the reverse order of the encryption operation, wherein the key used in the decryption process is the same as the encryption process.
S-box replacement inverse transformation: the inverse transformation of the S-box using the PRESENT algorithm is followed, 16 4-bits of the intermediate state matrix are subjected to S-box transformation for each 4-bit, and the transformation relation thereof is shown in Table 2
TABLE 2 inverse S-box transform of MEG
Figure GDA0002540920860000081
And (3) row shift inverse transformation: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the right cycle, the 0 th row cycle is left unchanged, the 1 st row cycle is shifted to the right by 1 cell, the 2 nd row is shifted to the right by 2 cells, and the 3 rd row cycle is shifted to the right by 3 cells.
Column hybrid inverse transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m' below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
Figure GDA0002540920860000082
The column hybrid transformation operation is that a 4 x 4 matrix composed of 16 units in a column hybrid transformation matrix M and State is in a finite field GF (2)4) A multiplication transformation of (2) corresponding toEquation (2) is transformed, where the data is represented in 16-ary.
Figure GDA0002540920860000083
MEG-64 Algorithm test data is shown in Table 3:
TABLE 3 Block cipher MEG Algorithm test data
Plaintext key CiPhertext
0000-0000-0000-0000 0000-0000-0000-0000 A481-5A45-1DA0-C5F2
0000-0000-0000-0000 FFFF-FFFF-FFFF-FFFF BBDE-C811-2B31-E305
FFFF-FFFF-FFFF-FFFF 0000-0000-0000-0000 524E-898B-B3C5-C9A2
FFFF-FFFF-FFFF-FFFF FFFF-FFFF-FFFF-FFFF 57A3-5E98-A4F2-3AF2
6666-6666-6666-6666 0123-4567-89AB-CDEF EF8E-9A7F-760B-3EAD
The block cipher MEG algorithm is realized by hardware in an ASIC, and is synthesized in a Synopsys Design Compiler Version B-6008.09, wherein a comprehensive process library is SMIC 0.18umCMOS, and in a comprehensive experiment, the unit of area resources is GE. The resource area occupied by the MEG-64 algorithm is 1318 GE. The area comparison for each lightweight block cipher algorithm implementation is shown in table 4.
TABLE 4 area comparison for lightweight block cipher algorithms
Figure GDA0002540920860000091
Based on the above method, an embodiment of the present invention further provides an apparatus for implementing a block cipher MEG, including:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
The expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
Figure GDA0002540920860000101
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure GDA0002540920860000102
wherein, the elements in W are in 16-system representation.
The matrix structure used by the EFG column hybrid transformation module is a 4 × 4 MDS matrix structure formed after 4 iterations of an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure GDA0002540920860000103
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
It should be understood that the functional unit modules in the embodiments of the present invention may be integrated into one processing unit, or each unit module may exist alone physically, or two or more unit modules are integrated into one unit module, and may be implemented in the form of hardware or software.
The embodiment of the present invention further provides a computer storage medium, which includes a computer program, and when the computer program instruction is executed by a processing terminal, the processing terminal executes a method for implementing a block cipher MEG, which has the beneficial effects of the method part, and is not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (7)

1. A method for realizing a block cipher MEG is characterized by comprising the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, performing one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iteration operation, and performing one-time key addition transformation after the 32-time iteration operation is completed to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way;
round key addition transformation: carrying out XOR operation on 64-bit plaintext/64-bit ciphertext or the intermediate value of each 2 rounds and the ith 64-bit round key, wherein the State of the 64-bit plaintext/64-bit ciphertext or the intermediate value of each 2 rounds is equal to State0,…,state15I-th round key
Figure FDA0003218425640000011
Has an operational relationship of
Figure FDA0003218425640000012
Wherein, if i is odd, KeyiIs the original Key, i is even number, KeyiThe expanded key is the key, wherein i is more than or equal to 1 and less than or equal to 17, and j is more than or equal to 0 and less than or equal to 15;
constant addition transformation: XOR the intermediate state matrix by a round constant matrix; the wheel constant matrix is specifically defined as shown in the following matrix, (r)c5,rc4,rc3,rc2,rc1,rc0) For 6 bits, the initial value takes 0; is shifted to the left and will
Figure FDA0003218425640000013
As new rc0A value of (d);
Figure FDA0003218425640000014
s, box conversion: 16 4 bits of the intermediate state matrix, and performing S-box transformation on each 4 bits, wherein the transformation relationship is that S [ x ] ═ { C, 5,6, B, 9,0, a, D, 3, E, F, 8, 4, 7, 1, 2}, and x takes a value of {0,1,2,3,4,5,6,7,8,9, a, B, C, D, E, F };
line shift conversion: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle remains unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row cycle is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells;
EFG column hybrid transform: the 4 x 4 matrix composed of 16 units in the column mixed transformation matrix M and State is in the finite field GF (2)4) A multiplicative transformation above, corresponding to the transformation formula below, where the data is represented in 16-ary;
Figure FDA0003218425640000021
2. the method of claim 1, wherein the original key is expanded by using the maximum distance separable generator matrix as follows:
the original key is divided from high order to low order to obtain 16 finite fields GF (2) with 4 bits4) The above elements, and arranged in sequence as a 4 × 4 original key matrix K:
Figure FDA0003218425640000022
using the maximum distance code-divisible generating matrix W to perform matrix multiplication operation on a limited domain with the original key matrix K, thereby obtaining a new key matrix K
Figure FDA0003218425640000023
Wherein, the elements in W are in 16-system representation.
3. The method of claim 1, wherein the EFG column mixture transform operation uses a matrix MDS matrix that is a 4 x 4 maximum distance separable code generator formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
Figure FDA0003218425640000024
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
4. A block cipher MEG implementation device is characterized by comprising:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iteration round operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules;
round key adds transform module: carrying out XOR operation on 64 bits of plaintext/64 bits of ciphertext or intermediate value of each 2 rounds and 64 bits of the ith round key, wherein the State of the 64 bits of plaintext/64 bits of ciphertext or intermediate value of each 2 rounds is equal to State0,…,state15I th round key
Figure FDA0003218425640000031
Has an operational relationship of
Figure FDA0003218425640000032
Wherein, if i is odd, KeyiIs the original Key, i is even number, KeyiThe expanded key is the key, wherein i is more than or equal to 1 and less than or equal to 17, and j is more than or equal to 0 and less than or equal to 15;
a constant plus transformation module: differentiating the intermediate state matrixOr a round constant matrix; the wheel constant matrix is specifically defined as shown in the following matrix, (rc)5,rc4,rc3,rc2,rc1,rc0) For 6 bits, the initial value takes 0; is shifted to the left and will
Figure FDA0003218425640000033
As new rc0A value of (d);
Figure FDA0003218425640000034
s box conversion module: 16 4 bits of the intermediate state matrix, and performing S-box transformation on each 4 bits, wherein the transformation relationship is that S [ x ] ═ { C, 5,6, B, 9,0, a, D, 3, E, F, 8, 4, 7, 1, 2}, and x takes a value of {0,1,2,3,4,5,6,7,8,9, a, B, C, D, E, F };
a row shift conversion module: for a 4 x 4 matrix of 16 cells, each row of the matrix is shifted to a different cell in the left cycle, the 0 th row cycle remains unchanged, the 1 st row cycle is shifted to the left by 1 cell, the 2 nd row cycle is shifted to the left by 2 cells, and the 3 rd row cycle is shifted to the left by 3 cells;
EFG column hybrid transform module: the 4 x 4 matrix composed of 16 units in the column mixed transformation matrix M and State is in the finite field GF (2)4) A multiplicative transformation above, corresponding to the transformation formula below, where the data is represented in 16-ary;
Figure FDA0003218425640000041
5. the apparatus of claim 4, wherein the expanded key module is configured to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
the original key is divided from high order to low order to obtain 16 finite fields GF (2) with 4 bits4) The elements above, and arranged in sequence as a 4 × 4 original key matrixK:
Figure FDA0003218425640000042
Applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure FDA0003218425640000043
wherein, the elements in W are in 16-system representation.
6. The apparatus of claim 4, wherein the matrix structure used by the EFG column hybrid transform module is a 4 x 4 MDS matrix structure formed after 4 iterations with an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure FDA0003218425640000044
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
7. A computer storage medium comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 3 when executed by a processor.
CN202010068953.7A 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG Active CN111478766B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010068953.7A CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010068953.7A CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Publications (2)

Publication Number Publication Date
CN111478766A CN111478766A (en) 2020-07-31
CN111478766B true CN111478766B (en) 2021-09-28

Family

ID=71747039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010068953.7A Active CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Country Status (1)

Country Link
CN (1) CN111478766B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134691B (en) * 2020-10-27 2023-07-04 衡阳师范学院 NLCS block cipher realization method, device and medium with repeatable components
CN113645615B (en) * 2021-08-12 2023-12-22 衡阳师范学院 Lightweight block cipher encryption and decryption method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8130946B2 (en) * 2007-03-20 2012-03-06 Michael De Mare Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation
CN102025484B (en) * 2010-12-17 2012-07-04 北京航空航天大学 Block cipher encryption and decryption method
CN104065474B (en) * 2014-07-14 2015-04-08 衡阳师范学院 Novel low-resource efficient lightweight Surge block cipher implementation method
US9960908B1 (en) * 2015-06-19 2018-05-01 Amazon Technologies, Inc. Reduced-latency packet ciphering
CN105959107B (en) * 2016-06-24 2017-03-08 衡阳师范学院 A kind of lightweight SFN block cipher implementation method of new high safety
US10742405B2 (en) * 2016-12-16 2020-08-11 The Boeing Company Method and system for generation of cipher round keys by bit-mixers
CN107707343B (en) * 2017-11-08 2020-10-16 贵州大学 SP network structure lightweight block cipher realization method with consistent encryption and decryption
CN108206736B (en) * 2018-01-11 2019-03-15 衡阳师范学院 A kind of lightweight cryptographic algorithm HBcipher implementation method and device

Also Published As

Publication number Publication date
CN111478766A (en) 2020-07-31

Similar Documents

Publication Publication Date Title
Guo et al. The PHOTON family of lightweight hash functions
Turan et al. Status report on the second round of the NIST lightweight cryptography standardization process
CN112202547B (en) Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN110572255B (en) Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium
CN109450632B (en) Key recovery method based on white-box block cipher CLEFIA analysis
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
CN105959107B (en) A kind of lightweight SFN block cipher implementation method of new high safety
CN103634101A (en) Encryption processing method and encryption processing equipment
CN110784307B (en) Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium
CN111478766B (en) Method, device and storage medium for realizing block cipher MEG
Zhang et al. Differential cryptanalysis on block cipher skinny with MILP program
Li et al. Keyed hash function based on a dynamic lookup table of functions
CN111245598A (en) Method for realizing lightweight AEROGEL block cipher
CN111614457B (en) P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium
CN111314054B (en) Lightweight ECEG block cipher realization method, system and storage medium
Gueron et al. Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8)
CN112134691B (en) NLCS block cipher realization method, device and medium with repeatable components
Faraoun Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata
Muhalhal et al. A hybrid modified lightweight algorithm for achieving data integrity and confidentiality
CN106921486A (en) The method and apparatus of data encryption
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
Orhanou et al. Analytical evaluation of the stream cipher ZUC
CN115102685A (en) Physical layer information encryption method based on infinite dimension hyperchaos
Loidreau Analysis of a public-key encryption scheme based on distorted Gabidulin codes
Kim et al. Low power circuit architecture of AES crypto module for wireless sensor network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant