CN112787800A - Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium - Google Patents

Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium Download PDF

Info

Publication number
CN112787800A
CN112787800A CN202110065507.5A CN202110065507A CN112787800A CN 112787800 A CN112787800 A CN 112787800A CN 202110065507 A CN202110065507 A CN 202110065507A CN 112787800 A CN112787800 A CN 112787800A
Authority
CN
China
Prior art keywords
round
intermediate value
order mask
function
mask corresponding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110065507.5A
Other languages
Chinese (zh)
Other versions
CN112787800B (en
Inventor
乌力吉
袁野
张向民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN202110065507.5A priority Critical patent/CN112787800B/en
Publication of CN112787800A publication Critical patent/CN112787800A/en
Application granted granted Critical
Publication of CN112787800B publication Critical patent/CN112787800B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an encryption and decryption method, device, electronic equipment and storage medium based on a second-order mask, which comprises the following steps: determining a first round key, a second-order mask corresponding to the first round key, a first round key generation intermediate value and a second-order mask corresponding to the first round key generation intermediate value; performing a first round of operation processing on the information to be processed, a first round key, and a second order mask corresponding to the first round key, to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value; and performing N-1 round operation processing on the round function based on the first round function intermediate value and the second-order mask corresponding to the first round function intermediate value, the first round key generation intermediate value and the second-order mask corresponding to the first round key generation intermediate value to obtain an Nth round output result, and determining encryption and decryption information corresponding to information to be processed based on the Nth round output result.

Description

Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium
Technical Field
The present application relates to the technical field of hardware circuit information security, and in particular, to an encryption and decryption method and apparatus based on a second-order mask, an electronic device, and a storage medium.
Background
The advent of the information age has brought devices containing cryptographic chips into the aspects of human life, including communications, finance, and even national security. In the information era, while convenience is brought to people, the safety problem needs to be paid high attention, and the safety problem threatens individuals and countries. The theoretical security of the modern cryptographic algorithm can be correspondingly guaranteed through repeated demonstration. The theoretical security is not equal to the security of practical application, and the cryptographic chip is a hardware implementation carrier of the cryptographic algorithm, and the security of the cryptographic chip not only depends on the algorithm itself, but also depends on the hardware implementation scheme of the algorithm. In recent years, energy analysis technology has become one of the biggest threats to the security of cryptographic chips.
The energy analysis technology mainly utilizes the energy consumption, electromagnetic radiation and other information generated by the cryptographic hardware equipment during working to obtain the key value of the cryptographic algorithm. Typical energy analysis algorithms mainly include differential energy analysis and correlation energy analysis. The method can crack the key value by utilizing the dependency relationship between the energy consumption generated by the hardware password equipment in the encryption and decryption process and the intermediate value processed by the password algorithm through a divide-and-conquer strategy, has low calculation overhead, low attack cost and good attack effect, is a great threat for realizing the password hardware, and is of great importance for corresponding resisting technology.
Disclosure of Invention
In order to solve the above problems, the present application provides an encryption and decryption method, apparatus, device and storage medium based on a second order mask.
The application provides an encryption and decryption method based on a second-order mask, which comprises the following steps:
acquiring input information to be processed, an initial key and an initial second-order mask;
determining a first round key, a second order mask corresponding to the first round key, a first round key generation intermediate value and a second order mask corresponding to the first round key generation intermediate value based on the initial key and the initial second order mask;
performing a first round of operation processing on the information to be processed, a first round key, and a second order mask corresponding to the first round key, to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value;
performing N-1 round operation processing on the round function based on the first round function intermediate value and a second order mask corresponding to the first round function intermediate value, a first round key generation intermediate value and a second order mask corresponding to the first round key generation intermediate value to obtain an N-th round output result, wherein the input of the i-th round operation processing of the round function comprises the i-1-th round output result of the round function, the i-th round key of the i-th round function is determined based on the i-1-th round key generation intermediate value and the second order mask corresponding to the i-1-th round key generation intermediate value, N is a positive integer greater than 1, and i is greater than or equal to 2 and less than or equal to N;
and determining the encryption and decryption information corresponding to the information to be processed based on the Nth round output result.
In some embodiments, the determining, based on the nth round output result, encryption and decryption information corresponding to information to be processed includes:
and performing reverse order processing and mask removing processing on the Nth round of operation result to obtain the encryption and decryption information corresponding to the information to be processed.
In some embodiments, the performing a first round of operation processing on the round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key to obtain a first round output result of the round function includes:
and inputting the information to be processed, a first round key and a second-order mask corresponding to the first round key into the round function to perform first round operation processing, so as to obtain a first round output result of the round function.
In some embodiments, the performing N-round operation processing on the round function based on the first round function intermediate value and the second-order mask corresponding to the first round function intermediate value, the first-round key generation intermediate value, and the second-order mask corresponding to the first-round key generation intermediate value to obtain an nth-round output result includes:
determining a second round key, a second order mask corresponding to the second round key, a second round key generation intermediate value and a second order mask corresponding to the second round key generation intermediate value based on a first round key generation intermediate value and the second order mask corresponding to the first round key generation intermediate value;
inputting the first round function intermediate value, the second round mask corresponding to the first round function intermediate value, the second round key, and the second round mask corresponding to the second round key into the round function to perform a second round of operation processing, so as to obtain a second round output result, where the second round output result includes: a second round function intermediate value and a second-order mask corresponding to the round function intermediate value;
and performing ith round of operation processing based on the second round function intermediate value, the second-order mask corresponding to the second round function intermediate value, the second-round key generation intermediate value and the second-order mask corresponding to the second-round key generation intermediate value, wherein i is more than or equal to 2 and less than or equal to N.
In some embodiments, the second order mask of the information to be processed is 0, and the N is 32.
In some embodiments, the round function is capable of linear or non-linear transformation operations.
In some embodiments, the linear transform operation comprises a shift transform, an exclusive-or transform, and the non-linear transform operation comprises GF (2)2) Is transformed.
An applied embodiment provides an encryption and decryption apparatus, including:
the first acquisition module is used for acquiring input information to be processed, an initial key and an initial second-order mask;
a first determining module, configured to determine, based on the initial key and the initial second-order mask, a first round key, a second-order mask corresponding to the first round key, a first round key generation intermediate value, and a second-order mask corresponding to the first round key generation intermediate value;
a first round calculation module, configured to perform a first round of operation processing on a round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key, so as to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value;
an N-round calculation module, configured to perform N-1-round operation processing on the round function based on the first round function intermediate value and a second-order mask corresponding to the first round function intermediate value, a first-round key generation intermediate value, and a second-order mask corresponding to the first-round key generation intermediate value, to obtain an N-round output result, where an input of an i-th-round operation processing of the round function includes an i-1-th-round output result of the round function, an i-th-round key of the i-th-round function is determined based on the i-1-th-round key generation intermediate value and the second-order mask corresponding to the i-1-th-round key generation intermediate value, N is a positive integer greater than 1, and i is greater than or equal to 2 and less than or equal to N;
and the second determining module is used for determining the encryption and decryption information corresponding to the information to be processed based on the Nth round output result.
An embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and when the computer program is executed by the processor, the electronic device executes the encryption and decryption method described in any one of the above items.
The present application provides a storage medium storing a computer program, which can be executed by one or more processors, and can be used to implement any one of the encryption and decryption methods described above.
According to the encryption and decryption method based on the second-order mask, the second-order mask is adopted for protection in N rounds of operation of round functions, and high-order energy analysis and template attack can be resisted in the whole process.
Drawings
The present application will be described in more detail below on the basis of embodiments and with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart illustrating an implementation of an encryption and decryption method based on a second-order mask according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating a process of determining N-round output results according to an embodiment of the present disclosure;
fig. 3 is a schematic flow chart illustrating an implementation of a second-order mask-based encryption and decryption method for a cryptographic SM4 algorithm according to an embodiment of the present application;
fig. 4 is a circuit implementation control scheme for a second-order mask encryption and decryption operation with SM4 according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an encryption and decryption apparatus based on a second-order mask according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
In the drawings, like parts are designated with like reference numerals, and the drawings are not drawn to scale.
Detailed Description
In order to make the objectives, technical solutions and advantages of the present application clearer, the present application will be described in further detail with reference to the attached drawings, the described embodiments should not be considered as limiting the present application, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
The following description will be added if a similar description of "first \ second \ third" appears in the application file, and in the following description, the terms "first \ second \ third" merely distinguish similar objects and do not represent a specific ordering for the objects, and it should be understood that "first \ second \ third" may be interchanged under certain circumstances in a specific order or sequence, so that the embodiments of the application described herein can be implemented in an order other than that shown or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the application.
The embodiment of the application provides an encryption and decryption method based on a second-order mask, and the method is applied to electronic equipment. The functions realized by the encryption and decryption method based on the second-order mask provided by the embodiment of the application can be realized by calling a program code by a processor of the electronic equipment, wherein the program code can be stored in a computer storage medium. An embodiment of the present application provides an encryption and decryption method based on a second order mask, and fig. 1 is a schematic flow chart illustrating an implementation of the encryption and decryption method based on the second order mask, as shown in fig. 1, including:
step S101, obtaining input information to be processed, an initial key and an initial second-order mask.
In this embodiment of the application, the information to be processed may be a plaintext or a ciphertext, the second-order mask is a second-order mask corresponding to the initial key, and the second-order mask may be represented by a random number, illustratively, by two random values. The information to be processed has no random mask, and the mask value of the information to be processed can be replaced by 0.
Step S102, determining a first round key, a second order mask corresponding to the first round key, a first round key generation intermediate value, and a second order mask corresponding to the first round key generation intermediate value based on the initial key and the initial second order mask.
In this embodiment of the present application, an algorithm model may be preset, an initial key and the initial second-order mask may be input into the algorithm model, and a second-order mask corresponding to the first round key, a first round key generation intermediate value, and a second-order mask corresponding to the first round key generation intermediate value may be determined. In this embodiment, the first round key is not a true round key, but is a random value scrambled by a corresponding second-order mask.
Step S103, performing a first round of operation processing on the to-be-processed information, the first round key, and a second order mask corresponding to the first round key, to obtain a first round output result of the round function.
In an embodiment of the present application, the first round of output results includes: and the first round function intermediate value and the second-order mask corresponding to the first round function intermediate value.
In the embodiment of the present application, the round function is preset, and the linear transformation operation or the nonlinear transformation operation is performed. The linear transformation operation comprises shift transformation, exclusive-or transformation, and the non-linear transformation operation comprises GF (2)2) Is converted into an operation of a basic unit.
In this embodiment of the application, the information to be processed, the first round key, and the second-order mask corresponding to the first round key may be input to the round function to perform the first round of operation processing, so as to obtain the first round output result of the round function.
In the embodiment of the present application, when the information to be processed is a plaintext, encryption operation processing is executed, and when the information to be processed is a ciphertext, decryption operation processing is executed. In some embodiments, when the input information to be processed, the initial key and the initial second-order mask are obtained, the method further includes: the identifier is obtained, and the identifier is used to characterize that in the decryption operation processing or the encryption operation processing, for example, when encdec is 1, it indicates that the decryption operation is to be performed, and when encdec is 0, it indicates that the encryption operation is to be performed, in this embodiment of the present application, the corresponding processing state may be entered according to the identifier.
And step S104, performing N-1 round operation processing on the round function based on the first round function intermediate value, the second-order mask corresponding to the first round function intermediate value, the first round key generation intermediate value and the second-order mask corresponding to the first round key generation intermediate value to obtain an Nth round output result.
In this embodiment of the present application, N is a positive integer greater than 1, an input of the ith round of operation processing of the round function includes an output result of the ith-1 round of the round function, and an ith round key of the ith round of the round function is determined based on an ith-1 round key generation intermediate value and a second order mask corresponding to the ith-1 round key generation intermediate value. And the output result of the ith round is a second-order mask corresponding to the intermediate value of the ith round function and the intermediate value of the ith round function, and i is more than or equal to 2 and less than or equal to N.
In some embodiments, a second round key, a second order mask corresponding to the second round key, a second round key generation intermediate value, and a second order mask corresponding to the second round key generation intermediate value may be determined based on a first round key generation intermediate value and the second order mask corresponding to the first round key generation intermediate value; inputting the first round function intermediate value, the second round mask corresponding to the first round function intermediate value, the second round key, and the second round mask corresponding to the second round key into the round function to perform a second round of operation processing, so as to obtain a second round output result, where the second round output result includes: a second round function intermediate value and a second-order mask corresponding to the round function intermediate value; and performing ith round of operation processing based on the second round function intermediate value, the second-order mask corresponding to the second round function intermediate value, the second-round key generation intermediate value and the second-order mask corresponding to the second-round key generation intermediate value, wherein i is more than or equal to 2 and less than or equal to N.
In some embodiments, N is 32, i.e., 32 rounds of function operations need to be performed.
And step S105, determining the encryption and decryption information corresponding to the information to be processed based on the Nth round output result.
In the embodiment of the application, the N-th round operation result is subjected to reverse order processing and mask removing processing, so as to obtain the encryption and decryption information corresponding to the information to be processed. And when the information to be processed is a plaintext, the obtained encryption and decryption information is a ciphertext, and when the information to be processed is a ciphertext, the obtained encryption and decryption information is a plaintext.
According to the encryption and decryption method based on the second-order mask, the second-order mask is adopted for protection in N rounds of operation of round functions, and high-order energy analysis and template attack can be resisted in the whole process. Except for the first round of operation, the second-order mask required by each round of operation is obtained through the output of the previous round of operation adjacent to the round of operation, namely, each round of operation except the first round of operation does not need to introduce a new random mask, so that the random mask required by the technical scheme is less. In addition, the intermediate value of the N-round operation does not need to be unmasked, so that the effective resistance to energy attack is realized.
In some embodiments, the step S105 "determining the encryption/decryption information corresponding to the information to be processed based on the nth round output result" may be implemented by the following steps, including:
and step S1, performing reverse order processing and mask removing processing on the Nth round of operation result to obtain the encryption and decryption information corresponding to the information to be processed.
In some embodiments, step S103 "perform a first round of operation processing on the round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key, to obtain a first round output result of the round function" may be implemented by:
step S2, inputting the information to be processed, the first round key, and the second order mask corresponding to the first round key into the round function to perform the first round of operation processing, so as to obtain a first round output result of the round function.
In some embodiments, in step S104, "performing N-round operation processing on the round function based on the first round function intermediate value and the second-order mask corresponding to the first round function intermediate value, the first round key generation intermediate value, and the second-order mask corresponding to the first round key generation intermediate value to obtain an nth round output result" fig. 2 is a schematic flow chart for determining an N-round output result provided in this embodiment, as shown in fig. 2, including: the method can be realized by the following steps:
step S1041, determining a second round key, a second order mask corresponding to the second round key, a second round key generation intermediate value, and a second order mask corresponding to the second round key generation intermediate value based on a first round key generation intermediate value and the second order mask corresponding to the first round key generation intermediate value;
step S1042, inputting the first round function intermediate value, the second round key, and the second mask corresponding to the first round key to the round function to perform a second round operation process, so as to obtain a second round output result, where the second round output result includes: a second round function intermediate value and a second-order mask corresponding to the round function intermediate value;
step S1043, performing an ith round of operation processing based on the second round function intermediate value, the second-order mask corresponding to the second round function intermediate value, the second-round key generation intermediate value, and the second-order mask corresponding to the second-round key generation intermediate value, where i is greater than or equal to 2 and less than or equal to N.
In some embodiments, the second order mask of the information to be processed is 0, and the N is 32. That is, in the embodiment of the present application, 32 rounds of calculation of the round function need to be performed.
In some embodiments, the round function is capable of linear or non-linear transformation operations. The linear transformation operation comprises shift transformation, exclusive-or transformation, and the non-linear transformation operation comprises GF (2)2) Is converted into an operation of a basic unit.
Based on the above method, fig. 3 is a schematic flow chart of a second-order mask implementation method for the SM4 algorithm in the present application, and as shown in fig. 3, the basic operation units of the SM4 algorithm include: the key generation module and the round function module, and the number of rounds N is 32.
Taking the encryption process as an example for explanation, the decryption process is similar to the encryption process, and the encryption process includes:
in step S301, a second order mask value including a plaintext, an initial key, and a key is input.
In the embodiment of the present application, a second order mask value (i.e., two random values). In order to save resource cost, the design does not provide a separate random mask for the plaintext, and the mask value of the plaintext is replaced by zero.
In step S302, an encryption operation is started.
And generating a round key value of the current round and a corresponding second-order mask value by a key generation module, and generating an intermediate value and a second-order mask value thereof by a key. Note that the round key value at this time is not the true round key, but a random value scrambled by a mask. The key generation intermediate value and its second order mask value will be the input to the next round of key generation module. The round function of the current round generates the output of the current round, namely the intermediate value of the round function and the second-order mask value thereof according to the round key value of the current round and the corresponding second-order mask value, and the value is used as the input of the next round function. Thus, 32 rounds of post-encryption operations are performed.
Step S303, go through the reverse order and mask removing operation
Step S304, outputting the ciphertext.
In the embodiment of the application, when the second-order mask is processed, two different mask scheme designs are provided for the basic units of linear operation and nonlinear operation in the key generation module and the round function module. The nonlinear operation of the whole algorithm is mainly embodied on an S box, and the S box module in the design is realized by finite field reduced order, wherein the main nonlinear operation is embodied on multiplication operation, and all the multiplication operations can be GF (2)2) The multiplication operation expands for the basic unit. And the linear operation is combined and expanded by taking a shift operation and an exclusive-or operation as basic units. The scheme is combined expansion by taking the second-order mask of the basic unit as a basic unit.
Taking the variables a, b as examples
Figure BDA0002904047240000091
Wherein, a1,a2,a3And, b1,b2,b3Three shared values of a, b, i.e. second order mask values.
For the shift operation: shift (a), second order masking operation thereof
Figure BDA0002904047240000092
Wherein, shift (a)1),shift(a2),shift(a3) Three second order mask values output for the shift second order mask operation.
For XOR operation xor (a, b), its second order masking operation
Figure BDA0002904047240000093
Wherein xor (a)1,b1),xor(a2,b2),xor(a3,b3) Exclusive-or the three second order mask values output by the second order mask.
For GF (2)2) Multiplication operation: GF2_ mul (a, b) requires the generation of 3 random values r of a, b and the same number of bits1,2,r1,3,r2,3. Order to
Figure BDA0002904047240000094
Figure BDA0002904047240000095
Figure BDA0002904047240000096
Its second order mask operation
Figure BDA0002904047240000097
Figure BDA0002904047240000098
Figure BDA0002904047240000099
Is GF (2)2) The three second order mask values output by the second order masked multiply operation.
Fig. 4 is a circuit implementation control scheme (the same as the encryption and decryption control method in the foregoing embodiment) for a circuit implementation with an SM4 second-order mask encryption and decryption operation provided in an embodiment of the present application, and the control scheme is as shown in fig. 4. The overall state is divided into seven states of IDLE, DE _ KEY _ EXPAND, DECRYPTION, ENCRYPTION, FINISH, HOLD.
IDLE is initial state, when the enable signal (start) is triggered, state jump is carried out according to the encryption and DECRYPTION signal (encdec), wherein when encdec is 1, the state jump is to execute DECRYPTION operation and jump to DECRYPTION state, and when encdec is 0, the state jump is to KEY _ EXPAND state, and the state jump is to execute encryption operation.
The DE _ KEY _ EXPAND state is specific to the decryption process and provides for a decryption operation. The design saves storage resources, does not store corresponding key values, and generates the key information of the theory separately in each round. Since the decryption operation uses the round key in the reverse direction of the encryption operation, in this state, the corresponding second order mask value of the first round key of the decryption operation will be generated with 32 cycles. Control is performed with i in this state, and when i is 31, the state jumps to DECRYPTION.
The KEY _ EXPAND state is directed to the ENCRYPTION process, which prepares a corresponding second order mask value for the first round KEY for the ENCRYPTION operation, while jumping directly to the ENCRYPTION state.
32 rounds of DECRYPTION operations will be performed in the DECRYPTION state. Each round will perform a decryption operation according to the second order mask value of the round key of that round, while generating the second order mask value of the round key required for the next round of operation. The signal i is used for state control, i counts from 0, when i is equal to 32, it indicates that the complete 32-round decryption operation is completed, and the state is jumped to FINISH, otherwise, the operation is continuously executed in the state.
32 rounds of ENCRYPTION operations are performed in the ENCRYPTION state. Each round will perform an encryption operation according to the second order mask value of the round key of the round, while generating the second order mask value of the round key required for the next round of operation. The signal i is used for state control, i starts counting from 0, when i is equal to 32, the encryption operation of the complete 32 rounds is finished, the state is jumped to the FINISH state, otherwise, the operation is continuously executed in the state.
The FINISH state mainly completes the output of the result of the last round and the second-order mask value, the encryption and decryption operations all need to jump to the state, and the next cycle directly jumps to the HOLD state.
In the HOLD state, the reverse order and mask removing operation are mainly performed to obtain the final output result, and when the one-time complete encryption (decryption) operation is completed, the IDLE state is skipped to wait for the next operation to start.
Based on the foregoing embodiments, the present application provides an encryption and decryption apparatus based on a second order mask, where each module included in the apparatus and each unit included in each module may be implemented by a processor in a computer device; of course, the implementation can also be realized through a specific logic circuit; in the implementation process, the processor may be a Central Processing Unit (CPU), a Microprocessor Unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
An embodiment of the present application provides an encryption and decryption apparatus based on a second order mask, and fig. 5 is a schematic structural diagram of an encryption and decryption apparatus based on a second order mask, as shown in fig. 5, the encryption and decryption apparatus 500 includes:
a first obtaining module 501, configured to obtain input information to be processed, an initial key, and an initial second-order mask;
a first determining module 502, configured to determine, based on the initial key and the initial second order mask, a first round key, a second order mask corresponding to the first round key, a first round key generation intermediate value, and a second order mask corresponding to the first round key generation intermediate value;
a first round calculation module 503, configured to perform a first round of operation processing on a round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key, so as to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value;
an N-round calculation module 504, configured to perform N-1-round operation processing on the round function based on the first round function intermediate value and a second-order mask corresponding to the first round function intermediate value, a first-round key generation intermediate value, and a second-order mask corresponding to the first-round key generation intermediate value, to obtain an N-round output result, where an input of the i-th-round operation processing of the round function includes an i-1-th-round output result of the round function, an N-th-round key of the i-th-round function is determined based on the i-1-th-round key generation intermediate value and the second-order mask corresponding to the i-1-th-round key generation intermediate value, N is a positive integer greater than 1, and i is greater than or equal to 2 and less than or equal to N;
and a second determining module 505, configured to determine, based on the nth round output result, encryption/decryption information corresponding to the information to be processed.
In some embodiments, the second determination module 505 comprises:
and the first determining unit is used for performing reverse order processing and mask removing processing on the Nth round of operation result to obtain the encryption and decryption information corresponding to the information to be processed.
In some embodiments, the first round calculation module 503 includes:
and the first calculation unit is used for inputting the information to be processed, the first round key and the second-order mask corresponding to the first round key into the round function to perform first round operation processing, so as to obtain a first round output result of the round function.
In some embodiments, the N-round calculation module 504 includes:
a second determining unit, configured to determine, based on a first round key generation intermediate value and a second-order mask corresponding to the first round key generation intermediate value, a second round key, a second-order mask corresponding to the second round key, a second round key generation intermediate value, and a second-order mask corresponding to the second round key generation intermediate value;
a second round calculation unit, configured to input the first round function intermediate value and a second order mask corresponding to the first round function intermediate value, a second round key, and a second order mask corresponding to the second round key into the round function to perform a second round of operation processing, so as to obtain a second round output result, where the second round output result includes: a second round function intermediate value and a second-order mask corresponding to the round function intermediate value;
and the ith round calculation unit is used for carrying out ith round of operation processing on the basis of the second round function intermediate value, the second-order mask corresponding to the second round function intermediate value, the second-round key generation intermediate value and the second-order mask corresponding to the second-round key generation intermediate value, wherein i is more than or equal to 2 and less than or equal to N.
In some embodiments, the second order mask of the information to be processed is 0, and the N is 32.
In some embodiments, the round function is capable of linear or non-linear transformation operations.
In some embodiments, the linear transformation operation comprises a shift transformation, an exclusive-or transformation, and the non-linear transformation operation comprises a transformation performed at GF (2)2) Is a transformation of the elementary unit.
It should be noted that, in the embodiment of the present application, if the encryption and decryption method is implemented in the form of a software functional module and sold or used as a standalone product, the encryption and decryption method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or portions thereof contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Accordingly, an embodiment of the present application provides a storage medium, on which a computer program is stored, wherein the computer program is implemented to implement the steps in the encryption and decryption method provided in the foregoing embodiment when executed by a processor.
The embodiment of the application provides an electronic device; fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 6, the electronic device 600 includes: a processor 601, at least one communication bus 602, a user interface 603, at least one external communication interface 604, memory 605. Wherein the communication bus 602 is configured to enable connective communication between these components. The user interface 603 may comprise a display screen, and the external communication interface 604 may comprise a standard wired interface and a wireless interface, among others. The processor 601 is configured to execute the programs of the encryption and decryption methods stored in the memory to implement the steps in the encryption and decryption methods provided in the above embodiments.
The above description of the display device and storage medium embodiments is similar to the description of the method embodiments above, with similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the computer device and the storage medium of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
Here, it should be noted that: the above description of the storage medium and device embodiments is similar to the description of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as a removable Memory device, a Read Only Memory (ROM), a magnetic disk, or an optical disk.
Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a controller to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a magnetic or optical disk, or other various media that can store program code.
The above description is only for the embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An encryption and decryption method based on a second order mask is characterized by comprising the following steps:
acquiring input information to be processed, an initial key and an initial second-order mask;
determining a first round key, a second order mask corresponding to the first round key, a first round key generation intermediate value and a second order mask corresponding to the first round key generation intermediate value based on the initial key and the initial second order mask;
performing a first round of operation processing on the information to be processed, a first round key, and a second order mask corresponding to the first round key, to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value;
performing N-1 round operation processing on the round function based on the first round function intermediate value and a second order mask corresponding to the first round function intermediate value, a first round key generation intermediate value and a second order mask corresponding to the first round key generation intermediate value to obtain an N-th round output result, wherein the input of the i-th round operation processing of the round function comprises the i-1-th round output result of the round function, the i-th round key of the i-th round function is determined based on the i-1-th round key generation intermediate value and the second order mask corresponding to the i-1-th round key generation intermediate value, N is a positive integer greater than 1, and i is greater than or equal to 2 and less than or equal to N;
and determining the encryption and decryption information corresponding to the information to be processed based on the Nth round output result.
2. The method according to claim 1, wherein the determining the encryption/decryption information corresponding to the information to be processed based on the nth round output result comprises:
and performing reverse order processing and mask removing processing on the Nth round of operation result to obtain the encryption and decryption information corresponding to the information to be processed.
3. The method according to claim 1, wherein the performing a first round of operation processing on a round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key to obtain a first round output result of the round function includes:
and inputting the information to be processed, a first round key and a second-order mask corresponding to the first round key into the round function to perform first round operation processing, so as to obtain a first round output result of the round function.
4. The method according to claim 3, wherein the performing N-round operation processing on the round function based on the first round function intermediate value, the second order mask corresponding to the first round function intermediate value, the first round key generation intermediate value, and the second order mask corresponding to the first round key generation intermediate value to obtain an nth round output result includes:
determining a second round key, a second order mask corresponding to the second round key, a second round key generation intermediate value and a second order mask corresponding to the second round key generation intermediate value based on a first round key generation intermediate value and the second order mask corresponding to the first round key generation intermediate value;
inputting the first round function intermediate value, the second round mask corresponding to the first round function intermediate value, the second round key, and the second round mask corresponding to the second round key into the round function to perform a second round of operation processing, so as to obtain a second round output result, where the second round output result includes: a second round function intermediate value and a second-order mask corresponding to the round function intermediate value;
and performing ith round of operation processing based on the second round function intermediate value, the second-order mask corresponding to the second round function intermediate value, the second-round key generation intermediate value and the second-order mask corresponding to the second-round key generation intermediate value, wherein i is more than or equal to 2 and less than or equal to N.
5. The method of claim 4, wherein the second order mask of the information to be processed is 0, and the N is 32.
6. The method of claim 1, wherein the round function is capable of linear transformation operations or non-linear transformation operations.
7. The method of claim 6, wherein the linear transform operation comprises a shift transform, an exclusive-or transform, and wherein the non-linear transform operation comprises GF (2)2) Is transformed.
8. An encryption/decryption apparatus based on a second order mask, comprising:
the first acquisition module is used for acquiring input information to be processed, an initial key and an initial second-order mask;
a first determining module, configured to determine, based on the initial key and the initial second-order mask, a first round key, a second-order mask corresponding to the first round key, a first round key generation intermediate value, and a second-order mask corresponding to the first round key generation intermediate value;
a first round calculation module, configured to perform a first round of operation processing on a round function on the information to be processed, a first round key, and a second order mask corresponding to the first round key, so as to obtain a first round output result of the round function, where the first round output result includes: a first round function intermediate value and a second-order mask corresponding to the first round function intermediate value;
an N-round calculation module, configured to perform N-1-round operation processing on the round function based on the first round function intermediate value and a second-order mask corresponding to the first round function intermediate value, a first-round key generation intermediate value, and a second-order mask corresponding to the first-round key generation intermediate value, to obtain an N-round output result, where an input of an i-th-round operation processing of the round function includes an i-1-th-round output result of the round function, an i-th-round key of the i-th-round function is determined based on the i-1-th-round key generation intermediate value and the second-order mask corresponding to the i-1-th-round key generation intermediate value, N is a positive integer greater than 1, and i is greater than or equal to 2 and less than or equal to N;
and the second determining module is used for determining the encryption and decryption information corresponding to the information to be processed based on the Nth round output result.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the computer program is executed by the processor to perform the second order mask-based encryption and decryption method according to any one of claims 1 to 7.
10. A storage medium storing a computer program executable by one or more processors and operable to implement the second order mask based encryption/decryption method of any one of claims 1 to 7.
CN202110065507.5A 2021-01-19 2021-01-19 Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium Active CN112787800B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110065507.5A CN112787800B (en) 2021-01-19 2021-01-19 Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110065507.5A CN112787800B (en) 2021-01-19 2021-01-19 Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112787800A true CN112787800A (en) 2021-05-11
CN112787800B CN112787800B (en) 2022-06-17

Family

ID=75757506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110065507.5A Active CN112787800B (en) 2021-01-19 2021-01-19 Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112787800B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2504338A1 (en) * 2004-04-16 2005-10-16 Research In Motion Limited Security countermeasures for power analysis attacks
EP2363974A1 (en) * 2010-02-26 2011-09-07 Research In Motion Limited Variable table masking for cryptographic processes
KR101362675B1 (en) * 2012-11-30 2014-02-12 한국전자통신연구원 Low power encryption apparatus and method
CN104333447A (en) * 2014-11-26 2015-02-04 上海爱信诺航芯电子科技有限公司 SM4 method capable of resisting energy analysis attack
WO2015144305A1 (en) * 2014-03-26 2015-10-01 Giesecke & Devrient Gmbh Memory efficient side-channel-protected masking
CN106357380A (en) * 2016-10-11 2017-01-25 中国信息安全测评中心 Mask method and mask device for SM4 algorithm
CN106411499A (en) * 2016-06-06 2017-02-15 清华大学 RC4 hardware circuit mark protection method and system
CN107231229A (en) * 2017-05-31 2017-10-03 中国电力科学研究院 It is a kind of to be used to protect the low entropy mask of SM4 crypto chips to reveal means of defence and its realize system
CN109165531A (en) * 2018-09-11 2019-01-08 网御安全技术(深圳)有限公司 A kind of AES mask method, electronic equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2504338A1 (en) * 2004-04-16 2005-10-16 Research In Motion Limited Security countermeasures for power analysis attacks
EP2363974A1 (en) * 2010-02-26 2011-09-07 Research In Motion Limited Variable table masking for cryptographic processes
KR101362675B1 (en) * 2012-11-30 2014-02-12 한국전자통신연구원 Low power encryption apparatus and method
WO2015144305A1 (en) * 2014-03-26 2015-10-01 Giesecke & Devrient Gmbh Memory efficient side-channel-protected masking
CN104333447A (en) * 2014-11-26 2015-02-04 上海爱信诺航芯电子科技有限公司 SM4 method capable of resisting energy analysis attack
CN106411499A (en) * 2016-06-06 2017-02-15 清华大学 RC4 hardware circuit mark protection method and system
CN106357380A (en) * 2016-10-11 2017-01-25 中国信息安全测评中心 Mask method and mask device for SM4 algorithm
CN107231229A (en) * 2017-05-31 2017-10-03 中国电力科学研究院 It is a kind of to be used to protect the low entropy mask of SM4 crypto chips to reveal means of defence and its realize system
CN109165531A (en) * 2018-09-11 2019-01-08 网御安全技术(深圳)有限公司 A kind of AES mask method, electronic equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SEUNGKWANG LEE: "Improvement on a Masked White-Box Cryptographic Implementation", 《IEEE ACCESS》 *
姚富: "Keccak 的一种新二阶门限掩码方案及实现", 《密码学报》 *

Also Published As

Publication number Publication date
CN112787800B (en) 2022-06-17

Similar Documents

Publication Publication Date Title
Liu et al. Delay-introducing method to improve the dynamical degradation of a digital chaotic map
KR20170067133A (en) Hardware assisted fast pseudorandom number generation
JP3696209B2 (en) Seed generation circuit, random number generation circuit, semiconductor integrated circuit, IC card and information terminal device
AU2021200063B2 (en) Systems and computer-implemented methods for generating pseudo random numbers
CA2642116A1 (en) Cryptographic system configured for extending a repetition period of a random sequence
CN101834717A (en) Parallel computing method capable of expanding precision Logistic chaotic sequence
Huang A more secure parallel keyed hash function based on chaotic neural network
US20210152331A1 (en) Protecting polynomial hash functions from external monitoring attacks
CN115622795B (en) File encryption method based on chaotic encryption algorithm, electronic equipment and storage medium
Veljković et al. Low-cost implementations of on-the-fly tests for random number generators
Song et al. Multi-image reorganization encryption based on SLF cascade chaos and bit scrambling
CN115622685A (en) Method, device and system for homomorphic encryption of private data
Dai et al. Novel discrete chaotic system via fractal transformation and its DSP implementation
CN112787800B (en) Encryption and decryption method and device based on second-order mask, electronic equipment and storage medium
CN109951456A (en) Message encipher-decipher method, device, electronic equipment and computer readable storage medium
Fang et al. Neural-mechanism-driven image block encryption algorithm incorporating a hyperchaotic system and cloud model
CN106533657B (en) SM3 hash encryption system
Zhang et al. The circuit realization of a fifth‐order multi‐wing chaotic system and its application in image encryption
CN117155572A (en) Method for realizing large integer multiplication in cryptographic technology based on GPU (graphics processing Unit) parallel
CN117155533A (en) Encryption method, device and storage medium based on PLCM mapping
Ndassi et al. A robust image encryption scheme based on compressed sensing and novel 7D oscillato with complex dynamics.
CN111901097A (en) White box implementation method and device, electronic equipment and computer storage medium
CN113726975B (en) Image encryption method and device based on chaotic system, medium and electronic equipment
Wei et al. A small first-order DPA resistant AES implementation with no fresh randomness
CN114826560A (en) Method and system for realizing lightweight block cipher CREF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant