CN113328849A - Key obtaining method and device - Google Patents
Key obtaining method and device Download PDFInfo
- Publication number
- CN113328849A CN113328849A CN202110581988.5A CN202110581988A CN113328849A CN 113328849 A CN113328849 A CN 113328849A CN 202110581988 A CN202110581988 A CN 202110581988A CN 113328849 A CN113328849 A CN 113328849A
- Authority
- CN
- China
- Prior art keywords
- key
- bits
- current round
- sub
- generation process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
The embodiment of the application discloses a method and a device for acquiring a secret key, wherein the method comprises the following steps: realizing AES algorithm quantization; the AES algorithm quantization comprises: encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round; taking the quantized AES algorithm as an Oracle of a Grover algorithm, and transferring the quantum state of the key space to the required key state through multiple iterations; and measuring the key space to obtain the required key. By the scheme of the embodiment, the number of bit numbers adopted in the quantization process of the AES algorithm can be reduced, and the complexity of quantum attack based on the Grover algorithm is effectively reduced.
Description
Technical Field
The present disclosure relates to encryption technologies, and more particularly, to a method and apparatus for key acquisition.
Background
Quantum computing has been widely studied and focused since its introduction in the eighties of the 20 th century. Due to the existence of quantum superposition and quantum entanglement, quantum computation has the parallel advantage, the quantum algorithm design by utilizing the quantum advantage can accelerate the solving of some classical problems, for example, the Shor algorithm proposed in the middle and later stages of the nineties of the twentieth century can exponentially accelerate the problem of large prime factor decomposition, and the Grover algorithm can accelerate polynomial in data space search relative to the traditional algorithm.
The classical encryption algorithm mainly comprises symmetric encryption and asymmetric encryption, and nowadays, symmetric encryption algorithms such as AES and the like are widely applied in life. Today, the quantum computing technology is developed vigorously, and the determination of the attack capability of the quantum algorithm on the classical symmetric encryption algorithm is of great significance. However, the attack scheme of the current quantum algorithm on the classical symmetric encryption algorithm is complex and needs to be solved.
Disclosure of Invention
The embodiment of the application provides a secret key obtaining method and a secret key obtaining device, which can effectively reduce the complexity of quantum attack based on a Grover algorithm.
The embodiment of the application provides a key obtaining method, which can comprise the following steps:
realizing the quantization of an advanced encryption standard AES algorithm; the quantization of the AES algorithm comprises the following steps: encoding the sub-keys obtained in the current round of key generation process to the qubits of the sub-keys generated in the previous round;
taking the AES algorithm for realizing quantization as Oracle of the Grover algorithm, and transferring the quantum state of the key space to the required key state through multiple iterations;
and measuring the key space to obtain the required key.
In an exemplary embodiment of the present application, the encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round may include:
encoding the first m bits of sub keys obtained in the current round key generation process on the first m bits of the key space; the initial state of the first m bits of the key space is not 0;
wherein the key space refers to the qubits of the AES algorithm encoding key;
for AES-128, AES-196, and AES-256, the m values are 32, 48, and 64, respectively.
In an exemplary embodiment of the present application, the encoding the first m bits of the sub-keys obtained by the current round key generation process on the first m bits of the key space includes:
performing preset modification bit replacement operation (SB) on the key of the last m bits of the sub-keys obtained by the current round key generation process;
and performing exclusive OR operation on a replacement result obtained after the replacement operation of the preset decoration bit and a preset character string with the length of m bits to generate the front m bits of qubits in the current wheel key generation process.
In an exemplary embodiment of the present application, the character string may be a binary string.
In an exemplary embodiment of the present application, the performing a preset modified bit replacement operation on the key of the last m bits of qubits of the sub-key obtained by the current round key generation process may include:
and finally, carrying out XOR operation on the affine transformation result and the key of the first m bits of the key space.
In an exemplary embodiment of the present application, the method may further include: the process of inverting each byte over a finite field is represented in the form of a boolean function.
In an exemplary embodiment of the present application, the encoding the first m bits of the sub-keys obtained by the current round key generation process on the first m bits of the key space includes:
taking the latest m-th bits of qubits obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the m-th to 2 m-th bits of qubits of the sub-keys obtained in the current round key generation process, and taking the exclusive OR operation result as the m-th to 2 m-th final keys in the current round key generation process;
taking the qubits corresponding to the m-th to 2 m-th final keys obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the 2 m-3 m-th bits of the sub keys obtained in the current round key generation process, and taking the exclusive OR operation result as the 2 m-3 m-th final keys in the current round key generation process;
and taking the qubits corresponding to the final keys of the 2m to 3m bits obtained in the current round key generation process as control bits, carrying out XOR operation on the 3m to 4m bits of the sub keys obtained in the current round key generation process, and taking the XOR operation result as the final keys of the 3m to 4m bits in the current round key generation process.
In exemplary embodiments of the present application, the AES algorithm may include any one or more of: AES-128, AES-196, AES-256, and the simplified advanced encryption Standard S-AES algorithms.
In an exemplary embodiment of the present application, the transforming the quantum state of the key space to the required key state through multiple iterations may include:
by passing
And the sub Grover iteration transfers the quantum state of the key space to the required key state, wherein n is the bit number of the key, K represents a constant coefficient, and O () represents the order of magnitude of K.
An embodiment of the present application further provides a key obtaining apparatus, which may include a processor and a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by the processor, the key obtaining method described in any one of the above is implemented.
Compared with the related art, the embodiment of the application can comprise the following steps: realizing the quantization of an advanced encryption standard AES algorithm; the quantization of the AES algorithm comprises the following steps: encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round; taking the AES algorithm for realizing quantization as Oracle of the Grover algorithm, and transferring the quantum state of the key space to the required key state through multiple iterations; and measuring the key space to obtain the required key. According to the scheme of the embodiment, the previous m-bit sub-key of the sub-key obtained in the current round key generation process is generated according to the last m-bit sub-key of the sub-key obtained in the previous round key generation process, so that the number of bits adopted in the encryption quantization process of the AES algorithm can be reduced, and the complexity of quantum attack based on the Grover algorithm is effectively reduced.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. Other advantages of the present application may be realized and attained by the instrumentalities and combinations particularly pointed out in the specification and the drawings.
Drawings
The accompanying drawings are included to provide an understanding of the present disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the examples serve to explain the principles of the disclosure and not to limit the disclosure.
Fig. 1 is a flowchart of a key obtaining method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of an AES algorithm for quantum Grover attack according to an embodiment of the application;
FIG. 3 is a schematic diagram of a quantum circuit of the quantum Grover attack AES-128 algorithm according to the embodiment of the application;
FIG. 4 is a schematic diagram of an encryption process of a conventional AES-128;
FIG. 5 is a diagram illustrating a sub-key generation quantum circuit of the AES-128 algorithm according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating transformation of output bits in SB operation according to an embodiment of the present application;
FIG. 7 is a diagram of a quantum circuit of the S-AES algorithm according to an embodiment of the present application;
FIG. 8 is a schematic diagram of transformation circuits of a standard basis and a polynomial basis according to an embodiment of the present application;
FIG. 9 is a diagram illustrating an inversion quantum circuit on the S-AES finite field according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a fusion circuit of affine transformation and standard base to polynomial base mapping transformation in bit replacement according to an embodiment of the present application;
fig. 11 is a block diagram of a key obtaining apparatus according to an embodiment of the present application.
Detailed Description
The present application describes embodiments, but the description is illustrative rather than limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or instead of any other feature or element in any other embodiment, unless expressly limited otherwise.
The present application includes and contemplates combinations of features and elements known to those of ordinary skill in the art. The embodiments, features and elements disclosed in this application may also be combined with any conventional features or elements to form a unique inventive concept as defined by the claims. Any feature or element of any embodiment may also be combined with features or elements from other inventive aspects to form yet another unique inventive aspect, as defined by the claims. Thus, it should be understood that any of the features shown and/or discussed in this application may be implemented alone or in any suitable combination. Accordingly, the embodiments are not limited except as by the appended claims and their equivalents. Furthermore, various modifications and changes may be made within the scope of the appended claims.
Further, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other orders of steps are possible as will be understood by those of ordinary skill in the art. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Further, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present application.
An embodiment of the present application provides a key obtaining method, as shown in fig. 1, which may include steps S101 to S103:
s101, realizing AES (advanced encryption standard) algorithm quantization; the quantization of the AES algorithm may include: encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round;
s102, taking the AES algorithm for realizing quantization as Oracle of the Grover algorithm, and transferring the quantum state of the key space to the required key state through multiple iterations;
s103, measuring the key space to obtain the required key.
In an exemplary embodiment of the present application, a method for quantum attack against Advanced Encryption Standard (AES) is presented, which may include: the AES algorithm quantization (which may include initialization of keys, generation of subkeys, encryption of known plaintext), Grover iterative attack, and key space measurement to obtain the desired key.
In an exemplary embodiment of the present application, a flow diagram of an AES algorithm of quantum Grover attack may be as shown in fig. 2.
In exemplary embodiments of the present application, the AES algorithm may include, but is not limited to: AES-128, AES-196, AES-256, and S-AES (simplified advanced encryption Standard) algorithms. The scheme of the embodiment of the application is illustrated by taking AES-128 as an example.
In an exemplary embodiment of the present application, a quantum circuit diagram (one Grover iteration) of the AES-128 algorithm of quantum Grover attack may be as shown in fig. 3, and this circuit diagram is a quantum circuit diagram corresponding to the Grover iteration block in fig. 2. Wherein H is a Hadamard gate, X is a Paulix gate, P*AES corresponds to AES quantization circuit diagram (this is the scheme proposed by the embodiment of the present application) of FIG. 2, C*Representing control bits, p, using known ciphertext*AES-1Is P*The inverse of AES, CPF, denotes conditional phase inversion.
In an exemplary embodiment of the present application, the encryption process of a conventional AES-128 is illustrated in fig. 4, where an Initial key represents an Initial key; the field-text and Cipher represent known plain-ciphertext respectively; ARK represents an exclusive or operation (AddRoundKey) between ciphertext and plaintext; SB denotes a bit replacement operation; SR denotes a row shift operation; MC denotes a column obfuscation operation.
In the exemplary embodiment of the present application, quantization of the encryption process of AES-128 is the focus of the embodiment of the present application, where Initial key is the same as that in FIG. 3
Correspondingly, i.e. a Hadamard operation is done on each bit of the key space (ciphertext matrix).
In the exemplary embodiment of the present application, the plaintext and the key each have 16 bytes, and may be written as a 4 × 4 matrix, with each element being a byte. The ciphertext thus encrypted is also a 4 × 4 matrix. The ARK indicates that an exclusive-or operation is performed on plaintext with a key as a control bit. The process is simple and will not be described in detail. Since the SR is only a change in bit position, no additional operation is required, and thus the SR can be completed by encoding the result of SB (bit substitution) at a position corresponding to the SR without an additional step. SB is the most complex part, requiring each byte (8 bits) to be in the finite field GF (2)8) And performing corresponding affine transformation on the inversion to obtain the result of the SB. MC is an affine operation performed on a column of the cipher-text matrix in the encryption process.
In an exemplary embodiment of the present application, the process of subkey generation may mainly include SB (SB denotes modified SB) and RC (RC refers to exclusive or operation with a known piece of 32-bit string).
In the exemplary embodiment of the present application, as shown in fig. 5, it is a sub-key generation circuit diagram newly designed in the embodiment of the present application, and it is possible to save the use of 320 qubits compared to the previous design scheme. SB denotes modified SB, i.e. improved bit substitution operation, which is equivalent to adding an affine transformation in the previous bit Substitution (SB): assuming that the input is X and the initial state of the output bit is Y, the effect of SB can be represented by the following equation: SB (X) ═ Y + SB (X).
In the exemplary embodiments of the present application, the embodiments of the present application are described in detail below.
In an exemplary embodiment of the present application, the encoding the sub-key generated in the current round onto the qubits (qubits) of the sub-key generated in the previous round may include:
encoding the first m bits of sub keys obtained in the current round key generation process on the first m bits of the key space; the initial state of the first m bits of the key space is not 0;
wherein the key space refers to the qubits of the AES algorithm encoding key, e.g., for AES-128, the key space is the 128-bit qubits of the encoding key.
In an exemplary embodiment of the present application, m may be adjusted accordingly according to different AES algorithms. For example, for AES-128, AES-196, AES-256, the m values are 32, 48, 64, respectively.
In an exemplary embodiment of the present application, previously for the quantization implementation of AES-128, each round of sub-key generation required 32qubits to store the sub-key of the new round, so the ten round of keys required 320 qubits to store the sub-keys. In the embodiment of the present application, such a previous bit replacement circuit diagram is improved, so that the first 32-bit qubits of the sub-key of a new round can be encoded on the first 32-bit qubits of the previous round key whose initial state is not |0 >, and therefore 320 qubits required for sub-key generation can be saved, which is equivalent to saving the qubits of 1/3. Moreover, the new bit replacement coding mode can save a large number of quantum gates.
In the exemplary embodiment of the present application, the same idea can be applied to the quantization scheme of S-AES, and the use of 1/3qubits can also be reduced.
In an exemplary embodiment of the present application, the encoding the first m bits of the sub-keys obtained by the current round key generation process on the first m bits of the key space includes:
performing preset modification bit replacement operation on the key of the last m bits of the sub-keys obtained in the current round key generation process;
and executing exclusive OR operation on a replacement result obtained after the replacement operation of the preset decoration bit and a preset character string with the length of m bits of qubits to generate the m bits of qubits in the front part of the current wheel key generation process.
In an exemplary embodiment of the present application, the character string may be a binary string.
In an exemplary embodiment of the present application, a modified bit replacement operation (SB;) may be performed on the key of the last 32-bit qubits of the current round key, and an exclusive or operation may be performed on the obtained replacement result (SB;) and a preset string of 32-bit qubits length, to generate a new first 32-bit qubit of the current round key. That is, the bit replacement operation result is stored on the first 32-bit qubits of the sub-key of the current round (or new round), and exclusive-or operation is performed with a known binary string of length 32qubits, so as to generate a new first 32-bit qubits key of the new sub-key of the current round.
In an exemplary embodiment of the present application, the performing a preset modified bit replacement operation on the key of the last m bits of qubits of the sub-key obtained by the current round key generation process may include:
and finally, carrying out XOR operation on the affine transformation result and the key of the first m bits of the key space.
In an exemplary embodiment of the present application, each byte (8 bits) is in the finite field GF (2)8) And performing the inversion, performing exclusive or operation on the inversion and the key of the first m bits of qubits of the key space, and performing corresponding affine change on the inversion to obtain a result of SB.
In an exemplary embodiment of the present application, as shown in fig. 5, the result of SB is encoded on the bits of the previous encoding key, and the initial value of the bits of the previous encoding key is not |0 >.
In an exemplary embodiment of the present application, if an optimal SB quantum wire diagram needs to be output onto a bit with an initial state |0 >, i.e., the initial value of the bit of the encoding key is |0 >. In order to be able to use the optimal SB quantum wire diagram, the scheme shown in fig. 6 (schematic diagram of the transformation of the output bits in the SB × operation), i.e., the transformation of the output bits, is proposed. The final result is equivalent to the exclusive or operation between the result of bit replacement and the initial code of the output space, which completes both bit replacement and corresponding exclusive or operation at the same time, and the specific scheme is as follows.
In an exemplary embodiment of the present application, the encoding the first m bits of the sub-keys obtained by the current round key generation process on the first m bits of the key space includes:
taking the latest m-th bits of qubits obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the m-th to 2 m-th bits of qubits of the sub-keys obtained in the current round key generation process, and taking the exclusive OR operation result as the m-th to 2 m-th final keys in the current round key generation process;
taking the qubits corresponding to the m-th to 2 m-th final keys obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the 2 m-3 m-th bits of the sub keys obtained in the current round key generation process, and taking the exclusive OR operation result as the 2 m-3 m-th final keys in the current round key generation process;
and taking the qubits corresponding to the final keys of the 2m to 3m bits obtained in the current round key generation process as control bits, carrying out XOR operation on the 3m to 4m bits of the sub keys obtained in the current round key generation process, and taking the XOR operation result as the final keys of the 3m to 4m bits in the current round key generation process.
In the exemplary embodiment of the present application, the above-mentioned scheme may be analogized until all the qubits are completely or completely performed in the current round key generation process.
In the exemplary embodiment of the present application, the above scheme can be applied to S-AES, and also can obtain better results, as shown in FIG. 7, which is a corresponding S-AES quantum wire diagram.
In an exemplary embodiment of the present application, in the quantized line diagram of S-AES of fig. 7, P denotes an exclusive or operation between a key and plaintext; SB denotes bit substitution; MC represents column obfuscation; RC represents an XOR operation with the known 8-bit qubits.
In an exemplary embodiment of the present application, the method may further include: the process of inverting each byte over a finite field is represented in the form of a boolean function.
In the exemplary embodiment of the present application, the number of bits of S-AES is small, and a more detailed quantized line diagram can be given, while GF (2) is over a finite field in SB operation4) The inversion can be expressed in the form of a Boolean function, under the expression of a standard basis, of the field GF (2)4) The boolean function of the inverse of the upper element may be expressed as follows:
y1=x2x3x4+x1x3+x2x3+x3+x4;
y2=x1x3x4+x1x3+x2x3+x2x4+x4;
y3=x1x2x4+x1x3+x1x4+x1+x2;
y4=x1x2x3+x1x3+x1x4+x2x4+x2。
in an exemplary embodiment of the present application, the transformed layout of the standard basis and the polynomial basis may be as shown in fig. 8.
In an exemplary embodiment of the present application, fig. 9 is a diagram of a quantized code of the boolean function described above, as an inversion quantum circuit over the S-AES finite field. The layout encodes the boolean function corresponding to the inversion process, using as few qubits as possible.
In an exemplary embodiment of the present application, fig. 10 is a fused line diagram of affine transformation and standard base to polynomial base mapping transformation in bit substitution.
In an exemplary embodiment of the present application, the improved advantages of the embodiment of the present application compared to previous work may be as shown in tables 1 and 2 below.
TABLE 1
TABLE 2
In an exemplary embodiment of the present application, Table 1 is a comparison of the quantum resources consumed by AES-128 against existing schemes. Table 2 compares the quantum resources consumed by S-AES with existing schemes.
In an exemplary embodiment of the present application, the transforming the quantum state of the key space to the required key state through multiple iterations may include:
by passing
And the secondary Grover iteration transfers the quantum state of the key space to the required key state, wherein n is the bit number of the key.
In an exemplary embodiment of the present application, a detailed embodiment of the encryption process quantization of the AES-128 and the quantum Grover attack AES algorithm is given below, which may include steps 1-20:
1. encoding the initial key into a 128-bit key space;
2. performing an exclusive-or operation on bits in a key space encoded with the initial key and a known plaintext;
3. bit replacement operation SB is carried out on the ciphertext subjected to the exclusive OR operation, and the bit replacement operation result is stored on the new 128-bit qubits according to the displacement rule of the row displacement RS;
4. repeatedly executing the step 2 to restore the initial key;
5. performing a column obfuscation operation MC on the restored initial key;
6. performing the operation of generating subkeys on the key space: performing modified bit replacement operation on the key of the last 32-bit qubits of the obtained sub-keys in the previous round, storing the result of the modified bit replacement operation on the previous 32-bit qubits and performing exclusive OR operation on the result of the modified bit replacement operation and a known binary string with the length of one segment of 32qubits to generate a new 32-bit qubits key, then taking the previous 32-bit qubits (namely, the new 32-bit qubits key) as control bits, and performing exclusive OR operation on the subsequent 32-bit qubits of the 128-bit sub-keys in the current round to obtain a new 33-bit-64-bit new key; and so on, generating the current round key;
7. taking the newly generated sub-key as a control bit, and performing exclusive or operation (AddRoundKey, abbreviated as ARK) on the ciphertext of the current state;
8. and repeating the steps 3, 5, 6 and 7 8 times.
9. Performing bit replacement operation (SB) on the ciphertext subjected to the XOR operation, and storing the result on the new 128-bit qubits according to the rule of row displacement (ShiftRow RS);
10. performing the operation of generating subkeys on the key space: performing modified bit replacement operation on the last 32-bit qubs key of the sub-keys obtained in the previous round, storing the modified bit replacement operation result on the previous 32-bit qubs key and performing exclusive or operation on the modified bit replacement operation result and a known binary string with the length of one segment of 32 qubs to generate a new 32-bit qubs key, then taking the previous 32-bit qubs (namely, the new 32-bit qubs key) as a control bit, and performing exclusive or operation on the subsequent 32-bit qubs of the sub-keys of the current round 128 to obtain a new 33-64-bit new key; and so on, generating the current round key;
11. taking a newly generated key as a control bit, and carrying out exclusive or operation (AddRoundKey) on the ciphertext of the current state; the final ciphertext is stored on the last 128 bits of qubits;
12. the quantized line is used as an Oracle of a Grover algorithm, and the method comprises the following steps
(n is the bit number of the key) Grover iteration times to transfer the quantum state of the key space to the required key state;
13. the key space is measured to obtain the required key (the key space can be measured by any feasible method existing at present, and the specific method is not limited).
In an exemplary embodiment of the present application, a quantum circuit diagram of AES according to an embodiment of the present application is a basis of a quantum algorithm for symmetric cryptographic attack, and complexity of the quantum attack based on a Grover algorithm can be effectively reduced.
An embodiment of the present application further provides a key obtaining apparatus 1, as shown in fig. 11, which may include a processor 11 and a computer-readable storage medium 12, where the computer-readable storage medium 12 stores instructions, and when the instructions are executed by the processor, the key obtaining method described in any one of the above items is implemented.
In the exemplary embodiments of the present application, any of the foregoing method embodiments may be applied to the apparatus embodiment, and are not described in detail herein.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (10)
1. A key acquisition method, comprising:
realizing the quantization of an advanced encryption standard AES algorithm; the quantization of the AES algorithm comprises the following steps: encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round;
taking the AES algorithm for realizing quantization as Oracle of the Grover algorithm, and transferring the quantum state of the key space to the required key state through multiple iterations;
and measuring the key space to obtain the required key.
2. The method of claim 1, wherein encoding the sub-key generated in the current round to the qubits of the sub-key generated in the previous round comprises:
encoding the first m bits of sub keys obtained in the current round key generation process on the first m bits of the key space; the initial state of the first m bits of the key space is not 0;
wherein the key space refers to the qubits of the AES algorithm encoding key.
3. The key obtaining method of claim 2, wherein the encoding the first m bits of the subkeys generated in the current round on the first m bits of the key space comprises:
performing preset modification bit replacement operation on the key of the last m bits of the sub-keys obtained in the current round key generation process;
and performing exclusive OR operation on a replacement result obtained after the replacement operation of the preset decoration bit and a preset character string with the length of m bits to generate the front m bits of qubits in the current wheel key generation process.
4. The key acquisition method according to claim 3, wherein the character string is a binary string.
5. The key obtaining method according to claim 3, wherein the performing of the preset modified bit replacement operation on the key of the last m bits of qubits of the sub-key obtained by the current round key generation process includes:
and finally, carrying out XOR operation on the affine transformation result and the key of the first m bits of the key space.
6. The key acquisition method according to claim 5, wherein the method further comprises: the process of inverting each byte over a finite field is represented in the form of a boolean function.
7. The key obtaining method of claim 2, wherein the encoding of the first m bits of the subkeys generated in the current round on the first m bits of the key space comprises:
taking the latest m-th bits of qubits obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the m-th to 2 m-th bits of qubits of the sub-keys obtained in the current round key generation process, and taking the exclusive OR operation result as the m-th to 2 m-th final keys in the current round key generation process;
taking the qubits corresponding to the m-th to 2 m-th final keys obtained in the current round key generation process as control bits, carrying out exclusive OR operation on the 2 m-3 m-th bits of the sub keys obtained in the current round key generation process, and taking the exclusive OR operation result as the 2 m-3 m-th final keys in the current round key generation process;
and taking the qubits corresponding to the final keys of the 2m to 3m bits obtained in the current round key generation process as control bits, carrying out XOR operation on the 3m to 4m bits of the sub keys obtained in the current round key generation process, and taking the XOR operation result as the final keys of the 3m to 4m bits in the current round key generation process.
8. The key acquisition method according to any one of claims 1 to 6, wherein the AES algorithm comprises any one or more of: AES-128, AES-196, AES-256, and the simplified advanced encryption Standard S-AES algorithms.
9. The method of claim 7, wherein the transforming the quantum state of the key space to the desired key state over the plurality of iterations comprises:
by passing
And the sub Grover iteration transfers the quantum state of the key space to the required key state, wherein n is the bit number of the key, K represents a constant coefficient, and O () represents the order of magnitude of K.
10. A key acquisition apparatus comprising a processor and a computer-readable storage medium having stored therein instructions that, when executed by the processor, implement the key acquisition method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110581988.5A CN113328849B (en) | 2021-05-24 | 2021-05-24 | Key obtaining method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110581988.5A CN113328849B (en) | 2021-05-24 | 2021-05-24 | Key obtaining method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113328849A true CN113328849A (en) | 2021-08-31 |
| CN113328849B CN113328849B (en) | 2022-07-22 |
Family
ID=77421565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110581988.5A Active CN113328849B (en) | 2021-05-24 | 2021-05-24 | Key obtaining method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113328849B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109889340A (en) * | 2019-03-19 | 2019-06-14 | 北京信息科技大学 | A kind of adaptive cipher key distribution mechanisms based on QKD network |
| CN110113149A (en) * | 2019-04-29 | 2019-08-09 | 南通大学 | A kind of implementation method of the quantum key expansion module for AES hardware encryption system |
| CN110213050A (en) * | 2019-06-04 | 2019-09-06 | 苏州科达科技股份有限公司 | Key generation method, device and storage medium |
| KR20200115437A (en) * | 2019-11-30 | 2020-10-07 | 채령 | The multi-function matrix hash function block chain (smart block panel, TTS broadcasting system, video-audio broadcasting system in premises, CCTV retaining coded image, NB-IoT maintainer on CCTV in blackbox type, solar ray generator of blockchain metering, LED streetlamp controlling dimming, panel generating solar ray and LED board monitoring thermal burn with processed image of CCTV, controlling apparatus of parking and coding a plate) CCTV monitoring early fire and its system |
| WO2021000329A1 (en) * | 2019-07-04 | 2021-01-07 | 深圳职业技术学院 | Multi-party quantum key agreement method, computer terminal and storage device |
| US20210058244A1 (en) * | 2017-12-30 | 2021-02-25 | Compsecur Sp. Z.O.O. | The One-Qubit Pad (OQP) for entanglement encryption of quantum information |
-
2021
- 2021-05-24 CN CN202110581988.5A patent/CN113328849B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210058244A1 (en) * | 2017-12-30 | 2021-02-25 | Compsecur Sp. Z.O.O. | The One-Qubit Pad (OQP) for entanglement encryption of quantum information |
| CN109889340A (en) * | 2019-03-19 | 2019-06-14 | 北京信息科技大学 | A kind of adaptive cipher key distribution mechanisms based on QKD network |
| CN110113149A (en) * | 2019-04-29 | 2019-08-09 | 南通大学 | A kind of implementation method of the quantum key expansion module for AES hardware encryption system |
| CN110213050A (en) * | 2019-06-04 | 2019-09-06 | 苏州科达科技股份有限公司 | Key generation method, device and storage medium |
| WO2021000329A1 (en) * | 2019-07-04 | 2021-01-07 | 深圳职业技术学院 | Multi-party quantum key agreement method, computer terminal and storage device |
| KR20200115437A (en) * | 2019-11-30 | 2020-10-07 | 채령 | The multi-function matrix hash function block chain (smart block panel, TTS broadcasting system, video-audio broadcasting system in premises, CCTV retaining coded image, NB-IoT maintainer on CCTV in blackbox type, solar ray generator of blockchain metering, LED streetlamp controlling dimming, panel generating solar ray and LED board monitoring thermal burn with processed image of CCTV, controlling apparatus of parking and coding a plate) CCTV monitoring early fire and its system |
Non-Patent Citations (3)
| Title |
|---|
| BRANDON LANGENBERG: "Reducing the Cost of Implementing the Advanced Encryption Standard as a Quantum Circuit", 《IEEE TRANSACTIONS ON QUANTUM ENGINEERING》 * |
| 王潮: "基于0.1π旋转相位Grover算法的ECC电压毛刺攻击算法", 《通信学报》 * |
| 陈杰等: "相关密钥Square攻击AES-192", 《电子科技大学学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113328849B (en) | 2022-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2723319C (en) | A closed galois field cryptographic system | |
| CN113297606B (en) | Color quantum image encryption and decryption method based on multiple chaos and DNA operation | |
| US20160056954A1 (en) | Apparatus and method for providing feistel-based variable length block cipher | |
| TWI571091B (en) | Technologies for modifying a first cryptographic cipher with operations of a second cryptographic cipher | |
| CN102187617B (en) | cryptographic system | |
| CN111866018B (en) | Data information encryption transmission method and device, computer equipment and storage medium | |
| JP2008513811A (en) | Calculation conversion method and system | |
| JP5273141B2 (en) | Block cipher with adjustment value, cipher generation method and recording medium | |
| JP5852518B2 (en) | Authentication encryption device, authentication decryption device, and program | |
| JP3701969B2 (en) | Nonlinear dynamic substitution device | |
| Forgáč et al. | Contribution to symmetric cryptography by convolutional neural networks | |
| CN113328849B (en) | Key obtaining method and device | |
| CN107493164B (en) | DES encryption method and system based on chaotic system | |
| Khairallah et al. | Romulus: Lighweight aead from tweakable block ciphers | |
| CN107835070B (en) | Simple embedded encryption method | |
| US10917232B1 (en) | Data enciphering or deciphering using a hierarchical assignment system | |
| Faragallah et al. | Improved RC6 block cipher based on data dependent rotations | |
| CN114553393A (en) | Chinese character encryption method based on hierarchical shift | |
| CN110086619B (en) | Key stream generation method and device | |
| CN110071927B (en) | Information encryption method, system and related components | |
| JP5578422B2 (en) | ENCRYPTED COMMUNICATION SYSTEM, TRANSMISSION DEVICE, RECEPTION DEVICE, ENCRYPTION / DECRYPTION METHOD, AND PROGRAM THEREOF | |
| KR101076747B1 (en) | Method and apparatus for random accessible encryption and decryption by using a hierarchical tree structure of stream cipher module | |
| CN117992989B (en) | Decryption method, system, device and storage medium | |
| CN117896064B (en) | Superlattice twin PUF key synchronization method and system with low calculation overhead | |
| Tho et al. | An Algorithm for Improving Algebraic Degree of S-Box Coordinate Boolean Functions Based on Affine Equivalence Transformation. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |