CN113824548B - Nonlinear white box SM4 implementation method applied to edge internet of things proxy - Google Patents

Nonlinear white box SM4 implementation method applied to edge internet of things proxy Download PDF

Info

Publication number
CN113824548B
CN113824548B CN202110896330.3A CN202110896330A CN113824548B CN 113824548 B CN113824548 B CN 113824548B CN 202110896330 A CN202110896330 A CN 202110896330A CN 113824548 B CN113824548 B CN 113824548B
Authority
CN
China
Prior art keywords
lookup table
nonlinear
edge internet
encryption
box
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110896330.3A
Other languages
Chinese (zh)
Other versions
CN113824548A (en
Inventor
缪巍巍
曾锃
张瑞
滕昌志
李世豪
包哲静
金超
张明轩
张震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Zhejiang University ZJU
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical Zhejiang University ZJU
Priority to CN202110896330.3A priority Critical patent/CN113824548B/en
Publication of CN113824548A publication Critical patent/CN113824548A/en
Application granted granted Critical
Publication of CN113824548B publication Critical patent/CN113824548B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a nonlinear white-box SM4 implementation method applied to an edge internet of things proxy. The encryption and decryption calculation of SM4 is converted into the form of the lookup table, the random nonlinear bijection is used for scrambling and encoding the lookup table, and compared with the existing white box SM4 implementation scheme, the nonlinear confusion design greatly improves the diversity and ambiguity of the method, and meanwhile can effectively resist the existing attack on the white box implementation, and the safety is greatly enhanced. The application further designs the disorder codes and is assisted with affine transformation, so that part of the lookup table can be recycled on the premise of ensuring the information security, thereby greatly reducing the storage space occupation of the lookup table on the edge internet-of-things proxy. By fine design of the coding function, the application can effectively resist the existing attack aiming at the realization of the white box on the premise of correctly realizing the encryption and decryption functions, and is simultaneously applicable to the realization on the edge internet of things agent with limited storage space.

Description

Nonlinear white box SM4 implementation method applied to edge internet of things proxy
Technical Field
The application belongs to the field of white box cryptography, and relates to a nonlinear white box SM4 implementation method applied to an edge internet of things proxy.
Background
Under the background of increasingly severe network security situations at home and abroad, the access of various service terminals with different protocols is faced, and particularly for the scene of accessing massive internet of things terminals, the existing internet of things system can face new security challenges. Edge internet of things agents have been used gradually in various business scenarios as converged access nodes for internet of things terminals, many of which are not trusted. Therefore, it is necessary to protect information in the edge tandem agents, particularly key information. Soft key protection techniques, represented by the emerging white-box cryptography, are attracting increasing attention in view of deficiencies such as difficulty in upgrade maintenance, lack of scalability and flexibility, and complexity in endpoint device management.
In the white-box attack environment, an attacker can observe and modify any internal operation and data, including data such as a CPU, a register, a memory and the like of the device, and the like, by considering that the attacker has complete control over the running environment and the executable program of the encryption and decryption system. Therefore, in the white-box attack environment, if the encryption algorithm adopts a general software implementation manner, the key is usually directly revealed through a memory and other approaches. In order to achieve secure implementation of cryptographic algorithms under such severe attack conditions, white-box cryptographic techniques have evolved. The technology stores the encryption and decryption process in the form of a lookup table, and uses scrambling codes to carry out confusion operation on the lookup table, so that the security of key information is ensured. The SM4 algorithm is one of the most widely used encryption and decryption algorithms in China, and a plurality of white-box implementation schemes exist at present. However, the existing implementation mainly adopts affine transformation as scrambling code of input and output, although the affine transformation can be made to be light enough, the affine transformation can only provide linear confusion, and under the attack of special white box implementation, the risk that key information can be recovered under certain time complexity exists in consideration of mathematical characteristics of the affine transformation, and the security is insufficient. The problem can be well solved by adopting a nonlinear bijective confusion mode. On one hand, the introduction of nonlinear mapping makes the confusion result more complex, and the security of the secret key under the attack of the white box is improved; on the other hand, the number of lookup tables needs to be increased to ensure the correctness of the calculation result, and the memory occupation of the lookup tables is necessarily increased greatly. Considering the limitation of ubiquitous edge internet of things proxy hardware storage space, the storage space consumption of the white box implementation containing nonlinear bijection needs to be reduced as much as possible so as to ensure the practicability of the white box implementation on the edge internet of things proxy.
Disclosure of Invention
The application provides a nonlinear white-box SM4 implementation method applied to an edge internet of things proxy. Considering the storage space limitation of the edge internet of things proxy, on the basis of guaranteeing usability, the diversity, ambiguity and attack resistance of the white box SM4 are improved, and therefore the safety of the white box SM4 is improved.
The technical scheme for realizing the improvement is as follows: the method for realizing the nonlinear white box SM4 applied to the edge internet of things proxy comprises the following steps:
(1) Expanding the original key of SM4 into a round key;
(2) Decomposing each round of SM4 encryption and decryption algorithm into three parts, wherein the first part is used for carrying out bitwise exclusive OR operation on the last three input data, the second part is used for sequentially carrying out round-key adding, S box transformation and linear transformation L on the output of the first part, and the third part is used for carrying out bitwise exclusive OR operation on the output of the second part and the first input data;
calculating the corresponding relation of each part of input and output, and representing the corresponding relation as a combination of a series of lookup tables;
the lookup table is confused, specifically:
scrambling codes using random nonlinear bijection as a look-up table;
adding an auxiliary lookup table for realizing bitwise exclusive OR operation after each part of lookup tables realized by the white box SM4, and designing scrambling codes of the auxiliary lookup table, namely, matching one input decoding function of the auxiliary lookup table with an output coding function of the auxiliary lookup table, and adding affine transformation additionally during output coding;
further dividing the input data of each part in SM4 in 8-bit units, so that the aliasing operations are all composed of four parallel 8-bit transforms;
(3) And carrying out encryption and decryption operation by using the lookup table.
Further, in the step (1), the original key of 128 bits is expanded into the round key of 1024 bits through 32 rounds of iterative operation by using a key expansion algorithm.
In the step (3), the lookup table generated in the step (2) is stored on an edge internet of things proxy, input data is transmitted to the edge internet of things proxy after being externally coded, encryption and decryption calculation is achieved by using the stored lookup table, and an encryption and decryption result is obtained after the output data is externally decoded.
The beneficial effects of the application are as follows:
1. in order to avoid the risk that the key information can be recovered under the white box attack of the traditional affine transformation based on linear confusion and with certain time complexity, random nonlinear bijection is used as scrambling codes of a lookup table, so that the diversity and the ambiguity of the white box realization can be greatly improved, the white box SM4 attack based on the combination of the BGE attack and the differential analysis method can be resisted, and the capability of resisting the white box attack is enhanced.
2. By further designing the disorder codes, namely matching one of the input decoding functions of the auxiliary lookup tables with the output encoding function of the auxiliary lookup table, and additionally adding affine transformation when outputting the codes, the lookup tables can be reused on the premise of ensuring the safety, so that the storage space required by the method for realizing the nonlinear white box SM4 is greatly reduced, and the practicability of the nonlinear white box SM4 on the edge internet of things agent with limited storage resources is enhanced.
3. Considering the limitation of the storage space of the edge internet of things proxy and ensuring that the lookup table has enough confusion, the application further divides the 32-bit input data of each part in the traditional SM4 algorithm by taking 8 bits as a unit, so that the confusion operation is composed of four parallel 8-bit transformations.
Drawings
FIG. 1 is a flow chart of an SM4 algorithm encryption process;
fig. 2 is a schematic diagram of a nonlinear whitebox SM4 implementation for each round;
fig. 3 is a flowchart of an encryption and decryption operation using a lookup table.
Detailed Description
For a better understanding of the technical solution of the present application, the following detailed description of the embodiments of the present application refers to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
Encryption process of SM4 algorithm as shown in fig. 1, decryption process is basically identical to encryption process, except that the round keys are used in reverse order.
The method for realizing the nonlinear white box SM4 applied to the edge internet of things agent comprises the following three steps:
step A: the expansion of the original key of SM4 into round keys can be achieved by the key expansion algorithm in fig. 1.
And (B) step (B): decomposing each round of SM4 encryption and decryption algorithm F in FIG. 1 into three parts, wherein the first part is used for performing bit-wise exclusive-OR operation on the three latter input data, the second part is used for sequentially performing round-adding key, S box transformation and linear transformation L on the output of the first part, and the third part is used for performing bit-wise exclusive-OR operation on the output of the second part and the first input data;
calculating the corresponding relation of each part of input and output, and representing the corresponding relation as a combination of a series of lookup tables;
for confusion in the lookup table, reference may be made to fig. 2, specifically:
scrambling codes using random nonlinear bijection as a look-up table;
adding an auxiliary lookup table for realizing bitwise exclusive OR operation after each part of lookup tables realized by the white box SM4, and designing scrambling codes of the auxiliary lookup table, namely, matching one input decoding function of the auxiliary lookup table with an output coding function of the auxiliary lookup table, and adding affine transformation additionally during output coding;
further dividing the input data of each part in SM4 in 8-bit units, so that the aliasing operations are all composed of four parallel 8-bit transforms;
step C: encryption and decryption operations are realized on the edge internet of things proxy by using a lookup table through a flow shown in fig. 3.
Further, the step a includes:
the original key is bitwise exclusive-or calculated with the system parameter FK to obtain the result (K 0 ,K 1 ,K 2 ,K 3 ). Wherein FK has a length of 128 bits and is defined in detail in the code industry standard GM/T0002-2012 of the people's republic of China. K (K) i Is 32 bits in length. The key expansion calculation for each round can be represented by equations (1) and (2):
T’(·)=L’(τ(·)) (2)
wherein rk i For round key of ith round, symbolRepresenting a bitwise exclusive or operation. Fixed parameter CK i From four ck i,j The composition is shown in the formulas (3) and (4):
CK i =(ck i,0 ,ck i,1 ,ck i,2 ,ck i,3 ) (3)
ck i,j =(4i+j)×7(mod256) (4)
the transformation T' consists of two parts, where the nonlinear transformation τ is four parallel S-box transformations Sbox, defined as follows:
x=[x 0 ,x 1 ,x 2 ,x 3 ] (5)
τ(x)=[Sbox(x 0 ),Sbox(x 1 ),Sbox(x 2 ),Sbox(x 3 )] (6)
the calculation process of the linear transformation L' is shown in the formula (7):
in the formula (5), x i The function Sbox (·) is defined in detail in standard GM/T0002-2012, with a length of 8 bits. The symbol < j represents a 32-bit data cycle left-shifted by j bits.
Finally, the result K obtained by calculation through the formula i+4 Namely, the round key rk required in the encryption and decryption algorithm i
Further, the step B includes:
the 128-bit plaintext or ciphertext input may be represented as x= [ X ] 0 ,X 1 ,X 2 ,X 3 ]Wherein X is i Is 32 bits in length. The encryption and decryption calculation of each round can be represented by formulas (8) and (9):
T(·)=L(τ(·)) (9)
wherein rk m Representing the round key generated in step a. When performing encryption computation, m=i; when performing decryption calculations, m=31-i. The transformation T is made up of two parts, the nonlinear transformation τ has been defined in equation (6), while the linear transformation L is defined as in equation (10):
the encryption and decryption calculation process of each round is split into three parts, and a lookup table is generated through a construction method shown in fig. 2. Wherein Part 1 and Part 4-1 implement X i+1 ,X i+2 And X i+3 Performing bit exclusive OR calculation on the three; part 2 and Part 4-2 realize the bitwise exclusive OR calculation of the calculation result and the round key, and then the result is subjected to T transformation operation; finally, part 3 and Part 4-3 implement the result of the above T transformation and X i Is calculated by bit exclusive or. Each part uses the scrambling code designed to confuse the lookup table so as to hide key information, thereby realizing the security of the SM4 algorithm encryption and decryption process under the white box attack environment.
A specific addition mode of scrambling codes is shown in FIG. 2, wherein P i ,E i ,Ec i ,Q i ,Qc i ,Pc i And Pd (Pd) i Representing four parallel 8-bit random nonlinear bijections. With P i For example, the transformation may be represented by formula (11):
P i ([x 0 ,x 1 ,x 2 ,x 3 ])=[P i0 (x 0 ),P i1 (x 1 ),P i2 (x 2 ),P i3 (x 3 )] (11)
wherein the function P ij The input-output relationship of (-) is completely random.
Similarly, G i And H i Representing four parallel 8-bit random affine transformations. An affine transformation of 8 bits can be equivalently multiplied by an 8 x 8 bit matrix M over the finite field GF (2) plus an 8 bit constant C. In GF (2), multiplication corresponds to a bitwise and operation and addition corresponds to a bitwise exclusive or operation. To ensure that the mapping is bijective, i.e. that its inverse mapping exists, the matrix M must be reversible over GF (2). A is that i And B i Representing four parallel 8-bit random affine transformations, transformation A except that the values of all elements in the corresponding constant term C are set to 0 i And G i Completely consistent, transform B i And H is i Is completely consistent with。
The symbols in FIG. 2Can be represented by formula (12):
function S in FIG. 2 ij Can be expressed as:
wherein rk i =[rk i0 ,rk i1 ,rk i2 ,rk i3 ]。
The L-transform represented by the formula (10) included in the encryption and decryption algorithm may be equivalently multiplied by a matrix L in the finite field GF (2), where the definition of the matrix L is as follows:
wherein B is 1 ,B 2 And B 3 Is an 8 x 8 bit matrix, and specific values thereof are described in the literature [ K.P.Bai, and C.K.Wu, "A secure white-box SM4 materialization," in Security and Communication Networks, vol.9, no.10, pp.996-1006, jul.2016.]Is defined in the specification. As shown in fig. 2, the output of Part 4-1 is divided into 4 blocks and after a series of transformations, the matrix L is multiplied by it. Over a finite field GF (2), a matrix L is multiplied by a matrix [ I ] formed of four parts 0 I 1 I 2 I 3 ] T I.e. matrix B k And matrix I i Is then subjected to a bitwise exclusive or operation by Part 4-2.
The present application represents the above operation as a look-up table, and in order for the look-up table to correctly represent the input-output relationship of each part, for each possible input, the corresponding output needs to be stored. Therefore, to prevent the watchIs too large, the number of bits of input data per table cannot be too large. At the same time, the number of bits of the input data cannot be too small in order to ensure that there is sufficient confusion in the look-up table. In the SM4 algorithm, each round of input data is divided into 4 blocks of 32 bits each. After encoding, the length of each block is still 32 bits. Considering the storage space limitation of the edge internet of things agent, the application further divides the input data of each part by 8 bits, so the confusion above is composed of four parallel 8-bit transformations. For Part 1, part 2 and Part 3, the length of each table input data is 8 bits, so 2 needs to be stored 8 Data. Whereas for Part 4-1, part 4-2 and Part 4-3, 2 needs to be stored since it is necessary to implement a function similar to bitwise exclusive OR, each table input data is 16 bits in length 16 Data.
Obviously, the look-up tables in Part 4-1, part 4-2 and Part 4-3 occupy a large portion of the memory space. Therefore, the application designs the related encoding and decoding functions of the lookup tables, so that the lookup tables of Part 4-1 and Part 4-2 can be reused, thereby reducing the requirement on storage space. As shown in FIG. 2, for Part 4-1 and Part 4-2, the decoding function of one of the inputs, E i Andcoding function with output, i.e.)>And Q i Matching. In order to increase the ambiguity of the lookup table, affine transformations G are introduced in the output encoding respectively i And H i Otherwise, the ambiguity of the lookup table is 1, and the encryption implementation cannot be guaranteed to have enough security. Of course, due to the introduction of affine transformation, the other part of the lookup table also needs to be added with corresponding confusion, and a specific confusion function is shown in fig. 2. With the above design, a portion of the lookup table can be multiplexed, thereby reducing the total memory space required by about half.
The generation of the lookup table needs to be performed in a trusted environment; however, once generated, the table can be stored on the edge internet of things agent, and even if the information of the table is maliciously stolen by an attacker, the security of the key information can be well protected.
Further, the step C includes:
and B, storing the lookup table generated in the step B on the edge internet of things agent, and then executing encryption and decryption operations shown in figure 3. The input data first needs to be externally encoded in a trusted environment and then transmitted to the edge internet of things proxy. The process of outer coding can be represented by formula (15):
F ex (X)=[P 0 (X 0 ),P 1 (X 1 ),P 2 (X 2 ),P 3 (X 3 )] (15)
wherein transform P i With P used in the generation of the lookup table i And consistent.
And on the edge internet of things proxy, performing encryption and decryption calculation by using the stored lookup table. As described in step B, each round of the look-up table calculation involves decoding the input information and encoding the output information, which results in intermediate results for each round being P i Confusion is ensured, thereby ensuring the safety of information.
In order to obtain the correct encryption and decryption result, the final output data needs to be externally decoded in a trusted environment, and can be represented by the formula (16):
wherein Y' = [ Y 0 ’,Y 1 ’,Y 2 ’,Y 3 ’]Transform P i -1 Also with P at the time of lookup table generation i -1 And consistent.
Through the steps, encryption and decryption operations on the edge internet of things proxy can be realized.
The memory occupation of the nonlinear white-box SM4 implementation method provided by the application is 24.28MB. And the total memory of most edge internet of things agents is about 64MB, which is enough to complete the implementation, so the practicability of the application can be ensured.
Meanwhile, the white box diversity of each part of each round in the implementation is as follows:
Part 1:(256!) 12 ×(256!) 8 ×(2 62 ×2 8 ) 4 ≈2 33960
Part 2:(256!) 4 ×(2 62 ×2 8 ) 4 ×2 32 ×(256!) 8 ×(2 62 ×2 8 ) 4 ≈2 20800
Part 3:(256!) 8 ×(2 62 ×2 8 ) 4 ×(256!) 8 ≈2 27224
Part 4-1:(256!) 8 ×(2 62 ×2 8 ) 4 ≈2 13752
Part 4-2:(256!) 8 ×(2 62 ×2 8 ) 4 ≈2 13752
Part 4-3:(256!) 12 ≈2 20208
and the white box ambiguity for each part of each round is as follows:
Part 1:(256!) 8 ×(2 62 ×2 8 ) 4 ≈2 13752
Part 2:(256!) 4 ×(2 62 ×2 8 ) 4 ×2 32 ≈2 7048
Part 3:(2 62 ×2 8 ) 4 ×(256!) 8 ≈2 13752
Part 4-1:(2 62 ×2 8 ) 4 ≈2 280
Part 4-2:(2 62 ×2 8 ) 4 ≈2 280
Part 4-3:(256!) 4 ≈2 6736
from the calculation of diversity and ambiguity, it is almost impossible for an attacker to obtain the code and key information through an exhaustive attack on the look-up table. That is, the look-up table may be resistant to brute force attacks. Furthermore, compared with the traditional white box implementation scheme, the diversity and the ambiguity of the application are obviously improved.
Not only in the aspect of resisting violent attacks, the application also presents an unusual level of security in front of some attack means specifically designed to attack the white-box implementation. Taking an attack of a certain white-box SM4 as an example, see [ t.t.lin, and x.j.lai, "Efficient attack to white-box SMs4 authentication," in Journal of Software, vol.24, no.9, pp.2238-2249, sep.2013 ], the attack can recover the key implemented by the traditional white-box SM4 within a certain time complexity by combining the BGE attack with a differential analysis method and the like. However, the white box implementation uses affine transformation as a precondition that the attack is successfully implemented, and the implementation adopts nonlinear bijection as the scrambling code, so that the attack can be effectively resisted, and the security of key information is ensured.
The analysis shows that compared with the traditional white-box SM4 implementation method, the method has the advantage that the safety is remarkably improved.
The foregoing description of the preferred embodiment(s) is (are) merely intended to illustrate the embodiment(s) of the present application, and it is not intended to limit the embodiment(s) of the present application to the particular embodiment(s) described.

Claims (3)

1. The method for realizing the nonlinear white box SM4 applied to the edge internet of things proxy is characterized by comprising the following steps of:
(1) Expanding the original key of SM4 into a round key;
(2) Decomposing each round of SM4 encryption and decryption algorithm into three parts, wherein the first part is used for carrying out bitwise exclusive OR operation on the last three input data, the second part is used for sequentially carrying out round-key adding, S box transformation and linear transformation L on the output of the first part, and the third part is used for carrying out bitwise exclusive OR operation on the output of the second part and the first input data;
calculating the corresponding relation of each part of input and output, and representing the corresponding relation as a combination of a series of lookup tables;
the lookup table is confused, specifically:
scrambling codes using random nonlinear bijection as a look-up table;
adding an auxiliary lookup table for realizing bitwise exclusive OR operation after each part of lookup tables realized by the white box SM4, and designing scrambling codes of the auxiliary lookup table, namely, matching one input decoding function of the auxiliary lookup table with an output coding function of the auxiliary lookup table, and adding affine transformation additionally during output coding;
further dividing the input data of each part in SM4 in 8-bit units, so that the aliasing operations are all composed of four parallel 8-bit transforms;
(3) And carrying out encryption and decryption operation by using the lookup table.
2. The method for implementing the nonlinear white-box SM4 applied to the edge internet of things proxy according to claim 1, wherein in the step (1), the 128-bit original key is expanded into the 1024-bit round key by 32 rounds of iterative operation using a key expansion algorithm.
3. The method for implementing the nonlinear white box SM4 applied to the edge internet of things proxy according to claim 1, wherein in the step (3), the lookup table generated in the step (2) is stored on the edge internet of things proxy, input data is transmitted to the edge internet of things proxy after being externally coded, encryption and decryption calculation is implemented by using the stored lookup table, and an encryption and decryption result is obtained after the output data is externally decoded.
CN202110896330.3A 2021-08-05 2021-08-05 Nonlinear white box SM4 implementation method applied to edge internet of things proxy Active CN113824548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110896330.3A CN113824548B (en) 2021-08-05 2021-08-05 Nonlinear white box SM4 implementation method applied to edge internet of things proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110896330.3A CN113824548B (en) 2021-08-05 2021-08-05 Nonlinear white box SM4 implementation method applied to edge internet of things proxy

Publications (2)

Publication Number Publication Date
CN113824548A CN113824548A (en) 2021-12-21
CN113824548B true CN113824548B (en) 2023-08-29

Family

ID=78912881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110896330.3A Active CN113824548B (en) 2021-08-05 2021-08-05 Nonlinear white box SM4 implementation method applied to edge internet of things proxy

Country Status (1)

Country Link
CN (1) CN113824548B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114337993B (en) * 2022-03-15 2022-06-14 国网江苏省电力有限公司信息通信分公司 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809626A (en) * 2018-05-30 2018-11-13 北京安如山文化科技有限公司 A kind of whitepack SM4 cryptographic algorithms scheme and system
CN109951273A (en) * 2019-05-08 2019-06-28 郑州信大捷安信息技术股份有限公司 A kind of SM4 algorithm whitepack implementation method and device
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809626A (en) * 2018-05-30 2018-11-13 北京安如山文化科技有限公司 A kind of whitepack SM4 cryptographic algorithms scheme and system
CN109951273A (en) * 2019-05-08 2019-06-28 郑州信大捷安信息技术股份有限公司 A kind of SM4 algorithm whitepack implementation method and device
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SM4算法的一种新型白盒实现;姚思;陈杰;;密码学报(03);全文 *

Also Published As

Publication number Publication date
CN113824548A (en) 2021-12-21

Similar Documents

Publication Publication Date Title
CN110278072A (en) One kind 16 takes turns SM4-128/128 whitepack password implementation method
CN113940028B (en) Method and device for realizing white box password
CN108809626A (en) A kind of whitepack SM4 cryptographic algorithms scheme and system
AU2011292312B2 (en) Apparatus and method for block cipher process for insecure environments
CN108270550B (en) Safe and efficient white box implementation method and device based on SM4 algorithm
WO2011029753A1 (en) A method of diversification of a round function of an encryption algorithm
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
Yap et al. On the effective subkey space of some image encryption algorithms using external key
Zeng et al. Cryptanalyzing a novel couple images encryption algorithm based on DNA subsequence operation and chaotic system
CN108270545A (en) A kind of improved DES data encryption algorithm based on mobile Internet
Bhavani et al. Modified AES using dynamic S-box and DNA cryptography
Bai et al. Protect white‐box AES to resist table composition attacks
Arshad et al. New extension of data encryption standard over 128-bit key for digital images
Vaudenay On the security of CS-cipher
CN113824548B (en) Nonlinear white box SM4 implementation method applied to edge internet of things proxy
Rajput et al. A novel image encryption and authentication scheme using chaotic maps
Zhou et al. Towards practical white-box lightweight block cipher implementations for IoTs
CN116980194A (en) Safe and efficient data transmission method and system based on cloud edge end cooperation
CN116796345A (en) Encryption and decryption method, device, equipment and storage medium
Jamil et al. Image Encryption Based on Multi-Level Keys on RC5 Algorithm.
Jassim et al. A modified advanced encryption standard for color images
Alenezi et al. A Study of Z-Transform Based Encryption Algorithm
Lin et al. A new Feistel-type white-box encryption scheme
CN112737767B (en) Method and system for generating message authentication code resisting differential power analysis and time attack
Negi et al. Hybrid approach for Data Security using Coverless Image Steganography with AES

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant