CN114024675B - Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal - Google Patents
Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal Download PDFInfo
- Publication number
- CN114024675B CN114024675B CN202111402291.3A CN202111402291A CN114024675B CN 114024675 B CN114024675 B CN 114024675B CN 202111402291 A CN202111402291 A CN 202111402291A CN 114024675 B CN114024675 B CN 114024675B
- Authority
- CN
- China
- Prior art keywords
- data
- bit
- round
- bits
- data set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 104
- 230000006855 networking Effects 0.000 claims abstract description 15
- 238000005516 engineering process Methods 0.000 claims abstract description 10
- 230000001413 cellular effect Effects 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 52
- 238000003860 storage Methods 0.000 claims description 15
- 238000006467 substitution reaction Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 238000012360 testing method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 2
- 239000013598 vector Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 101100117236 Drosophila melanogaster speck gene Proteins 0.000 description 1
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- ZPUCINDJVBIVPJ-LJISPDSOSA-N cocaine Chemical compound O([C@H]1C[C@@H]2CC[C@@H](N2C)[C@H]1C(=O)OC)C(=O)C1=CC=CC=C1 ZPUCINDJVBIVPJ-LJISPDSOSA-N 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a lightweight block cipher IoVCipher implementation method and a system thereof applicable to a vehicle networking terminal, which are used for carrying out safety protection on data transmission between ECUs under a CAN bus of the vehicle networking terminal. Which sets the packet length to 64 bits and 32 bits according to the data frame format of the CAN bus. And preferably at F 1 In the function expanding operation, the first 4 bits of the CAN ID are adopted to expand the data, so that each ECU has a unique encryption flow, and the safety of the Internet of vehicles is enhanced. Subsequently, F 1 The function then compresses the data by a squeezing operation. In addition, the invention more preferably utilizes cellular automaton rule technology in the nonlinear part, so that the 8×8S box has the characteristics of low power consumption and high safety. And further, the encryption and decryption technology which is applicable to the Internet of vehicles and has the characteristics of low delay, low power consumption and high safety is realized.
Description
Technical Field
The invention belongs to the field of data encryption of the Internet of vehicles, and particularly relates to a lightweight block cipher IoVCipher implementation method and system suitable for an Internet of vehicles terminal.
Background
At present, the informatization and the intellectualization of automobiles are continuously popularized, the internet of vehicles technology has been widely applied to mass production automobile types of various large factories, and the related safety problems of the internet of vehicles technology are increasingly highlighted. Automobiles in the internet of vehicles are equipped with hundreds of Electronic Control Units (ECU) connected in the CAN bus. These ECUs are used to perform driving functions such as movement of an accelerator, a brake, a steering wheel, and the like. However, due to the simple communication mode between the ECUs, the data transmission process is most likely to be tampered by replay attack, and the confidentiality, the integrity and the authenticity of the data are tested. In the Blackhat conference of 2016, charlie Miller and Chris Valasek show a remote hacking technology, and accelerator, brake, steering and electronic parking brake can be controlled during high-speed running, so that the problems of data security and the like on the vehicle network are attracting wide attention of people at home and abroad. The commercial passwords are promoted to be applied to the field of Internet of vehicles, so that the attacks can be resisted through the encryption functions such as identity verification, integrity and confidentiality, and finally the harm to save the lives of people can be avoided. Therefore, the safety of the Internet of vehicles requires a cryptographic algorithm as a basic support, and the cryptographic algorithm is the most effective, reliable and economical means for solving the safety problem of the Internet of vehicles.
Because of the limitation of application environment, a large-sized high-performance processing device cannot be used, so that the traditional cryptographic algorithm (such as AES and DES) cannot play its role in the environment of the internet of vehicles terminal, and in order to meet the real-time requirement of the new computing mode, a proper lightweight block cipher is of great importance. However, the application scenarios of different lightweight passwords are different, the NIST considers that the key of the lightweight block password should not be less than 128 bits, and in addition, the CAN bus in the internet of vehicles transmits 64 bits per frame, so that most of lightweight password algorithms CAN not meet the requirements of the internet of vehicles in order to ensure the security of the internet of vehicles. Aiming at the characteristics of a CAN bus and an ECU in the Internet of vehicles, santosh Ghosh et al select four lightweight password algorithms, namely a lightweight block password PRINCE, SIMON, SPECK and a PRESENT, which are most suitable for an Internet of vehicles platform from a plurality of lightweight passwords to perform hardware optimization so as to adapt to the novel environment of the Internet of vehicles.
However, a specially designed lightweight block cipher algorithm under the special application requirement is not found yet, so that it is necessary to design a lightweight block cipher algorithm for the internet of vehicles terminal.
Disclosure of Invention
The invention aims at solving the safety problems of CAN bus in a vehicle network, personal privacy in an ECU, data transmission and the like, and provides a lightweight block cipher IoVCipher implementation method and a system suitable for a vehicle networking terminal.
On one hand, the invention provides a lightweight block cipher IoVCipher implementation method suitable for a vehicle networking terminal, which is used for encrypting data in the vehicle networking terminal and comprises the following steps of:
s1: acquiring plaintext data and an initial key;
s2: dividing the plaintext data into 64-bit plaintext data sets or 32-bit plaintext data sets, dividing the initial key into 128-bit initial key data sets, and each set of plaintext data sets corresponds to one set of initial key data;
s3: performing iterative encryption operation on an input plaintext data set through a round function of a novel generalized Feistel structure to obtain an encryption result;
and when each round of iterative encryption is performed, the intermediate data set obtained by the previous round of iterative encryption is used as a plaintext data set of the next round of iterative encryption, and when each round of iterative encryption is performed, a 32-bit or 16-bit sub-key data set is obtained for each group of plaintext data set based on the corresponding initial key, wherein the 64-bit and 32-bit plaintext data sets correspond to the 32-bit and 16-bit sub-key data sets respectively.
The IoVCipher implementation method provided by the invention is used for carrying out safety protection on transmission data between ECUs under the CAN bus of the vehicle networking terminal. According to the data frame format of the CAN bus, the packet length is set to be 64 bits and 32 bits, meanwhile, the light-weight password design rule given by NIST in 2017 is followed, and the key length is set to be 128 bits, so that a user CAN select different packet length password algorithms according to the requirements of application scenes, and the requirements of the vehicle networking terminal CAN be met.
Optionally, the round function includes F 1 Function operation, F 1 The function operation at least comprises an expanding operation and a sequencing operation, and the executing process of the expanding operation is as follows:
a1: will input F 1 The 16-bit data of the function operation is denoted as H and is divided into 4 parts h=h 0 ||H 1 ||H 2 ||H 3 Any part is 4 bits, part H of the ith part i Expressed as: h i =H (i,0) ||H (i,1) ||H (i,2) ||H (i,3) ,(0≤i≤3),H (i,0) ||H (i,1) ||H (i,2) ||H (i,3) Respectively represent part H i 1-4 positions in (a);
a2: respectively expanding each part of H by using the first 4 bits of the CAN ID in the Internet of vehicles to obtain a 32-bit middle group;
the squeezing operation is used for compressing 32-bit data to obtain a 16-bit output result.
The invention takes the CAN ID in the specific CAN bus data frame format of the Internet of vehicles as a characteristic, and introduces the characteristic into the expanding operation. Wherein, CAN ID is the address identification that represents ECU, and different CAN IDs represent different ECUs, make the encryption process of every ECU unrepeatable along with the difference of CANID. In addition, since the CAN ID is introduced in the expansion operation to expand the encrypted data from 16 bits to 32 bits, the squeezing operation compresses the data to restore the encrypted data to 16 bits again.
Optionally, the intermediate data set expanded in step a2 is expressed as:
E=D 0 ||H (0,0) ||H (0,1) ||D 1 ||D 2 ||H (0,2) ||H (0,3) ||D 3 ||D 0 ||H (1,0) ||H (1,1) ||D 1 ||D 2 ||H (1,2) ||H (1,3) ||D 3 ||D 0 ||H (2,0) ||H (2,1) |
|D 1 ||D 2 ||H (2,2) ||H (2,3) ||D 3 ||D 0 ||H (3,0) ||H (3,1) ||D 1 ||D 2 ||H (3,2) ||H (3,3) ||D 3 the method comprises the steps of carrying out a first treatment on the surface of the Wherein D is 0 ||D 1 ||D 2 ||D 3 The first 4 bits of the CAN ID.
Optionally, the expanding operation and the ordering operation are further performed: s box replacement, wherein the result obtained after the expanding operation is divided into 4 parts, each part is 8 bits, and then 8 x 8S box replacement operation is carried out to obtain 32-bit intermediate result E';
the 8 x 8S boxes in the S box replacement are designed by using a cellular automaton rule technology, and the process is as follows:
b1: the input 8-bit data L is divided into two parts, denoted as: l=l 0 ||L 1 ,L 0 ||L 1 Respectively representing two parts of data L;
b2: taking L 0 =M 0 ||M 1 ||M 2 ||M 3 P substitution is carried out to obtain an intermediate result L' 0 =M 0 ||M 2 ||M 3 ||M 1 Wherein M is 0 ||M 1 ||M 2 ||M 3 Respectively represent data L 0 1-4 positions in (a);
b3: intermediate result L 'obtained in step b 2' 0 4X 4S-box substitution was performed to obtain an intermediate result L' 0 Wherein, the 4X 4S box is one of (1, 2) S boxes in the paper of Lightweight and Side-channel Secure 4X 4S-Boxes from Cellular Automata Rules;
b4: intermediate result L' obtained by step b3 operation 0 Performing bit exclusive OR with the S box wheel constant to obtain an intermediate result L '' 0 Wherein the S-box round constant is the number of iterations that currently generate the S-box;
b5: intermediate results L 'obtained from step b4 operations' 0 And L is equal to 1 Performing bitwise exclusive OR to obtain an intermediate result L' 1 ;
b6: the intermediate result of the current round is expressed as: t=l' 1 ||L 0 ;
b7: and b2-b6 are repeated by taking the intermediate result T as input data to perform SRr round iterative operation to obtain an output result of the 8X 8S box, wherein SRr is the total round number of S box replacement.
The method adopts cellular automaton rule technology in the nonlinear part, and utilizes the 4X 4S box to obtain the 8X 8S box through the Feistel structure, wherein the S box has the characteristics of low power consumption, low area and high safety.
Further alternatively, each set of 128-bit initial keys is denoted k=k 0 ||K 1 ||K 2 ||K 3 ||K 4 ||K 5 ||K 6 ||K 7 Wherein the j th group K j For 16 bits, j is more than or equal to 0 and less than or equal to 7, and the process of obtaining the 32-bit or 16-bit sub-key data set based on the initial key in each round of iterative encryption is as follows:
c1: if the intermediate data set is 64 bits, each round takes a 32-bit initial key in the initial key data set, expressed as:if the intermediate data set is 32 bits, each round takes a 16-bit initial key in the initial key data set, expressed as: />Wherein Nr is the current number of rounds, +.>Respectively represent N in the initial key r -1 divided by 8 and remainder determined set of data, N r Dividing by 8 and taking the remainder of the determined set of data;
c2: whether the intermediate data set is 64 bits or 32 bitsExclusive OR is performed with the higher 5 bits of the (2) and the round constant to obtain +.>Wherein the round constant is the iteration number of the current round function;
c3: the result obtained after the operation of the step c2Circularly right shifting 3 bits to obtain +.>
c4: taking the result obtained in the step c3Middle and rear 8 bitsS box replacement to obtain intermediate results
If the intermediate data set is 64 bits, the intermediate result obtained after the operation of step c4 is obtainedAnd (3) withPerforming bitwise exclusive OR to obtain intermediate result +.>
c5: the sub-key data set of Nr round is obtained according to the following rule, wherein if the intermediate data set is 64 bits, the sub-key isIf the intermediate data set is 32 bits, the sub-key data set is +.>
Further optionally, the round function includes F 1 Function operation, bitwise exclusive or operation, round key addition operation, RP substitution operation;
wherein, the process of the RP replacement operation is expressed as follows:
if the intermediate data set is 64 bits, the result obtained by round key addition is denoted as G, and g=g is divided from the upper bits to the lower bits by every 8 bits 0 ||G 1 ||G 2 ||G 3 ||G 4 ||G 5 ||G 6 ||G 7 The result after RP replacement is denoted as G': g' =g 6 ||G 3 ||G 7 ||G 2 ||G 1 ||G 4 ||G 0 ||G 5 ;
If the intermediate data set is 32 bits, the result obtained by round key addition is marked as G, and every 8 bits are from high order to low orderLine division g=g 0 ||G 1 ||G 2 ||G 3 The result after RP replacement is denoted as G': g' =g 2 ||G 3 ||G 0 ||G 1 。
In a second aspect, the present invention provides a method for implementing a lightweight block cipher IoVCipher applicable to a terminal of the internet of vehicles, for decrypting encrypted data generated based on the foregoing method, including the following steps:
s1-1: acquiring a ciphertext data set and an initial key set, wherein the ciphertext data set is an encryption result obtained by adopting the method;
s1-2: dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
s1-3: performing iterative decryption operation on the input ciphertext data set through a round function of a generalized Feistel structure to obtain a decryption result;
and in each round of decryption, taking the intermediate data set obtained by the previous round of iterative decryption as the ciphertext data set of the next round of iterative decryption, wherein the sub-key data set in the nth round of decryption corresponds to the sub-key data set in the Rr-N+1 round of encryption, and Rr is the total number of iterations.
In a third aspect, the present invention provides a system based on a lightweight block cipher IoVCipher implementation method, including:
the encryption/decryption data acquisition module is used for acquiring plaintext data and an initial key in an encryption process; and/or an acquisition ciphertext data set and an initial key set for acquiring a decryption process;
the data grouping module is used for dividing the plaintext data into 64-bit plaintext data groups or 32-bit plaintext data groups, the initial key is divided into 128-bit initial key data groups, and each group of plaintext data groups corresponds to one group of initial key data; and/or the method is used for dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
encryption/decryption module: and performing Rr round iterative encryption operation on the input plaintext data set through a round function of the generalized Feistel structure to obtain an encryption result, and/or performing iterative decryption operation on the input ciphertext data set through a round function of the generalized Feistel structure to obtain a decryption result.
In a fourth aspect, the present invention provides an internet of vehicles terminal, comprising:
one or more processors;
a memory storing one or more programs;
the processor invokes a computer program to implement:
the method for realizing encryption or decryption comprises the steps of a lightweight block cipher IoVCipher realization method suitable for a vehicle networking terminal.
In a fifth aspect, the present invention provides a readable storage medium storing a computer program, the computer program being invoked by a processor to implement:
the method for realizing encryption or decryption comprises the steps of a lightweight block cipher IoVCipher realization method suitable for a vehicle networking terminal.
Advantageous effects
1. The lightweight block cipher IoVCipher implementation method suitable for the Internet of vehicles terminal is suitable for encrypting and decrypting data transmission among ECUs under the CAN bus of the Internet of vehicles terminal. According to the method, the packet length is set to be 64 bits and 32 bits according to the data frame format of the CAN bus, meanwhile, a light-weight password design rule given by NIST in 2017 is followed, the key length is set to be 128 bits, the requirement of the Internet of vehicles CAN be further met, namely, a user CAN select different packet length password algorithms according to the application scene requirement.
2. In a further preferred embodiment of the present invention, in F 1 The function operation introduces an expanding operation and a sequencing operation, wherein the expanding operation introduces CAN IDs in a CAN bus data frame format specific to the Internet of vehicles, the CAN IDs are address identifiers representing the ECU, and different CAN IDsRepresenting different ECUs, the encryption process of the method changes along with the change of the CAN ID, so that the encryption process of each ECU is not repeatable, and the safety of the Internet of vehicles is enhanced. In addition, since the CAN ID is introduced in the expansion operation to expand the encrypted data from 16 bits to 32 bits, the squeezing operation compresses the data to restore the encrypted data to 16 bits again.
3. In a further preferred scheme of the invention, a cellular automaton rule technology is adopted in the nonlinear part, and an 8X 8S box is obtained through a Feistel structure by utilizing a 4X 4S box, wherein the S box has the characteristics of low power consumption, low area and high safety.
Drawings
Fig. 1 is a schematic diagram of an encryption flow of the IoVCipher-64 implementing method of the lightweight block cipher IoVCipher applicable to a vehicle networking terminal;
fig. 2 is a schematic diagram of an IoVCipher-32 encryption flow of a lightweight block cipher IoVCipher implementation method applicable to a vehicle networking terminal;
FIG. 3 is a schematic diagram of the implementation of the method of the present invention 1 A functional structure diagram;
fig. 4 is a schematic diagram of an 8×8S box generation structure according to the implementation method of the present invention.
Detailed Description
The lightweight block cipher IoVCipher implementation method suitable for the Internet of vehicles terminal is a specially designed algorithm suitable for data encryption and decryption in the Internet of vehicles, and effectively solves the safety problems of personal privacy, data transmission and the like in a CAN bus and an ECU in the Internet of vehicles. The invention will be further illustrated with reference to examples.
The invention discloses a lightweight block cipher IoVCipher which adopts a novel generalized Feistel structure, wherein the block length is set to 64 bits and 32 bits according to the data frame format of a CAN bus, and meanwhile, the lightweight cipher design rule given by NIST in 2017 is followed, and the key length is set to 128 bits, so that the IoVCipher algorithm provided by the invention is divided into: ioVCipher-64 and IoVCipher-32.
Example 1:
the present embodiment is directed to: ioVCipher-64 and IoVCipher-32, the lightweight block cipher IoVCipher implementation method applicable to the Internet of vehicles terminal provided by the embodiment is divided into an encryption process and a decryption process.
The encryption process comprises the following steps: the following steps S1-S3 are specifically as follows:
s1: acquiring plaintext data and an initial key;
s2: dividing the plaintext data into 64-bit plaintext data sets or 32-bit plaintext data sets, dividing the initial key into 128-bit initial key data sets, and each set of plaintext data sets corresponds to one set of initial key data;
s3: performing iterative encryption operation on an input plaintext data set through a round function of a novel generalized Feistel structure to obtain an encryption result;
and when each round of iterative encryption is performed, the intermediate data set obtained by the previous round of iterative encryption is used as a plaintext data set of the next round of iterative encryption, and when each round of iterative encryption is performed, a 32-bit or 16-bit sub-key data set is obtained for each group of plaintext data set based on the corresponding initial key, wherein the 64-bit and 32-bit plaintext data sets correspond to the 32-bit and 16-bit sub-key data sets respectively.
It should be noted that the round function of the novel generalized Feistel structure has many possible and alternative ways, and the round function provided in the following example 2 is the best implementation of the present invention, but the present invention is not limited thereto.
The decryption process is steps S1-1 to S1-3, specifically:
s1-1: acquiring a ciphertext data set and an initial key set, wherein the ciphertext data set is an encryption result obtained by adopting the method;
s1-2: dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
s1-3: performing iterative decryption operation on the input ciphertext data set through a round function of a generalized Feistel structure to obtain a decryption result;
and in each round of decryption, taking the intermediate data set obtained by the previous round of iterative decryption as the ciphertext data set of the next round of iterative decryption, wherein the sub-key data set in the nth round of decryption corresponds to the sub-key data set in the Rr-N+1 round of encryption, and Rr is the total number of iterations.
It should be understood that the decryption process corresponds to the encryption process.
Example 2:
on the basis of embodiment 1, the round function is further constrained in this embodiment, and the encryption process round function in this embodiment mainly includes: f (F) 1 Function operation (F) 1 Function), bitwise exclusive-or operation (XOR), round key addition operation (add_round key), RP permutation operation (RP).
The round function of the decryption process mainly comprises: f (F) 1 Function operation (F) 1 Function), bitwise exclusive-or operation (XOR), round key addition operation (add_round_key), inverse RP permutation operation (rRP).
Taking an encryption process as an example, the total number of iterations of the iterative encryption process is taken as 18 as an example:
A1:F 1 the function operates. If nr=1 and the plaintext data sets are 64 bits each, each set of 64 bits is denoted as P, then p=p 0 ||P 1 ||P 2 ||P 3 ||P 4 ||P 5 ||P 6 ||P 7 . Taking P 1 ||P 2 And P 5 ||P 6 F is respectively carried out 1 Function operation, obtaining intermediate result P 1 ′||P 2 ' and P 5 ′||P 6 'A'; if nr=1 and the plaintext data sets are 32 bits per set, each set of 32 bits is denoted as P, then p=p 0 ||P 1 ||P 2 ||P 3 . Taking P 1 ||P 2 F is carried out 1 Function operation, obtaining intermediate result P' 1 ||P′ 2 The method comprises the steps of carrying out a first treatment on the surface of the If 1<Nr.ltoreq.18 and the intermediate data sets are 64 bits each, each set of 64 bits being denoted Z, then z=z 0 ||Z 1 ||Z 2 ||Z 3 ||Z 4 ||Z 5 ||Z 6 ||Z 7 . Taking Z 1 ||Z 2 And Z 5 ||Z 6 F is respectively carried out 1 Function operation, getIntermediate results Z' 1 ||Z′ 2 And Z' 5 ||Z′ 6 The method comprises the steps of carrying out a first treatment on the surface of the If 1<Nr.ltoreq.18 and 32 bits per group of intermediate data, each group of 32 bits being denoted Z, then z=z 0 ||Z 1 ||Z 2 ||Z 3 . Taking Z 1 ||Z 2 F is carried out 1 Function operation, obtaining intermediate result Z' 1 ||Z′ 2 。
In this embodiment, in order to enhance the algorithm security, F is also preferred 1 The function operation is an expanding operation, an S-box replacement operation (sub_Swap), and a squeezing operation in sequence. In other possible embodiments, if the expanding operation is introduced, the ordering operation is required to be introduced correspondingly, and other constraints are not present.
Wherein F is 1 The procedure of the function operation is as follows:
a1: will input F 1 The 16-bit data of the function operation is denoted as H and is divided into 4 parts h=h 0 ||H 1 ||H 2 ||H 3 Each part is 4 bits H i =H (i,0) ||H (i,1) ||H (i,2) ||H (i,3) ,(0≤i≤3)。
a2: and (5) expanding operation. Using the first 4 bits (D 0 ||D 1 ||D 2 ||D 3 ) Expanding each part of H, expanding the data from 16 bits to 32 bits, resulting in 32-bit intermediate data e=d 0 ||H (0,0) ||H (0,1) ||D 1 ||D 2 ||H (0,2) ||H (0,3) ||D 3 ||D 0 ||H (1,0) ||H (1,1) ||D 1 ||D 2 ||H (1,2) ||H (1,3) ||D 3 ||D 0 ||H (2,0) ||H (2,1) ||D 1 ||D 2 ||H (2,2) ||H (2,3) ||D 3 ||D 0 ||H (3,0) ||
H (3,1) ||D 1 ||D 2 ||H (3,2) ||H (3,3) ||D 3 。
It should be appreciated that the above-described expansion is an illustration of the present invention, and that other possible embodiments of the expansion technique implemented without departing from the purpose of the expansion are within the scope of the present invention.
a3: s-box replacement operation. The result obtained after the expanding operation is divided into 4 parts, each part is 8 bits, and an 8×8S-box substitution operation is performed to obtain a 32-bit intermediate result E'.
a4: and (5) performing a squeezing operation. The 32-bit intermediate result obtained by S-box substitution is expressed as E ' =e ' ' 0 ||E′ 1 ||E′ 2 ||E′ 3 . First, E 'is' 0 、E′ 1 Exclusive or to obtain result E 0 . And then E 0 、E′ 2 Exclusive OR of each other to obtain result E'. 0 . Thus, the final 16-bit output result E'. 0 ||E′ 3 。
Among other things, it should be appreciated that there are many possible ways in which the S-box replacement operation could be performed according to the prior art in the field, and the invention is not limited in particular to this. In order to optimize the algorithm, the 8×8S-boxes in the S-box substitution are preferably designed by using the cellular automaton rule technology, and the procedure is as follows:
b1: the input 8-bit data L is divided into two parts, denoted as: l=l 0 ||L 1 ,L 0 ||L 1 Respectively representing two parts of the data L.
b2: taking L 0 =M 0 ||M 1 ||M 2 ||M 3 P substitution is carried out to obtain an intermediate result L' 0 =M 0 ||M 2 ||M 3 ||M 1 Wherein M is 0 ||M 1 ||M 2 ||M 3 Respectively represent data L 0 1-4 positions in (a);
b3: intermediate result L 'obtained in step b 2' 0 4X 4S-box substitution was performed to obtain an intermediate result L' 0 =Sbox_4(L′ 0 ) Wherein, the 4×4S box is one of (1, 2) S boxes in Lightweight and Side-channel Secure 4×4S-Boxes from Cellular Automata Rules paper, and the S boxes are {0,6, C,8,9,5,1, E,3,4, A,7,2, B, D, F };
the local rules of the (1, 2) class S box areSuch S-boxes can yield 24 different 4X 4S-boxes, and one of the 4X 4S-boxes is used in the method of the invention, wherein the S-boxes are {0,6, C,8,9,5,1, E,3,4, A,7,2, B, D, F }. In addition, the invention performs a simple hardware optimization on the S box, and the local rule is +.>The S box generated by the optimized local rule is unchanged, but the hardware implementation area is reduced.
b4: intermediate result L' obtained by step b3 operation 0 Performing bit exclusive OR with the S box wheel constant to obtain an intermediate result L '' 0 Wherein the S-box round constant is the number of iterations that currently generate the S-box; in this embodiment, the number of rounds SRr is 4, so the round constant is 3 bits, and the intermediate result L' 0 Lower 3 bits L 0 Sequentially performing exclusive OR with the S box wheel constant to obtain an intermediate result
b5: intermediate results L 'obtained from step b4 operations' 0 And L is equal to 1 Performing bitwise exclusive OR to obtain an intermediate result L' 1 :
b6: the intermediate result of the current round is expressed as: t=l' 1 ||L 0 ;
b7: and (3) taking the intermediate result T as input data, repeating the steps b2-b6 to perform SRr round iterative operation to obtain an output result of 8×8S boxes, wherein SRr is the total round number of S box replacement.
A2: and performing exclusive OR operation by bit. If nr=1 and the plaintext data sets are 64 bits per set, then F will be 1 Results E obtained after the function operation 0 ||E 1 ||E 2 ||E 3 Respectively with P 0 、P 3 And P 4 、P 7 Performing exclusive OR operation to obtain intermediate result P' 0 、P′ 3 、P′ 4 、P′ 7 Expressed as:if nr=1 and the plaintext data sets are 32 bits per set, then F will be 1 Results E obtained after the function operation 0 ||E 1 Respectively with P 0 、P 3 Performing exclusive OR operation to obtain an intermediate result P 0 、P 3 Expressed as: />If 1<Nr.ltoreq.18 and intermediate data sets of 64 bits each, F 1 The results obtained after the function operation are respectively E 0 ||E 1 ||E 2 ||E 3 And Z is 0 、Z 3 And Z 4 、Z 7 Performing exclusive OR operation to obtain an intermediate result Z' 0 、Z′ 3 、Z′ 4 、Z′ 7 Expressed as: />If 1<Nr.ltoreq.18 and 32 bits per intermediate data set, F 1 Results E obtained after the function operation 0 ||E 1 Respectively with Z 0 、Z 3 Performing exclusive OR operation to obtain an intermediate result Z' 0 、Z′ 3 Expressed as: />
A3: round key addition operations. If nr=1 and the plaintext data sets are 64 bits each, the result P 'obtained after the exclusive-or operation will be' 0 、P′ 3 、P′ 4 、P′ 7 Exclusive or with 32-bit sub-key data sets in sequence, where sk=sk 0 ||SK 1 ||SK 2 ||SK 3 Obtaining an intermediate result P 0 、P″ 3 、P″ 4 、P″ 7 Expressed as:if nr=1 and is clearEach group of the text data is 32 bits, and the result P 'obtained after the exclusive OR operation' 0 、P′ 3 Exclusive or operation with 16-bit sub-key data sets in turn, where sk=sk 0 ||SK 1 Obtaining an intermediate result P 0 、P″ 3 The method is specifically expressed as follows: if 1<Nr is less than or equal to 18, each intermediate data set is 64 bits, and the result Z 'obtained after the exclusive OR operation is obtained' 0 、Z′ 3 、Z′ 4 、Z′ 7 Sequentially performing exclusive OR operation with the 32-bit sub-key data sets to obtain an intermediate result Z ', and obtaining an intermediate result Z' 0 、Z″ 3 、Z″ 4 、Z″ 7 The method is specifically expressed as follows: />If 1<Nr is less than or equal to 18, each intermediate data set is 32 bits, and the result Z 'obtained after the exclusive OR operation is obtained' 0 、Z′ 3 Sequentially performing exclusive OR operation with the 16-bit sub-key data sets to obtain an intermediate result Z ', and obtaining an intermediate result Z' 0 、Z″ 3 The method is specifically expressed as follows:
a4: RP permutation operation. If nr=1 and each of the plaintext data sets is 64 bits, the round key is added to the result p″ 0 ||P 1 ||P 2 ||P″ 3 ||P″ 4 ||P 5 ||P 6 ||P″ 7 Obtaining an intermediate result Z after RP replacement; if nr=1 and the plaintext data sets are 32 bits each, the round key is added to the result P "" 0 ||P 1 ||P 2 ||P″ 3 Obtaining an intermediate result Z after RP replacement; if 1<Nr is less than or equal to 18, each intermediate data set is 64 bits, and a result Z' obtained by adding the round key is obtained 0 ||Z 1 ||Z 2 ||Z″ 3 ||Z″ 4 ||Z 5 ||Z 6 ||Z″ 7 Obtaining an intermediate result Z after RP replacement; if 1<Nr is less than or equal to 18, each intermediate data set is 32 bits, and a result Z' obtained by adding the round key is obtained 0 ||Z 1 ||Z 2 ||Z″ 3 Intermediate result Z is obtained after RP replacement.
Wherein, RP replacement operation includes the following steps:
if the data set is 64 bits, the result obtained by adding the round key is denoted as G, and g=g is divided from the upper bit to the lower bit by 8 bits 0 ||G 1 ||G 2 ||G 3 ||G 4 ||G 5 ||G 6 ||G 7 After RP replacement: g' =g 6 ||G 3 ||G 7 ||G 2 ||G 1 ||G 4 ||G 0 ||G 5 As shown in table 1:
if the data set is 32 bits, the result obtained by round key addition is marked as G, and G=G is divided from high order to low order by every 8 bits 0 ||G 1 ||G 2 ||G 3 After RP replacement: g' =g 2 ||G 3 ||G 0 ||G 1 。
TABLE 1RP replacement (IoVCipher-64)
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 6 | 3 | 7 | 2 | 1 | 4 | 0 | 5 |
Wherein if the data set is 64 bits, the result obtained after the previous round of decryption is denoted as G, and g=g is divided from the upper bits to the lower bits by every 8 bits 0 ||G 1 ||G 2 ||G 3 ||G 4 ||G 5 ||G 6 ||G 7 After reverse RP replacement: g' =g 6 ||G 4 ||G 3 ||G 1 ||G 5 ||G 7 ||G 0 ||G 2 As shown in table 2:
table 2rRP substitution (IoVCipher-64)
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 6 | 4 | 3 | 1 | 5 | 7 | 0 | 2 |
If the data set is 32 bits, the result obtained after the previous round of decryption is recorded as G, and then the result G' is obtained through reverse RP replacement, wherein the reverse RP replacement in the decryption process is consistent with the RP replacement in encryption.
In summary, for IoVCipher-32, the encryption and decryption flows of the algorithm can be multiplexed. For IoVCipher-64, the RP permutation of the algorithm is not reflexive, so the encryption and decryption flows of the algorithm can be multiplexed with other parts except the RP permutation part.
Example 3:
in this embodiment, based on embodiment 1, the 32-bit or 16-bit subkey data set corresponding to each plaintext data set in each round of iterative encryption process is obtained as follows. The method comprises the following steps:
let the initial key of each set of 128 bits be k=k 0 ||K 1 ||K 2 ||K 3 ||K 4 ||K 5 ||K 6 ||K 7 Wherein the j th group K j For 16 bits, j is more than or equal to 0 and less than or equal to 7, and the process of obtaining the 32-bit or 16-bit sub-key data set based on the initial key in each round of iterative encryption is as follows:
c1: if the intermediate data set is 64 bits, each round takes 32 bits of initial key in the initial key data set, tableThe method is shown as follows:if the intermediate data set is 32 bits, each round takes 16 bits of initial key in the initial key data set, expressed as: />Where Nr is the current number of rounds.
c2: whether the intermediate data set is 64 bits or 32 bitsExclusive OR is performed with the higher 5 bits of the (2) and the round constant to obtain +.>Wherein the round constant is the iteration number of the current round function;
c3: the result obtained after the operation of the step c2Circularly right shifting 3 bits to obtain +.>
c4: taking the result obtained in the step c3S box replacement is carried out on the middle and the rear 8 bits to obtain a middle result
If the intermediate data set is 64 bits, the intermediate result obtained after the operation of step c4 is obtainedAnd (3) withPerforming bitwise exclusive OR to obtain intermediate result +.>
c5: obtaining the sub-key data group of the Nr round according to the following rule, wherein if the intermediate data group is 64 bits, the sub-key data group isIf the intermediate data set is 32 bits, the sub-key data set is +.>
It should be understood that the foregoing manner is the best possible manner of this embodiment, and in other embodiments, it is possible to obtain the 32-bit subkey data set and the 16-bit subkey data set from the 128-bit initial key data set in other manners on the basis of satisfying that the 64-bit and the 32-bit plaintext data sets respectively correspond to the 32-bit subkey data set, which falls within the protection scope of the present invention.
Based on the theoretical statements above, ioVCipher encryption describes algorithm 1 as follows:
input: p (plaintext 64 bits), K (key 128 bits);
and (3) outputting: c (ciphertext 64 bits);
1.V=V 0 ||V 1 ||V 2 ||V 3 ||V 4 ||V 5 ||V 6 ||V 7 ←P;SK 0 ,SK 1 ,SK 2 ,SK 3 ←K;
2.for i=1 to Nr=18do;
3.E 0 ,E 1 ←F 1 _Function(V 1 ||V 2 ),E 2 ,E 3 ←F 1 _Function(V 5 ||V 6 );
4.V 0 ←XOR(V 0 ,E 0 );V 3 ←XOR(V 3 ,E 1 );V 4 ←XOR(V 4 ,E 2 );V 7 ←XOR(V 7 ,E 3 );
5.V 0 ←Add_RoundKey(V 0 ,SK 0 );V 3 ←Add_RoundKey(V 3 ,SK 1 );
V 4 ←Add_RoundKey(V 4 ,SK 2 );V 7 ←Add_RoundKey(V 7 ,SK 3 );
6.RP(V);
7.end for
8.C←V;
based on the theoretical statement above, ioVCipher decryption describes algorithm 2 as follows:
input: c (ciphertext 64 bits), K (key 128 bits);
and (3) outputting: p (plaintext 64 bits);
1.T=T 0 ||T 1 ||T 2 ||T 3 ||T 4 ||T 5 ||T 6 ||T 7 ←C;SK 0 ,SK 1 ,SK 2 ,SK 3 ←K
2.for i=1to Nr=18do;
3.rRP(T);
4.T 0 ←Add_RoundKey(T 0 ,SK 0 );T 3 ←Add_RoundKey(T 3 ,SK 1 );
T 4 ←Add_RoundKey(T 4 ,SK 2 );T 7 ←Add_RoundKey(T 7 ,SK 3 );
5.E 0 ,E 1 ←F 1 _Function(T 1 ||T 2 );E 2 ,E 3 ←F 1 _Function(T 5 ||T 6 );
6.T 0 ←XOR(T 0 ,E 0 );T 3 ←XOR(T 3 ,E 1 );T 4 ←XOR(T 4 ,E 2 );T 7 ←XOR(T 7 ,E 3 );
7.end for
8.P←T;
example 4:
the embodiment provides a system based on a lightweight block cipher IoVCipher implementation method, which comprises:
the encryption/decryption data acquisition module is used for acquiring plaintext data and an initial key in an encryption process; and/or an acquisition ciphertext data set and an initial key set for acquiring a decryption process;
the data grouping module is used for dividing the plaintext data into 64-bit plaintext data groups or 32-bit plaintext data groups, the initial key is divided into 128-bit initial key data groups, and each group of plaintext data groups corresponds to one group of initial key data; and/or the method is used for dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
encryption/decryption module: and performing Rr round iterative encryption operation on the input plaintext data set through a round function of the generalized Feistel structure to obtain an encryption result, and/or performing iterative decryption operation on the input ciphertext data set through a round function of the generalized Feistel structure to obtain a decryption result.
It should be understood that the encryption/decryption module is set according to the encryption/decryption application requirement of the actual internet of things terminal, and can be used for encryption or decryption. It should be further understood that, in the specific implementation process of the above unit module, reference is made to the method content, and the present invention is not specifically described herein, and the division of the functional module unit is merely a division of a logic function, and there may be another division manner in actual implementation, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted or not implemented. Meanwhile, the integrated units can be realized in a hardware form or a software functional unit form.
Example 5:
the embodiment provides a car networking terminal, it includes:
one or more processors;
a memory storing one or more programs;
the processor invokes a computer program to implement:
the method for realizing encryption or decryption comprises the steps of a lightweight block cipher IoVCipher realization method suitable for a vehicle networking terminal.
For a specific implementation of each step, please refer to the description of the foregoing method.
It should be appreciated that in embodiments of the present invention, the processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The memory may include read only memory and random access memory and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type.
Example 6:
the present invention provides a readable storage medium storing a computer program, the computer program being invoked by a processor to implement:
the method for realizing encryption or decryption comprises the steps of a lightweight block cipher IoVCipher realization method suitable for a vehicle networking terminal.
For a specific implementation of each step, please refer to the description of the foregoing method.
The readable storage medium is a computer readable storage medium, which may be an internal storage unit of the controller according to any one of the foregoing embodiments, for example, a hard disk or a memory of the controller. The readable storage medium may also be an external storage device of the controller, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the controller. Further, the readable storage medium may also include both an internal storage unit and an external storage device of the controller. The readable storage medium is used to store the computer program and other programs and data required by the controller. The readable storage medium may also be used to temporarily store data that has been output or is to be output.
Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Data analysis and effect verification
When CAN id=2, the IoVCipher-64 algorithm test data of the present invention are shown in table 3:
TABLE 3 IoVCipher-64 test vectors
When CAN id=2, the IoVCipher-32 algorithm test data of the present invention are shown in table 4:
TABLE 4 IoVCipher-32 test vectors
The dependency test of the IoVCipher password is shown in tables 5-6, and the algorithm structure has a very good diffusion effect.
TABLE 5 dependence test of IoVCipher-64
TABLE 6 dependency test of IoVCipher-32
The IoVCipher cryptographic algorithm is realized in ASIC hardware, and an integrated process library IBM130nm-8RF is adopted. As shown in Table 7, the IoVCipher-64 footprint resource is 1416.5GE and the IoVCipher-32 footprint resource is 1000.5GE.
Table 7 ASIC implementation of the lightweight cryptographic algorithm IoVCipher algorithm
It should be emphasized that the examples described herein are illustrative rather than limiting, and that this invention is not limited to the examples described in the specific embodiments, but is capable of other embodiments in accordance with the teachings of the present invention, as long as they do not depart from the spirit and scope of the invention, whether modified or substituted, and still fall within the scope of the invention.
Claims (8)
1. The lightweight block cipher IoVCipher implementation method suitable for the Internet of vehicles terminal is characterized by comprising the following steps of: the method is used for encrypting the data in the Internet of vehicles terminal and comprises the following steps of:
s1: acquiring plaintext data and an initial key;
s2: dividing the plaintext data into 64-bit plaintext data sets or 32-bit plaintext data sets, dividing the initial key into 128-bit initial key data sets, and each set of plaintext data sets corresponds to one set of initial key data;
s3: performing iterative encryption operation on an input plaintext data set through a round function of a novel generalized Feistel structure to obtain an encryption result;
the method comprises the steps that during each round of iterative encryption, an intermediate data set obtained by the previous round of iterative encryption is used as a plaintext data set of the next round of iterative encryption, and during each round of iterative encryption, a 32-bit or 16-bit sub-key data set is obtained for each plaintext data set based on a corresponding initial key, wherein 64-bit and 32-bit plaintext data sets correspond to 32-bit and 16-bit sub-key data sets respectively;
the round function includes F 1 Function operation, F 1 The function operation at least comprises an expanding operation and a sequencing operation, and the executing process of the expanding operation is as follows:
a1: will input F 1 The 16-bit data of the function operation is denoted as H and is divided into 4 parts h=h 0 ||H 1 ||H 2 ||H 3 Any part is 4 bits, part H of the ith part i Expressed as: h i =H (i,0) ||H (i,1) ||H (i,2) ||H (i,3) ,(0≤i≤3),H (i,0) ||H (i,1) ||H (i,2) ||H (i,3) Respectively represent part H i 1-4 positions in (a);
a2: respectively expanding each part of H by using the first 4 bits of the CAN ID in the Internet of vehicles to obtain a 32-bit middle group;
the squeezing operation is used for compressing 32-bit data to obtain a 16-bit output result;
the expanding operation and the squeezing operation are further executed: s box replacement, wherein the result obtained after the expanding operation is divided into 4 parts, each part is 8 bits, and then 8X 8S box replacement operation is carried out to obtain a 32-bit intermediate result E';
the 8 x 8S boxes in the S box replacement are designed by using a cellular automaton rule technology, and the process is as follows:
b1: the input 8-bit data L is divided into two parts, denoted as: l=l 0 ||L 1 ,L 0 ||L 1 Respectively representing two parts of data L;
b2: taking L 0 =M 0 ||M 1 ||M 2 ||M 3 P substitution is carried out to obtain an intermediate result L' 0 =M 0 ||M 2 ||M 3 ||M 1 Wherein M is 0 ||M 1 ||M 2 ||M 3 Respectively represent data L 0 1-4 positions in (a);
b3: intermediate result L 'obtained in step b 2' 0 4X 4S-box substitutions were performed to obtain intermediate results L' 0 ;
b4: intermediate result L 'obtained by step b 3' 0 Performing bit-wise exclusive OR with the S box wheel constant to obtain an intermediate result L '' 0 Wherein the S-box round constant is the number of iterations that currently generate the S-box;
b5: intermediate result L 'obtained by step b 4' 0 And L is equal to 1 Performing bitwise exclusive OR to obtain an intermediate result L' 1 ;
b6: the intermediate result of the current round is expressed as: t=l' 1 ||L 0 ;
b7: and b2-b6 are repeated by taking the intermediate result T as input data to perform SRr round iterative operation to obtain an output result of the 8X 8S box, wherein SRr is the total round number of S box replacement.
2. The method according to claim 1, characterized in that: the intermediate data set expanded in step a2 is expressed as:
E=D 0 ||H (0,0) ||H (0,1) ||D 1 ||D 2 ||H (0,2) ||H (0,3) ||D 3 ||D 0 ||H (1,0) ||H (1,1) ||D 1 ||D 2 ||H (1,2) ||H (1,3) ||D 3 ||D 0 ||H (2,0) ||H (2,1) |
|D 1 ||D 2 ||H (2,2) ||H (2,3) ||D 3 ||D 0 ||H (3,0) ||H (3,1) ||D 1 ||D 2 ||H (3,2) ||H (3,3) ||D 3 the method comprises the steps of carrying out a first treatment on the surface of the Wherein D is 0 ||D 1 ||D 2 ||D 3 The first 4 bits of the CAN ID.
3. The method according to claim 1, characterized in that: let the initial key of each set of 128 bits be k=k 0 ||K 1 ||K 2 ||K 3 ||K 4 ||K 5 ||K 6 ||K 7 Wherein the firstj group K j For 16 bits, j is more than or equal to 0 and less than or equal to 7, and the process of obtaining the 32-bit or 16-bit sub-key data set based on the initial key in each round of iterative encryption is as follows:
c1: if the intermediate data set is 64 bits, each round takes a 32-bit initial key in the initial key data set, expressed as:if the intermediate data set is 32 bits, each round takes a 16-bit initial key in the initial key data set, expressed as: />Wherein Nr is the current number of rounds, +.>Respectively represent N in the initial key r -1 divided by 8 and remainder determined set of data, N r Dividing by 8 and taking the remainder of the determined set of data;
c2: whether the intermediate data set is 64 bits or 32 bitsExclusive OR is carried out on the upper 5 bits of the (B) and the round constant to obtainWherein the round constant is the iteration number of the current round function;
c3: the result obtained after the operation of the step c2Circularly right shifting 3 bits to obtain +.>
c4: taking the result obtained in the step c3S-box substitution is carried out on the middle and the rear 8 bits to obtain an intermediate result +.>
If the intermediate data set is 64 bits, the intermediate result obtained after the operation of step c4 is obtainedAnd (3) withPerforming bitwise exclusive OR to obtain intermediate result +.>
c5: the sub-key data set of Nr round is obtained according to the following rule, wherein if the intermediate data set is 64 bits, the sub-key isIf the intermediate data set is 32 bits, the sub-key data set is +.>
4. The method according to claim 1, characterized in that: the round function includes F 1 Function operation, bitwise exclusive or operation, round key addition operation, RP substitution operation;
wherein, the process of the RP replacement operation is expressed as follows:
if the intermediate data set is 64 bits, the result obtained by round key addition is denoted as G, and g=g is divided from the upper bits to the lower bits by every 8 bits 0 ||G 1 ||G 2 ||G 3 ||G 4 ||G 5 ||G 6 ||G 7 The result after RP replacement is denoted as G': g' =g 6 ||G 3 ||G 7 ||G 2 ||G 1 ||G 4 ||G 0 ||G 5 ;
If the intermediate data set is 32 bits, the result obtained by round key addition is marked as G, and then the data is divided from high order to low order by 8 bitsG=G 0 ||G 1 ||G 2 ||G 3 The result after RP replacement is denoted as G': g' =g 2 ||G 3 ||G 0 ||G 1 。
5. The lightweight block cipher IoVCipher implementation method suitable for the Internet of vehicles terminal is characterized by comprising the following steps of: for decrypting encrypted data generated on the basis of the method of any of claims 1-4, comprising the steps of:
s1-1: obtaining a ciphertext data set and an initial key set, wherein the ciphertext data set is an encryption result obtained according to the method of any one of claims 1-4;
s1-2: dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
s1-3: performing iterative decryption operation on the input ciphertext data set through a round function of a generalized Feistel structure to obtain a decryption result;
and in each round of decryption, taking the intermediate data set obtained by the previous round of iterative decryption as the ciphertext data set of the next round of iterative decryption, wherein the sub-key data set in the nth round of decryption corresponds to the sub-key data set in the Rr-N+1 round of encryption, and Rr is the total number of iterations.
6. A system based on the method of any one of claims 1-4 or the method of claim 5, characterized in that: comprising the following steps:
the encryption/decryption data acquisition module is used for acquiring plaintext data and an initial key in an encryption process; and/or an acquisition ciphertext data set and an initial key set for acquiring a decryption process;
the data grouping module is used for dividing the plaintext data into 64-bit plaintext data groups or 32-bit plaintext data groups, the initial key is divided into 128-bit initial key data groups, and each group of plaintext data groups corresponds to one group of initial key data; and/or the method is used for dividing the ciphertext data group into 64-bit ciphertext data groups or 32-bit ciphertext data groups, dividing the initial key into 128-bit initial key data groups, and referring to the corresponding relation of the encryption process, wherein each group of ciphertext data groups corresponds to one group of initial key data;
encryption/decryption module: and performing Rr round iterative encryption operation on the input plaintext data set through a round function of the generalized Feistel structure to obtain an encryption result, and/or performing iterative decryption operation on the input ciphertext data set through a round function of the generalized Feistel structure to obtain a decryption result.
7. The utility model provides a car networking terminal which characterized in that: comprising the following steps:
one or more processors;
a memory storing one or more programs;
the processor invokes a computer program to implement:
a lightweight block cipher IoVCipher implementation method as in any one of claims 1-4 for implementing encryption; and/or the lightweight block cipher IoVCipher implementation method of claim 5 for implementing decryption.
8. A computer-readable storage medium, characterized by: a computer program is stored, which is called by a processor to implement:
a lightweight block cipher IoVCipher implementation method as in any one of claims 1-4 for implementing encryption; and/or
The lightweight block cipher IoVCipher implementation method of claim 5 for implementing decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111402291.3A CN114024675B (en) | 2021-11-24 | 2021-11-24 | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111402291.3A CN114024675B (en) | 2021-11-24 | 2021-11-24 | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114024675A CN114024675A (en) | 2022-02-08 |
| CN114024675B true CN114024675B (en) | 2024-01-23 |
Family
ID=80065979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111402291.3A Active CN114024675B (en) | 2021-11-24 | 2021-11-24 | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114024675B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108123791A (en) * | 2017-12-26 | 2018-06-05 | 衡阳师范学院 | A kind of implementation method and device of lightweight block cipher SCS |
| CN111245598A (en) * | 2020-03-31 | 2020-06-05 | 衡阳师范学院 | Method for realizing lightweight AEROGEL block cipher |
| WO2020168628A1 (en) * | 2019-02-18 | 2020-08-27 | 吉林大学珠海学院 | Encryption and decryption method and device based on random hash and bit operation |
-
2021
- 2021-11-24 CN CN202111402291.3A patent/CN114024675B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108123791A (en) * | 2017-12-26 | 2018-06-05 | 衡阳师范学院 | A kind of implementation method and device of lightweight block cipher SCS |
| WO2020168628A1 (en) * | 2019-02-18 | 2020-08-27 | 吉林大学珠海学院 | Encryption and decryption method and device based on random hash and bit operation |
| CN111245598A (en) * | 2020-03-31 | 2020-06-05 | 衡阳师范学院 | Method for realizing lightweight AEROGEL block cipher |
Non-Patent Citations (2)
| Title |
|---|
| HBcipher:一种高效的轻量级分组密码;李浪;密码学报;全文 * |
| Securing the internet of vehicles through lightweight block ciphers;Arcangelo Castiglione;Pattern Recognition Letters;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114024675A (en) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7899190B2 (en) | Security countermeasures for power analysis attacks | |
| AU2005263805B2 (en) | Method and device for carrying out a cryptographic calculation | |
| US20060294386A1 (en) | Strengthening secure hash functions | |
| Karthigaikumar et al. | Simulation of image encryption using AES algorithm | |
| CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
| US10210776B2 (en) | DPA protection of a rijndael algorithm | |
| US10277391B2 (en) | Encryption device, encryption method, decryption device, and decryption method | |
| CN107257279B (en) | Plaintext data encryption method and device | |
| EP2693682B1 (en) | Data processing device, data processing method, and programme | |
| Doan et al. | CAN crypto FPGA chip to secure data transmitted through CAN FD bus using AES-128 and SHA-1 algorithms with a symmetric key | |
| US20170063524A1 (en) | Protection of a rijndael algorithm | |
| Lavanya et al. | Enhancing the security of AES through small scale confusion operations for data communication | |
| Alemami et al. | Advanced approach for encryption using advanced encryption standard with chaotic map | |
| Achkoun et al. | SPF-CA: A new cellular automata based block cipher using key-dependent S-boxes | |
| Kapoor et al. | Analysis of symmetric and asymmetric key algorithms | |
| CN114024675B (en) | Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal | |
| EP1587237A1 (en) | Security countermeasures for power analysis attacks | |
| CN114826560B (en) | Lightweight block cipher CREF implementation method and system | |
| JP2006510067A (en) | Realization of small hardware for line doll sub-byte functions | |
| CN112134691B (en) | NLCS block cipher realization method, device and medium with repeatable components | |
| CN114978475A (en) | Automobile instrument encryption and decryption processing method and system based on AES-128 algorithm | |
| Dalakoti et al. | Hardware efficient AES for image processing with high throughput | |
| James et al. | An Optimized Parallel Mix column and Sub bytes’ design in Lightweight Advanced Encryption Standard | |
| CN113343276B (en) | Encryption method of light-weight block cipher algorithm GCM based on generalized two-dimensional cat mapping | |
| CN117725605B (en) | Method and system for remotely and automatically compiling electronic archive file information confidentiality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |