CN1147083C - Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks - Google Patents

Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks Download PDF

Info

Publication number
CN1147083C
CN1147083C CNB971824592A CN97182459A CN1147083C CN 1147083 C CN1147083 C CN 1147083C CN B971824592 A CNB971824592 A CN B971824592A CN 97182459 A CN97182459 A CN 97182459A CN 1147083 C CN1147083 C CN 1147083C
Authority
CN
China
Prior art keywords
piece
sub
binary vector
conversion
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB971824592A
Other languages
Chinese (zh)
Other versions
CN1276117A (en
Inventor
亚历山大・安德烈耶维奇・莫尔多维安
亚历山大·安德烈耶维奇·莫尔多维安
伊・安得烈耶维奇・莫尔多维安
尼古莱伊·安得烈耶维奇·莫尔多维安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OTKRYTOE AKTSIONERNOE OBSCHESTVO 'MOSKOVSKAYA GORODSKAYA TELEFONNAYA SET'
Original Assignee
OTKRYTOE AKTSIONERNOE OBSCHESTVO 'MOSKOVSKAYA GORODSKAYA TELEFONNAYA SET'
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OTKRYTOE AKTSIONERNOE OBSCHESTVO 'MOSKOVSKAYA GORODSKAYA TELEFONNAYA SET' filed Critical OTKRYTOE AKTSIONERNOE OBSCHESTVO 'MOSKOVSKAYA GORODSKAYA TELEFONNAYA SET'
Priority to CNB971824592A priority Critical patent/CN1147083C/en
Publication of CN1276117A publication Critical patent/CN1276117A/en
Application granted granted Critical
Publication of CN1147083C publication Critical patent/CN1147083C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to a method and a device for encrypting digital data, which belongs to the fields of electronic communication and computer engineering, wherein the method comprises the following steps that a data block N is divided into larger than or equal to 2 subblocks; at least one binary vector is generated by subblock values, the subblocks are modified by the binary vectors, and the subblocks are converted seriatim. The method of the present invention is characterized in that a new binary vector is generated in the subsequent subblock converting procedure according to a binary vector structure in the previous subblock converting procedure; the two binary vectors can be generated, and the subblocks are convered by that one subblock carries out cycle shift operation that a bit number is equal to the second binary vector; moreover, the subblocks are modified by that one subblock carries out cycle shift operation that a bit number is equal to the current values of the binary vectors; in subblock conversion, a plurality of filling tables with the number T of larger than or equal to 2 are used. Thus, numbers (v) of the tables are calculated according to the binary vectors. Simultaneously, the subblocks are modified by filling calculation determined by the v table.

Description

Be used for the method for L position input digital data piece to the enciphering transformation of L position output block
The present invention relates generally to electronic communication and computer engineering field, be specifically related to be used for message (information) is carried out the encryption method and the device of secret writing.
The term that uses in describing method of the present invention is on the whole for following several:
-key is a binary message of having only authorized user just to know;
-enciphering transformation is a kind of, and purpose is that for example, protection information is not illegally read, and constitutes digital signature, generates and revises detection of code, and can guarantee that to what digital information was carried out numerical digit of source data is to all influential conversion of a plurality of numerical digits of dateout; The enciphering transformation of some important kind has: monotonic transformation, and hash conversion and secret writing are handled;
It is to produce a kind of being used for that-information Hash is handled, and its size is generally fixed the method for the so-called Hash codes of (common 128) for the message of any length; (see Lai X according to the grouping conversion principle that has adopted the enciphered message conversion, theoretical and the application operating room of the hash function of Massey J.L/cryptographic technique based on the block encryption device, EUROCRYPT ' 92, Hungary, in May, 1992 24-28, minutes, iteration hash function p.53-66), the Hash processing method has obtained using widely;
-secret writing is meant according to key, and will expressly be transformed to by the represented ciphertext of pseudo random sequence character, so that it is not knowing under the situation of above-mentioned key, in fact can't therefrom derive the information conversion of any information and handle;
-deciphering or decoding are the inverse process of secret writing process; As long as the operator knows key, it just can recover its original information by ciphertext is decrypted;
-secret writing device is to utilize key that the input data are carried out the combination of the primary step of conversion; The secret writing device can be realized with the form of computer program or separate hardware device;
-binary vector is a binary number bit sequence, for example 101101011; If the position of its each numerical digit is regarded as corresponding with a binary number magnitude, then the ad hoc structure of binary vector can be interpreted as a binary numeral, that is, binary vector can be likened to by the well-determined quantitative value of this binary vector structure;
-cryptanalysis is that a kind of calculating is used for obtaining can be to the technology of the key that carries out unauthorized access of enciphered message, or under needn't the situation of computation key, provides the exhaustive method to the access right of enciphered message;
-monotonic transformation is a kind of conversion that L position input digital data piece is transformed to L position output block, can calculate output block according to input block at an easy rate by it, but to from be transformed to the output block of selecting at random, calculate input block, then be practically impossible;
-one-way function be one can be at an easy rate according to given independent variable, calculate its functional value, and, but be the function of a dyscalculia problem simultaneously if will calculate independent variable according to given functional value conversely; Usually it is embodied as one-way function, and its output valve is got the process sequence of the monotonic transformation of the input block (independent variable) of making functional value;
-anti-deciphering property is that enciphered message protection a kind of of reliability estimates, and it is by being familiar with mapping algorithm the operator but while and do not know under the situation of key that in order to recover its raw information according to ciphertext, the number of the basic operation of required execution is represented; For monotonic transformation, anti-deciphering property is then represented according to the data block output valve complexity of calculated data piece input value;
-depend on the sub-piece of institute's direct transform or the cycle shift operation of binary vector, be on by sub-piece value or the determined a plurality of numerical digits of binary vector value, the cycle shift operation that is carried out; The cycle shift operation on (right side) is represented by symbol "<<<" (">>>") left, for example, and mark B1<<<B2 represents, with B1 piece cyclic shift left, the number that is shifted simultaneously equals the value of binary vector B2; RC5 secret writing device (the RCS cryptographic algorithm of R.Riverst/software cryptography fast, second international operating room minutes (Leuven, Belgium, 14-16 day in December, 1994), computer science lecture record, v.1008, Springer-Verlag, 1995, pp.86-89) just based on this type of computing;
The computing of-single access is the computing that an independent operand (data block or binary vector) is carried out; Finish the given single access computing sub-piece value of gained afterwards, will only depend on its initial value; Cycle shift operation is an example of single-address computing;
-two locations computing is to two computings that operand is performed; The result who carries out this kind computing gained depends on, the value of each operand; The example of two locations computing has addition, subtraction or multiplying, and is like that.
The common method that is used for data are carried out block encryption is seen, for example, and Unite States Standard DES (State Standard Bureau, data encryption standard, No. 46, Federal Information Processing Standards bulletin, in January, 1977).In the method, it is by forming a key earlier, and the data block with want conversion is divided into two sub-piece I and R again, and alternately revises the latter, by antithetical phrase piece L, and according to sub-piece R value produced, carry out bit-by-bit mould 2 summation operation as the binary vector of certain function F output valve.Above-mentioned data block replaced thereafter.Wherein can replace and fill computing, realize the function F in the said method by antithetical phrase piece R.The method will guarantee when implementing with the special electronic circuit, can have higher transformation rate.
Yet, the method for prior art, the key length that adopts less (56), more and more higher along with the computing ability of present a large amount of computers that use, others just can be easy to select according to key it is carried out cryptanalysis like this.
The time gap institute of the present invention nearest prior art of method claim, that be used for L position input digital data piece is transformed to L position output block is proposed, be (Kaliski B.S, the quick block encryption scheme of Robshaw M.J.B/quick software decryption, trouble free service chamber, Cambridge minutes, computer science lecture record, V.809, Sprignger-Verlag, 1994, pp.26-39; Also can consult the practical cryptography of B.Schneier, second edition, John Wiley ﹠amp; Sons, Inc., New York, 1966, a kind of method that is proposed in pp.342-344).This method comprises the steps: to produce a key, will import 1024 byte data pieces and be divided into a plurality of 32 seat piece B 0, B 1, B 2..., B 255, and carry out sub-piece conversion in turn.Key is as a permutation table, with and each length be respectively 2048 sub-key Q of 32 0, Q 1, Q 2..., Q 2047Ordered sequence generate.Encryption of blocks of data will divide 4 rounds to carry out.A conversion round is made of following steps: according to by the permutation table that key drove, each data sub-block is replaced.Subsequently, in turn all sub-pieces are carried out conversion.Wherein will come to a sub-piece for example sub-piece B as follows 1, carry out following conversion process.At first according to sub-piece value B h, B k, B iProduce 32 binary vector V, h wherein, i, j, k are according to analysis expression V=B h+ F (B h, B k, B j)+Q qMutual different number each other, symbol "+" is then represented mould 2 32Summation operation, and q is the numbering of current sub-key.Numerical value h, i, j, k be according to secret writing round numbering, and sub-piece shift step is numbered and selected.The binary vector that is generated will be used in sub-piece B as described below 1Conversion in.The antithetical phrase piece B of elder generation 1Carry out mould 2 bit-by-bit summation operation with V, and give sub-piece B the value assignment of this computing gained 1Above-mentioned computing can it be remembered relational expression: B 1← B 1 V, wherein symbol " ← " expression assignment operation, symbol " " is then represented mould 2 bit-by-bit summation operation.Then, it will come another height piece is carried out conversion in a similar fashion, and so on, and up to the conversion of finishing whole sub-pieces.Each the new step that forms 32 binary vectors is, carries out under the situation of the value that is independent of the binary vector that previous step produces.Encrypt in the round at one, subscript i can get, according to certain priority order, corresponding to 256 different numerical value (from 0 to 255) of all sub-piece numbers.
Because the length of data block is very big, simultaneously a sub-piece has been carried out a lot of transform operation of quantity, so said method can provide higher anti-deciphering.
Yet also there are some shortcomings in said method simultaneously, that is, when realizing with software, it can't provide the enciphered data mapping function of foundation with the required two-forty of the computerized information protection software systems of real-time mode running.For example, for microprocessor Pentium/200, its encryption rate will be no more than 6Mbit/s.This shortcoming be because, in order to ensure the cryptanalytic ability of anti-differential, it must carry out the independent numerical digit of input data, and a large amount of transform operation caused.
The objective of the invention is to, develop a kind of enciphering transformation method that is used for L position input digital data piece is transformed to L position output block, wherein this method can be to reduce the transform operation number that is carried out to the independent numerical digit of input data, and provide the stronger cryptanalytic ability of anti-differential simultaneously, and improve the mode of encryption rate thus, realize importing data conversion.
The present invention can realize that the reason of above-mentioned purpose is, this kind is used for L position input digital data piece is transformed to the enciphering transformation method of L position output block, comprise the steps: a data block is divided into N 〉=2 a sub-piece, by generating at least one binary vector according to sub-piece value, and utilize this binary vector to revise this sub-piece, coming in turn, the antithetical phrase piece carries out conversion, new feature of the present invention is, it is according to the binary vector structure in the last sub-piece shift step, comes to generate in ensuing sub-piece shift step above-mentioned binary vector.
Utilize this kind solution, it can guarantee the influence of each numerical digit of input block to each numerical digit of IOB, can dissipate better, thus can be at the number of times that reduces required execution transform operation, to guarantee when improving enciphering transformation speed, also can to provide the stronger cryptanalytic ability of anti-differential.Because the numerical digit of each sub-piece of conversion gained in last shift step, will influence the conversion process of current data block in following two modes: (1) directly influences current binary vector value, and (2) are by the binary vector value in the previous shift step, influence current binary vector value, it can obtain better dissipativeness.
Another novel feature of the present invention is that it can produce two binary vectors, and by one of them is carried out cyclic shift, its figure place equals second binary vector value, comes it is carried out conversion.
Because the cycle shift operation of the above-mentioned type is non-linear, has defined a more complicated binary vector generating function simultaneously, therefore, this solution can improve, logarithm bit length L=512,1024, the anti-deciphering of 2048,4096 and 8192 block of information.
The present invention also has a novel characteristics to be, it is by it is carried out the cycle shift operation that carry digit equals current binary vector value, comes one in each sub-piece made amendment and handles.
Utilizing above-mentioned solution, because the cycle shift operation of this type is non-linear, be directly to carry out on the sub-piece of institute's conversion simultaneously, so it can guarantee further to improve the anti-deciphering of conversion.
Another novel feature of the present invention is, in sub-piece conversion, has used the ST Stuffing Table of its number T 〉=2, can come computational chart numbering v according to binary vector thus, and utilize by v form given filling computing, revise above-mentioned sub-piece.
Utilize this solution, because it is non-linear filling computing, simultaneously the size of the block of information of want conversion relative than hour, its implementation efficiency is higher, therefore the conversion that is the block of information of L=64 and 128 for its numerical digit length, it can provide further anti-deciphering property.Adopt unscheduled filling computing, can make it for the most powerful cryptanalysis method of function, specifically, as (Biham E, the differential cryptanalysis/password journal of the DES class cryptographic system of Shamir A., v.4, n.1,1991, pp.3-72) illustrated differential cryptanalysis method all has higher anti-deciphering.
Next with reference to the accompanying drawings, by some embodiment shown in it, come basic principle of the present invention is illustrated in more detail.
Figure 1 shows that total schematic diagram according to the enciphering transformation of the method for the invention.
Figure 2 shows that encryption system schematic diagram corresponding to example 2.
Figure 3 shows that schematic diagram corresponding to the monotonic transformation system of example 3.
Below will be by as shown in Figure 1, according to total schematic diagram of the encryption of blocks of data conversion of the inventive method, the present invention will be described, and wherein B is the data block of the conversion of wanting, b 1, b 2..., b nBe the sub-piece of institute's direct transform, F is the operation blocks that the sub-piece of influence is revised, and f influences the operation blocks that binary vector generates, V 0It is the initial value of binary vector.The L bit digital data block of being imported, wherein L is the number of binary digit in this data block, is divided into N 〉=2 a sub-piece, its each sub-piece has L/N numerical digit respectively.Solid line shown in the figure is corresponding to the transmission route of the sub-piece of institute's direct transform, and dotted line is then represented the transmission route of binary vector.
Used operational data piece F revises each sub-piece in the binary vector value transform by utilizing subsequently, come it is carried out conversion in turn, and in this conversion, be condition to the condition correlation of binary vector value with sub-piece output valve.The operational data piece f that is used for the conversion binary vector, employed be in previous step the value of sub-piece of conversion, promptly this operational data piece will according to just in the structure of one of each sub-piece of conversion, and the binary vector value in the last sub-piece shift step, generate a new binary vector.It is condition with the binary vector value to institute's direct transform correlation of data.We will generate in the step at binary vector, call execution by the defined conversion process of the function F relevant with sub-piece.The step of sub-piece conversion comprises that a binary vector generates step and a sub-piece modify steps.For all sub-pieces, it will carry out above-mentioned each shift step continuously, and and then carry out sub-piece replacement Treatment at last.
In the particular case of realizing method of the present invention, also can not carry out sub-piece displacement.N the step that the sub-piece of execution shown in Figure 1 is revised, N the step that binary vector generates and sub-piece is replaced constituted a conversion round.N binary vector generates the binary vector value of step gained, will be used as the binary vector initial value of next round conversion of the one-way function of structure L bit digital data block conversion.In the process that makes up password, produce the binary vector initial value of each round according to key.The number of conversion round can define according to the particular form that forms operational data piece F and f.Important part in the above-mentioned schematic diagram is, binary vector is formerly to utilize the structure in the sub-piece shift step of this binary vector to produce according to it.
Utilize the sub-piece conversion of binary vector, represented is that (1) carries out two location computings, its operand is respectively a sub-piece and a binary vector, or (2) (for example carry out the single access computing to a sub-piece, numerical digit is filled or displacement), its correction form is selected according to above-mentioned binary vector, or (3) carry out the sub-key that a sub-piece or its numbering is depended on this binary vector value, two locations computing of carrying out.For example, in first kind of situation,, this sub-piece equals antithetical phrase piece B and binary vector V sum gets 2 when being assigned 32The mould gained is as a result the time: B ← B+Vmod 2 32, it can be the conversion of 32 seat piece B.In second kind of situation, the ring shift left bit arithmetic that it can carry out on sub-piece B, quantitative series equals this binary vector value, its analytical form can by relational expression B ← B<<<V represents.In the third situation, it can be, for example, and by expression formula B ← B Q vThe conversion that sets, wherein Q vBe a sub-key that its numbering v is got by the calculating of binary vector value: v=Vmod 2 11The above-mentioned relation formula has determined it will select its numbering to equal the sub-key of 11 minimum quantity level numerical digits of binary vector.
A kind of important special circumstances of the binary vector of second kind of used form are in the sub-piece conversion, and a sub-piece is carried out the filling computing relevant with binary vector.The filling computing of this type can be used to, define a plurality of ST Stuffing Tables that differ from one another that a common numbering is arranged by assignment respectively, and be used for the antithetical phrase piece and carry out, by its numbering is the ST Stuffing Table of selecting according to numerical value V, determined filling computing, for example, when its employed one when having 32 ST Stuffing Tables, it can utilize formula v=Vmod 2 5Come the computational chart numbering.According to the special binary vector that produces, the implication that is chosen in the ST Stuffing Table that is used to fill computing in the current step comprises, each sub-piece shift step is carried out uncertain filling form select, to improve the anti-deciphering of enciphering transformation thus.
Binary vector generates handles then expression, for example, is a register or a computer storage unit, generates a binary number bit sequence.And generate binary vector according to the binary vector structure in the shift step of formerly utilizing binary vector and being carried out, then the value that had in previous step of the currency of the binary vector that just generated of expression and binary vector is relevant.For example, we suppose before to have utilized binary vector value V antithetical phrase piece B lCarried out conversion.And for example, sub-piece B jAny other shift step use before this binary vector, it will be according to expression formula V ← V+Q bGenerate this binary vector, wherein b=B jMod 2 11, the number of sub-key is according to B simultaneously jValue calculate and.
Next will utilize the instantiation of the embodiment of the invention, and come the possibility that this method technology realizes is described.
Example 1
In this example, this method is used to that the data block with 512 bytes (4096) is carried out secret writing and handles.Using the input block of above-mentioned size, is because this data block size is the standard in the computer system.When utilizing the data block password to come the data block of this kind size handled, still may exist be stored in the data on the built-in magnetic carrier with encrypted form, carry out the possibility of random access.In this example, it has used one to add up to 32 seat key { Q of 2048 v) the key of represented 8192 bytes of form, v=0 wherein, 1,2 ..., 2047.Wherein, be by for example, it is copied to from magnetic carrier in the computer operation internal memory, form this key.Algorithm according to the enciphering transformation of above-mentioned example 1 is as follows:
Algorithm 1: 4096 bit data block are carried out secret writing handle
Input: by the 32 seat piece { B that add up to 128 1, B 2..., B 1284096 represented bit data block.
1. the numbering of the data block of just being handled is set to i=1, and binary vector V is set simultaneously 1, V 2, V 3Initial value with v: V 1← Q 1V 2← Q 2V 3← Q 3V ← 79.
2. according to binary vector V 1Structure generate binary vector v:v ← v (V 1Mod2 11), wherein " " represents mould 2 summation operation.
3. produce binary vector V 2: V 2← [(V 2+ Q v) V 1]>>>11, wherein "+" expression mould 2 32Summation operation.
4. according to binary vector V 2Structure produce binary vector v:v ← v (V 2Mod2 11).
5. produce binary vector V 3: V 3← { [V 3The V of>>> 2 Q v]-V 1}>>>22, wherein "-" expression mould 2 32Ask and subtract computing.
6. according to binary vector V 3Structure produce binary vector v:v ← v (V 3Mod2 11).
7. generate binary vector V 1: V 1← V 1+ Q v
8. varitron piece B 1: B 1← [(B 1The V of<<< 2) V 3]+V 1
9. generate binary vector V 1: V 1← B 1
10. varitron piece B 1: B 1← B 1+ V 2
11. if i ≠ 128 will number i and add 1:i ← i+1, and step 2 are returned in redirect.
12. each sub-piece is carried out replacement Treatment by its reverse sequence.
Output: form is the sub-piece { B after the conversion 1, B 2..., B 1284096 secret writing text block.
Algorithm 1 has only been described a secret writing round.After first round time, it will carry out second secret writing round by the output block of first round being got the input block of making second round.Subsequently, it with the output block of second round input block as third round time, carries out the 3rd (last) secret writing round similarly.When it is realized with software,, adopt the encryption rate of 3 secret writing rounds will be approximately 30Mbit/s for microprocessor Pentium/200.
Example 2
Again in the let us method of the present invention, utilize a embodiment now by the defined filling computing of ST Stuffing Table.If it will carry out the filling computing on length is the sub-piece of numerical data of k position, wherein k is an integer.Therefore sub-piece is imported in the k position to be transformed to the filling computing that sub-piece is exported in the k position in order to define, it uses needs the form that contains following two data lines:
0 1 2 ... N-1
a 0a 1a 2... a N-1N=2 wherein k
Given above table in its end row, includes all probable values of this k bit data block, and wherein each value only occurs once, and order can be any simultaneously.The peculiar position sequence of each numerical value in the end row can define a kind of particular form of ST Stuffing Table, and therefore, has also defined the particular form of the performed filling computing of form thus.It is as follows to carry out the process of filling computing.Select a number that equals the input block value in the top line from form earlier.In with end row, be elected to be output block with the corresponding value of above-mentioned selected numerical value.Therefore, it can be respectively W as being positioned at its address with ST Stuffing Table 0, w 1, W 2..., W N-1Memory cell in the dal segno of a plurality of k bit machine memory words (word) be stored in the computer operation internal memory.In this case, the value of input block b is used to calculate and is got the memory word address w that makes output block 0+ b.The required memory size of the method for this expression ST Stuffing Table is the kN position.
We select number to equal 2 LA plurality of ST Stuffing Tables (required in this case memory size will be 2 LThe kN position), and in continuous each other mode arrange above-mentioned ST Stuffing Table.We will be numbered the address of the form of v and get work, the address value w of its first k position memory word 0Order is numbered 0 form and is numbered s.In this case, the address with ST Stuffing Table of arbitrary number v will be s+vN.If having defined one, it can determine current ST Stuffing Table numbering v, and the binary vector that is used to fill the sub-piece of current input of computing, then it will be by replacing the present input data piece with a k position memory word that is positioned on the s+vN+b of address, carry out the filling computing, wherein the value of the sub-piece that is performed for current filling computing thereon of b.Utilize above-mentioned relation, it can define the option of the ST Stuffing Table that is numbered v at an easy rate, and its value is filled computing for the sub-piece of b.In above-mentioned situation, when having selected suitable parameters value L and k, for example work as L=5, during k=8, can finish soon by microprocessor, the correlation of ST Stuffing Table to the binary vector value is set, and carries out the process of filling computing.Utilize above-mentioned parameter, in order to store above-mentioned ST Stuffing Table, it will need the work internal memory of complete acceptable 8k size, and at present the size of computer operation internal memory be already than big several orders of magnitude of this numerical value (from 1 to 64M byte or bigger).
Make L=5, k=8, i.e. total 32 forms that defined the filling computing on the sub-piece of 8 bit data.Subsequently, we form one by total total 7R the represented key of 8 seat keys as follows.
k 11, k 12..., k 17(first sub-key is capable)
k 21, k 22..., k 27(second sub-key is capable)
.........
k R1, k R2..., k R7(r sub-key is capable)
.........
k R1, k R2..., k R7(R sub-key is capable) wherein R is secret writing round numbering s.In r secret writing round, use be that r sub-key is capable.
We are expressed as the ST Stuffing Table that it adopts: T 0, T 1, T 2..., T 31, simultaneously will be by form T vDefined filling operation table is shown S v, v=0 wherein, 1,2 ..., 31.T 0, T 1, T 2..., T I5Can at random choose, and T 16, T 17..., T 31Then be selected as and make S vWith S 31-vThe ST Stuffing Table of inverse operation each other.As " ST Stuffing Table to " T 16And T 15T 17And T 14And T 18And T 13...; T 31And T 0In the time of can defining reciprocal filling computing, just can satisfy last condition.For any one group of ST Stuffing Table T 0, T 1, T 2..., T 15, it can construct at an easy rate corresponding to its contrary ST Stuffing Table of filling computing.For example, for the filling computing that sets by following form,
0 1 2 ... 255
a 0 a 1 a 2 ... a 255
Simultaneously it contraryly fills computing by following Tabulator Setting,
0 1 2 ... 255
z 0 z 1 z 2 ... z 255
Wherein at each row that will previous each form after " ascending order " of each numerical value rearrange in according to end row, row (z 0, z 1, z 2..., z 255) will become top line.
Figure 2 shows that the schematic diagram of first secret writing round.Among Fig. 2, solid vertical line is corresponding to the transmission route of the sub-piece of 8 bit data, and then corresponding to the transmission route of 5 seat pieces, solid horizontal line is corresponding to the transmission route of 8 seat keys for dotted line.Bit-by-bit mould 2 adds with computing and represents that by symbol " " v represents the numbering of selected ST Stuffing Table, and piece S represents to fill computing, and k 11, k 12..., k 17Then be at the used sub-key of first round.Arrow on each straight line is represented the direction of signal transmission.Example 2 is corresponding to the encryption of 64 bit digital data blocks.The implementation that secret writing is handled is as follows: an input block is divided into the sub-piece b that 8 sizes are 8 0, b 1, b 2..., b 7Thereafter, it will generate its value and be lower than sub-piece b 0Numerical digit reaches the binary vector v:v ← b of 5 orders of magnitude (binary system) 0Mod 2 5Subsequently, antithetical phrase piece b again 1With sub-key k 11Carry out mould 2 bit-by-bits and add and computing, and give data block b the output valve assignment of this computing 1, its analytical form can be written as: b 1← b 1 k 11Subsequently will be according to the ST Stuffing Table that is numbered v, antithetical phrase piece b 1Fill computing: b 1← S v(b 1).Subsequently again according to the b of gained 1Value produces a binary vector v:v ← v (b 1Mod 2 5), the new value of binary vector will depend on its previous value thus.To continue antithetical phrase piece b thereafter, 2Carry out conversion: b 2← b 2 k 12, and b 2← S v(b 2).
Subsequently, it will be in a similar fashion, antithetical phrase piece b 3, b 4, b 5, b 6And b 7Carry out conversion.In last step of each secret writing round, each sub-piece will be replaced by its reverse order, i.e. interchange of data piece b in couples 7With b 0, b 6With b 1, b 5With b 2, b 4With b 3Position each other.
Then, it will carry out the conversion of second round in a similar fashion, just wherein replace the previous first used sub-key capable with second sub-key is capable.Subsequently, it will then utilize, and the 3rd sub-key is capable to carry out the 3rd secret writing round, and so on.In a word, it will carry out R secret writing round, wherein R=4 altogether.When realizing with software, this embodiment of the present invention provides for microprocessor Pentium/200, is approximately the encryption rate of 25Mbit.If desired, also the round sum can be set at other value, R=2 for example, 3,5,6.
Example 2
This example is illustrated by following algorithm.
Algorithm 2
Input: one by 8 seat pieces and put form b 0| b 1| b 2| b 3| b 4| b 5| b 6| b 764 represented bit digital data blocks of (wherein symbol " | " expression concatenation operation).
1. the total R of secret writing round is set to 4, and round Counter Value r is set to 1.
2. counter i is set to 1.
3. generate binary vector v:v ← b I-1Mod 2 5
4. antithetical phrase piece b 1Carry out conversion: b i← b i k Ri, b i← S v(b i), S wherein vBe to utilize the performed filling computing of ST Stuffing Table that is numbered v.
5. generate binary vector v:v ← v (b iMod 2 5).
6. if i ≠ 7, then i adds 1:i ← i+1, and jumps to step 4.
7. if r ≠ R, then r adds 1:r ← r+1.Otherwise, stop.
8. each sub-piece is carried out replacement Treatment and jumps to step 3 by reverse sequence.
Output: 64 secret writing text data pieces.
In this example, the numbering of the ST Stuffing Table that it adopted depends on the data block of institute's direct transform as can be seen, and be not by current shift step predetermined, promptly for all shift step, in advance and do not know to fill the form of computing.It is that data block by key and institute's direct transform decides.The implementation of decoding similarly, and as described in the following algorithm.
Algorithm 3
Input: 64 input secret writing text data piece b 0| b 1| b 2| b 3| b 4| b 5| b 6| b 7
1. the total R of secret writing round is set to 4, and round Counter Value r is set to 1.
2. counter i is set to 1.
3. generate binary vector v:v ← b I-1Mod 2 5
4. with b iValue be stored among the variable g: g ← b iAnd antithetical phrase piece b iCarry out conversion: b i← S 31-v(b i), b i← b i k R ' i, r '=5-r wherein.
5. v:v ← (gmod 2 for v to generate binary vector 5).
6. if i ≠ 7, then i adds 1:i ← i+1, and jumps to step 4.
7. if r ≠ R, then r adds 1:r ← r+1.Otherwise, stop.
8. each sub-piece is carried out replacement Treatment and jumps to step 3 by reverse sequence.
Output: 64 bit data block of urtext
Can make amendment to above-mentioned secret writing and decoding algorithm at an easy rate, being used for to other size, for example 128 and 256, data block carry out conversion.
Example 3
This example relates to how making up one-way function according to the method that is used for enciphering transformation of the present invention.With the same in example 1 and 2, its hypothesis is used 32 ST Stuffing Table T 0, T 1, T 2..., T 31Suppose known each ST Stuffing Table, do not use key simultaneously.Then utilize algorithm 4 can provide one-way function.The data sub-block transform operation sequence that is used for an independent round, as shown in Figure 2.
Algorithm 4
Input: by 8 seat pieces and put form b 0| b 1| b 2| b 3| b 4| b 5| b 6| b 764 represented input blocks
1. the total R of secret writing round is set to 8, and round Counter Value r is set to 1, and the initial value of binary vector v is set to 13.
2. counter i is set to 1.
3. generate binary vector v:v ← b I-1Mod 2 5
4. antithetical phrase piece b I-1Carry out conversion: b I-1← b I-1The r of<<<, b I-1← S v(b I-1).
5. if i ≠ 8, then i adds 1:i ← i+1, and jumps to step 3.
6. come each sub-piece b with backward 0, b 1, b 2, b 3, b 4, b 5, b 6, b 7Carry out replacement Treatment.
7. if r ≠ R, then r adds 1:r ← r+1 and jumps to step 2.Otherwise, stop.
Output: 64 place values of function F
It can also be in a similar manner, constructs to be used for conversion 128 bit data block, and can carry out the one-way function that Hash is handled to data.
Above-mentioned each example shows, the method that is used to carry out numerical data block encryption conversion that this paper proposed is feasible technically, can also solve the aforementioned problems in the prior simultaneously.
Industrial applicibility
Method as herein described can, for example realize on the PC, and thus so that with It develops the secret software module of high speed for the basis, and utilizes and dispose high-speed encryption software system The PC of system replaces expensive dedicated encrypted equipment, becomes possibility.

Claims (4)

1. method that is used for L position input digital data piece to the enciphering transformation of L position output block, it comprises the steps: a data block is divided into N 〉=2 a sub-piece, subsequently by generating at least one binary vector according to above-mentioned sub-piece value, and utilize described binary vector to revise described sub-piece, come the antithetical phrase piece to carry out conversion in turn, it is characterized in that, described binary vector is in sub-piece shift step subsequently, generates according to the structure of the described binary vector in the previous sub-piece shift step.
2. the method for claim 1, it is characterized in that, produce two binary vectors, come this binary vector is carried out conversion by one of them binary vector being carried out cycle shift operation, wherein the figure place of cycle shift operation equals the value of another binary vector.
3. the method for claim 1 is characterized in that, by a sub-piece in the described sub-piece is carried out the cycle shift operation that figure place equals current binary vector value, this sub-piece is made amendment.
4. the method for claim 1, it is characterized in that, in sub-piece conversion, used a plurality of ST Stuffing Tables of number T 〉=2, come computation sheet numbering v according to described binary vector simultaneously, and utilize to come described sub-piece is made amendment by the defined filling computing of described v form.
CNB971824592A 1997-11-28 1997-11-28 Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks Expired - Fee Related CN1147083C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB971824592A CN1147083C (en) 1997-11-28 1997-11-28 Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB971824592A CN1147083C (en) 1997-11-28 1997-11-28 Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks

Publications (2)

Publication Number Publication Date
CN1276117A CN1276117A (en) 2000-12-06
CN1147083C true CN1147083C (en) 2004-04-21

Family

ID=5178506

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB971824592A Expired - Fee Related CN1147083C (en) 1997-11-28 1997-11-28 Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks

Country Status (1)

Country Link
CN (1) CN1147083C (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10341085B2 (en) * 2016-09-06 2019-07-02 Nxp B.V. Software protection against differential fault analysis

Also Published As

Publication number Publication date
CN1276117A (en) 2000-12-06

Similar Documents

Publication Publication Date Title
CN1172235C (en) Extended secret key generator, encryption/decryption element, extended secret key producing method and storage medium
CN1227859C (en) Synchronous stream cipher
CN1898896A (en) Programmable data encryption engine for advanced encryption standard algorithm
CN1255692A (en) Information processing device and IC card
JP2003535377A (en) Pseudo random number generator
CN1531244A (en) Method and device for producing encrypted data stream code
CN1398467A (en) Linear transformation for symmetric-key ciphers
CN1527531A (en) Method of realizing data enciphering standard or double data enciphering standard
CN1241352C (en) Encryption method for information in binary code
CN1281023C (en) Method for block-encryption of discrete data
CN1236582C (en) pseudo-random squence generator and associated method
CA2413381A1 (en) A method of protecting a cryptosystem from a multiple transmission attack
CN1677921A (en) Method for enciphering data through programmable device
CN1258148C (en) Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer
CN1251444A (en) Efficient block encryption method
JP2003535362A (en) Decryption of cryptographic polynomial
AU2001258646A1 (en) A method of validating an encrypted message
CN1147083C (en) Method for the cryptographic conversion of L-bit input blocks of digital data into L-bit output blocks
CN1411644A (en) Countermeasure method in electronic component which uses RSA-type public key cryptographic algorithm
CN1133297C (en) A kind of file encryption processing method
CN1230736C (en) Montgomery analog multiplication algorithm for VLSI and VLSI structure of intelligenjt card analog multiplier
CN1813439A (en) Method for generating pseudo-random sequence
EP1287639A2 (en) End of message markers
CN1286855A (en) Cryptographic conversion of binary data blocks
CN1425987A (en) Encrypting method for reinforcing disordered block cipher

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20040421

Termination date: 20091228