CN115276955B - Optimized CLEFIA algorithm linear layer implementation circuit - Google Patents
Optimized CLEFIA algorithm linear layer implementation circuit Download PDFInfo
- Publication number
- CN115276955B CN115276955B CN202210735999.9A CN202210735999A CN115276955B CN 115276955 B CN115276955 B CN 115276955B CN 202210735999 A CN202210735999 A CN 202210735999A CN 115276955 B CN115276955 B CN 115276955B
- Authority
- CN
- China
- Prior art keywords
- circuit
- linear layer
- module
- exclusive
- specifically
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Abstract
The invention relates to an optimized CLEFIA algorithm linear layer realization circuit, wherein an exclusive-OR gate in the conventional CLEFIA algorithm linear layer realization circuit consumes more energy, so that the hardware cost of the whole cryptographic algorithm is higher. In order to solve the problems of the hardware realization circuit of the heuristic algorithm realized by solving the matrix optimization, the circuit of the invention can be obtained by combining the specific property of the linear matrix corresponding to the linear layer in the CLEFIA cryptographic algorithm and the equivalent property of the elementary transformation matrix on the binary domain. The method specifically comprises an implementation circuit of a linear layer M0 in a cryptographic algorithm updating function F0 and an implementation circuit of a linear layer M1 in a cryptographic algorithm updating function F1. The number of the XOR gates required by the two linear layers is the minimum known at present, the hardware area is reduced, and the cost required by the whole cryptographic algorithm in the implementation process is further reduced.
Description
Technical Field
The invention relates to an encryption implementation technology of a CLEFIA algorithm, in particular to an optimized CLEFIA algorithm linear layer implementation circuit.
Background
With the development of scientific technology, the security requirement under the environment with limited resources is more and more severe, and the optimization of the lightweight cryptographic algorithm becomes one of the research hotspots of cryptography. The CLEFIA algorithm is a proprietary lightweight block cipher algorithm designed by sony corporation in 2007, intended for product protection and copyright certification by sony corporation. The algorithm was established by the international organization for standardization and the international electrotechnical commission as a standard lightweight block cipher in 2012, and became one of the encryption technologies recommended by the japan government in the cryptric revision in 2013.
Diffusion is one of two basic methods for designing cryptosystems, and aims to resist statistical analysis of the cryptosystems by adversaries. Therefore, the linear component of the cryptographic algorithm as an important component of the diffusion layer plays a decisive role in the cost of hardware implementation of the cryptographic algorithm.
In general, the linear layer of a cryptographic algorithm may be represented by a matrix. Thus, the optimized implementation of the linear layer of the algorithm is converted into an optimized implementation of the matrix. The existing technologies for solving the matrix based on the g-xor standard include a Paar1 algorithm, a Paar2 algorithm, a BP algorithm, a BFI algorithm, an RNBP algorithm, an A1 algorithm and an A2 algorithm. Among them, the BFI algorithm, RNBP algorithm, A1 algorithm, and A2 algorithm are variants of the BP algorithm. Since the Paar1 algorithm and the Paar2 algorithm are suitable for the matrix with larger dimension and have the property of cancellation-free, no XOR cancellation occurs in each step of XOR operation. Therefore, in general, implementation xor gates given by the Paar1 algorithm and the Paar2 algorithm are more costly. In addition, because a random strategy is added into the BP algorithm and the variant algorithm thereof, the realization of the algorithm optimization matrix is excessively dependent on the algorithm, and the currently obtained optimal realization needs to be saved through calling the algorithm for many times. Therefore, the solving speed in the implementation process of the BP algorithm and the variant algorithm thereof is low, so that the hardware cost of the whole cryptographic algorithm is high.
Disclosure of Invention
The invention provides an optimized CLEFIA algorithm linear layer implementation circuit in consideration of the above problems. The invention adopts the following technical scheme:
an optimized CLEFIA algorithm linear layer implementation circuit comprises a linear layer M0 implementation circuit located in a cryptographic algorithm updating function F0 implementation circuit and a linear layer M1 implementation circuit located in a cryptographic algorithm updating function F1, wherein the linear layer M0 implementation circuit comprises 11 modules, and the total input signal of the linear layer M0 implementation circuit is set to be { x } 0 , x 1 , … ,x 31 All output signals are { y } 0 , y 1 , … , y 31 Register is marked as t i Then, the input signal of the first module of the linear layer M0 implementation circuit is: x is the number of 1 , x 2 , x 3 , x 4 , x 5 , x 7 , x 8 , x 11 , x 12 , x 14 , x 17 , x 19 , x 21 , x 23 , x 24, x 26 , x 28, x 30 , x 31 The output signal is:
t 32 , t 33 , t 34 , t 35 , t 37 , t 39 , t 52 , t 54 , t 59 , t 72 , t 76 , t 85 specifically, the circuit includes 12 exclusive or gate circuits, which are respectively:
t 32 = x 4 ⊕x 12 , t 33 = x 2 ⊕x 11 , t 34 = x 14 ⊕x 21 , t 35 = x 8 ⊕x 17 , t 37 = x 5 ⊕x 30 , t 39 = x 14 ⊕x 23 , t 52 = x 1 ⊕x 24 , t 54 = x 23 ⊕x 31 , t 59 = x 7 ⊕x 30 , t 72 = x 12 ⊕x 19 , t 76 = x 5 ⊕x 28 , t 85 = x 3 ⊕x 26 ;
the input signal of the second module of the linear layer M0 realization circuit is as follows:
x 6 , x 8 , x 10 , x 13 , x 21 , x 22 , x 27 , t 32 , t 34 , t 35 , t 37 , t 39 , t 54 , t 59 ;
the output signal is:
t 36 , t 38 , t 40 , t 42 , t 55 , t 60 , t 64 , t 73 , t 81 specifically, the circuit includes 9 exclusive or gate circuits, which are respectively:
t 36 = x 10 ⊕t 35 , t 38 = x 21 ⊕t 37 , t 40 = t 37 ⊕t 39 , t 42 = x 6 ⊕t 39 , t 55 = x 8 ⊕t 54 , t 60 = t 34 ⊕t 59 , t 64 = x 22 ⊕t 59 , t 73 = x 27 ⊕t 54 , t 81 = x 13 ⊕t 32 ;
the input signals of the third module of the linear layer M0 realization circuit are as follows:
x 7 , x 13 , x 15 , x 22 , x 25 , x 29 , x 31 , t 32 , t 38 , t 40 , t 42 , t 52 , t 55 , t 60 , t 64 , t 72 , t 73 , t 81 the output signal is:
y 23 , t 43 , t 47 , y 1 , t 57 , y 7 , t 65 , t 74 , t 83 , y 30 specifically, the circuit includes 10 exclusive or gate circuits, which are respectively:
t 41 = x 13 ⊕t 40 = y 23 , t 43 = x 15 ⊕t 42 , t 47 = x 7 ⊕t 42 , t 56 = t 52 ⊕t 55 = y 1 , t 57 = x 25 ⊕t 55 , t 61 = x 29 ⊕t 60 = y 7 , t 65 = x 31 ⊕t 64 , t 74 = t 72 ⊕t 73 , t 83 = x 22 ⊕t 81 , t 97 = t 32 ⊕t 38 = y 30 ;
the input signal of the fourth module of the linear layer M0 realization circuit is as follows:
x 0 , x 2 , x 16 , x 18 , x 20 , x 24 , x 29 , t 35 , t 43 , t 47 , t 55 , t 57 , t 61 , t 65 , t 72 , t 74 , t 76 , t 83 the output signal is:
t 44 , t 45 , y 24 , t 50 , t 58 , t 62 , y 8 , t 67 , t 68 , t 75 , y 5 , t 78 , y 22 specifically, the circuit includes 13 exclusive-or gates, which are respectively:
t 44 = t 35 ⊕t 43 , t 45 = x 0 ⊕t 43 , t 48 = x 24 ⊕t 47 = y 24 , t 50 = x 2 ⊕t 43 , t 58 = x 18 ⊕t 57 , t 62 = t 47 ⊕t 61 , t 66 = t 55 ⊕t 65 = y 8 , t 67 = x 16 ⊕t 65 , t 68 = t 47 ⊕t 65 , t 75 = x 20 ⊕t 74 , t 77 = t 74 ⊕t 76 = y 5 , t 78 = t 47 ⊕t 72 , t 84 = x 29 ⊕t 83 =y 22 ;
the input signals of the fifth module of the linear layer M0 realization circuit are as follows:
x 9 , x 10 , x 17 , x 19 , x 25 , x 26 , t 33 , t 34 , t 36 , t 41 , t 44 , t 45 , t 48 , t 50 , t 58 , t 62 , t 67 , t 68 , t 75 , t 78 , t 81 , t 85 ;
the output signal is:
t 46 , y 17 , t 51 , t 63 , t 69 , t 70 , t 79 , y 13 , t 86 , t 91 , t 98 , t 103 , t 105 , t 108 , y 0 , y 31 specifically, the circuit comprises 16 exclusive or gates, which are respectively:
t 46 = x 26 ⊕t 45 , t 49 = t 44 ⊕t 48 = y 17 , t 51 = x 9 ⊕t 50 , t 63 = t 41 ⊕t 62 , t 69 = x 25 ⊕t 67 , t 70 = x 17 ⊕t 44 , t 79 = x 10 ⊕t 78 , t 82 = t 75 ⊕t 81 = y 13 , t 86 = t 78 ⊕t 85 , t 91 = x 19 ⊕t 50 , t 98 = t 34 ⊕t 75 , t 103 = t 36 ⊕t 67 , t 105 = x 9 ⊕t 45 , t 108 = t 33 ⊕t 58 , t 110 = t 45 ⊕t 68 =y 0 , t 127 = t 41 ⊕t 68 = y 31 ;
the input signal of the sixth module of the linear layer M0 realization circuit is as follows:
x 1 , x 10 , x 18 , t 33 , t 44 , t 49 , t 51 , t 52 , t 56 , t 58 , t 66 , t 69 , t 70 , t 77 , t 79 , t 86 , t 91 , t 98 , t 103 , t 105 , t 108 , t 110 ;
the output signal is:
t 53 , t 71 , t 80 , t 87 , t 88 , t 92 , t 109 , y 14 , y 18 , y 10 , t 118 , y 25 specifically, the circuit includes 12 exclusive or gate circuits, which are respectively:
t 53 = t 49 ⊕t 52 , t 71 = t 66 ⊕t 70 , t 80 = t 33 ⊕t 79 , t 87 = x 18 ⊕t 86 , t 88 = x 1 ⊕t 51 , t 92 = x 10 ⊕t 91 , t 109 = t 44 ⊕t 108 , t 115 = t 77 ⊕t 98 [y 14 ], t 116 = t 58 ⊕t 105 = y 18 , t 117 = t 56 ⊕t 103 = y 10 , t 118 = t 51 ⊕t 69 , t 122 = t 69 ⊕t 110 = y 25 ;
the input signals of the seventh module of the linear layer M0 realization circuit are as follows:
x 3 , x 21 , t 46 , t 48 , t 53 , t 61 , t 63 , t 67 , t 68 , t 71 , t 75 , t 80 , t 86 , t 87 , t 88 , t 92 , t 109 , t 118 , t 115 ;
the output signal is:
t 89 , t 93 , y 26 , t 99 , y 20 , y 12 , y 16 , y 11 , y 2 , y 15 , y 6 specifically, the circuit includes 11 exclusive or gate circuits, which are respectively:
t 89 = t 86 ⊕t 88 , t 93 = x 3 ⊕t 92 , t 96 = t 46 ⊕t 53 = y 26 , t 99 = x 21 ⊕t 80 , t 101 = t 75 ⊕t 80 = y 20 , t 107 = t 68 ⊕t 87 = y 12 , t 111 = t 67 ⊕t 71 = y 16 , t 120 = t 71 ⊕t 109 = y 11 , t 124 = t 48 ⊕t 118 = y 2 , t 125 = t 61 ⊕t 71 = y 15 , t 126 = t 63 ⊕t 115 =y 6 ;
the input signals of the eighth module of the linear layer M0 realization circuit are as follows:
x 27 , x 28 , t 74 , t 80 , t 89 , t 93 , t 105 , t 107 , t 111 ;
the output signal is:
t 90 , t 94 , y 28 , t 113 , y 9 specifically, the circuit includes 5 exclusive or gate circuits, which are respectively:
t 90 =x 27 ⊕t 89 , t 94 = t 74 ⊕t 93 , t 95 = x 28 ⊕t 93 =y 28 , t 113 = t 80 ⊕t 107 , t 121 = t 105 ⊕t 111 = y 9 ;
the input signals of the ninth module of the linear layer M0 realization circuit are as follows:
t 32 , t 87 , t 90 , t 94 , t 95 , t 99 , t 109 , t 113 ;
the output signal is:
t 100 , y 19 , y 27 , y 21 , y 3 specifically, the circuit includes 5 exclusive or gate circuits, which are respectively:
t 100 = t 32 ⊕t 94 , t 102 = t 90 ⊕t 94 = y 19 , t 106 = t 87 ⊕t 90 = y 27 , t 112 = t 95 ⊕t 99 = y 21 , t 119 = t 109 ⊕t 113 = y 3 ;
the input signal of the tenth module of the linear layer M0 realization circuit is x 29 , t 100 , t 113 The output signal is t 104 , y 4 Specifically, it includes 2 XOR gates, each of which is t 104 = x 29 ⊕t 100 , t 114 = t 100 ⊕t 113 = y 4 ;
The input signal of the eleventh module of the linear layer M0 realization circuit is t 101 , t 104 ;
The output signal is y 29 The XOR gate circuit is t 123 = t 101 ⊕t 104 = y 29 。
Further, the linear layer M1 implementation circuit includes 10 modules.
The input signals of the first module of the linear layer M1 realization circuit are as follows:
x 0 , x 1 , x 2 , x 3 , x 4 , x 5 , x 6 , x 7 , x 8 , x 10 , x 11 , x 12 , x 13 , x 14 , x 15 , x 16 , x 18 , x 20 , x 22 , x 24 , x 25, x 26 , x 28, x 29 , x 30 , x 31 ;
the output signal is:
t 32 , t 33 , t 34 , t 35 , t 37 , t 40 , t 41 , t 44 , t 45 , t 46 , t 47 , t 48 , t 49 , t 50 , t 52 , t 70 , t 101 specifically, the circuit includes 17 exclusive-or gates, which are respectively:
t 32 = x 29 ⊕x 13 , t 33 = x 6 ⊕x 22 , t 34 = x 15 ⊕x 31 , t 35 = x 14 ⊕x 30 , t 37 = x 5 ⊕x 13 , t 40 = x 16 ⊕x 24 , t 41 = x 0 ⊕x 8 , t 44 = x 12 ⊕x 28 , t 45 = x 4 ⊕x 20 , t 46 = x 10 ⊕x 20 , t 47 = x 2 ⊕x 10 , t 48 = x 10 ⊕x 25 , t 49 = x 26 ⊕x 28 , t 50 = x 18 ⊕x 26 , t 52 = x 1 ⊕x 18 , t 70 = x 3 ⊕x 11 , t 101 = x 7 ⊕x 22 ;
the input signal of the second module of the linear layer M1 realization circuit is as follows:
x 1 , x 9 , x 11 , x 17 , x 21 , x 25 , x 30 , x 31 , t 32 , t 33 , t 34 , t 35 , t 37 , t 40 , t 44 , t 45 , t 46 , t 50 , t 70 ;
the output signals are:
t 36 , t 38 , t 42 , t 54 , t 55 , t 60 , t 61 , t 62 , t 71 , t 73 , t 76 , t 81 , t 91 specifically, the circuit includes 13 exclusive-or gates, which are respectively:
t 36 = x 31 ⊕t 32 , t 38 = x 21 ⊕t 32 , t 42 = t 37 ⊕t 34 , t 54 = x 25 ⊕t 33 , t 55 = x 1 ⊕t 40 , t 60 = t 33 ⊕t 34 , t 61 = x 9 ⊕t 46 , t 62 = x 9 ⊕t 33 , t 71 = x 17 ⊕t 70 , t 73 = t 35 ⊕t 70 , t 76 = t 44 ⊕t 45 , t 81 = x 11 ⊕t 50 , t 91 = x 30 ⊕t 44 ;
the input signal of the third module of the linear layer M1 realization circuit is as follows:
x 5 , x 7 , x 16 , x 19 , x 23 , x 27 , t 32 , t 35 , t 36 , t 38 , t 40 , t 41 , t 42 , t 49 , t 50 , t 54 , t 55 , t 60 , t 61 , t 62 , t 73 , t 76 , t 81 , t 91 , t 101 ;
the output signal is:
t 39 , t 43 , t 51 , t 58 , y 1 , t 65 , t 68 , t 72 , t 75 , t 82 , y 9 , t 86 , y 25 , t 90 , t 99 , y 7 specifically, the circuit comprises 16 exclusive or gates, which are respectively:
t 39 = x 5 ⊕t 38 , t 43 = x 23 ⊕t 36 , t 51 = x 7 ⊕t 36 , t 58 = x 27 ⊕t 42 , t 63 = t 35 ⊕t 55 = y 1 , t 65 = x 5 ⊕t 61 , t 68 = x 19 ⊕t 42 , t 72 = t 35 ⊕t 60 , t 75 = t 49 ⊕t 62 , t 82 = t 42 ⊕t 50 , t 85 = t 40 ⊕t 62 = y 9 , t 86 = x 16 ⊕t 81 , t 88 = t 41 ⊕t 54 = y 25 , t 90 = t 41 ⊕t 73 , t 99 = t 32 ⊕t 76 , t 108 = t 91 ⊕t 101 = y 7 ;
the input signal of the fourth module of the linear layer M1 realization circuit is as follows:
x 0 , x 3 , x 11 , t 33 , t 34 , t 35 , t 39 , t 40 , t 43 , t 48 , t 50 , t 51 , t 52 , t 58 , t 65 , t 68 , t 71 , t 75 , t 90 , t 99 ;
the output signal is:
t 53 , t 56 , t 57 , t 64 , t 69 , t 74 , y 0 , t 80 , t 83 , t 84 , t 89 , y 17 , t 98 , t 104 , t 116 specifically, the circuit includes 15 exclusive or gate circuits, which are respectively:
t 53 = t 48 ⊕t 51 , t 56 = t 51 ⊕t 52 , t 57 = t 34 ⊕t 51 , t 64 = t 33 ⊕t 39 , t 69 = x 3 ⊕t 68 , t 74 = t 35 ⊕t 39 , t 77 = x 0 ⊕t 43 = y 0 , t 80 = x 11 ⊕t 58 , t 83 = t 39 ⊕t 50 , t 84 = t 65 ⊕t 75 , t 89 = t 71 ⊕t 75 , t 97 = t 71 ⊕t 90 = y 17 , t 98 = t 40 ⊕t 90 , t 104 = t 39 ⊕t 40 , t 116 = t 39 ⊕t 99 ;
the input signal of the fifth module of the linear layer M1 realization circuit is as follows:
x 9 , x 16 , x 17 , x 22 , x 30 , t 41 , t 43 , t 53 , t 56 , t 57 , t 61 , t 69 , t 72 , t 77 , t 80 , t 84 , t 86 , t 99 ;
the output signal is:
y 18 , t 66 , t 67 , t 78 , t 92 , t 93 , y 16 , t 105 , t 111 , y 22 , y 5 specifically, the circuit includes 11 exclusive or gate circuits, which are respectively:
t 59 = x 9 ⊕t 56 = y 18 , t 66 = t 53 ⊕t 61 , t 67 = x 17 ⊕t 53 , t 78 = t 43 ⊕t 57 , t 92 = t 41 ⊕t 77 , t 93 = x 30 ⊕t 69 , t 100 = x 16 ⊕t 57 = y 16 , t 105 = t 77 ⊕t 86 , t 111 = t 57 ⊕t 99 , t 117 = x 22 ⊕t 80 = y 22 , t 125 = t 72 ⊕t 84 = y 5 ;
the input signal of the sixth module of the linear layer M1 implementation circuit is:
t 39 , t 47 , t 64 , t 66 , t 67 , t 73 , t 78 , t 83 , t 92 , t 93 , t 98 , t 100 , t 104 , t 105 , t 108 , t 111 , t 116 , t 117 , t 125 ;
the output signal is:
t 79 , y 20 , y 8 , y 30 , t 102 , y 10 , t 112 , y 3 , y 11 , y 24 , y 15 , y 21 , y 6 specifically, the circuit includes 13 exclusive-or gates, which are respectively:
t 79 = t 47 ⊕t 78 , t 87 = t 66 ⊕t 73 = y 20 , t 94 = t 39 ⊕t 92 = y 8 , t 96 = t 78 ⊕t 93 = y 30 , t 102 = t 78 ⊕t 83 , t 107 = t 39 ⊕t 67 = y 10 , t 112 = t 78 ⊕t 111 , t 113 = t 98 ⊕t 105 = y 3 , t 114 = t 64 ⊕t 105 = y 11 , t 120 = t 100 ⊕t 104 = y 24 , t 122 = t 108 ⊕t 111 = y 15 , t 132 = t 116 ⊕t 125 = y 21 , t 134 = t 64 ⊕t 117 = y 6 ;
the input signal of the seventh module of the linear layer M1 realization circuit is as follows:
t 59 , t 67 , t 72 , t 74 , t 79 , t 82 , t 91 , t 96 , t 102 , t 122 ;
the output signal is:
t 95 , y 26 , y 2 , t 109 , y 31 , y 14 specifically, the circuit includes 6 exclusive or gate circuits, which are respectively:
t 95 = t 79 ⊕t 82 , t 103 = t 59 ⊕t 102 = y 26 , t 106 = t 67 ⊕t 79 = y 2 , t 109 = t 91 ⊕t 96 , t 126 = t 72 ⊕t 122 = y 31 , t 131 = t 74 ⊕t 96 = y 14 ;
the input signal of the eighth module of the linear layer M1 implementation circuit is:
t 69 , t 80 , t 84 , t 89 , t 95 , t 103 , t 109 , t 112 , t 126 ;
the output signal is:
t 110 , t 115 , y 28 , t 121 , y 13 , y 23 specifically, the circuit comprises 6 exclusive or gate circuits, which are respectively:
t 110 = t 80 ⊕t 109 , t 115 = t 69 ⊕t 95 , t 118 = t 89 ⊕t 103 = y 28 , t 121 = t 80 ⊕t 95 , t 124 = t 84 ⊕t 95 = y 13 , t 129 = t 112 ⊕t 126 = y 23 ;
the input signals of the ninth module of the linear layer M1 realization circuit are as follows:
t 76 , t 99 , t 110 , t 113 , t 114 , t 115 , t 118 , t 121 , t 124 ;
the output signal is:
y 19 , y 27 , t 127 , y 12 , y 29 specifically, the circuit comprises 5 exclusive or gate circuits, which are respectively:
t 119 = t 113 ⊕t 115 = y 19 , t 123 = t 114 ⊕t 121 = y 27 , t 127 = t 76 ⊕t 110 , t 128 = t 110 ⊕t 118 = y 12 , t 133 = t 99 ⊕t 124 = y 29 ;
the input signal of the tenth module of the linear layer M1 realization circuit is t 87 , t 127 ;
The output signal is y 4 The XOR gate circuit is t 130 = t 87 ⊕t 127 = y 4 。
The beneficial effects of the invention are as follows:
the number of the XOR gates required by the two linear layers is the minimum known at present, the hardware area is reduced, and the cost required by the whole cryptographic algorithm in the implementation process is further reduced.
Drawings
FIG. 1 is a detailed flow chart of the CLEFIA algorithm;
FIG. 2 is a flow chart of the optimization of the linear layer in the CLEFIA algorithm;
FIG. 3 is a circuit block diagram of the optimization of the linear layer M0 according to the present invention;
FIG. 4 is a circuit block diagram of the optimization of the linear layer M1 according to the present invention;
FIG. 5 is a circuit diagram of a first module of the linear layer M0 of the present invention;
FIG. 6 is a circuit diagram of a second module of the linear layer M0 of the present invention;
FIG. 7 is a circuit diagram of a third module of the linear layer M0 of the present invention;
FIG. 8 is a circuit diagram of a fourth module of the linear layer M0 of the present invention;
FIG. 9 is a circuit diagram of a fifth module of the linear layer M0 of the present invention;
FIG. 10 is a circuit diagram of a sixth module of the linear layer M0 of the present invention;
FIG. 11 is a circuit diagram of a seventh module of the linear layer M0 of the present invention;
FIG. 12 is a circuit diagram of an eighth module of the linear layer M0 of the present invention;
FIG. 13 is a ninth block circuit diagram of the linear layer M0 of the present invention;
FIG. 14 is a tenth block circuit diagram of the linear layer M0 of the present invention;
FIG. 15 is a circuit diagram of an eleventh module of the linear layer M0 of the present invention;
FIG. 16 is a circuit diagram of a first module of the linear layer M1 according to the present invention;
FIG. 17 is a circuit diagram of a second module of the linear layer M1 according to the present invention;
FIG. 18 is a circuit diagram of a third module of the linear layer M1 according to the present invention;
FIG. 19 is a circuit diagram of a fourth module of the linear layer M1 according to the present invention;
FIG. 20 is a circuit diagram of a fifth module of the linear layer M1 according to the present invention;
FIG. 21 is a circuit diagram of a sixth module of the linear layer M1 according to the present invention;
FIG. 22 is a circuit diagram of a seventh module of the linear layer M1 according to the present invention;
FIG. 23 is a circuit diagram of an eighth module of the linear layer M1 of the present invention;
FIG. 24 is a ninth block circuit diagram of the linear layer M1 of the present invention;
fig. 25 is a circuit diagram of a tenth module of the linear layer M1 of the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
Aiming at a linear layer of the CLEFIA cryptographic algorithm, in order to solve the problems existing in the heuristic algorithm for realizing the optimization of the solved matrix, the specific property of the linear matrix corresponding to the linear layer in the CLEFIA cryptographic algorithm and the equivalent property of the elementary transformation matrix on the binary domain are combined, and the linear layer realization circuit can be obtained through the following specific optimization process.
Fig. 1 is a specific flowchart of the CLEFIA algorithm, and the present invention mainly relates to a circuit optimization technique for two linear layers M0 and M1 in the algorithm.
The optimization process for the linear layers M0 and M1 is as follows: extending elements in a matrix corresponding to the linear layer circuit into elements in a binary domain; the matrix represented on the binary domain is optimized integrally by using a local optimization method, so that the number of exclusive-OR gate circuits required by the matrix in the implementation process is reduced; the gate-level hardware circuit diagrams of two linear layers corresponding to the algorithm are respectively listed in detail. The specific implementation steps are as follows:
1. expanding elements in a matrix corresponding to a linear layer circuit to elements in a binary domain
In this algorithm, there are two linear components, and the matrix corresponding to the linear variation can be represented by M0, M1. The linear layers M0, M1 are extended to a 32 × 32 matrix over the binary domain as shown below:
wherein L11, L12, L21, L22 are respectively matrices of 16 × 16:
2. the matrix represented on the binary domain is optimized integrally by using a local optimization method, so that the number of exclusive-OR gate circuits required by the matrix in the implementation process is reduced
The matrixes M0 and M1 corresponding to the linear part of the algorithm are Hadamard type matrixes, and the block matrixes are symmetrical about the angle, so the invention fully utilizes the characteristics of the matrixes to carry out the same optimization mode on the matrixes M0 and M1, and the specific optimization process of the matrix M0 (M1) is only used as reference.
The output of the linear component is a linear combination of the inputs. Therefore, in order to reduce the number of exclusive-or gate circuits consumed by the matrix in the implementation process, the core of matrix optimization is to reduce the number of exclusive-or gate circuits consumed by implementing all output signals of the matrix.
Let the input signal of the matrix be { x when the hardware is implemented 0 , x 1 ,…, x 31 Output signal is { y } 0 , y 1 ,…, y 31 And t is a register, and the storage value of the register is an intermediate value obtained by inputting or carrying out exclusive-or operation on the matrix. Fig. 2 is a specific flowchart of the optimization process, in which a dense matrix is converted into a sparse matrix by optimizing a low-order matrix, and the whole is further optimized.
(1) The matrices corresponding to the linear elements of the algorithm are all Hadamard type matrices. Based on the lower order matrix being more than the higher order matrixThe idea of a near-optimal implementation, with sparse matrices closer to the optimal implementation than dense matrices, is to first optimize the block matrix L11 (L21) of matrix M0 (M1). The block matrix L11 (L21) is a 16 × 16 matrix on the binary domain, so the optimization process is easier to implement than the 32 × 32 matrix. An initial realization a11 (a 21) of the deblocking matrix L11 (L21) is found by gaussian elimination. A11 (A21) is composed of a finite number of forms such as t i = t j ⊕t k I.e. a11 (a 21) is composed of a finite (not set to n) elementary transformation matrices, a11= E (i) n +j n ) …E(i 1 +j 1 )(A21= E(i n +j n ) …E(i 1 +j 1 ) Where the elementary transformation matrix E (i + j) indicates the corresponding addition of the element of the jth row to the element of the ith row. Let E (i \8596j) denote that the element of the i-th line is interchanged with the element of the j-th line, then E (i + j) has the following properties:
B1、E(r+s)E(i+j)=E(i+j)E(r+s);
B2、E(i+j)E(r+j)=E(r+j)E(i+j);
B3、E(i+j)E(i+s)=E(i+s)E(i+j);
R1、E(k+i)E(k+j)E(i+j)=E(i+j)E(k+i);
R2、E(i+k)E(k+j)E(i+j)=E(k+j)E(i+k);
R3、E(i+k)E(j+k)E(i+j)=E(i+j)E(j+k);
R4、E(j+k)E(i+k)E(i+j)=E(i+j)E(j+k);
R5、E(k+j)E(k+i)E(i+j)=E(i+j)E(k+i);
R6、E(k+j)E(i+k)E(i+j)=E(i+k)E(k+j);
R7、E(j+i)E(i+j)=E(i↔j)E(j+i)。
(2) From the implementation A11 (A21) above, a length S (S e [2,n-1 ]) is taken]) If there are matrices connected as in the above-mentioned properties R1-R7 in the continuous fragment or after the equivalent operations B1, B2, B3, these matrices are reduced by the properties R1-R7 to obtain a new (shorter) fragment to replace the fragment intercepted in the process, and to obtain the corresponding realization equivalent to the original realization a11 (a 21) (still denoted as a11 (a 21)). If not present, e.g. linked in the nature R1-R7The next successive segment of length S is then truncated from the implementation a11 (a 21), again by reducing this truncated segment using the equivalent operations B1, B2, B3 and the properties R1-R7. If it is realized that all the consecutive segments with the length of S in a11 (a 21) have been truncated and reduced, the truncation of consecutive segments with the length of S-1 from a11 (a 21) continues until the truncation is S =1. The final optimized implementation of A11 (A21) is denoted as A11 '(A21'), when A11 '(A21') is represented by n 1 (n 2 ) And (4) transforming the elementary matrixes.
(3) Through the process (2), the optimization implementation a11 '(a 21') corresponding to the block matrix L11 (L21) in M0 (M1) is applied to L12 (L22), and the equivalent matrix L12 '(L22') of L12 is obtained. Accordingly, a sparse matrix L1 '(L2') equivalent to M0 (M1) is obtained. According to the idea that the sparse matrix is closer to the optimal implementation than the dense matrix, the initial implementation A1 (A2) of the matrix L1 '(L2') is solved by Gaussian elimination, wherein A1 (A2) is formed by n 3 (n 4 ) An elementary transformation matrix. In combination with the equivalent change operation of M0 (M1) initially in the process, the initial realization of M0 (M1) is performed by 2n 1 +n 3 (2n 2 +n 4 ) An elementary transformation matrix. Returning to step (2), the initial realization of M0 (M1) is optimized to obtain the final realization A1 (A2').
By using the method, the optimization implementation of the matrixes M0 and M1 corresponding to the linear layer component in the algorithm is respectively shown in a table I and a table II.
TABLE 1 optimized implementation of matrix M0
TABLE 2 optimized implementation of matrix M1
3. Gate-level hardware circuit diagram of linear component of algorithm
By utilizing the existing technology (Paar 1, paar2, BP, BFI, RNBP, A1, A2) for solving the matrix based on the g-xor standard, the realization cost of the matrixes M0 and M1 corresponding to the linear layer of the CLEFIA algorithm related by the invention is shown in the third table.
Table 3 number of exclusive or gates required for implementing the linear layer of the CLEFIA algorithm in known implementation techniques
Wherein the Paar1 algorithm and the Paar2 algorithm are from the article:
Paar, C.《Optimized arithmetic for Reed-Solomon encoders》In: IEEE International Symposium on Information Theory, p. 250 (1997);
the BP algorithm comes from the thesis:
Boyar, J., Peralta, R.《A new combinational logic minimization technique with applications to cryptology》In: Festa, P. (ed.) SEA 2010. LNCS, vol. 6049, pp. 178–189. Springer, Heidelberg (2010);
the BFI algorithm comes from the paper:
Banik, S., Funabiki, Y., Isobe, T.《More results on shortest linear programs》In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 109–128. Springer, Cham (2019);
the RNBP algorithm, the A1 algorithm, and the A2 algorithm all come from the article:
Tan, Q.Q., Peyrin, T.《Improved heuristics for short linear programs》IACR Trans.Cryptogr. Hardw. Embed. Syst. 2020(1), 203–230 (2020)。
the exclusive-or numbers consumed by the realization of the linear layer corresponding matrixes M0 and M1 are respectively 96 and 103, which is the best known at present.
As shown in tables 1 and 2, the number of exclusive or gate circuits required to implement the matrix M0 corresponding to the linear layer of the CLEFIA algorithm is 96, and the depth is 11; the number of exclusive-or gate circuits required to realize the matrix M1 corresponding to the linear layer of the CLEFIA algorithm is 103, and the depth is 10. The specific frame is shown in fig. 3 and 4. The implementation of matrix M0 may be divided into 11 modules and the implementation of matrix M1 may be divided into 10 modules. All modules (except the first module) are affected by modules of shallower depth.
All the modules in fig. 3-4 are integrated of an exclusive-or gate circuit, and the specific circuit implementation of each module is shown in fig. 5-25. As can be seen from table 3, the number of xor gate circuits implemented by two linear layers in the CLEFIA algorithm provided by the present invention is currently known to be the best. Therefore, the aim of optimizing the hardware implementation of the whole algorithm is fulfilled.
The foregoing is illustrative of the best mode of the invention and details not described herein are within the common general knowledge of a person of ordinary skill in the art. The scope of the present invention is defined by the appended claims, and any equivalent modifications based on the technical teaching of the present invention are also within the scope of the present invention.
Claims (1)
1. An optimized CLEFIA algorithm linear layer realization circuit comprises a realization circuit of a linear layer M0 positioned in a cryptographic algorithm updating function F0 and a realization circuit of a linear layer M1 positioned in a cryptographic algorithm updating function F1, and is characterized in that the realization circuit of the linear layer M0 comprises 11 modules, and the total input signal of the realization circuit of the linear layer M0 is set as { x } x 0 ,x 1 ,…,x 31 All output signals are { y } 0 ,y 1 ,…,y 31 Register is marked as t i Then, the input signal of the first module of the linear layer M0 implementation circuit is: x is a radical of a fluorine atom 1 ,x 2 ,x 3 ,x 4 ,x 5 ,x 7 ,x 8 ,x 11 ,x 12 ,x 14 ,x 17 ,x 19 ,x 21 ,x 23 ,x 24, x 26 ,x 28, x 30 ,x 31 The output signal is:
t 32 ,t 33 ,t 34 ,t 35 ,t 37 ,t 39 ,t 52 ,t 54 ,t 59 ,t 72 ,t 76 ,t 85 specifically, the circuit includes 12 exclusive or gate circuits, which are respectively:
t 32 =x 4 ⊕x 12 ,t 33 =x 2 ⊕x 11 ,t 34 =x 14 ⊕x 21 ,t 35 =x 8 ⊕x 17 ,t 37 =x 5 ⊕x 30 ,
t 39 =x 14 ⊕x 23 ,t 52 =x 1 ⊕x 24 ,t 54 =x 23 ⊕x 31 ,t 59 =x 7 ⊕x 30 ,t 72 =x 12 ⊕x 19 ,t 76 =x 5 ⊕x 28 ,
t 85 =x 3 ⊕x 26 ;
the input signal of the second module of the linear layer M0 realization circuit is as follows:
x 6 ,x 8 ,x 10 ,x 13 ,x 21 ,x 22 ,x 27 ,t 32 ,t 34 ,t 35 ,t 37 ,t 39 ,t 54 ,t 59 ;
the output signal is:
t 36 ,t 38 ,t 40 ,t 42 ,t 55 ,t 60 ,t 64 ,t 73 ,t 81 specifically, the circuit includes 9 exclusive or gate circuits, which are respectively:
t 36 =x 10 ⊕t 35 ,t 38 =x 21 ⊕t 37 ,t 40 =t 37 ⊕t 39 ,t 42 =x 6 ⊕t 39 ,t 55 =x 8 ⊕t 54 ,
t 60 =t 34 ⊕t 59 ,t 64 =x 22 ⊕t 59 ,t 73 =x 27 ⊕t 54 ,t 81 =x 13 ⊕t 32 ;
the input signals of the third module of the linear layer M0 realization circuit are as follows:
x 7 ,x 13 ,x 15 ,x 22 ,x 25 ,x 29 ,x 31 ,t 32 ,t 38 ,t 40 ,t 42 ,t 52 ,t 55 ,t 60 ,t 64 ,t 72 ,t 73 ,t 81 the output signal is:
y 23 ,t 43 ,t 47 ,y 1 ,t 57 ,y 7 ,t 65 ,t 74 ,t 83 ,y 30 specifically, the circuit includes 10 exclusive or gate circuits, which are respectively:
t 41 =x 13 ⊕t 40 =y 23 ,t 43 =x 15 ⊕t 42 ,t 47 =x 7 ⊕t 42 ,t 56 =t 52 ⊕t 55 =y 1 ,
t 57 =x 25 ⊕t 55 ,t 61 =x 29 ⊕t 60 =y 7 ,t 65 =x 31 ⊕t 64 ,t 74 =t 72 ⊕t 73 ,t 83 =x 22 ⊕t 81 ,
t 97 =t 32 ⊕t 38 =y 30 ;
the input signal of the fourth module of the linear layer M0 realization circuit is as follows:
x 0 ,x 2 ,x 16 ,x 18 ,x 20 ,x 24 ,x 29 ,t 35 ,t 43 ,t 47 ,t 55 ,t 57 ,t 61 ,t 65 ,t 72 ,t 74 ,t 76 ,t 83 the output signal is:
t 44 ,t 45 ,y 24 ,t 50 ,t 58 ,t 62 ,y 8 ,t 67 ,t 68 ,t 75 ,y 5 ,t 78 ,y 22 specifically, the circuit includes 13 exclusive-or gates, which are respectively:
t 44 =t 35 ⊕t 43 ,t 45 =x 0 ⊕t 43 ,t 48 =x 24 ⊕t 47 =y 24 ,t 50 =x 2 ⊕t 43 ,t 58 =x 18 ⊕t 57 ,
t 62 =t 47 ⊕t 61 ,t 66 =t 55 ⊕t 65 =y 8 ,t 67 =x 16 ⊕t 65 ,t 68 =t 47 ⊕t 65 ,t 75 =x 20 ⊕t 74 ,
t 77 =t 74 ⊕t 76 =y 5 ,t 78 =t 47 ⊕t 72 ,t 84 =x 29 ⊕t 83 =y 22 ;
the input signals of the fifth module of the linear layer M0 realization circuit are as follows:
x 9 ,x 10 ,x 17 ,x 19 ,x 25 ,x 26 ,t 33 ,t 34 ,t 36 ,t 41 ,t 44 ,t 45 ,t 48 ,t 50 ,t 58 ,t 62 ,t 67 ,t 68 ,t 75 ,t 78 ,t 81 ,t 85 ;
the output signal is:
t 46 ,y 17 ,t 51 ,t 63 ,t 69 ,t 70 ,t 79 ,y 13 ,t 86 ,t 91 ,t 98 ,t 103 ,t 105 ,t 108 ,y 0 ,y 31 specifically, the system comprises 16 exclusive-or gates, which are respectively:
t 46 =x 26 ⊕t 45 ,t 49 =t 44 ⊕t 48 =y 17 ,t 51 =x 9 ⊕t 50 ,t 63 =t 41 ⊕t 62 ,t 69 =x 25 ⊕t 67 ,
t 70 =x 17 ⊕t 44 ,t 79 =x 10 ⊕t 78 ,t 82 =t 75 ⊕t 81 =y 13 ,t 86 =t 78 ⊕t 85 ,t 91 =x 19 ⊕t 50 ,t 98 =t 34 ⊕
t 75 ,t 103 =t 36 ⊕t 67 ,t 105 =x 9 ⊕t 45 ,t 108 =t 33 ⊕t 58 ,t 110 =t 45 ⊕t 68 =y 0 ,t 127 =t 41 ⊕t 68 =y 31 ;
the input signal of the sixth module of the linear layer M0 realization circuit is as follows:
x 1 ,x 10 ,x 18 ,t 33 ,t 44 ,t 49 ,t 51 ,t 52 ,t 56 ,t 58 ,t 66 ,t 69 ,t 70 ,t 77 ,t 79 ,t 86 ,t 91 ,t 98 ,t 103 ,t 105 ,t 108 ,t 110 ;
the output signals are:
t 53 ,t 71 ,t 80 ,t 87 ,t 88 ,t 92 ,t 109 ,y 14 ,y 18 ,y 10 ,t 118 ,y 25 specifically, the circuit includes 12 exclusive or gate circuits, which are respectively:
t 53 =t 49 ⊕t 52 ,t 71 =t 66 ⊕t 70 ,t 80 =t 33 ⊕t 79 ,t 87 =x 18 ⊕t 86 ,t 88 =x 1 ⊕t 51 ,
t 92 =x 10 ⊕t 91 ,t 109 =t 44 ⊕t 108 ,t 115 =t 77 ⊕t 98 [y 14 ],t 116 =t 58 ⊕t 105 =y 18 ,
t 117 =t 56 ⊕t 103 =y 10 ,t 118 =t 51 ⊕t 69 ,t 122 =t 69 ⊕t 110 =y 25 ;
the input signals of the seventh module of the linear layer M0 realization circuit are as follows:
x 3 ,x 21 ,t 46 ,t 48 ,t 53 ,t 61 ,t 63 ,t 67 ,t 68 ,t 71 ,t 75 ,t 80 ,t 86 ,t 87 ,t 88 ,t 92 ,t 109 ,t 118 ,t 115 ;
the output signal is:
t 89 ,t 93 ,y 26 ,t 99 ,y 20 ,y 12 ,y 16 ,y 11 ,y 2 ,y 15 ,y 6 specifically, the circuit includes 11 exclusive or gate circuits, which are respectively:
t 89 =t 86 ⊕t 88 ,t 93 =x 3 ⊕t 92 ,t 96 =t 46 ⊕t 53 =y 26 ,t 99 =x 21 ⊕t 80 ,t 101 =t 75 ⊕t 80 =y 20 ,
t 107 =t 68 ⊕t 87 =y 12 ,t 111 =t 67 ⊕t 71 =y 16 ,t 120 =t 71 ⊕t 109 =y 11 ,
t 124 =t 48 ⊕t 118 =y 2 ,t 125 =t 61 ⊕t 71 =y 15 ,t 126 =t 63 ⊕t 115 =y 6 ;
the input signals of the eighth module of the linear layer M0 realization circuit are as follows:
x 27 ,x 28 ,t 74 ,t 80 ,t 89 ,t 93 ,t 105 ,t 107 ,t 111 ;
the output signal is:
t 90 ,t 94 ,y 28 ,t 113 ,y 9 specifically, the circuit includes 5 exclusive or gate circuits, which are respectively:
t 90 =x 27 ⊕t 89 ,t 94 =t 74 ⊕t 93 ,t 95 =x 28 ⊕t 93 =y 28 ,t 113 =t 80 ⊕t 107 ,t 121 =t 105 ⊕t 111 =y 9 ;
the input signals of the ninth module of the linear layer M0 realization circuit are as follows:
t 32 ,t 87 ,t 90 ,t 94 ,t 95 ,t 99 ,t 109 ,t 113 ;
the output signal is:
t 100 ,y 19 ,y 27 ,y 21 ,y 3 specifically, the circuit includes 5 exclusive or gate circuits, which are respectively:
t 100 =t 32 ⊕t 94 ,t 102 =t 90 ⊕t 94 =y 19 ,t 106 =t 87 ⊕t 90 =y 27 ,t 112 =t 95 ⊕t 99 =y 21 ,t 119 =t 109 ⊕t 113 =y 3 ;
the input signal of the tenth module of the linear layer M0 realization circuit is x 29 ,t 100 ,t 113 The output signal is t 104 ,y 4 Specifically, it includes 2 XOR gates, each of which is t 104 =x 29 ⊕t 100 ,t 114 =t 100 ⊕t 113 =y 4 ;
The input signal of the eleventh module of the linear layer M0 realization circuit is t 101 ,t 104 ;
The output signal is y 29 The XOR gate circuit is t 123 =t 101 ⊕t 104 =y 29 ;
The linear layer M1 realization circuit comprises 10 modules;
the input signal of the first module of the circuit realized by the linear layer M1 is as follows:
x 0 ,x 1 ,x 2 ,x 3 ,x 4 ,x 5 ,x 6 ,x 7 ,x 8 ,x 10 ,x 11 ,x 12 ,x 13 ,x 14 ,x 15 ,x 16 ,x 18 ,x 20 ,x 22 ,x 24 ,x 25, x 26 ,x 28, x 29 ,x 30 ,x 31 ;
the output signal is:
t 32 ,t 33 ,t 34 ,t 35 ,t 37 ,t 40 ,t 41 ,t 44 ,t 45 ,t 46 ,t 47 ,t 48 ,t 49 ,t 50 ,t 52 ,t 70 ,t 101 specifically, the circuit includes 17 exclusive-or gates, which are respectively:
t 32 =x 29 ⊕x 13 ,t 33 =x 6 ⊕x 22 ,t 34 =x 15 ⊕x 31 ,t 35 =x 14 ⊕x 30 ,t 37 =x 5 ⊕x 13 ,
t 40 =x 16 ⊕x 24 ,t 41 =x 0 ⊕x 8 ,t 44 =x 12 ⊕x 28 ,t 45 =x 4 ⊕x 20 ,t 46 =x 10 ⊕x 20 ,t 47 =
x 2 ⊕x 10 ,t 48 =x 10 ⊕x 25 ,t 49 =x 26 ⊕x 28 ,t 50 =x 18 ⊕x 26 ,t 52 =x 1 ⊕x 18 ,t 70 =x 3 ⊕x 11 ,t 101 =x 7 ⊕x 22 ;
the input signal of the second module of the linear layer M1 realization circuit is as follows:
x 1 ,x 9 ,x 11 ,x 17 ,x 21 ,x 25 ,x 30 ,x 31 ,t 32 ,t 33 ,t 34 ,t 35 ,t 37 ,t 40 ,t 44 ,t 45 ,t 46 ,t 50 ,t 70 ;
the output signal is:
t 36 ,t 38 ,t 42 ,t 54 ,t 55 ,t 60 ,t 61 ,t 62 ,t 71 ,t 73 ,t 76 ,t 81 ,t 91 specifically comprises 13 exclusive-OR gatesThe way, respectively are:
t 36 =x 31 ⊕t 32 ,t 38 =x 21 ⊕t 32 ,t 42 =t 37 ⊕t 34 ,t 54 =x 25 ⊕t 33 ,t 55 =x 1 ⊕t 40 ,
t 60 =t 33 ⊕t 34 ,t 61 =x 9 ⊕t 46 ,t 62 =x 9 ⊕t 33 ,t 71 =x 17 ⊕t 70 ,t 73 =t 35 ⊕t 70 ,
t 76 =t 44 ⊕t 45 ,t 81 =x 11 ⊕t 50 ,t 91 =x 30 ⊕t 44 ;
the input signal of the third module of the linear layer M1 realization circuit is as follows:
x 5 ,x 7 ,x 16 ,x 19 ,x 23 ,x 27 ,t 32 ,t 35 ,t 36 ,t 38 ,t 40 ,t 41 ,t 42 ,t 49 ,t 50 ,t 54 ,t 55 ,t 60 ,t 61 ,t 62 ,t 73 ,t 76 ,t 81 ,t 91 ,t 101 ;
the output signals are:
t 39 ,t 43 ,t 51 ,t 58 ,y 1 ,t 65 ,t 68 ,t 72 ,t 75 ,t 82 ,y 9 ,t 86 ,y 25 ,t 90 ,t 99 ,y 7 specifically, the circuit comprises 16 exclusive or gates, which are respectively:
t 39 =x 5 ⊕t 38 ,t 43 =x 23 ⊕t 36 ,t 51 =x 7 ⊕t 36 ,t 58 =x 27 ⊕t 42 ,t 63 =t 35 ⊕t 55 =y 1 ,t 65 =x 5 ⊕t 61 ,t 68 =x 19 ⊕t 42 ,t 72 =t 35 ⊕t 60 ,t 75 =t 49 ⊕t 62 ,t 82 =t 42 ⊕t 50 ,t 85 =t 40 ⊕t 62 =y 9 ,t 86 =x 16 ⊕t 81 ,t 88 =t 41 ⊕t 54 =y 25 ,t 90 =t 41 ⊕t 73 ,t 99 =t 32 ⊕t 76 ,t 108 =t 91 ⊕t 101 =y 7 ;
the input signal of the fourth module of the linear layer M1 realization circuit is as follows:
x 0 ,x 3 ,x 11 ,t 33 ,t 34 ,t 35 ,t 39 ,t 40 ,t 43 ,t 48 ,t 50 ,t 51 ,t 52 ,t 58 ,t 65 ,t 68 ,t 71 ,t 75 ,t 90 ,t 99 ;
the output signal is:
t 53 ,t 56 ,t 57 ,t 64 ,t 69 ,t 74 ,y 0 ,t 80 ,t 83 ,t 84 ,t 89 ,y 17 ,t 98 ,t 104 ,t 116 specifically, the circuit includes 15 exclusive or gate circuits, which are respectively:
t 53 =t 48 ⊕t 51 ,t 56 =t 51 ⊕t 52 ,t 57 =t 34 ⊕t 51 ,t 64 =t 33 ⊕t 39 ,t 69 =x 3 ⊕t 68 ,
t 74 =t 35 ⊕t 39 ,t 77 =x 0 ⊕t 43 =y 0 ,t 80 =x 11 ⊕t 58 ,t 83 =t 39 ⊕t 50 ,t 84 =t 65 ⊕
t 75 ,t 89 =t 71 ⊕t 75 ,t 97 =t 71 ⊕t 90 =y 17 ,t 98 =t 40 ⊕t 90 ,t 104 =t 39 ⊕t 40 ,t 116 =t 39 ⊕t 99 ;
the input signals of the fifth module of the linear layer M1 implementation circuit are:
x 9 ,x 16 ,x 17 ,x 22 ,x 30 ,t 41 ,t 43 ,t 53 ,t 56 ,t 57 ,t 61 ,t 69 ,t 72 ,t 77 ,t 80 ,t 84 ,t 86 ,t 99 ;
the output signal is:
y 18 ,t 66 ,t 67 ,t 78 ,t 92 ,t 93 ,y 16 ,t 105 ,t 111 ,y 22 ,y 5 specifically, the circuit includes 11 exclusive or gate circuits, which are respectively:
t 59 =x 9 ⊕t 56 =y 18 ,t 66 =t 53 ⊕t 61 ,t 67 =x 17 ⊕t 53 ,t 78 =t 43 ⊕t 57 ,t 92 =t 41 ⊕t 77 ,t 93 =x 30 ⊕t 69 ,t 100 =x 16 ⊕t 57 =y 16 ,t 105 =t 77 ⊕t 86 ,t 111 =t 57 ⊕t 99 ,t 117 =x 22 ⊕t 80 =y 22 ,t 125 =t 72 ⊕t 84 =y 5 ;
the input signal of the sixth module of the linear layer M1 implementation circuit is:
t 39 ,t 47 ,t 64 ,t 66 ,t 67 ,t 73 ,t 78 ,t 83 ,t 92 ,t 93 ,t 98 ,t 100 ,t 104 ,t 105 ,t 108 ,t 111 ,t 116 ,t 117 ,t 125 ;
the output signal is:
t 79 ,y 20 ,y 8 ,y 30 ,t 102 ,y 10 ,t 112 ,y 3 ,y 11 ,y 24 ,y 15 ,y 21 ,y 6 specifically, the apparatus includes 13 exclusive-or gates, which are respectively:
t 79 =t 47 ⊕t 78 ,t 87 =t 66 ⊕t 73 =y 20 ,t 94 =t 39 ⊕t 92 =y 8 ,t 96 =t 78 ⊕t 93 =y 30 ,
t 102 =t 78 ⊕t 83 ,t 107 =t 39 ⊕t 67 =y 10 ,t 112 =t 78 ⊕t 111 ,t 113 =t 98 ⊕t 105 =y 3 ,t 114 =t 64 ⊕t 105 =y 11 ,t 120 =t 100 ⊕t 104 =y 24 ,t 122 =t 108 ⊕t 111 =y 15 ,t 132 =t 116 ⊕t 125 =y 21 ,t 134 =t 64 ⊕t 117 =y 6 ;
the input signal of the seventh module of the linear layer M1 realization circuit is as follows:
t 59 ,t 67 ,t 72 ,t 74 ,t 79 ,t 82 ,t 91 ,t 96 ,t 102 ,t 122 ;
the output signal is:
t 95 ,y 26 ,y 2 ,t 109 ,y 31 ,y 14 specifically, the circuit includes 6 exclusive or gate circuits, which are respectively:
t 95 =t 79 ⊕t 82 ,t 103 =t 59 ⊕t 102 =y 26 ,t 106 =t 67 ⊕t 79 =y 2 ,t 109 =t 91 ⊕t 96 ,
t 126 =t 72 ⊕t 122 =y 31 ,t 131 =t 74 ⊕t 96 =y 14 ;
the input signal of the eighth module of the linear layer M1 implementation circuit is:
t 69 ,t 80 ,t 84 ,t 89 ,t 95 ,t 103 ,t 109 ,t 112 ,t 126 ;
the output signal is:
t 110 ,t 115 ,y 28 ,t 121 ,y 13 ,y 23 specifically, the circuit includes 6 exclusive or gate circuits, which are respectively:
t 110 =t 80 ⊕t 109 ,t 115 =t 69 ⊕t 95 ,t 118 =t 89 ⊕t 103 =y 28 ,t 121 =t 80 ⊕t 95 ,t 124 =t 84 ⊕t 95 =y 13 ,t 129 =t 112 ⊕t 126 =y 23 ;
the input signals of the ninth module of the linear layer M1 realization circuit are as follows:
t 76 ,t 99 ,t 110 ,t 113 ,t 114 ,t 115 ,t 118 ,t 121 ,t 124 ;
the output signals are:
y 19 ,y 27 ,t 127 ,y 12 ,y 29 specifically, the circuit includes 5 exclusive or gate circuits, which are respectively:
t 119 =t 113 ⊕t 115 =y 19 ,t 123 =t 114 ⊕t 121 =y 27 ,t 127 =t 76 ⊕t 110 ,t 128 =t 110 ⊕t 118 =y 12 ,t 133 =t 99 ⊕t 124 =y 29 ;
the input signal of the tenth module of the linear layer M1 realization circuit is t 87 ,t 127 ;
The output signal is y 4 The XOR gate circuit is t 130 =t 87 ⊕t 127 =y 4 。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210735999.9A CN115276955B (en) | 2022-06-27 | 2022-06-27 | Optimized CLEFIA algorithm linear layer implementation circuit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210735999.9A CN115276955B (en) | 2022-06-27 | 2022-06-27 | Optimized CLEFIA algorithm linear layer implementation circuit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115276955A CN115276955A (en) | 2022-11-01 |
| CN115276955B true CN115276955B (en) | 2023-03-31 |
Family
ID=83763474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210735999.9A Active CN115276955B (en) | 2022-06-27 | 2022-06-27 | Optimized CLEFIA algorithm linear layer implementation circuit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115276955B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117134886B (en) * | 2023-08-21 | 2024-01-30 | 湖北大学 | Optimized FOX algorithm linear layer circuit |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995403B (en) * | 2019-10-31 | 2021-06-01 | 湖北大学 | Method for realizing optimization of search cipher algorithm linear layer hardware |
| CN112507644B (en) * | 2020-12-03 | 2021-05-14 | 湖北大学 | Optimized SM4 algorithm linear layer circuit |
| CN114282469A (en) * | 2021-12-24 | 2022-04-05 | 中国人民解放军国防科技大学 | Hardware circuit and optimization method of Camellia algorithm P function |
-
2022
- 2022-06-27 CN CN202210735999.9A patent/CN115276955B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115276955A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kim et al. | A carry-free 54b/spl times/54b multiplier using equivalent bit conversion algorithm | |
| Mozaffari-Kermani et al. | Reliable and error detection architectures of Pomaranch for false-alarm-sensitive cryptographic applications | |
| CN112507644B (en) | Optimized SM4 algorithm linear layer circuit | |
| CN115276955B (en) | Optimized CLEFIA algorithm linear layer implementation circuit | |
| Datta et al. | Reversible logic implementation of AES algorithm | |
| Bahar et al. | Design and implementation of approximate DCT architecture in quantum-dot cellular automata | |
| WO2000022504A1 (en) | 3x adder | |
| Karthikeyan et al. | RETRACTED ARTICLE: Performance improvement of elliptic curve cryptography system using low power, high speed 16× 16 Vedic multiplier based on reversible logic | |
| Penchalaiah et al. | Design and Implementation of Low Power and Area Efficient Architecture for High Performance ALU | |
| Kakde et al. | Design of area and power aware reduced Complexity Wallace Tree multiplier | |
| Khan | Synthesis of quaternary reversible/quantum comparators | |
| Cotofana et al. | Low weight and fan-in neural networks for basic arithmetic operations | |
| CN102117195A (en) | Large-number modular multiplier circuit | |
| Saranya et al. | A low area FPGA implementation of reversible gate encryption with heterogeneous key generation | |
| Rashidi et al. | Full‐custom hardware implementation of point multiplication on binary edwards curves for application‐specific integrated circuit elliptic curve cryptosystem applications | |
| Hebbar et al. | Design of high speed carry select adder using modified parallel prefix adder | |
| Patil et al. | FPGA Implementation of conventional and vedic algorithm for energy efficient multiplier | |
| Ibrahim et al. | Compact Bit-Parallel Systolic Multiplier Over GF (2 m) | |
| Shin et al. | A complex multiplier architecture based on redundant binary arithmetic | |
| Nehru et al. | A shannon based low power adder cell for neural network training | |
| Dake et al. | Low complexity digit serial multiplier for finite field using redundant basis | |
| Singh et al. | Efficient carry skip Adder design using full adder and carry skip block based on reversible Logic | |
| Zhao et al. | Efficient Ternary Logic Circuits Optimized by Ternary Arithmetic Algorithms | |
| CN117134886B (en) | Optimized FOX algorithm linear layer circuit | |
| Ganguly et al. | A reconfigurable parallel prefix ling adder with modified enhanced flagged binary logic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |