CN116132016A - Method for realizing additive expansion of cipher algorithm - Google Patents
Method for realizing additive expansion of cipher algorithm Download PDFInfo
- Publication number
- CN116132016A CN116132016A CN202211355280.9A CN202211355280A CN116132016A CN 116132016 A CN116132016 A CN 116132016A CN 202211355280 A CN202211355280 A CN 202211355280A CN 116132016 A CN116132016 A CN 116132016A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- group
- subtraction
- mode
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a method for realizing additive expansion of a cipher algorithm, which expands the bitwise exclusive OR operation in a plurality of existing encryption/decryption cipher modes into L-bit G under the premise of not changing a core cipher algorithm of a symmetric cipher algorithm, an asymmetric cipher algorithm or a stream cipher algorithm in the encryption and decryption processes L Group addition/subtraction operation. The expandable modes comprise a CBC mode, a CFB mode, an OFB mode, a BC mode and the like, and comprise encryption and decryption modes which are operated by bit exclusive OR, and also comprise expansion of encryption and decryption algorithms of an asymmetric cryptographic algorithm: expanding bitwise exclusive OR operation in encryption/decryption mode to L bits of G L Group addition/subtraction operation. The security is higher, and the method is suitable for the expansion of various block ciphers and more modes.
Description
Technical Field
The invention relates to the field of computer communication security, in particular to an implementation method for additive expansion of a cryptographic algorithm.
Background
Among cryptographic algorithms, including symmetric cryptographic algorithms (also known as block cryptographic algorithms), asymmetric cryptographic algorithms (public key algorithms) and stream cryptographic algorithms, bitwise exclusive or is a common operation. The exclusive-or by bit is characterized in that the exclusive-or result affects only one bit and does not affect other adjacent bits, namely: there is no diffusion between bits. Meanwhile, the operation is relatively simple and quick.
Because of the simplicity and the non-diffusivity of the exclusive OR, the energy attack has a target point, and in the process of selecting the plaintext attack, the maximum value and the minimum value of the energy can be confirmed according to the bit-by-bit selection of different bits, so that the key related information is acquired, and the security is low.
Disclosure of Invention
Based on this, the present invention aims to provide an implementation method for additive expansion of a cryptographic algorithm, which has higher security compared with exclusive-or by bit, is suitable for expansion of various block ciphers and is suitable for more modes. In order to achieve the above purpose, the technical scheme of the invention is as follows:
an implementation method of additive expansion of a cryptographic algorithm comprises an encryption process and a decryption process;
in the encryption process, under the condition of not changing the core operation of the cryptographic algorithm, the bitwise exclusive OR operation in the existing encryption mode in the block cryptographic algorithm, the asymmetric cryptographic algorithm or the stream cryptographic algorithm is expanded into the G with L bits L Group addition or subtraction;
in the decryption process, under the condition of not changing the core operation of the cryptographic algorithm, the bitwise exclusive OR operation in the existing decryption mode in the block cryptographic algorithm, the asymmetric cryptographic algorithm or the stream cryptographic algorithm is expanded into the G with L bits L Group addition or subtraction;
wherein the binary addition group G is defined in terms of bit length L L =(0~N-1),N=2 L L is more than or equal to 2, and L is a positive integer;
group unit elements, group inverse elements, and group additions and subtractions are defined as follows:
a) The group unit element is 0;
b) Group inversion element: inverse element A of A -1 Is A -1 =N-A;
c) Addition "+":
A∈G L ,B∈G L c=a+b is defined as:
C=A+B mod N,C∈G L ;
the symbol E means that B E G is L Representing B as G L ;
d) Subtraction "-":
A∈G L ,B∈G L d=a-B is defined as: d=a+b -1 ;
The sealing performance is satisfied:
c)A∈G L ,B∈G L c=a+b and C e G L ;
d)A∈G L ,B∈G L D=a-b=a+b -1 And D is E G L ;
The switching law is satisfied:
A∈G L ,B∈G L then c=a+b=b+a, c∈g L 。
Under the condition of not changing the core operation of the block cipher algorithm, the bit exclusive OR operation in a plurality of encryption and decryption modes is expanded into the L bit GL group addition and subtraction operation.
For convenience, the present invention defines: packet data at G L The addition and subtraction of the groups is as follows:
it is known that: A. b, C and D are four binary numbers identical to the packet length N, n=n×l, i.e.: the data length N may be split into N sub-data segments of length L. Then:
A=a 1 ||a 2 ||a 3 ||…||a n ,B=b 1 ||b 2 ||b 3 ||…||b n ,C=c 1 ||c 2 ||c 3 ||…||c n ,
D=d 1 ||d 2 ||d 3 ||…||d n where || represents data stitching, then:
for convenience, the invention defines the addition of A and B as follows:
C=A+B=c 1 ||c 2 ||c 3 ||…||c n recorded as c= (a+b) GL
Wherein: c 1 =a 1 +b 1 mod 2 L ,c 2 =a 2 +b 2 mod 2 L ,…,c n =a n +b n mod 2 L ;
The subtraction of definition a and B is as follows:
D=A-B=d 1 ||d 2 ||d 3 ||…||d n recorded as d= (a-B) GL
Wherein: d, d 1 =a 1 -b 1 mod 2 L ,d 2 =a 2 -b 2 mod 2 L ,…,d n =a n -b n mod 2 L ;
Further, referring to FIG. 1, for the block cipher algorithm, 2 L.ltoreq.M, where M is the block length of the block cipher algorithm, G in L bits L The group addition or subtraction is specifically as follows:
two data A and B with packet length M are divided into M sub-segments according to bit length L, respectively, A= { a 1 ,a 2 ,…,a m },B={b 1 ,b 2 ,…,b m }。
G by L bits L The group addition operation is: c=a+b= { C 1 ,c 2 ,…,c m And (c), where c i =a i +b i mod2 L ,i=1,2,…,m;
G by L bits L The group subtraction operation is: d=a-b= { D 1 ,d 2 ,…,d m And d is as follows i =a i -b i mod2 L ,i=1,2,…,m;
Wherein the addition symbol "+" represents G L Addition of groups, subtraction symbol "-" denotes G L Subtraction of groups.
Further, in a grouping operation, the bit length L is a fixed value, or the bit length L is 2 or more different values;
when the bit length L is a fixed valueWhen the bit length L is an integer divided by the grouping length M, the exclusive OR operation of the original M times of bits is expanded to M times of G L Group addition or subtraction, expressed as: l (L) 1 =L 2 =…=L m =L,M=L 1 +L 2 +…+L m The method comprises the steps of carrying out a first treatment on the surface of the m=m/L; wherein L is 1 ,L 2 …L m Respectively representing the bit length of each sub-segment;
alternatively, when the bit length L is 2 or more different values, the original M-times ratio is specific or expanded to k-times G Lk Group addition or subtraction, expressed as: m=l 1 +L 2 +…+L k Wherein k is an integer, k is not less than 2, and k=m; l (L) 1 ,L 2 ,…L k Indicating that the bit length L is 2 or more different values, lk= { L 1 ,L 2 ,…L k }。L 1 ,L 2 …L k Representing the bit length of each sub-segment, respectively.
Further, the block cipher algorithm adopts a cipher text block chaining (CBC) mode, a cipher text feedback (CFB) mode, an Output Feedback (OFB) mode, a Block Chaining (BC) mode, or the like, and adopts a cipher operation mode of bitwise exclusive or operation.
Further, the block cipher algorithm is a national cipher symmetric block cipher algorithm or an international symmetric block cipher algorithm, the national cipher symmetric block cipher algorithm is one of SM1, SM4, SM6 and SM7 of the national cipher algorithm, and the international symmetric block cipher algorithm is one of DES, TDE, AES and AES256 of the international algorithm.
Further, the asymmetric cryptographic algorithm is an SM2 algorithm or an ECC algorithm; alternatively, the stream cipher algorithm employs a ZUC cipher algorithm in Output Feedback (OFB) mode, counter (CTR) mode, or progenitor.
Further, for a block cipher algorithm, an asymmetric cipher algorithm, or a stream cipher algorithm, the encryption process uses G L Group addition, decryption process uses G L Group subtraction operation; alternatively, the encryption process uses G L Group subtraction operation, decryption process uses G L And (5) performing group addition operation.
By bit exclusive ORComputing extensions to G by L bits L Group addition or subtraction, G may be used for encryption L Group addition, decryption process uses G L Group subtraction operation; g can also be used for encryption process L Group subtraction operation, decryption process uses G L And (5) performing group addition operation.
Further, for non-block cipher algorithms, such as asymmetric cipher algorithm, stream cipher algorithm, etc., the cipher algorithm data length is variable, each time the encrypted and decrypted data length is different, the original bitwise exclusive or operation can be replaced by using the additive expansion mode according to the following modes, specifically:
for data of a packet length M, the data is firstly grouped according to a fixed bit length L, and if the packet length M is an integer multiple of the bit length L, G is carried out M times only L The group addition or subtraction is used for replacing the original M times of exclusive OR operation according to bits, wherein m=M/L;
for data of packet length M, the data is first grouped according to a fixed bit length L, if M is not an integer multiple of L, namely: m=m×l+n, where n<L, n=m mod L. In this case, G needs to be performed m times L Group addition or subtraction and one time G n The group addition or subtraction replaces the original M bitwise exclusive or operations.
The beneficial effects of the invention are as follows:
the method for realizing the additive expansion of the cryptographic algorithm expands G into multiple bits according to single-bit specific OR operation L The addition and subtraction operation of the groups has higher safety. The method is suitable for the expansion of various block ciphers and more modes; the method is suitable for a scene of calculating the checksum by the ciphertext after encrypting the long message.
Drawings
FIG. 1 is a flow diagram of an implementation method of an additive expansion of a cryptographic algorithm of the present invention;
FIG. 2 is a conventional CBC mode encryption flow chart;
FIG. 3 is a conventional CBC mode decryption flow diagram;
FIG. 4 is an encryption flow chart of an implementation method of the additive expansion of the cryptographic algorithm according to an embodiment of the present invention;
FIG. 5 is a decryption flow chart of an implementation method of the additive expansion of the cryptographic algorithm according to an embodiment of the present invention;
fig. 6 is an encryption flow chart of an implementation method of the additive expansion of the cryptographic algorithm according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following describes the implementation method of the additive expansion of the cryptographic algorithm of the present invention in further detail with reference to the accompanying drawings and embodiments. The following embodiments and features in the embodiments may be combined with each other without collision. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The method for realizing the additive expansion of the cryptographic algorithm in one embodiment of the invention replaces the process of bitwise exclusive OR operation in the cryptographic algorithm with the process of bitwise G L Group addition operation, complete encryption operation, according to L bit G L And (5) performing group subtraction operation to finish decryption operation. Since the result of the group addition/subtraction is the result of the bitwise exclusive or operation when l=1, the result of the group addition/subtraction is the standard original cryptographic operation when l=1, and therefore the additive extended cryptographic algorithm (L is greater than or equal to 2) provided by the invention is an extended cryptographic algorithm of the traditional block cryptographic algorithm.
The main characteristics are that:
1. the specific bit exclusive OR operation in the original block cipher algorithm is changed into G L The group addition completes encryption; g L The group subtraction completes decryption.
2. G because addition produces a carry and subtraction produces a carry or borrow L Group addition sum G L The group subtraction can lead to bit diffusion, and the diffusion has the beneficial effects of increasing the difficulty of password cracking, so that the strength of a password algorithm is improved;
3. the additive expansion cipher algorithm has strong adaptability, is applicable to algorithms such as SM1/SM4/SM6/SM7 of a national cipher algorithm, is also applicable to international algorithms such as DES/TDE/AES128/AES256, and is also applicable to stream cipher algorithms such as a ancestral cipher algorithm. Meanwhile, the method is also suitable for encryption/decryption algorithms of SM2 passwords.
4. Besides the cryptographic algorithm, the method is also suitable for various operation modes, such as CBC, CFB, OFB, BC, CTR and the like.
5.L length can be any length as desired.
a) Generally, for ease of calculation, may be 2,4,8, 16, 32, etc. lengths;
b) The maximum can be the packet length: for AES128, l=128; AES256, l=256, etc.;
c) Even any value smaller than the packet length can be used, the SM4 cryptographic algorithm selects L=13, and the original 128-bit exclusive OR operation is converted into 9 groups of L 1 G of=13 13 Group addition and a set of L 2 G of=11 11 Group addition;
d) In particular, l=1 is a standard cryptographic algorithm, and l+.1 is an additive expansion algorithm.
The characteristics can greatly increase the uniqueness and flexibility of a user in use and increase the safety on the premise of basically not changing the password algorithm and the operation mode.
For a cipher algorithm of block length 128, using the OFB mode of a certain cipher algorithm, plaintext P, a binary addition group G of l=128 is defined 128 Then:
the original cryptographic algorithm is:
1. generating a KEY stream K by using the KEY and the initial vector IV;
2. and performing exclusive OR operation on the key stream K and the plaintext P according to the bits to obtain a ciphertext C=P and K. Representing a bitwise exclusive or operation.
The additive extended cryptographic algorithm is:
1. generating a KEY stream K by using the KEY and the initial vector IV;
2. g, carrying out the key stream K and the plaintext P 128 Group addition operation to obtain ciphertext C= (P+K) G128 。(+) G128 Representing 128-bit binary group addition.
The decryption process is similar:
the original cryptographic algorithm is:
1. generating a KEY stream K by using the KEY and the initial vector IV;
2. and performing exclusive or operation on the key stream K and the ciphertext C according to the bits to obtain plaintext P=C and K. Representing a bitwise exclusive or operation.
The additive extended cryptographic algorithm is:
1. generating a KEY stream K by using the KEY and the initial vector IV;
2. g, carrying out key stream K and ciphertext C 128 Group subtraction operation to obtain plaintext p= (C-K) G128 。(-) G128 Representing 128-bit binary group subtraction.
Example 1
Conventional CBC mode encryption and decryption flows are shown in fig. 2 and 3.
CBC mode is a mode of encryption/decryption, independent of the packet algorithm, i.e.: the same applies to both the national cipher block algorithms SM1, SM4 and the international cipher block algorithms DES, AES. The encryption/decryption algorithm uses E respectively K 、D K A representation, wherein E is a reduced representation of encrypted Encryption, D is a reduced representation of decrypted Encryption, and K represents a key value; the +.XOR in the figure represents a bitwise XOR operation.
While CBC encryption and decryption flows for the additive extended cipher algorithm are shown in fig. 4 and 5.∈g in fig. 4 L Representing an L-bit binary group addition operation. In FIG. 5
G L Representing L-bit binary group subtraction operations
P in FIG. 4 1 ,P 2 ,…,P m Is plaintext data of m packets, through E K After CBC mode encryption of a cryptographic algorithm (such as SM4 or ASE), m pieces of block ciphertext data C of ciphertext are obtained 1 ,C 2 ,…,C m 。
Also, as shown in FIG. 5, m pieces of block cipher text data C 1 ,C 2 ,…,C m Through D K After CBC mode decryption of a cryptographic algorithm (such as SM4 or ASE), m pieces of block plaintext data P of plaintext are obtained 1 ,P 2 ,…,P m 。
CBC module comparing traditional CBC mode with additive cipher algorithmThe encryption/decryption process of the formula can be seen that the difference between the two is only: the encryption expansion cipher algorithm is simply to change the XOR in the traditional CBC mode into G by the exclusive OR operation of bits L Group addition sum G L Group subtraction, i.e. addition and subtraction extended to L bits. In particular due to G 1 (addition and subtraction of 1 bit) is an exclusive or operation, so that when l=1, the CBC mode of the additive spread spectrum cipher algorithm is exactly the same as the conventional CBC mode, and when L is greater than or equal to 2, the result is different.
It should be noted that, since encryption and decryption in the additive extended cipher algorithm involve addition and subtraction operations, in particular, subtraction, the number of the subtrahends and the number of the subtrahends cannot be reversed, otherwise, the decryption cannot be performed correctly. At decryption G L In the group subtraction process, plaintext P 1 =(DK(C 1 )–IV) GL ,P i =(DK(C i )–C i-1 ) GL ,i=2,3,…,m。
Further, for better understanding of the additive extended cipher algorithm, the following will take l=16 as an example.
Taking the encryption process as an example, m plaintext data P i According to 16-bit segmentation, e.g. 128-bit length block cipher algorithm, P i To be divided into 8 segments, a 256-bit block cipher algorithm is divided into 16 segments, and a 64-bit cipher algorithm is divided into 4 segments, expressed as:
P i =p i1 ||p i2 ||…||p in i=1, 2, …, m, n=len/16, len being the packet length.
Likewise, the initial vector IV is also divided into n segments according to a 16-bit length: iv=iv 1 ||iv 2 ||…||iv n ,
Then, the first packet encryption procedure is: a is that 1 =(P 1 +IV) GL . Wherein (+) GL Representation group G L The addition operation above, l=16, is specifically: a is that 1 =a 11 ||a 12 ||…||a 1n The method comprises the steps of carrying out a first treatment on the surface of the Wherein a is 1j =p 1j +iv j mod 2 16 J=1, 2, …, n. Ciphertext C 1 =E k (A 1 )。
The encryption process of the rest of the 2 nd to n th packets is: a is that i =a i1 ||a i2 ||…||a in The method comprises the steps of carrying out a first treatment on the surface of the Wherein a is ij =p ij +c i-1j mod 2 16 I=2, 3, …, m, j=1, 2, …, n. Ciphertext C i =E k (A i )。C i =c i1 ||c i2 ||…||c in 。
The decryption process is that m ciphertext data C i According to 16 bit segmentation, C i =c i1 ||c i2 ||…||c in N=len/16, len being the packet length. Then the first time period of the first time period,
the first packet decryption process is: first calculate packet decryption A 1 =D k (C 1 ) Then
First group of plain texts P 1 =(A 1 -IV) GL . Wherein (-) GL Representation group G L The subtraction above, l=16, is specifically: p is p 1j =a 1j -iv j mod 2 16 ,j=1,2,…,n。
The decryption process of the rest of the 2 nd to n th packets is: first calculate packet decryption A i =D k (C i ) Then the ith group of plaintext P i =(A i -C i-1 ) GL =p i1 ||p i2 ||…||p in I=2, 3, …, m; wherein p is ij =a ij -iv j mod2 L ,i=2,3,…m,j=1,2,…,n;
In the above example, l=16, in fact, L may be any integer less than the packet length, or may be equal to the packet length, and generally, L is 8, 16, 32, 64, etc. for ease of calculation, it is easier for the computer to calculate.
It is further noted that the above examples do not rely on a specific block cipher algorithm, namely: the same holds for the class-division cipher algorithms, whether SM1, SM4 or TDES, AES.
Further, the present invention is also applicable to the additive spread spectrum cryptographic algorithm, not limited to CBC mode, including OFB, CTR, OFB, BC mode.
Example 2
The main process of traditional or standard SM2 encryption and decryption is as follows:
SM2 standard encryption main calculation process:
1. generating a random number k and calculating C 1 =[k]G=(x 1 ,y 1 ) Wherein G is the base point of the SM2 elliptic curve.
2. Using public key P, calculate s= [ k]P=(x 2 ,y 2 )。
3. Calculate key stream t=kdf (x 2 ||y 2 Klen), wherein KDF is a key derivation function, klen is the plaintext data bit length to be encrypted;
4. calculation of ciphertext C 2 =m +.t, where +.i is exclusive-or by bit, M is the plaintext to be encrypted.
5. Calculating a check value C 3 =Hash(x 2 ||M||y 2 )。
Output ciphertext C 1 ||C 2 ||C 3 。
SM2 standard decryption main calculation process:
1. calculation of d using private key d]C 1 =(x 2 ,y 2 );
2. Calculate t=kdf (x 2 ||y 2 ,klen);
3. Calculate plaintext m=c 2 ⊕t;
Description: for simplicity, the above process mainly emphasizes the main encryption and decryption calculation process, and does not include the verification process.
In the following, taking l=32 as an example, the implementation of an additive expansion implementation method using a cryptographic algorithm of the present invention is described, and for simplicity, this example assumes that the plaintext data length klen is an integer multiple of 32 bits, n=klen/32.
SM2 additive expansion algorithm encrypts the main calculation process:
1. generating a random number k and calculating C 1 =[k]G=(x 1 ,y 1 ) Wherein G is the base point of the SM2 elliptic curve.
2. Using public key P, calculate [ k ]]P=(x 2 ,y 2 )。
3. Calculate key stream t=kdf (x 2 ||y 2 Klen), wherein KDF is a key derivation function, klen is the plaintext data bit length to be encrypted;
4. calculation of ciphertext C 2 =(M+t) GL Wherein M is plaintext to be encrypted, (+) GL Represents G 32 32-bit addition on the group, specifically:
dividing the plaintext M into n data segments of 32 bits each, m=m 1 ||m 2 ||m 3 ||…||m n The key stream t is also divided into n 32-bit data segments in sequence, each segment being 32 bits, t=t 1 ||t 2 ||t 3 ||…||t n Ciphertext C 2 =c 1 ||c 2 ||c 3 ||…||c n Wherein c i =m i +t i mod2 32 ,i=1,2,3,…,n。
5. Calculating a check value C 3 =Hash(x 2 ||M||y 2 )。
Output ciphertext C 1 ||C 2 ||C 3 。
The decryption main calculation process of the SM2 additive expansion algorithm is as follows:
1. calculation of d using private key d]C 1 =(x 2 ,y 2 );
2. Calculate t=kdf (x 2 ||y 2 ,klen);
3. Calculate plaintext m= (C 2 -t) GL The method comprises the steps of carrying out a first treatment on the surface of the Wherein (-) GL Represents G 32 The 32-bit subtraction on the group is specifically:
ciphertext C 2 Dividing into n data segments according to 32 bits, each segment being 32 bits, C 2 =c 1 ||c 2 ||c 3 ||…||c n The key stream t is also divided into n 32-bit data segments in sequence, each segment being 32 bits, t=t 1 ||t 2 ||t 3 ||…||t n Plain text m=m 1 ||m 2 ||m 3 ||…||m n Wherein m is i =c i -t i mod 2 32 ,i=1,2,3,…,n。
The above examples merely represent specific examples of use of the additive expansion algorithm,in fact, other algorithms including the Zu Chong can be easily extended from standard algorithm to additive extension algorithm, and L=32 for 32 bit SCM and most computers, the unsigned integer addition and subtraction can realize G 32 The addition and subtraction of the group has no obvious speed or difficulty difference between the addition and subtraction operation and the exclusive-or operation, but improves the safety, and simultaneously provides the flexibility of the expansibility core application of the algorithm.
Example 3
The encryption of the data content of the transmission packet is carried out in the OFB additive expansion mode l=16 of the SM4 cipher algorithm.
Two 128-bit plaintext data P 1 、P 2 Using key keys, respectively 1 And key 2 Obtaining a 128-bit keystream K using SM4 cryptography as OFB mode 1 And K 2 Then the additive encryption of the additive expansion mode of the invention is carried out to obtain 128-bit ciphertext C 1 And C 2 . The method comprises the following steps:
P 1 =p 11 ||p 12 ||…||p 18 ;
P 2 =p 21 ||p 22 ||…||p 28 ;
K 1 =k 11 ||k 12 ||…||k 18 ;
K 2 =k 21 ||k 22 ||…||k 28 ;
C 1 =c 11 ||c 12 ||…||c 18 ;
C 2 =c 21 ||c 22 ||…||c 28 ;
wherein p is 1i ,p 2i ,k 1i ,k 2i ,c 1i ,c 2i A plaintext data segment, a key data segment, and a ciphertext data segment, each of 16 bits, respectively.
Wherein: c 1i =p 1i +k 1i mod 2 16 ,c 2i =p 2i +k 2i mod 2 16 ,i=1,2,…,8。
The expression is as follows: c (C) 1 =(P 1 +K 1 ) G16 ,C 2 =(P 2 +K 2 ) G16 ;
Due to group G as defined in the present invention 16 The above addition satisfies the combination law and the exchange law, and therefore:
(c 1i +c 2i ) G16 =((p 1i +p 2i ) G16 +(k 1i +k 2i ) G16 ) G16 ,i=1,2,…,8;
namely: g where the sum of the ciphertext is equal to the sum of the plaintext and the sum of the key 16 And adding up the group.
Further, the method
(c 11 +c 12 +…+c 18 ) G16 =((p 11 +p 12 +…+p 18 ) G16 +(k 11 +k 12 +…+k 18 ) G16 ) G16 And (b)
(c 11 +c 12 +…+c 18 +c 21 +c 22 +…+c 28 ) G16
=((p 11 +p 12 +…+p 18 +p 21 +p 22 +…+p 28 ) G16 +(k 11 +k 12 +…+k 18 +k 21 +k 22 +…+k 28 ) G16 ) G16 ,
Namely, the expression is as follows:
(C 1 +C 2 ) G16 =((P 1 +P 2 ) G16 +(K 1 +K 2 ) G16 ) G16 。
also, the decryption process is: p (P) 1 =(C 1 -K 1 ) G16 ,P 2 =(C 2 -K 2 ) G16 . The same can be stated as:
(P 1 +P 2 ) G16 =((C 1 +C 2 ) G16 -(K 1 +K 2 ) G16 ) G16 。
the characteristics have addition operation characteristics similar to some homomorphic passwords, and the characteristics are convenient in many practical application scenes.
For example, a packet is composed of a header, a data payload and a checksum, wherein the header includes a header flag and a data length, a splice flag and a splice position, the data payload is the data content actually carried by the packet, the checksum is 16-bit fixed-length data, and the content is the 16-bit accumulated sum of the data payload, i.e. (+ G16 And (5) operation sum. The structure of the message is shown in the following table 1;
TABLE 1
| Packet head | Data payload | Checksum |
In the actual transmission process, for longer data loads, a large data packet is split into several small-load transmission packets, similar to an IP packet. For example, as shown in table 2 below;
TABLE 2
| |
|||
| 1 | |
|
Plaintext checksum |
| 2 | Header 2 | Plaintext data 2 | Plaintext checksum |
| i | Baotou i | Plaintext data i | … |
| n | Header n | Plaintext data n | Plaintext checksum |
Wherein, the data load=data 1|data 2| … |data n, and the checksum is an application layer checksum, i.e. the checksum of the whole data load.
To ensure the privacy of the data, the data payload needs to be additively encrypted during the transmission process, namely: and (5) ciphertext transmission. Using the key as the key, using SM4 algorithm, OFB mode, encrypting the data payload, the ciphertext transmission packet obtained is shown in table 3 below:
TABLE 3 Table 3
| |
|||
| 1 | |
|
Ciphertext checksum |
| 2 | Header 2 | Ciphertext data 2 | Ciphertext checksum |
| i | Baotou i | Ciphertext data i | … |
| n | Header n | Ciphertext data n | Ciphertext checksum |
Wherein: the ciphertext data i is the encrypted result of the plaintext data. The ciphertext checksum is the sum of all ciphertext data.
Ith data packet P i The SM4 cryptographic algorithm OFB additive extended encryption of (c) is as shown in fig. 6:
in actual transmission, the encryption device encrypts a data packet after receiving the data packet, and does not need to wait for all n data packets to be received and then encrypted, because all data packets are received and then encrypted, the transmission delay is greatly increased. However, n data packets are not completely received, and the ciphertext result cannot be predicted by using the conventional encryption mode, so that the ciphertext checksum cannot be calculated.
The problem can be well solved by using the additive expansion mode of the invention to carry out encryption operation. Ciphertext data i may be expressed as:
ciphertext data C i = (plaintext data M i +k i ) G16 ,i=1,2,…,n;
Namely: the ciphertext data i is obtained by dividing the plaintext data i into a plurality of 16-bit data segments, and the data segments are combined with a key stream key i G is performed on the corresponding 16-bit data segment of (1) 16 The above addition completes the encryption operation. The expression is as follows:
plaintext data P i =p i0 ||p i1 ||…||p im ;
Key stream K i =k i0 ||k i1 ||…||k im ;
Then, the jth data segment c of ciphertext data i ij =(p ij +k ij ) G16 I=1, 2, …, n, j=1, 2, …, m; m is a positive integer.
Thus, the ciphertext checksum is the sum of all ciphertext data, namely: equal to the sum of all ciphertext data segments. Namely:
ciphertext checksum=sum (c ij ,i=1,2,…,n,j=1,2,…,m) G16
=sum(p ij +k ij ,i=1,2,…,n,j=1,2,…,m) G16
=(sum(p ij ,i=1,2,…,n,j=1,2,…,m) G16 +sum(k ij ,i=1,2,…,n,j=1,2,…,m)) G16
= (plaintext checksum + key sum) G16 。
Wherein sum () G16 Representation group G 16 Sum of the above accumulation operation, key sum=sum (k ij ,i=1,2,…,n,j=1,2,…,m)。
The plaintext key sum is known at the encryption end, and the key sum can be calculated according to the length of the whole data packet. The ciphertext checksum can be calculated without receiving and encrypting all n data packets and then calculating the ciphertext checksum, but receiving the first data packet to obtain the plaintext checksum and the total length.
The decryption end also can calculate the plaintext checksum of the whole data packet after knowing the ciphertext checksum and the total length of the total load data: plaintext checksum= (ciphertext checksum-key sum) G16 。
In this way, whether the calculated plaintext checksum and/or ciphertext checksum is consistent with the actually received checksum or not can be judged, if yes, decryption is successful, and if not, decryption fails; the sender resends the data packet or the transmission packet to the receiver, and the receiver resends the decryption step until the decryption is successful.
As a preferred embodiment, the encryption step may be:
generating a KEY stream K using an initial vector IV and a KEY KEY i ;
Splitting a data packet into n transmission packets with small loads, wherein each transmission packet comprises a packet head, a data load and a checksum; wherein the packet header comprises at least one of a header mark and a data length, a splicing mark and a splicing position, the data load is the data content actually carried by the data packet, the checksum is data with fixed length of L bits, and the content is the accumulated sum of L bits of the data load, namely (+) GL Calculating and summing;
each transmission packet corresponds to one plaintext data M i ;
n plaintext data P i Respectively according to the L bit length, then
Plaintext data P i =p i1 ||p i2 ||…||p im ;i=1,2,…,n;
Key stream K i =k i1 ||k i2 ||…||k im The method comprises the steps of carrying out a first treatment on the surface of the i=1, 2, …, n, where m is the block cipher length Len/L, m is a positive integer, ||represents data concatenation;
for key stream K i And plaintext P i Proceed G L Group addition encryption operation to obtain ciphertext C i =(P i +K i ) GL The method comprises the steps of carrying out a first treatment on the surface of the Then C i =c i1 ||c i2 ||…||c ij ,i=1,2,…,n,j=1,2,…m;
The decryption step may be:
generating a KEY stream K using an initial vector IV and a KEY KEY i The method comprises the steps of carrying out a first treatment on the surface of the Then
Key stream K i =k i1 ||k i2 ||…||k im The method comprises the steps of carrying out a first treatment on the surface of the i=1, 2, …, n, where m is the block cipher length Len/L, m is a positive integer, ||represents data concatenation;
for key stream K i And ciphertext C i Proceed G L Group subtraction decryption operation to obtain plaintext P i =(C i -K i ) GL The method comprises the steps of carrying out a first treatment on the surface of the Then
Plaintext data P i =p i1 ||p i2 ||…||p im ;i=1,2,…,n;
Calculate plaintext checksum = sum (p ij ,i=1,2,…,n,j=1,2,…,m) GL
=(sum(c ij -k ij ,i=1,2,…,n,j=1,2,…,m) G16 ) GL
=(sum(c ij ,i=1,2,…,n,j=1,2,…,m)-sum(k ij ,i=1,2,…,n,j=1,2,…,m)) GL
= (ciphertext checksum-key sum) GL ;
Judging whether the calculated plaintext checksum is consistent with the actually received plaintext checksum or not, if so, decrypting successfully, otherwise, decrypting failed;
wherein sum () GL Representation group G L Sum of the above accumulation operation, key sum=sum (k ij ,i=1,2,…,n,j=1,2,…,m);(+) GL Representation group G L Add operation on (-) GL Representation group G L Subtracting with L equal to or greater than 2, L being an integer, group G L =(0~N-1),N=2 L ;
As another preferable embodiment, the encrypting step may be:
generating a KEY stream K using an initial vector IV and a KEY KEY i ;
Splitting a data packet into n transmission packets with small loads, wherein each transmission packet comprises a packet head, a data load and a checksum; wherein the packet header comprises at least one of a header mark and a data length, a splicing mark and a splicing position, the data load is the data content actually carried by the data packet, the checksum is data with fixed length of L bits, and the content is the accumulated sum of L bits of the data load, namely (+) GL Calculating and summing;
each transmission packet corresponds to one plaintext data P i ;
n plaintext data P i Respectively according to the L bit length, then
Plaintext data P i =p i1 ||p i2 ||…||p im ;i=1,2,…,n;
Key stream K i =k i1 ||k i2 ||…||k im The method comprises the steps of carrying out a first treatment on the surface of the i=1, 2, …, n, where m is the block cipher length Len/L, m is a positive integer, ||represents data concatenation;
for key stream K i And plaintext P i Proceed G L Group addition encryption operation to obtain ciphertext C i =(P i +K i ) GL The method comprises the steps of carrying out a first treatment on the surface of the Then C i =c i1 ||c i2 ||…||c ij ,i=1,2,…,n,j=1,2,…m;
c ij =(p ij +k ij )G 16 ,i=1,2,…,n,j=1,2,…m;
Calculation of ciphertext checksum=sum (c ij ,i=1,2,…,n,j=1,2,…,m) GL
=(sum(p ij +k ij ,i=1,2,…,n,j=1,2,…,m) GL ) GL
=(sum(p ij ,i=1,2,…,n,j=1,2,…m,)+sum(k ij ,i=1,2,…,n,j=1,2,…,m)) GL
= (plaintext checksum + key sum) GL
Wherein sum is() GL Representation group G L Sum of the above accumulation operation, key sum=sum (k ij ,i=1,2,…,n,j=1,2,…,m);
The decryption step may be:
generating a KEY stream K using an initial vector IV and a KEY KEY i The method comprises the steps of carrying out a first treatment on the surface of the Then
Key stream K i =k i1 ||k i2 ||…||k im The method comprises the steps of carrying out a first treatment on the surface of the i=1, 2, …, n, where m is the block cipher length Len/L, m is a positive integer, ||represents data concatenation;
for key stream K i And ciphertext C i Proceed G L Group subtraction decryption operation to obtain plaintext P i =(C i -K i ) GL The method comprises the steps of carrying out a first treatment on the surface of the Then
Plaintext P i =p i1 ||p i2 ||…||p im ;i=1,2,…,n;
Judging whether the ciphertext checksum is consistent with the ciphertext checksum actually received, if so, decrypting successfully, otherwise, decrypting failure;
wherein sum () GL Representation group G L Sum of the above accumulation operation, key sum=sum (k ij ,i=1,2,…,n,j=1,2,…,m);(+) GL Representation group G L Add operation on (-) GL Representation group G L Subtracting with L equal to or greater than 2, L being an integer, group G L =(0~N-1),N=2 L 。
The implementation method of the additive expansion of the cryptographic algorithm in each embodiment expands the 1-bit operation into the multi-bit operation, and has higher security. The method is suitable for the expansion of various block ciphers and more modes; the method is suitable for a scene of calculating the checksum by the ciphertext after encrypting the long message.
The core of the method is based on an addition group in a binary finite field, and the addition/subtraction in the group is used for replacing the exclusive OR operation in the original cryptographic algorithm. And when a group is defined as a 1-bit binary number, the group addition/subtraction is consistent with the bit exclusive-or result, i.e.: based on addition in binary finite field, is an extension of bit exclusive or.
On the other hand, for stream ciphers of different modes and algorithms like OFB, CTR, etc. of the block cipher algorithm, the additive expansion method using the cipher algorithm may also have properties like homomorphic encryption, namely: the sum of the ciphertext of the plurality of sets of data is equal to the sum of the plaintext and the sum of the keystream. Therefore, the method has the property of homomorphic passwords similar to addition and subtraction, and can be used in more practical application scenes.
The invention has the following beneficial effects:
1) The safety is high: the 1-bit operation is expanded into multi-bit operation, so that the safety is higher.
2) The applicability is wide: the method is suitable for the expansion of various block ciphers and more modes;
3) The method has the characteristics of additivity, namely similar to additive homomorphic encryption;
4) A scene suitable for calculating a checksum by using a ciphertext after encrypting the long message;
the invention can be used for the hardware design, network security design and system security design of computer application and password equipment.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it is possible for those skilled in the art to make several modifications and improvements without departing from the spirit of the present invention, and all equivalent embodiments or modifications are included in the scope of the present invention.
Claims (7)
1. A method for realizing the additive expansion of a cryptographic algorithm is characterized by comprising the following steps: including encryption and decryption processes;
in the encryption process, under the condition of not changing the core operation of the cryptographic algorithm, the bitwise exclusive OR operation in the existing encryption mode in the block cryptographic algorithm, the asymmetric cryptographic algorithm or the stream cryptographic algorithm is expanded into the G with L bits L Group addition or subtraction;
in the decryption process, the key operation of the cryptographic algorithm is not changedIn the case, the bitwise exclusive-or operation in the existing decryption mode in the block cipher algorithm, the asymmetric cipher algorithm or the stream cipher algorithm is extended to a bitwise G L Group addition or subtraction;
wherein the binary addition group G is defined in terms of bit length L L =(0~N-1),N=2 L L is more than or equal to 2, L isPositive directionAn integer;
definition G L The group unit element, the group inverse element, and the group addition and subtraction are as follows:
a)G L the group unit element is 0;
b)G L group inversion element: inverse element A of A -1 Is A -1 =N-A;
c)G L Addition "+":
A∈G L ,B∈G L c=a+b is defined as:
C=A+B mod N,C∈G L ;
the symbol E means that B E G is L Representing B as G L ;
d)G L Subtraction "-":
A∈G L ,B∈G L d=a-B is defined as: d=a+b -1 ;
The sealing performance is satisfied:
a)A∈G L ,B∈G L c=a+b and C e G L ;
b)A∈G L ,B∈G L D=a-b=a+b -1 And D is E G L ;
The switching law is satisfied:
A∈G L ,B∈G L then c=a+b=b+a, c∈g L 。
2. The method for implementing the additive expansion of the cryptographic algorithm according to claim 1, wherein:
for the block cipher algorithm, 2.ltoreq.L.ltoreq.M, where M is the block length of the block cipher algorithm, G in L bits L The group addition or subtraction is specifically as follows:
two packetsData a and data B of length M are divided into M sub-segments according to bit length L, a= { a, respectively 1 ,a 2 ,…,a m },B={b 1 ,b 2 ,…,b m };
G by L bits L The group addition operation is: c=a+b= { C 1 ,c 2 ,…,c m And (c), where c i =a i +b i mod2 L ,i=1,2,…,m;
G by L bits L The group subtraction operation is: d=a-b= { D 1 ,d 2 ,…,d m And d is as follows i =a i -b i mod2 L ,i=1,2,…,m;
Wherein the addition symbol "+" represents G L Addition of groups, subtraction symbol "-" denotes G L Subtraction of groups.
3. The method for implementing the additive expansion of the cryptographic algorithm according to claim 2, wherein:
in a grouping operation, the bit length L is a fixed value, or the bit length L is 2 or more different values;
when the bit length L is a fixed value, the bit length L is an integer divided by the grouping length M, i.e. the exclusive OR operation of the original M times of bits is extended to M times of G L Group addition or subtraction, expressed as: l (L) 1 =L 2 =…=L m =L,M=L 1 +L 2 +…+L m The method comprises the steps of carrying out a first treatment on the surface of the m=m/L; wherein L is 1 ,L 2 …L m Respectively representing the bit length of each sub-segment;
alternatively, when the bit length L is 2 or more different values, the original M-times ratio is specific or expanded to k-times G Lk Group addition or subtraction, expressed as: m=l 1 +L 2 +…+L k Wherein k is an integer, k is not less than 2, and k=m; l (L) 1 ,L 2 ,…L k Indicating that the bit length L is 2 or more different values, lk= { L 1 ,L 2 ,…L k }。
4. The method for implementing the additive expansion of the cryptographic algorithm according to claim 1, wherein:
the block cipher algorithm employs a Ciphertext Block Chaining (CBC) mode, a Ciphertext Feedback (CFB) mode, an Output Feedback (OFB) mode, a Block Chaining (BC) mode, or a Counter (CTR) mode.
5. The method for implementing the additive expansion of the cryptographic algorithm according to claim 1, wherein:
the block cipher algorithm is a national cipher symmetric block cipher algorithm or an international symmetric block cipher algorithm, the national cipher symmetric block cipher algorithm is one of SM1, SM4, SM6 and SM7 of the national cipher algorithm, and the international symmetric block cipher algorithm is one of DES, TDE, AES and AES256 of the international algorithm.
6. The method for implementing the additive expansion of the cryptographic algorithm according to claim 1, wherein:
the asymmetric cryptographic algorithm is an SM2 algorithm or an ECC algorithm, and the stream cryptographic algorithm adopts an Output Feedback (OFB) mode, a Counter (CTR) mode or a ZUC cryptographic algorithm of ancestral burst.
7. The method for implementing the additive expansion of the cryptographic algorithm according to claim 1, wherein:
for block cipher, asymmetric cipher or stream cipher, the encryption process uses G L Group addition, decryption process uses G L Group subtraction operation; alternatively, the encryption process uses G L Group subtraction operation, decryption process uses G L And (5) performing group addition operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211355280.9A CN116132016A (en) | 2022-11-01 | 2022-11-01 | Method for realizing additive expansion of cipher algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211355280.9A CN116132016A (en) | 2022-11-01 | 2022-11-01 | Method for realizing additive expansion of cipher algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116132016A true CN116132016A (en) | 2023-05-16 |
Family
ID=86305211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211355280.9A Pending CN116132016A (en) | 2022-11-01 | 2022-11-01 | Method for realizing additive expansion of cipher algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116132016A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117098120A (en) * | 2023-10-19 | 2023-11-21 | 国网山西省电力公司晋城供电公司 | Beidou short message data encryption and decryption method, equipment and storage medium |
-
2022
- 2022-11-01 CN CN202211355280.9A patent/CN116132016A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117098120A (en) * | 2023-10-19 | 2023-11-21 | 国网山西省电力公司晋城供电公司 | Beidou short message data encryption and decryption method, equipment and storage medium |
| CN117098120B (en) * | 2023-10-19 | 2024-01-02 | 国网山西省电力公司晋城供电公司 | Beidou short message data encryption and decryption method, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6950517B2 (en) | Efficient encryption and authentication for data processing systems | |
| AU2003296887B2 (en) | Efficient encryption and authentication for data processing systems | |
| CN110011995B (en) | Encryption and decryption method and device in multicast communication | |
| CN112187461A (en) | Weapon equipment data hybrid encryption method based on encryption algorithm | |
| CN111010276A (en) | Multi-party combined SM9 key generation and ciphertext decryption method and medium | |
| Saarinen | Attacks against the WAP WTLS protocol | |
| Borghoff et al. | Slender-set differential cryptanalysis | |
| Alemami et al. | Advanced approach for encryption using advanced encryption standard with chaotic map | |
| Noura et al. | Overview of efficient symmetric cryptography: dynamic vs static approaches | |
| CN116132016A (en) | Method for realizing additive expansion of cipher algorithm | |
| Lu | Cryptanalysis of block ciphers | |
| CN112532384B (en) | Method for quickly encrypting and decrypting transmission key based on packet key mode | |
| Balasubramanian | Hash functions and their applications | |
| EP1456997B1 (en) | System and method for symmetrical cryptography | |
| Forhad et al. | An improvement of advanced encryption standard | |
| KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
| Xiao et al. | Data transmission scheme based on AES and polar codes | |
| Abad et al. | Enhanced key generation algorithm of hashing message authentication code | |
| Keliher et al. | Modeling linear characteristics of substitution-permutation networks | |
| Souror et al. | SCKHA: a new stream cipher algorithm based on key hashing and Splitting technique | |
| Sharma et al. | Comparative analysis of block key encryption algorithms | |
| Almuhammadi et al. | Double-hashing operation mode for encryption | |
| Mahmoud et al. | Improved Rijndael Algorithm by Encryption S-Box Using NTRU Algorithm | |
| RadiHamade | Survey: Block cipher Methods | |
| Zhang et al. | An RC4-based lightweight security protocol for resource-constrained communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |