CN117134886B - Optimized FOX algorithm linear layer circuit - Google Patents

Optimized FOX algorithm linear layer circuit Download PDF

Info

Publication number
CN117134886B
CN117134886B CN202311056191.9A CN202311056191A CN117134886B CN 117134886 B CN117134886 B CN 117134886B CN 202311056191 A CN202311056191 A CN 202311056191A CN 117134886 B CN117134886 B CN 117134886B
Authority
CN
China
Prior art keywords
module
linear layer
algorithm
exclusive
output signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311056191.9A
Other languages
Chinese (zh)
Other versions
CN117134886A (en
Inventor
李念
吴亚男
向泽军
曾祥勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University
Original Assignee
Hubei University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University filed Critical Hubei University
Priority to CN202311056191.9A priority Critical patent/CN117134886B/en
Publication of CN117134886A publication Critical patent/CN117134886A/en
Application granted granted Critical
Publication of CN117134886B publication Critical patent/CN117134886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Abstract

The invention relates to an optimized FOX algorithm linear layer circuit, which is based on the problem that the cost of the whole algorithm implementation is high due to the fact that the consumption of an exclusive OR gate of the optimized FOX algorithm linear layer circuit is high in the prior art. The number of the exclusive-OR gate circuits in the FOX algorithm linear layer circuit is known to be minimum at present, so that the cost and the area for realizing the hardware of the whole cryptographic algorithm are reduced.

Description

Optimized FOX algorithm linear layer circuit
Technical Field
The invention relates to the field of encryption realization of a FOX algorithm, in particular to an optimized linear layer circuit of the FOX algorithm.
Background
With the rapid development of emerging applications such as the Internet of things, wireless sensor networks, embedded systems and the like, the lightweight cryptographic algorithm not only solves the special requirements of resource-constrained equipment, but also makes positive contribution to protecting privacy and sensitive information of users, and promotes the sustainable development of a digital society. Therefore, optimization of lightweight cryptographic algorithms is one of the research hotspots for cryptography. FOX algorithm is a series of lightweight block ciphers designed based on the actual requirements of Mediacrypt company, and is currently used in the design of european cable television. The algorithm integrally adopts a Lai-Massey structure. Because of its high efficiency, security and scalability, FOX algorithm is also widely used in the information security fields such as data encryption, data integrity verification, digital signature, secure communication, and file storage encryption, and has become one of the most popular cryptographic algorithms in europe.
Diffusion is one of two basic criteria for designing a cryptographic algorithm, and is an encryption operation for diffusing the influence of one plaintext symbol to a plurality of ciphertext symbols in order to hide the statistical properties of the plaintext, which plays a vital role in enhancing the security of the cryptographic algorithm. The linear component of the cryptographic algorithm is an important component of the diffusion layer. The linear component increases the corresponding cost in the hardware implementation of the cryptographic algorithm due to the hardware resource utilization, the operation speed, the resistance to side channel attacks, and other factors. Therefore, in the design of lightweight block ciphers, optimizing the implementation cost of diffusion layer linear components is an important research issue.
The linear layer of the cryptographic algorithm can be represented by a matrix whose indicator of implementation cost is the number of exclusive ors required to implement the matrix. Currently known techniques for solving matrix optimization implementation based on the g-xor standard are Paar1 algorithm, paar2 algorithm, BP algorithm, BFI algorithm, RNBP algorithm, A1 algorithm and A2 algorithm. The algorithm is a heuristic algorithm, and the implementation of the algorithm is high in consumption of the exclusive-OR gate because the implementation of the algorithm is highly dependent on the size and the thickness of the matrix, so that the hardware cost of the whole cryptographic algorithm is increased.
Disclosure of Invention
The invention aims to solve the technical problems and requirements and provides an optimized FOX algorithm linear layer circuit.
In order to solve the technical problems, the invention adopts the following technical scheme:
an optimized FOX algorithm linear layer circuit comprises a first module, a second module, a third module, a fourth module, a fifth module, a sixth module, a seventh module, an eighth module and a ninth module, and the total input signal of the linear layer circuit is { x } 0 ,x 1 ,…,x 31 The total output signal is { y } 0 ,y 1 ,…,y 31 Register information is denoted t i The input signal of the first module is:
x 0 ,x 1 ,x 2 ,x 3 ,x 4 ,x 5 ,x 6 ,x 7 ,x 8 ,x 9 ,x 10 ,x 11 ,x 12 ,x 13 ,x 14 ,x 15 ,x 16 ,x 17 ,x 18 ,x 19 ,x 20 ,x 21 ,x 22 ,x 23 ,x 24 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31 the output signal is:
t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 56 ,t 57 ,t 59 ,t 60 ,t 67 ,t 68 ,t 70 ,t 73 ,t 87 ,t 94 ,t 99 ,t 100 ,t 102 ,t 105 ,t 108 ,t 112 ,t 117 ,t 123 ,t 132 ,t 144 ,t 148 ,t 152 ,t 157 specifically, the circuit comprises 36 exclusive-OR gate circuits, which are respectively:
t 32 =x 5 ⊕x 13 ,t 33 =x 8 ⊕x 14 ,t 34 =x 10 ⊕x 15 ,t 35 =x 0 ⊕x 16 ,t 36 =x 16 ⊕x 22 ,t 37
x 2 ⊕x 7 ,t 41 =x 18 ⊕x 23 ,t 48 =x 3 ⊕x 12 ,t 50 =x 4 ⊕x 19 ,t 51 =x 7 ⊕x 20 ,t 52 =x 0 ⊕x 8 ,t 53 =x 1 ⊕x 17 ,t 54 =x 19 ⊕x 31 ,t 56 =x 6 ⊕x 15 ,t 57 =x 5 ⊕x 14 ,t 59 =x 15 ⊕x 23 ,t 60 =x 1 ⊕x 10 ,t 67 =x 3 ⊕x 11 ,t 68 =x 7 ⊕x 30 ,t 70 =x 16 ⊕x 31 ,t 73 =x 2 ⊕x 27 ,t 87 =x 2 ⊕x 17 ,t 94 =x 6 ⊕x 21 ,t 99 =x 6 ⊕x 14 ,t 100 =x 22 ⊕x 29 ,t 102 =x 9 ⊕x 24 ,t 105 =x 12 ⊕x 20 ,t 108 =x 12 ⊕x 30 ,t 112 =x 23 ⊕x 24 ,t 117 =x 18 ⊕x 29 ,t 123 =x 9 ⊕x 28 ,t 132 =x 22 ⊕x 30 ,t 144 =x 0 ⊕x 3 ,t 148 =x 3 ⊕x 23 ,t 152 =x 8 ⊕x 22 ,t 157 =x 10 ⊕x 20
the input signal of the second module of the linear layer circuit is:
x 1 ,x 13 ,x 16 ,x 17 ,x 18 ,x 25 ,x 26 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31 ,t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 57 ,t 59 ,t 60 ,t 68 ,t 70 ,t 99 ,t 100 ,t 112 ,t 144 the output signal is:
t 38 ,t 40 ,t 42 ,t 55 ,t 61 ,t 62 ,t 65 ,y 7 ,y 0 ,t 77 ,t 79 ,t 81 ,t 86 ,t 95 ,y 6 ,t 103 ,t 111 ,t 120 ,t 135 ,t 136 ,t 146 ,t 158 specifically, the device comprises 22 exclusive-or gate circuits, which are respectively:
t 38 =t 33 ⊕t 34 ,t 40 =x 1 ⊕t 35 ,t 42 =x 17 ⊕t 36 ,t 55 =x 27 ⊕t 50 ,t 61 =x 13 ⊕t 50 ,t 62 =t 36 ⊕t 51 ,t 65 =x 28 ⊕t 32 ,t 69 =t 59 ⊕t 68 =y 7 ,t 71 =t 52 ⊕t 70 =y 0 ,t 77 =x 26 ⊕t 54 ,t 79 =x 30 ⊕t 57 ,t 81 =t 34 ⊕t 35 ,t 86 =x 25 ⊕t 60 ,t 95 =t 37 ⊕t 57 ,t 101 =t 99 ⊕t 100 =y 6 ,t 103 =x 31 ⊕t 53 ,t 111 =x 16 ⊕t 59 ,t 120 =x 18 ⊕t 32 ,t 135 =x 27 ⊕t 33 ,t 136 =x 41 ⊕t 48 ,t 146 =t 112 ⊕t 144 ,t 158 =x 29 ⊕t 32
the input signal of the third module of the linear layer circuit is:
x 9 ,x 11 ,x 19 ,x 21 ,x 31 ,t 36 ,t 37 ,t 38 ,t 40 ,t 41 ,t 42 ,t 54 ,t 55 ,t 61 ,t 62 ,t 65 ,t 67 ,t 77 ,t 81 ,t 95 ,t 102 ,t 103 ,t 123 ,t 135 ,t 136 ,t 148 the output signal is:
t 39 ,t 43 ,t 44 ,t 63 ,y 5 ,t 72 ,y 3 ,y 19 ,y 1 ,t 106 ,t 125 ,y 11 ,t 138 ,t 149 ,t 150 specifically, the circuit comprises 15 exclusive-OR gate circuits, which are respectively:
t 39 =x 9 ⊕t 39 ,t 43 =t 37 ⊕t 40 ,t 44 =t 41 ⊕t 42 ,t 63 =x 19 ⊕t 62 ,t 66 =x 21 ⊕t 65 =y 5 ,t 72 =x 11 ⊕t 62 ,t 78 =t 67 ⊕t 77 =y 3 ,t 82 =t 55 ⊕t 81 =y 19 ,t 104 =t 102 ⊕t 103 =y 1 ,t 106 =t 54 ⊕t 55 ,t 125 =t 61 ⊕t 123 ,t 137 =t 135 ⊕t 136 =y 11 ,t 138 =t 36 ⊕t 40 ,t 149 =x 31 ⊕t 40 ,t 150 =t 95 ⊕t 148
the input signal of the fourth module of the linear layer circuit is:
x 4 ,x 11 ,x 13 ,x 21 ,x 24 ,x 26 ,t 38 ,t 39 ,t 43 ,t 44 ,t 48 ,t 63 ,t 70 ,t 72 ,t 73 ,t 105 ,t 106 ,t 149 ,t 150 ,t 152 the output signal is:
t 45 ,t 47 ,t 49 ,t 64 ,y 27 ,t 75 ,t 83 ,t 85 ,y 4 ,t 121 ,t 130 ,y 23 ,t 153 ,t 154 specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
t 45 =x 11 ⊕t 39 ,t 47 =x 4 ⊕t 43 ,t 49 =x 21 ⊕t 44 ,t 64 =x 13 ⊕t 39 ,t 74 =t 72 ⊕t 73 =y 27 ,t 75 =x 26 ⊕t 44 ,t 83 =t 38 ⊕t 43 ,t 85 =x 26 ⊕t 39 ,t 107 =t 105 ⊕t 106 =y 4 ,t 121 =t 48 ⊕t 63 ,t 130 =t 70 ⊕t 72 ,t 151 =t 149 ⊕t 150 =y 23 ,t 153 =x 24 ⊕t 44 ,t 154 =t 63 ⊕t 152
the input signal of the fifth module of the linear layer circuit is:
x 12 ,x 18 ,x 20 ,t 32 ,t 45 ,t 47 ,t 49 ,t 53 ,t 54 ,t 60 ,t 64 ,t 75 ,t 83 ,t 85 ,t 86 ,t 87 ,t 94 ,t 111 ,t 120 ,t 121 ,t 153 ,t 154 the output signal is:
t 46 ,t 58 ,y 26 ,t 84 ,y 10 ,t 89 ,t 97 ,t 109 ,t 115 ,t 122 ,t 129 ,t 133 ,t 145 ,y 24 specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
t 46 =x 12 ⊕t 45 ,t 58 =x 20 ⊕t 49 ,t 76 =t 60 ⊕t 75 =y 26 ,t 84 =t 53 ⊕t 83 ,t 88 =t 85 ⊕t 87 =y 10 ,t 89 =x 18 ⊕t 83 ,t 97 =t 49 ⊕t 54 ,t 109 =t 64 ⊕t 94 ,t 115 =t 64 ⊕t 86 ,t 122 =t 120 ⊕t 121 ,t 129 =x 20 ⊕t 64 ,t 133 =t 32 ⊕t 47 ,t 145 =t 47 ⊕t 111 ,t 155 =t 153 ⊕t 154 =y 24
the input signal of the sixth module of the linear layer circuit is:
t 41 ,t 44 ,t 46 ,t 52 ,t 56 ,t 58 ,t 59 ,t 61 ,t 66 ,t 76 ,t 79 ,t 84 ,t 85 ,t 86 ,t 89 ,t 97 ,t 108 ,t 109 ,t 111 ,t 115 ,t 122 ,t 129 ,t 130 ,t 132 ,t 133 ,t 145 ,t 146 ,t 157 the output signal is:
y 30 ,y 18 ,t 91 ,y 31 ,y 14 ,t 113 ,y 9 ,t 118 ,t 124 ,t 127 ,y 15 ,y 22 ,t 141 ,y 16 ,t 159 ,y 28 specifically, the circuit comprises 16 exclusive or gate circuits, which are respectively:
t 80 =t 58 ⊕t 79 =y 30 ,t 90 =t 85 ⊕t 89 =y 18 ,t 91 =t 84 ⊕t 86 ,t 98 =t 56 ⊕t 97 =y 31 ,t 110 =t 108 ⊕t 109 =y 14 ,t 113 =t 46 ⊕t 52 ,t 116 =t 111 ⊕t 115 =y 9 ,t 118 =t 58 ⊕t 61 ,t 124 =t 46 ⊕t 59 ,t 127 =t 44 ⊕t 122 ,t 131 =t 129 ⊕t 130 =y 15 ,t 134 =t 132 ⊕t 133 =y 22 ,t 141 =t 41 ⊕t 76 ,t 147 =t 145 ⊕t 146 =y 16 ,t 159 =t 46 ⊕t 157 ,t 161 =t 66 ⊕t 122 =y 28
the input signal of the seventh module of the linear layer circuit is:
t 88 ,t 91 ,t 95 ,t 112 ,t 113 ,t 117 ,t 118 ,t 124 ,t 125 ,t 158 ,t 159 the output signal is:
t 92 ,y 17 ,y 8 ,y 29 ,y 12 ,y 13 specifically, the circuit comprises 6 exclusive or gate circuits, which are respectively:
t 92 =t 88 ⊕t 91 ,t 96 =t 91 ⊕t 95 =y 17 ,t 114 =t 112 ⊕t 113 =y 8 ,t 119 =t 117 ⊕t 118 =y 29 ,t 126 =t 124 ⊕t 125 =y 12 ,t 160 =t 158 ⊕t 159 =y 13
the input signal of the eighth module of the linear layer circuit is:
t 90 ,t 92 ,t 94 ,t 119 ,t 126 ,t 127 output ofThe signals are as follows:
y 2 ,t 128 ,t 139 ,t 142 specifically, the circuit comprises 4 exclusive or gate circuits, which are respectively:
t 93 =t 90 ⊕t 92 =y 2 ,t 128 =t 126 ⊕t 127 ,t 139 =t 119 ⊕t 127 ,t 142 =t 92 ⊕t 94
the input signal of the ninth module of the linear layer circuit is:
t 84 ,t 128 ,t 138 ,t 139 ,t 141 ,t 142 the output signal is:
y 21 ,y 25 ,y 20 specifically, the circuit comprises 3 exclusive or gate circuits, which are respectively:
t 140 =t 138 ⊕t 139 =y 21 ,t 143 =t 141 ⊕t 142 =y 25 ,t 156 =t 84 ⊕t 128 =y 20
after the technical scheme is adopted, compared with the prior art, the invention has the following advantages:
compared with the known technology for solving matrix optimization implementation based on the g-xor standard, the number of the exclusive-OR gates needed in the FOX algorithm linear layer circuit provided by the invention is the best known at present. Therefore, the invention reduces the realization cost of the linear transformation of the FOX algorithm, and further reduces the hardware area and cost required by the whole cryptographic algorithm in the realization process.
The invention will now be described in detail with reference to the drawings and examples.
Drawings
FIG. 1 is a specific flow chart of the FOX algorithm;
FIG. 2 is a flow chart for optimizing the linear layer in the FOX algorithm;
FIG. 3 is a schematic diagram of a linear layer optimization circuit module according to the present invention;
FIG. 4 is a circuit diagram of a first module of the linear layer according to the present invention;
FIG. 5 is a circuit diagram of a second module of the linear layer according to the present invention;
FIG. 6 is a circuit diagram of a third module of the linear layer according to the present invention;
FIG. 7 is a circuit diagram of a fourth module of the linear layer according to the present invention;
FIG. 8 is a circuit diagram of a fifth module of the linear layer according to the present invention;
FIG. 9 is a circuit diagram of a sixth module of the linear layer according to the present invention;
FIG. 10 is a circuit diagram of a seventh module of the linear layer of the present invention;
FIG. 11 is a circuit diagram of an eighth module of the linear layer according to the present invention;
fig. 12 is a circuit diagram of a ninth module of the linear layer according to the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the examples are illustrated for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
In order to solve the problems of the existing algorithm of the known matrix optimization technology, the invention combines the linear matrix corresponding to the linear layer in the FOX cryptographic algorithm to provide the following specific optimization process.
As shown in fig. 1, which is a specific flowchart of the FOX cryptographic algorithm, the present invention mainly relates to the optimization technique of the linear layer circuit MU4 in the algorithm.
The optimization process of the linear layer circuit MU4 in the invention is as follows: expanding elements in a matrix corresponding to the linear layer circuit into elements in a binary domain; the matrix represented on the binary domain is integrally optimized by utilizing the idea that short circuit paths replace long circuit paths, so that the number of exclusive OR gates required by the matrix in the realization process is reduced. The specific implementation steps are as follows:
1. expanding elements in a matrix corresponding to a linear layer circuit into elements in a binary domain
The linear transformation of the linear component MU4 in this algorithm may be represented by a matrix L. Extending L into a 32 x 32 matrix over the binary domain:
wherein B is 1 ,B 2 ,B 3 Matrix of 8×8:
2. optimizing the implementation of a matrix, reducing the number of exclusive-OR gates required to implement the matrix
As shown in fig. 2-3, the output of the linear component is a linear combination of inputs. Therefore, in order to reduce the number of exclusive or gates consumed in implementing the matrix, the core of matrix optimization is to reduce the number of exclusive or gates consumed in implementing all the output signals of the matrix.
Let the input signals of the matrix be { x }, when the hardware is implemented 0 ,x 1 ,…,x 31 The output signal is { y } 0 ,y 1 ,…,y 31 },t i Is a register which stores intermediate values whose values are the input of the matrix or the result of an exclusive or operation. And a second diagram is a specific flow chart of the optimization process, and the matrix L is optimized by replacing a long path with a short path.
(1) The matrix L to be optimized is formed by a finite number of shapes such as t k =t i ⊕t j Is formed by exclusive or operation of t i Is a register that stores an intermediate value resulting from an input or exclusive-or operation of value L. Representing the matrix with row vectors, 32 length-32 row vectors are obtained, respectively denoted as L 0 ,L 1 ,…,L 31 . For each row vector L i =(L i0 ,L i1 ,…,L i31 ) (i=0, …, 31) each corresponds to and uniquely corresponds to an integer set N i ={j∈[0,31]:L ij =1 }. Thereby obtaining a group N of integers isomorphic to the matrix L i A multiple set is formed. Based on the idea of short circuit paths instead of long circuit paths, the matrix L is optimized as follows.
(2) Arbitrarily choose r (r E [2,31 ]]) Integer v 1 ,v 2 ,…,v r (v 1 <v 2 <…<v r And v 1 ,v 2 ,…,v r ∈[0,31]). The obtained 32 integer sets N i If there are at least two integer sets N s ,N t So thatAnd->The value t is stored with a register k Wherein t is k =t v1 ⊕t v2 ⊕…⊕t vr A new (shorter) circuit path is obtained to replace t in the original circuit path v1 ⊕t v2 ⊕…⊕t vr And the resulting corresponding implementation is equivalent to the original implementation L (still noted as L). If there are not two integer sets N s ,N t So thatAnd-> Then from [0,31 ]]The next r different integers are selected, and the L is reduced by adopting the method. If r different integers in the integer sets {0,1, …,31} have been selected and L is reduced accordingly, r-1 different integer pairs L are selected from the integer sets {0,1, …,31} and the reduction is continued until the number of selected integers is r=1.
(3) Through process (2), the original implementation L is equivalently optimized to L 1 . Returning to steps (1) and (2), for implementation L 1 Correspondingly optimizing to obtain an equivalent matrix L 2 . Sequentially proceeding until the equivalent matrix L obtained after optimization i (i.gtoreq.1) when the optimization as in processes (1) and (2) is performed, no integer sets are searchedSo that the set +.>And->And contains two or more identical elements. L (L) i And optimizing the original realization L to obtain the final realization.
Using the above method we have an optimized implementation of the matrix L corresponding to the linear layer components in this algorithm as shown in table 1.
Table 1, optimized implementation of matrix L
3. Gate level hardware circuit diagram of algorithm linear component
Using currently known techniques for solving matrix implementation based on the g-xor standard (Paar 1, paar2, BP, BFI, RNBP, A1, A2), the implementation cost of matrix L corresponding to the linear layer of the FOX algorithm according to the present invention is shown in Table 2.
TABLE 2 number of XOR gates required by known implementation techniques to implement the linear layer of the FOX algorithm
Paar1 Paar2 BP BFI RNBP A1 A2
144 143 137 131 132 135 135
In the present invention, the xor number consumed for implementing the linear layer corresponding matrix L is 130, and the xor number is known to be the best according to the above table.
As shown in table 1, the number of xor gates required to implement matrix L corresponding to the FOX algorithm linear layer is 130 and the depth is 9. The concrete frame is shown in figure three. The implementation of the matrix L can be divided into 9 modules. All modules (except the first module) are affected by the shallower depth of the module. As shown in fig. 4-12, the specific analysis of the inputs and outputs of the linear layer modules in the optimization algorithm is as follows:
(1) A first module: the input signal of the first module is affected by part of the input signal of the linear layer of the FOX algorithm, and the output signal values of the modules affect the output signal values of the second to eighth modules of the linear layer.
Input: x is x 0 ,x 1 ,x 2 ,x 3 ,x 4 ,x 5 ,x 6 ,x 7 ,x 8 ,x 9 ,x 10 ,x 11 ,x 12 ,x 13 ,x 14 ,x 15 ,x 16 ,x 17 ,x 18 ,x 19 ,x 20 ,x 21 ,x 22 ,x 23 ,x 24 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31
And (3) outputting: t is t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 56 ,t 57 ,t 59 ,t 60 ,t 67 ,t 68 ,t 70 ,t 73 ,t 87 ,t 94 ,t 99 ,t 100 ,t 102 ,t 105 ,t 108 ,t 112 ,t 117 ,t 123 ,t 132 ,t 144 ,t 148 ,t 152 ,t 157 Specifically, the circuit comprises 36 exclusive-OR gate circuits, which are respectively:
t 32 =x 5 ⊕x 13 ,t 33 =x 8 ⊕x 14 ,t 34 =x 10 ⊕x 15 ,t 35 =x 0 ⊕x 16 ,t 36 =x 16 ⊕x 22 ,t 37
x 2 ⊕x 7 ,t 41 =x 18 ⊕x 23 ,t 48 =x 3 ⊕x 12 ,t 50 =x 4 ⊕x 19 ,t 51 =x 7 ⊕x 20 ,t 52 =x 0 ⊕x 8 ,t 53 =x 1 ⊕x 17 ,t 54 =x 19 ⊕x 31 ,t 56 =x 6 ⊕x 15 ,t 57 =x 5 ⊕x 14 ,t 59 =x 15 ⊕x 23 ,t 60 =x 1 ⊕x 10 ,t 67 =x 3 ⊕x 11 ,t 68 =x 7 ⊕x 30 ,t 70 =x 16 ⊕x 31 ,t 73 =x 2 ⊕x 27 ,t 87 =x 2 ⊕x 17 ,t 94 =x 6 ⊕x 21 ,t 99 =x 6 ⊕x 14 ,t 100 =x 22 ⊕x 29 ,t 102 =x 9 ⊕x 24 ,t 105 =x 12 ⊕x 20 ,t 108 =x 12 ⊕x 30 ,t 112 =x 23 ⊕x 24 ,t 117 =x 18 ⊕x 29 ,t 123 =x 9 ⊕x 28 ,t 132 =x 22 ⊕x 30 ,t 144 =x 0 ⊕x 3 ,t 148 =x 3 ⊕x 23 ,t 152 =x 8 ⊕x 22 ,t 157 =x 10 ⊕x 20
(2) A second module: the input signal of the module is influenced by a part of the input signal of the linear layer and a part of the output signal of the first module, the output signal value of the module influencing the output signal values of the third to seventh modules of the linear layer.
Input: x is x 1 ,x 13 ,x 16 ,x 17 ,x 18 ,x 25 ,x 26 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31 ,t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 57 ,t 59 ,t 60 ,t 68 ,t 70 ,t 99 ,t 100 ,t 112 ,t 144
And (3) outputting: t is t 38 ,t 40 ,t 42 ,t 55 ,t 61 ,t 62 ,t 65 ,y 7 ,y 0 ,t 77 ,t 79 ,t 81 ,t 86 ,t 95 ,y 6 ,t 103 ,t 111 ,t 120 ,t 135 ,t 136 ,t 146 ,t 158 Specifically, the device comprises 22 exclusive-or gate circuits, which are respectively:
t 38 =t 33 ⊕t 34 ,t 40 =x 1 ⊕t 35 ,t 42 =x 17 ⊕t 36 ,t 55 =x 27 ⊕t 50 ,t 61 =x 13 ⊕t 50 ,t 62 =t 36
⊕t 51 ,t 65 =x 28 ⊕t 32 ,t 69 =t 59 ⊕t 68 [y 7 ],t 71 =t 52 ⊕t 70 [y 0 ],t 77 =x 26 ⊕t 54 ,t 79 =x 30 ⊕t 57 ,t 81 =t 34 ⊕t 35 ,t 86 =x 25 ⊕t 60 ,t 95 =t 37 ⊕t 57 ,t 101 =t 99 ⊕t 100 [y 6 ],t 103 =x 31 ⊕t 53 ,t 111 =x 16 ⊕t 59 ,t 120 =x 18 ⊕t 32 ,t 135 =x 27 ⊕t 33 ,t 136 =x 41 ⊕t 48 ,t 146 =t 112 ⊕t 144 ,t 158 =x 29 ⊕t 32
(3) And a third module: the input signal of the module is influenced by part of the input signal of the linear layer and part of the output signals of the first module and the second module, and the output signal value of the module influences the output signal values of the fourth module, the sixth module and the ninth module of the linear layer.
Input: x is x 9 ,x 11 ,x 19 ,x 21 ,x 31 ,t 36 ,t 37 ,t 38 ,t 40 ,t 41 ,t 42 ,t 54 ,t 55 ,t 61 ,t 62 ,t 65 ,t 67 ,t 77 ,t 81 ,t 95 ,t 102 ,t 103 ,t 123 ,t 135 ,t 136 ,t 148
And (3) outputting: t is t 39 ,t 43 ,t 44 ,t 63 ,y 5 ,t 72 ,y 3 ,y 19 ,y 1 ,t 106 ,t 125 ,y 11 ,t 138 ,t 149 ,t 150 Specifically, the circuit comprises 15 exclusive OR gate circuitsThe method comprises the following steps:
t 39 =x 9 ⊕t 39 ,t 43 =t 37 ⊕t 40 ,t 44 =t 41 ⊕t 42 ,t 63 =x 19 ⊕t 62 ,t 66 =x 21 ⊕t 65 [y 5 ],t 72 =x 11 ⊕t 62 ,t 78 =t 67 ⊕t 77 [y 3 ],t 82 =t 55 ⊕t 81 [y 19 ],t 104 =t 102 ⊕t 103 [y 1 ],t 106 =t 54 ⊕t 55 ,t 125 =t 61 ⊕t 123 ,t 137 =t 135 ⊕t 136 [y 11 ],t 138 =t 36 ⊕t 40 ,t 149 =x 31 ⊕t 40 ,t 150 =t 95 ⊕t 148
(4) A fourth module: the input signal of the module is influenced by the partial input signal of the linear layer and by the partial output signals of the first, second and third modules, the output signal values of which have an influence on the output signal values of the fifth and sixth modules of the linear layer.
Input: x is x 4 ,x 11 ,x 13 ,x 21 ,x 24 ,x 26 ,t 38 ,t 39 ,t 43 ,t 44 ,t 48 ,t 63 ,t 70 ,t 72 ,t 73 ,t 105 ,t 106 ,t 149 ,t 150 ,t 152
And (3) outputting: t is t 45 ,t 47 ,t 49 ,t 64 ,y 27 ,t 75 ,t 83 ,t 85 ,y 4 ,t 121 ,t 130 ,y 23 ,t 153 ,t 154 Specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
t 45 =x 11 ⊕t 39 ,t 47 =x 4 ⊕t 43 ,t 49 =x 21 ⊕t 44 ,t 64 =x 13 ⊕t 39 ,t 74 =t 72 ⊕t 73 [y 27 ],t 75 =x 26 ⊕t 44 ,t 83 =t 38 ⊕t 43 ,t 85 =x 26 ⊕t 39 ,t 107 =t 105 ⊕t 106 [y 4 ],t 121 =t 48 ⊕t 63 ,t 130 =t 70 ⊕t 72 ,t 151 =t 149 ⊕t 150 [y 23 ],t 153 =x 24 ⊕t 44 ,t 154 =t 63 ⊕t 152
(5) A fifth module: the input signal of the module is affected by the partial input signal of the linear layer, the partial output signals of the first, second and fourth modules, and the output signal values of the modules affect the output signal values of the sixth, seventh and ninth modules of the linear layer.
Input: x is x 12 ,x 18 ,x 20 ,t 32 ,t 45 ,t 47 ,t 49 ,t 53 ,t 54 ,t 60 ,t 64 ,t 75 ,t 83 ,t 85 ,t 86 ,t 87 ,t 94 ,t 111 ,t 120 ,t 121 ,t 153 ,t 154
And (3) outputting: t is t 46 ,t 58 ,y 26 ,t 84 ,y 10 ,t 89 ,t 97 ,t 109 ,t 115 ,t 122 ,t 129 ,t 133 ,t 145 ,y 24 Specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
t 46 =x 12 ⊕t 45 ,t 58 =x 20 ⊕t 49 ,t 76 =t 60 ⊕t 75 [y 26 ],t 84 =t 53 ⊕t 83 ,t 88 =t 85 ⊕t 87 [y 10 ],t 89 =x 18 ⊕t 83 ,t 97 =t 49 ⊕t 54 ,t 109 =t 64 ⊕t 94 ,t 115 =t 64 ⊕t 86 ,t 122 =t 120 ⊕t 121 ,t 129 =x 20 ⊕t 64 ,t 133 =t 32 ⊕t 47 ,t 145 =t 47 ⊕t 111 ,t 155 =t 153 ⊕t 154 [y 24 ]。
(6) A sixth module: the input signals of the modules affect part of the output signals of the first to fifth modules, and the output signal values of the modules affect the output signal values of the seventh, eighth and ninth modules of the linear layer.
Input: t is t 41 ,t 44 ,t 46 ,t 52 ,t 56 ,t 58 ,t 59 ,t 61 ,t 66 ,t 76 ,t 79 ,t 84 ,t 85 ,t 86 ,t 89 ,t 97 ,t 108 ,t 109 ,t 111 ,t 115 ,t 122 ,t 129 ,t 130 ,t 132 ,t 133 ,t 145 ,t 146 ,t 157
And (3) outputting: y is 30 ,y 18 ,t 91 ,y 31 ,y 14 ,t 113 ,y 9 ,t 118 ,t 124 ,t 127 ,y 15 ,y 22 ,t 141 ,y 16 ,t 159 ,y 28 Specifically, the circuit comprises 16 exclusive or gate circuits, which are respectively:
t 80 =t 58 ⊕t 79 [y 30 ],t 90 =t 85 ⊕t 89 [y 18 ],t 91 =t 84 ⊕t 86 ,t 98 =t 56 ⊕t 97 [y 31 ],t 110
t 108 ⊕t 109 [y 14 ],t 113 =t 46 ⊕t 52 ,t 116 =t 111 ⊕t 115 [y 9 ],t 118 =t 58 ⊕t 61 ,t 124 =t 46 ⊕t 59 ,t 127 =t 44 ⊕t 122 ,t 131 =t 129 ⊕t 130 [y 15 ],t 134 =t 132 ⊕t 133 [y 22 ],t 141 =t 41 ⊕t 76 ,t 147 =t 145 ⊕t 146 [y 16 ],t 159 =t 46 ⊕t 157 ,t 161 =t 66 ⊕t 122 [y 28 ]。
(7) A seventh module: the input signal of the module is influenced by part of the output signals of the first, second, third, fifth and sixth modules, the output signal value of which influences the output signal value of the eighth module of the linear layer.
Input: t is t 88 ,t 91 ,t 95 ,t 112 ,t 113 ,t 117 ,t 118 ,t 124 ,t 125 ,t 158 ,t 159
And (3) outputting: t is t 92 ,y 17 ,y 8 ,y 29 ,y 12 ,y 13 Specifically, the circuit comprises 6 exclusive or gate circuits, which are respectively:
t 92 =t 88 ⊕t 91 ,t 96 =t 91 ⊕t 95 [y 17 ],t 114 =t 112 ⊕t 113 [y 8 ],t 119 =t 117 ⊕t 118 [y 29 ],t 126
=t 124 ⊕t 125 [y 12 ],t 160 =t 158 ⊕t 159 [y 13 ]。
(8) Eighth module: the input signal of the module is influenced by the output signals of the first, sixth and seventh modules, the output signal value of which influences the output signal value of the ninth module of the linear layer.
Input: t is t 90 ,t 92 ,t 94 ,t 119 ,t 126 ,t 127
And (3) outputting: y is 2 ,t 128 ,t 139 ,t 142 Specifically, the circuit comprises 4 exclusive or gate circuits, which are respectively:
t 93 =t 90 ⊕t 92 [y 2 ],t 128 =t 126 ⊕t 127 ,t 139 =t 119 ⊕t 127 ,t 142 =t 92 ⊕t 94
(9) A ninth module: the input signal of this module is affected by part of the input signal of the linear layer, part of the output signal of the first module and the eighth module.
Input: t is t 84 ,t 128 ,t 138 ,t 139 ,t 141 ,t 142
And (3) outputting: y is 21 ,y 25 ,y 20 Specifically, the circuit comprises 3 exclusive or gate circuits, which are respectively:
t 140 =t 138 ⊕t 139 [y 21 ],t 143 =t 141 ⊕t 142 [y 25 ],t 156 =t 84 ⊕t 128 [y 20 ]。
all the modules in fig. 3 are integrated with an exclusive or gate, and specific circuit implementations of each module are shown in fig. 4 to 12. As can be seen from Table 2, the number of XOR gates implemented by the linear layer in the FOX algorithm provided by the invention is all the best known at present. Therefore, the aim of optimizing the hardware realization of the whole algorithm is achieved.
The foregoing is illustrative of the best mode of carrying out the invention, and is not presented in any detail as is known to those of ordinary skill in the art. The protection scope of the invention is defined by the claims, and any equivalent transformation based on the technical teaching of the invention is also within the protection scope of the invention.

Claims (1)

1. An optimized FOX algorithm linear layer circuit is characterized by comprising a first module, a second module, a third module, a fourth module, a fifth module, a sixth module, a seventh module, an eighth module and a ninth module, wherein the total input signal of the linear layer circuit is { x } 0 ,x 1 ,…,x 31 The total output signal is { y } 0 ,y 1 ,…,y 31 -the input signal of the first module is:
x 0 ,x 1 ,x 2 ,x 3 ,x 4 ,x 5 ,x 6 ,x 7 ,x 8 ,x 9 ,x 10 ,x 11 ,x 12 ,x 13 ,x 14 ,x 15 ,x 16 ,x 17 ,x 18 ,x 19 ,x 20 ,x 21 ,x 22 ,x 23 ,x 24 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31 the output signal is:
t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 56 ,t 57 ,t 59 ,t 60 ,t 67 ,t 68 ,t 70 ,t 73 ,t 87 ,t 94 ,t 99 ,t 100 ,t 102 ,t 105 ,t 108 ,t 112 ,t 117 ,t 123 ,t 132 ,t 144 ,t 148 ,t 152 ,t 157 specifically, the circuit comprises 36 exclusive-OR gate circuits, which are respectively:
the input signal of the second module of the linear layer circuit is:
x 1 ,x 13 ,x 16 ,x 17 ,x 18 ,x 25 ,x 26 ,x 27 ,x 28 ,x 29 ,x 30 ,x 31 ,t 32 ,t 33 ,t 34 ,t 35 ,t 36 ,t 37 ,t 41 ,t 48 ,t 50 ,t 51 ,t 52 ,t 53 ,t 54 ,t 57 ,t 59 ,t 60 ,t 68 ,t 70 ,t 99 ,t 100 ,t 112 ,t 144 the output signal is:
t 38 ,t 40 ,t 42 ,t 55 ,t 61 ,t 62 ,t 65 ,y 7 ,y 0 ,t 77 ,t 79 ,t 81 ,t 86 ,t 95 ,y 6 ,t 103 ,t 111 ,t 120 ,t 135 ,t 136 ,t 146 ,t 158 specifically, the device comprises 22 exclusive-or gate circuits, which are respectively:
the input signal of the third module of the linear layer circuit is:
x 9 ,x 11 ,x 19 ,x 21 ,x 31 ,t 36 ,t 37 ,t 38 ,t 40 ,t 41 ,t 42 ,t 54 ,t 55 ,t 61 ,t 62 ,t 65 ,t 67 ,t 77 ,t 81 ,t 95 ,t 102 ,t 103 ,t 123 ,t 135 ,t 136 ,t 148 the output signal is:
t 39 ,t 43 ,t 44 ,t 63 ,y 5 ,t 72 ,y 3 ,y 19 ,y 1 ,t 106 ,t 125 ,y 11 ,t 138 ,t 149 ,t 150 specifically, the circuit comprises 15 exclusive-OR gate circuits, which are respectively:
the input signal of the fourth module of the linear layer circuit is:
x 4 ,x 11 ,x 13 ,x 21 ,x 24 ,x 26 ,t 38 ,t 39 ,t 43 ,t 44 ,t 48 ,t 63 ,t 70 ,t 72 ,t 73 ,t 105 ,t 106 ,t 149 ,t 150 ,t 152 the output signal is:
t 45 ,t 47 ,t 49 ,t 64 ,y 27 ,t 75 ,t 83 ,t 85 ,y 4 ,t 121 ,t 130 ,y 23 ,t 153 ,t 154 specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
the input signal of the fifth module of the linear layer circuit is:
x 12 ,x 18 ,x 20 ,t 32 ,t 45 ,t 47 ,t 49 ,t 53 ,t 54 ,t 60 ,t 64 ,t 75 ,t 83 ,t 85 ,t 86 ,t 87 ,t 94 ,t 111 ,t 120 ,t 121 ,t 153 ,t 154 the output signal is:
t 46 ,t 58 ,y 26 ,t 84 ,y 10 ,t 89 ,t 97 ,t 109 ,t 115 ,t 122 ,t 129 ,t 133 ,t 145 ,y 24 specifically, the device comprises 14 exclusive-or gate circuits, which are respectively:
the input signal of the sixth module of the linear layer circuit is:
t 41 ,t 44 ,t 46 ,t 52 ,t 56 ,t 58 ,t 59 ,t 61 ,t 66 ,t 76 ,t 79 ,t 84 ,t 85 ,t 86 ,t 89 ,t 97 ,t 108 ,t 109 ,t 111 ,t 115 ,t 122 ,t 129 ,t 130 ,t 132 ,t 133 ,t 145 ,t 146 ,t 157 the output signal is:
y 30 ,y 18 ,t 91 ,y 31 ,y 14 ,t 113 ,y 9 ,t 118 ,t 124 ,t 127 ,y 15 ,y 22 ,t 141 ,y 16 ,t 159 ,y 28 specifically, the circuit comprises 16 exclusive or gate circuits, which are respectively:
the input signal of the seventh module of the linear layer circuit is:
t 88 ,t 91 ,t 95 ,t 112 ,t 113 ,t 117 ,t 118 ,t 124 ,t 125 ,t 158 ,t 159 the output signal is:
t 92 ,y 17 ,y 8 ,y 29 ,y 12 ,y 13 specifically, the circuit comprises 6 exclusive or gate circuits, which are respectively:
the input signal of the eighth module of the linear layer circuit is:
t 90 ,t 92 ,t 94 ,t 119 ,t 126 ,t 127 the output signal is:
y 2 ,t 128 ,t 139 ,t 142 specifically, the circuit comprises 4 exclusive or gate circuits, which are respectively:
the input signal of the ninth module of the linear layer circuit is:
t 84 ,t 128 ,t 138 ,t 139 ,t 141 ,t 142 the output signal is:
y 21 ,y 25 ,y 20 specifically, the circuit comprises 3 exclusive or gate circuits, which are respectively:
CN202311056191.9A 2023-08-21 2023-08-21 Optimized FOX algorithm linear layer circuit Active CN117134886B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311056191.9A CN117134886B (en) 2023-08-21 2023-08-21 Optimized FOX algorithm linear layer circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311056191.9A CN117134886B (en) 2023-08-21 2023-08-21 Optimized FOX algorithm linear layer circuit

Publications (2)

Publication Number Publication Date
CN117134886A CN117134886A (en) 2023-11-28
CN117134886B true CN117134886B (en) 2024-01-30

Family

ID=88859300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311056191.9A Active CN117134886B (en) 2023-08-21 2023-08-21 Optimized FOX algorithm linear layer circuit

Country Status (1)

Country Link
CN (1) CN117134886B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507644A (en) * 2020-12-03 2021-03-16 湖北大学 Optimized SM4 algorithm linear layer circuit
CN115276955A (en) * 2022-06-27 2022-11-01 湖北大学 Optimized CLEFIA algorithm linear layer implementation circuit
CN115567193A (en) * 2022-09-30 2023-01-03 柳州职业技术学院 Optimization method, system, equipment and storage medium for lightweight block cipher linear layer hardware

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007069236A2 (en) * 2005-12-14 2007-06-21 Nds Limited Method and system for usage of block cipher encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507644A (en) * 2020-12-03 2021-03-16 湖北大学 Optimized SM4 algorithm linear layer circuit
CN115276955A (en) * 2022-06-27 2022-11-01 湖北大学 Optimized CLEFIA algorithm linear layer implementation circuit
CN115567193A (en) * 2022-09-30 2023-01-03 柳州职业技术学院 Optimization method, system, equipment and storage medium for lightweight block cipher linear layer hardware

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
分组密码复杂线性层可分性传播的MILP刻画方法;向泽军等;《软件学报》;全文 *

Also Published As

Publication number Publication date
CN117134886A (en) 2023-11-28

Similar Documents

Publication Publication Date Title
Ye et al. Chaotic image encryption algorithm using wave-line permutation and block diffusion
Chen et al. An efficient image encryption scheme using lookup table-based confusion and diffusion
CN110071794B (en) AES algorithm-based information encryption method, system and related components
CN112507644B (en) Optimized SM4 algorithm linear layer circuit
Kasper et al. A stochastic method for security evaluation of cryptographic FPGA implementations
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
Jeon et al. A compact memory-free architecture for the AES algorithm using resource sharing methods
CN113078996B (en) FPGA (field programmable Gate array) optimization realization method, system and application of SM4 cryptographic algorithm
Zhang et al. A novel differential fault analysis using two‐byte fault model on AES Key schedule
Noura et al. A physical encryption scheme for low-power wireless M2M devices: a dynamic key approach
Wong et al. Circuit and system design for optimal lightweight AES encryption on FPGA
Awad et al. New chaotic permutation methods for image encryption
Li et al. Related-tweak statistical saturation cryptanalysis and its application on QARMA
Yang et al. DULBC: A dynamic ultra-lightweight block cipher with high-throughput
Yi et al. Multidimensional zero‐correlation linear cryptanalysis of the block cipher KASUMI
CN117134886B (en) Optimized FOX algorithm linear layer circuit
Zhao et al. Weakly secure coded distributed computing
CN102117195B (en) Large-number modular multiplier circuit
Huai et al. An energy-efficient AES-CCM implementation for IEEE802. 15.4 wireless sensor networks
Zhang et al. Hardware implementation of compact AES S-box
CN114826560B (en) Lightweight block cipher CREF implementation method and system
Xingyuan et al. Cracking and improvement of an image encryption algorithm based on bit-level permutation and chaotic system
CN115276955B (en) Optimized CLEFIA algorithm linear layer implementation circuit
Liu et al. A new compact hardware architecture of S-Box for block ciphers AES and SM4
Al‐Hussaini et al. Subblocks interleaving PTS technique with minimum processing time for PAPR reduction in OFDM systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant