CN1258148C - Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer - Google Patents
Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer Download PDFInfo
- Publication number
- CN1258148C CN1258148C CN 03113387 CN03113387A CN1258148C CN 1258148 C CN1258148 C CN 1258148C CN 03113387 CN03113387 CN 03113387 CN 03113387 A CN03113387 A CN 03113387A CN 1258148 C CN1258148 C CN 1258148C
- Authority
- CN
- China
- Prior art keywords
- key
- row
- transformation
- sub
- conversion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to an encryption and a decryption methods using high security level symmetry secret key algorithm and an encipherer which is a symmetric secret key DSP encipherer. The encryption method is formed by means that N encryption wheels are connected in series. The encryption of each encryption wheel comprises the following steps: row shift transformation, S box replacement-<-> line mixing transformation and sub-secret key modulo-2 adding transformation. The final output of each encryption wheel, which is the sub-secret key modulo-2 adding transformation, is connected with the input of the next encryption wheel, which is the row shift transformation. The decryption method comprises the following steps: N decryption wheels are connected in series; the decryption of each decryption wheel comprises the following steps: sub-secret key modulo-2 adding transformation, inverse line mixing transformation, inverse S box replacement transformation and inverse shift transformation. The final output of each decryption wheel, which is the inverse shift transformation is connected with the input of the next decryption wheel, which is the sub-secret key modulo-2 adding transformation. The encipherer is composed of a module, a FLASH module and a McBSP0 expansion opening. The method can enhance an encryption speed by 2.16 times and enhance a decryption speed by two times.
Description
One, technical field:
The present invention is a kind of symmetric key DSP encryption equipment, belongs to the technical field of information encryption protection.
Two, technical background
Because computer computation ability constantly improves and based on the development of the Distributed Calculation of Internet; have only the DES algorithm of 56bit to constitute huge threat to key length; therefore; the activity of U.S.'s National Institute of Standards and Tech on April 15 (NIST) initiation collection Advanced Encryption Standard (AES) algorithm in 1997; and, be intended to protect the sensitivity of government and hetero-organization thereof, the transmission of non-confidential information in the data encryption standards of announcement on October 2nd, 2000 Rijndael as U.S. a new generation.
The Rijndael algorithm is that a kind of data block length is 128bits, the iteration block cipher that key length is variable, and key block length can be respectively 128,192 or 256bits.Because the Rijndael algorithm is derived from the Square algorithm, its structure has very strong dirigibility, is easy to expansion.
But the Rijndael algorithm also exists byte modular multiplication speed slow, and key length also relatively short (the longest also have only 256bits) can not satisfy the occasion of high safety grade, the shortcoming that former in addition algorithm exists encryption/decryption speed not wait.
Adopt the dedicated encrypted device based on DSP of Rijndael algorithm, also on the market not occur as core.The Rijndael algorithm is expanded and make a kind of encryption equipment that can move fast on the DSP device at home and abroad also is a kind of blank.
Three. summary of the invention
1. technical matters
The purpose of this invention is to provide a kind ofly enciphering rate can be improved more than 2 times, simple in structure, cost is low, the encryption of easy-operating a kind of high safety grade symmetric key algorithm, decryption method and encryption equipment
2. technical scheme
The encryption of high safety grade symmetric key algorithm of the present invention, decryption method, be in series by N wheel encryption round and combine, the encryption of each encryption round is that row shift transformation, S box substitute the row mixing transformation, sub-key mould 2 adds conversion in proper order, the last output of each encryption round is that sub-key mould 2 adds input that conversion connects next encryption round shift transformation at once, plaintext and seed key carry out data/key addition, the result of data/key addition send the 0th capable shift transformation of taking turns, and seed key is through the encryption round sub-key W of key diffusion 7 generations simultaneously
iLast conversion of giving each encryption round respectively is that sub-key mould 2 adds conversion; The encryption of the encryption round that last is taken turns is that S box alternative transforms, row shift transformation, sub-key mould 2 add conversion in proper order, and last sub-key mould 2 of taking turns encryption round adds conversion output ciphertext.
The transform method of row shift transformation is: the row shift transformation carries out circulative shift operation separately to byte of each row of state, satisfies following relationship: the 0th row and the 4th capablely is not shifted; The 1st row and the 5th row move 1 byte; If the 2nd row and the 6th row Nb=4 or Nb=6 move 2 bytes, otherwise move 3 bytes; If the 3rd row and the 7th row Nb=4 or Nb=6 move 3 bytes, otherwise move 4 bytes.
The transform method that the S box substitutes the row mixing transformation is: in advance to each byte of S box respectively with 02,03,04,05 mould m (x) takes advantage of, constitute the S box permutation table of 4 One-Dimensional Extended, (MUL02, MUL03, MUL04, MUL05), order change to the encryption round of expansion algorithm rearranges, and the S box is substituted and the row displacement is exchanged in proper order, and S box alternative transforms is merged to the row mixing transformation.Earlier from each expansion S box permutation table, find numerical value after each row byte conversion of state in the time of conversion, then these numerical value are carried out XOR, the new numerical value after the whole conversion of a certain byte of state by the time according to the coefficient of row mixing transformation; By that analogy, can obtain new numerical value after other byte conversion of state.The transform method that sub-key mould 2 adds conversion is: it is exactly each byte that will be added to by the wheel sub-key mould 2 that key diffusion obtains in the state that sub-key mould 2 adds conversion.
The wheel number of times Nr that encrypts determines jointly by Nk and Nb, and just the big numerical value that equals among Nk and the Nb of the numerical value of Nr adds 6, thereby to obtain Nr be 10,12 or 14.
The key diffusion is made up of two processes:
1) key diffusion: seed key diffuses into the diffusion key;
2) choosing of wheel sub-key: every sub-key of taking turns use is chosen from the diffusion key.
Be with the difference of former algorithm:
The word of at every turn choosing is i.e. 8 bytes of 64bits
The wheel constant is made of the constant of 8 bytes, and 7 bytes in the front of this 8 byte are 0, and last byte of the first round is 01, and last byte of all the other each wheels takes advantage of ' 02 ' to constitute by last byte mould of the wheel constant that take turns front one.
Decryption method is: being in series by N wheel decryption round combines, the deciphering of each decryption round is that sub-key mould 2 adds conversion, contrary row mixing transformation, contrary S box alternative transforms, shift transformation drives in the wrong direction in proper order, the input that the promptly retrograde shift transformation of the last output of each decryption round connects next decryption round is that sub-key mould 2 adds conversion, ciphertext and seed key are through data/key addition, the result of data/key addition send the 0th sub-key mould 2 of taking turns to add conversion, and seed key is through the decryption round sub-key W of key diffusion generation simultaneously
iFirst conversion of giving each decryption round respectively is that sub-key mould 2 adds conversion; The deciphering of the decryption round that last is taken turns is that sub-key mould 2 adds conversion, contrary S box alternative transforms, the shift transformation that drives in the wrong direction in proper order, and last takes turns the retrograde shift transformation output plaintext of decryption round.
Contrary row mixing transformation transform method is: the order that does not change each 4 conversion taking turns, just contrary row mixing transformation is made amendment, work out 4 from 0 to 255 in advance respectively with 02,03,04, one dimension factor table (the LUT02 that 05 mould m (x) takes advantage of, LUT03, LUT04, LUT05), in the time of conversion, first coefficient according to row mixing inverse transformation finds the numerical value after each row byte mould of state is taken advantage of from each multiplier factor table, then these numerical value are carried out XOR, the new numerical value after a certain byte inverse transformation of state by the time, by that analogy, can obtain new numerical value after other byte conversion of state.
The encryption equipment of the symmetric key algorithm of high safety grade, by the DSP module, the FLASH module, McBSP0 expansion mouth is formed, " D15-D0 " of DSP module joins with " D15-D0 " of FLASH module end, " A15-A0 " of DSP module joins with " A15-A0 " of FLASH module end, " MSTRB; R/W " of DSP module by with door connect the FLASH module " WE " end, " MSTRB " of DSP module separates the input end of a not gate, " R/W " of the output terminal of this not gate and DSP module (13) connects two input ends of a Sheffer stroke gate respectively, " OE " end of the output termination FLASH module of this Sheffer stroke gate, " the BCLKR0; BFSR0; BDR0; BCLKX0; BFSX0; BDX0 of DSP module, INT0, INT1, IACK " connect McBSP0 expansion mouthful.
3. technique effect
The present invention proposes quick implementation respectively to a kind of ciphering process and decrypting process of Rijndael algorithm of expansion, and quick implementation is applied in the symmetric key algorithm encryption equipment of a kind of high safety grade that the hardware platform of a kind of common TMS320VC5402 constitutes, by the actual measurement explanation of encryption equipment being used the Fast implementation of our proposition, enciphering rate can be improved 2.16 times, deciphering speed improves 2 times.If in conjunction with the DSPs technology, can make the enciphering rate of this encryption equipment improve 5.80 times, deciphering speed improves 5.50 times.While encryption and decryption approximately equal.
Four. description of drawings
Fig. 1 is the schematic flow sheet of encryption method of the present invention.Wherein have: row shift transformation 1, S box substitute _ row mixing transformation 2, sub-key mould 2 add conversion 3, expressly 4, seed key 5, data/key addition 6, key diffusion 7.
Fig. 2 is the schematic flow sheet of decryption method of the present invention.Wherein have: contrary row mixing transformation 9, contrary S box alternative transforms 10, the shift transformation 11 that drives in the wrong direction, ciphertext 12.
Fig. 3 is the structural representation of encryption equipment of the present invention.Wherein have: DSP module 13, FLASH module 14, McBSP0 expansion mouth 15.
The realization circuit diagram of encryption equipment of the present invention during Fig. 4.
Five. embodiment
The encryption of high safety grade symmetric key algorithm of the present invention, decryption method, be in series by N wheel encryption round and combine, the encryption of each encryption round is the row shift transformation in proper order, the S box substitutes _ the row mixing transformation, sub-key mould 2 adds conversion, the last output of each encryption round is that sub-key mould 2 adds input that conversion connects next encryption round shift transformation at once, plaintext and seed key carry out data/key addition, the result of data/key addition send the 0th capable shift transformation of taking turns, and it is that sub-key mould 2 adds conversion that the encryption round sub-key Wi that the while seed key produces through key diffusion 7 give last conversion of each encryption round respectively; The encryption of the encryption round that last is taken turns is that S box alternative transforms, row shift transformation, sub-key mould 2 add conversion in proper order, and last sub-key mould 2 of taking turns encryption round adds conversion output ciphertext.
The transform method of row shift transformation is: the row shift transformation carries out circulative shift operation separately to byte of each row of state, satisfies following relationship: the 0th row and the 4th capablely is not shifted; The 1st row and the 5th row move 1 byte; If the 2nd row and the 6th row Nb=4 or Nb=6 move 2 bytes, otherwise move 3 bytes; If the 3rd row and the 7th row Nb=4 or Nb=6 move 3 bytes, otherwise move 4 bytes.
The transform method that the S box substitutes the row mixing transformation is: in advance to each byte of S box respectively with 02,03,04,05 mould m (x) takes advantage of, and constitutes 4 One-Dimensional Extended S boxes and substitutes _ row mixing transformation table (MUL02, MUL03, MUL04 MUL05), rearranges the order change of the encryption round of expansion algorithm, alternative row mixing transformation of S box and row displacement are exchanged in proper order, the S box is substituted the row mixing transformation merge to the row mixing transformation.Earlier from each expansion S box permutation table, find numerical value after each row byte conversion of state in the time of conversion, then these numerical value are carried out XOR, the new numerical value after the whole conversion of a certain byte of state by the time according to the coefficient of row mixing transformation; By that analogy, can obtain new numerical value after other byte conversion of state.
The transform method that sub-key mould 2 adds conversion is: it is exactly each byte that will be added to by the wheel sub-key mould 2 that key diffusion obtains in the state that sub-key mould 2 adds conversion.
The wheel number of times Nr that encrypts determines jointly by Nk and Nb, and just the big numerical value that equals among Nk and the Nb of the numerical value of Nr adds 6, thereby to obtain Nr be 10,12 or 14.
The key diffusion is made up of two processes:
1) key diffusion: seed key diffuses into the diffusion key;
2) choosing of wheel sub-key: every sub-key of taking turns use is chosen from the diffusion key.
Be with the difference of former algorithm:
The word of at every turn choosing is i.e. 8 bytes of 64bits
The wheel constant is made of the constant of 8 bytes, and 7 bytes in the front of this 8 byte are 0, and last byte of the first round is 01, and last byte of the wheel constant that last byte of all the other each wheels are taken turns by front one moves to left 1 and constitutes.
The present invention designs the Rijndael algorithm that a kind of data and key length all can be the expansion of 256/384/512 bit according to the characteristics of Rijndael, makes encryption/decryption speed equal substantially.On this basis, the encryption and decryption process to this expansion algorithm proposes quick implementation respectively, solves the slow-footed shortcoming of byte modular multiplication that comprises former algorithm and expansion algorithm.This algorithm is transplanted to (this platform is core with TMS320VC5402 on the common DSP hardware platform, comprise peripheral basic data IO channel), and in conjunction with the characteristics of DSPs storer, adopt the localization method of code segment, and the code optimization device that uses corresponding support software to provide, Rijndael algorithm synthesis to expansion is optimized, and encryption/decryption speed is greatly improved.
Quick implementation:
In the row mixing transformation (MixColumn) of the Rijndael algorithm of expanding, need carry out the inferior byte modular multiplication of 64Nb (Nb is that data block length is divided by 64), the operand of program is 192Nb table look-up computing and 64Nb GF (2
8) on additive operation, operand is bigger.If we change into the computing of tabling look-up for 64Nb time with this 192Nb time modular multiplication, will significantly reduce the computing expense.This patent proposes quick implementation respectively at the every characteristics of taking turns encryption and decryption of Rijndael algorithm of expansion.
The quick implementation of ciphering process:
Because the row shift transformation is a kind of linear transformation, it does not change the numerical value of the element of each input state, just wherein the 1st, 2,3,5,6,7 row elements are rearranged, therefore can rearrange the order change of the encryption round of expansion algorithm, alternative and the capable displacement of S box is exchanged in proper order, according to (1) formula and (2) formula, S box alternative transforms can be merged to the row mixing transformation.
s′(x)=a(x)s(x)mod(x
8+1) (1)
Wherein
a(x)={03}x
7+{05}x
6+{03}x
5+{02}x
4+{02}x
3+{04}x
2+{02}x+{02} (2)
According to (2) formula, can get following formula:
MUL02[·]=S[·]·02mod m(x) (3)
MUL03[·]=S[·]·03mod m(x) (4)
MUL04[·]=S[·]·04mod m(x) (5)
MUL05[·]=S[·]·05mod m(x) (6)
Can work out the S box permutation table of 4 One-Dimensional Extended respectively by (3), (4), (5) and (6) formula, their element is that the element mod m (x) of S box takes advantage of 02 respectively, mod m (x) takes advantage of 03, mod m (x) take advantage of 04 and mod m (x) take advantage of 05.
The quick implementation of decrypting process:
Decryption method is: being in series by N wheel decryption round combines, the deciphering of each decryption round is that sub-key mould 2 adds conversion, contrary row mixing transformation, contrary S box alternative transforms, shift transformation drives in the wrong direction in proper order, the input that the promptly retrograde shift transformation of the last output of each decryption round connects next decryption round is that sub-key mould 2 adds conversion, ciphertext and seed key are through data/key addition, the result of data/key addition send the 0th sub-key mould 2 of taking turns to add conversion, and seed key is through the decryption round sub-key W of key diffusion generation simultaneously
iFirst conversion of giving each decryption round respectively is that sub-key mould 2 adds conversion; The deciphering of the decryption round that last is taken turns is that sub-key mould 2 adds conversion, contrary S box alternative transforms, the shift transformation that drives in the wrong direction in proper order, and last takes turns the retrograde shift transformation output plaintext of decryption round.
Contrary row mixing transformation transform method is: the order that does not change each 4 conversion taking turns, just contrary row mixing transformation is made amendment, work out 4 from 0 to 255 in advance respectively with 02,03,04, one dimension factor table (the LUT02 that 05 mould m (x) takes advantage of, LUT03, LUT04, LUT05), in the time of conversion, first coefficient according to row mixing inverse transformation finds the numerical value after each row byte mould of state is taken advantage of from each multiplier factor table, then these numerical value are carried out XOR, the new numerical value after a certain byte inverse transformation of state by the time, by that analogy, can obtain new numerical value after other byte conversion of state.
Do not change the order of each 4 conversion taking turns, just contrary row mixing transformation is made amendment, but do not change its basic thought.A certain state s '=(s '
I, j, i=0,1...7, j=0,1 ... Nb-1) through being transformed to s=(s behind the contrary row mixing transformation
I, j, i=0,1...7, j=0,1 ... Nb-1), their both relations are shown in (7) formula and (8) formula so.
s(x)=a
-1(x)s′(x)mod(x
8+1) (7)
Wherein
a
-1(x)={03}x
7+{04}x
6+{03}x
5+{03}x
4+{02}x
3+{05}x
2+{02}x+{03} (8)
According to (8) formula, can get following formula:
LUT02[i]=i·02mod m(x) (9)
LUT03[i]=i·03mod m(x) (10)
LUT04[i]=i·04mod m(x) (11)
LUT05[i]=i·05mod m(x) (12)
(9)~(12) i=0 in the formula, 1,2...255
Therefore, LUT02, LUT03, LUT04, LUT05 are exactly in fact that a common mod m (x) takes advantage of factor table, and these 4 one dimension tables are used for row and mix inverse transformation.
The optimization of the realization of enciphering and deciphering algorithm and code on TMS320VC5402:
Two kinds of on-chip memories are arranged: two addressable memories (DARAM) and single addressable memory among the TMS320VC5402.The characteristics of two addressable memories are to allow CPU in the single cycle it to be visited twice.Single addressable memory has two kinds of forms: (1) single addressing read/writable memory device (SARAM), and (2) single addressing ROM (read-only memory) (ROM or DROM), CPU can be in the single cycle to each memory unit access once.These two kinds of storeies all can be mapped to the program space and data space.In addition, TMS320VC5402 can plug-in chip external memory, but CPU to sheet external memory unit access once, wants two cycles at least.Compare with chip external memory, on-chip memory has does not need to insert waiting status, cost and advantage such as low in energy consumption.
Match with it, TI company provides corresponding code development the integration environment-Code ComposerStudio (CCS), and it integrates code Core Generator and debugging acid, and processor information and supervisory programme performance can be provided.CCS can use all instruments in a control window.
CCS carries code optimization device Optimizer, it can carry out the optimization of 4 different levels to all source codes that are included in CCS Project the inside: register (Register) level is optimized, local variable (Local) level is optimized, global variable (Global) level is optimized, file (FILE) level is optimized, and the optimization range of these 4 levels and degree are progressively to expand and deepen.
The scheme 1, scheme 2, program segment mapping mode and the CCS that propose in conjunction with us carry the program optimization device, we have realized the Rijndael enciphering and deciphering algorithm of expansion with ANSI C language on the TMS320VC5402 hardware platform, and, make having arrived significantly of arithmetic speed of encryption equipment improve to the optimization of carrying out different levels of algorithm.
The Rijndael algorithm of expansion:
Data block length and seed key length that this expansion algorithm can be realized are 256/384/512bits.The intermediate result of encrypting, promptly state (State) is the matrix that 8 row, Nb are listed as, wherein Nb is that data block length is divided by 64.Add secret keys and be the matrix of one 8 row, Nk row, wherein Nk is that key length is divided by 64.
The wheel number of encrypting (Nr) is determined by (13) formula.
Nr=max{Nk,Nb}+6 (13)
Because Nk, Nb ∈ 4,6,8}, so Nr ∈ 10,12,14}
Ciphering process is made up of following components:
1. the key mould 2 of an initial wheel adds.
2.Nr-1 wheel: carry out S box alternative transforms (SubBytes), row shift transformation (ShiftRows), row mixing transformation (MixColumns) and sub-key mould 2 successively and add (Key Addition).
3. one is finished wheel: carry out S box alternative transforms, row shift transformation and sub-key mould 2 successively and add, do not comprise the row mixing transformation.
Encryption round is the same with former algorithm, is made up of 4 conversion: S box alternative transforms, row shift transformation, row mixing transformation and sub-key mould 2 add.
S box alternative transforms:
The same with former algorithm, S and alternative transforms are nonlinear byte alternative transforms.A S box the same with former algorithm (the one dimension table of being made up of 256 elements) is used in this conversion, retrieves the substitution value of correspondence in the S box according to the numerical value of each byte of intermediate result.
The structure of S box:
The S box is a kind of reversible permutation table, is made up of two sub-conversion:
1. finite field gf (2
8) on multiplication contrary, { 00} is mapped as itself to element.
2. affine on the finite field gf (2) is shown in (14) formula.
b′
i=b
ib
(i+4)mod8b
(i+5)mod8b
(i+6)mod8b
(i+7)mod8c
i (14)
Wherein, 0≤i≤8, b
iBe the ibit of conversion byte, { c
7c
6c
5c
4c
3c
2c
1c
0}=(63h)=(01100011b}.
The row shift transformation:
The row shift transformation carries out circulative shift operation separately to the byte of each row of state, and the byte number of each row displacement satisfies following relation:
s′
r,c=s
r,(c+shift(r,Nb))mod Nb,0<r<8,0≤c<Nb (15)
Shift value shift (r, Nb) be by the columns (Nb) of the row of this byte in the state number and state determine that they satisfy following relationship: the 0th row and the 4th capablely is not shifted, and other each capable value that moves to right satisfies shown in the following table.
| r=1 | r=2 | r=3 | r=5 | r=6 | r=7 | |
| Nb=4 | 1 | 2 | 3 | 1 | 2 | 3 |
| Nb=6 | 1 | 2 | 3 | 1 | 2 | 3 |
| Nb=8 | 1 | 3 | 4 | 1 | 3 | 4 |
The row mixing transformation:
This part and former algorithm difference are bigger.The operation that the row mixing transformation is listed as and is listed as state.Each row of state are counted as one 8 polynomial expression s (x), and polynomial coefficient is at GF (2
8) on, and an and fixed polynomial a (x) mould x
8+ 1 takes advantage of, that is, the row mixing transformation satisfies following relationship:
s′(x)=a(x)s(x)mod(x
8+1) (16)
Wherein, s (x), s ' (x) are respectively the input and output of the rank transformation of corresponding states,
a(x)={03}x
7+{05}x
6+{03}x
5+{02}x
4+{02}x
3+{04}x
2+{02}x+{02} (17)
In inverse transformation, satisfy the transformation relation of following formula.
s(x)=a
-1(x)s′(x)mod(x
8+1) (18)
Wherein
a
-1(x)={03}x
7+{04}x
6+{03}x
5+{03}x
4+{02}x
3+{05}x
2+{02}x+{03} (19)
By (17) formula and (19) formula as can be seen, a (x) and a
-1(x) coefficient all is not 0, all is distributed between 1~5 simultaneously, and the upper bound is 5.With respect to former algorithm (upper bound of the coefficient of its row mixing transformation is 3, and the upper bound of inverse transformation is 14), distribute concentrating very of the coefficient of expansion algorithm, diffusivity that has and anti-various attack ability are stronger.From our test to the algorithm expense, as can be seen, the encryption/decryption speed approximately equal; Its main cause is exactly because coefficient is distributed on the interval identical and that concentrate very much.
The same with former algorithm, it is exactly that the wheel sub-key mould 2 that will be obtained by key diffusion is added to each byte in the state that sub-key mould 2 adds conversion.Its transformation relation satisfies following formula.
[s’
0,c,s’
1,c,s’
2,c,s’
3,c,s’
4,c,s’
5,c,s’
6,c,s’
7,c]=[s
0,c,s
1,c,s
2,c,s
3,c,s
4,c,s
5,c,s
6,c,s
7,c]xor[w
round*Nb+c] (20)
Wherein, 0≤c<Nb, 0≤round<Nr, [w
i] the wheel sub-key that diffuses to form for key.
The key diffusion:
The same with former algorithm, the key diffusion is made up of two processes:
1. key diffusion: seed key diffuses into the diffusion key;
2. take turns choosing of sub-key: every sub-key of taking turns use is chosen from the diffusion key.
Be with the difference of former algorithm:
The word of at every turn choosing is 64bits (8 byte) rather than 32bits (4 byte);
Defining of wheel constant by (21) formula.
Rcon[i]=(RC[i],{00},{00},{00},{00},{00},{00},{00}) (21)
RC[i] value determine by following two formulas:
RC[1]=’01’ (22)
RC[i]=x·(RC[i-1])=x
(x-1) (23)
The encryption equipment of the symmetric key algorithm of high safety grade, by the DSP module, the FLASH module, McBSP0 expansion mouth is formed, " D15-D0 " of DSP module joins with " D15-D0 " of FLASH module end, " A15-A0 " of DSP module joins with " A15-A0 " of FLASH module end, " MSTRB; R/W " of DSP module by with door connect the FLASH module " WE " end, " MSTRB " of DSP module separates the input end of a not gate, " R/W " of the output terminal of this not gate and DSP module (13) connects two input ends of a Sheffer stroke gate respectively, " OE " end of the output termination FLASH module of this Sheffer stroke gate, " the BCLKR0; BFSR0; BDR0; BCLKX0; BFSX0; BDX0 of DSP module, INT0, INT1, IACK " connect McBSP0 expansion mouthful.
Claims (7)
1. the encryption method of a high safety grade symmetric key algorithm, it is characterized in that encryption method is: being in series by N wheel encryption round combines, the encryption of each encryption round is row shift transformation (1) in proper order, the S box substitutes row mixing transformation (2), sub-key mould 2 adds conversion (3), the last output of each encryption round, be that sub-key mould 2 adds conversion (3), the input that connects next encryption round is shift transformation (1) at once, expressly (4) and seed key (5) carry out data/key addition, the result of data/key addition (6) send the 0th capable shift transformation (1) of taking turns, and seed key (5) is through the encryption round sub-key W of key diffusion (7) generation simultaneously
iLast conversion of giving each encryption round respectively is that sub-key mould 2 adds conversion (3); The encryption of the encryption round that last is taken turns is that S box alternative transforms (8), row shift transformation (1), sub-key mould 2 add conversion (3) in proper order, and last sub-key mould 2 of taking turns encryption round adds conversion (3) output ciphertext; Wherein: row shift transformation (1) promptly carries out circulative shift operation separately to each byte of going of state; The S box substitutes _ and row mixing transformation (2) promptly rearranges the order change of the encryption round of expansion algorithm, the S box substituted and the row displacement is exchanged in proper order, and S box alternative transforms is merged to the row mixing transformation; Sub-key mould 2 adds wheel sub-key mould 2 that conversion (3) is about to be obtained by the key diffusion and is added to each byte in the state; The transform method of row shift transformation (1) is: the row shift transformation carries out circulative shift operation separately to byte of each row of state, satisfies following relationship: the 0th row and the 4th capablely is not shifted; The 1st row and the 5th row move 1 byte; If the 2nd row and the 6th row Nb=4, wherein the Nb length that is at every turn to enter data block in the encryption round in this cryptographic algorithm is divided by 64, or Nb=6, moves 2 bytes, otherwise moves 3 bytes; If the 3rd row and the 7th row Nb=4 or Nb=6 move 3 bytes, otherwise move 4 bytes; The S box substitutes _ and the transform method of row mixing transformation (2) is: in advance each byte of S box taken advantage of with 02,03,04,05 mould m (x) respectively, wherein m (x)=x
8+ 1, the S box permutation table of 4 One-Dimensional Extended of formation: MUL02, MUL03, MUL04, MUL05, wherein the specific descriptions of these 4 tables and qualification are shown in following equation:
MUL02[·]=S[·]·02mod m(x)
MUL03[·]=S[·]·03mod m(x)
MUL04[·]=S[·]·04mod m(x)
MUL05[·]=S[·]·05mod m(x)
M (x)=x wherein
8+ 1
Order change to the encryption round of expansion algorithm rearranges, and the S box is substituted and the row displacement is exchanged in proper order, and S box alternative transforms is merged to the row mixing transformation; Earlier from each expansion S box permutation table, find numerical value after each row byte conversion of state in the time of conversion, then these numerical value are carried out XOR, the new numerical value after the whole conversion of a certain byte of the state that obtains according to the coefficient of row mixing transformation; By that analogy, can obtain new numerical value after other byte conversion of state; The transform method that sub-key mould 2 adds conversion (3) is: it is exactly each byte that will be added to by the wheel sub-key mould 2 that key diffusion obtains in the state that sub-key mould 2 adds conversion.
2. the encryption method of high safety grade symmetric key algorithm according to claim 1, it is characterized in that the wheel number of times Nr that encrypts is determined jointly by Nk and Nb, wherein Nk is the integer that the length of seed key divides exactly 64 gained, Nb is for enter the integer that the length of data block in the encryption round divides exactly 64 gained in this cryptographic algorithm at every turn, just the big numerical value that equals among Nk and the Nb of the numerical value of Nr adds 6, thereby to obtain Nr be 10,12 or 14.
3. the encryption method of high safety grade symmetric key algorithm according to claim 1 is characterized in that key spreads (7) and is made up of two processes:
1) key diffusion: seed key diffuses into the diffusion key;
2) choosing of wheel sub-key:
● every sub-key of taking turns use is chosen from the diffusion key;
● the word of at every turn choosing is i.e. 8 bytes of 64bits;
● the wheel constant is made of the constant of 8 bytes, and 7 bytes in the front of this 8 byte are 0, and last byte of the first round is 01, and last byte of all the other each wheels takes advantage of ' 02 ' to constitute by last byte mould of the wheel constant that take turns front one.
4. the decryption method of a high safety grade symmetric key algorithm, it is characterized in that decryption method is: being in series by N wheel decryption round combines, the deciphering of each decryption round is that sub-key mould 2 adds conversion (3) in proper order, contrary row mixing transformation (9), contrary S box alternative transforms (10), shift transformation (11) drives in the wrong direction, the input that the promptly retrograde shift transformation (11) of the last output of each decryption round connects next decryption round is that sub-key mould 2 adds conversion (3), ciphertext (12) and seed key (5) are through data/key addition (6), the result of data/key addition (6) send the 0th sub-key mould 2 of taking turns to add conversion (3), and seed key (5) is through the decryption round sub-key W of key diffusion (7) generation simultaneously
iFirst conversion of giving each decryption round respectively is that sub-key mould 2 adds conversion (3); The deciphering of the decryption round that last is taken turns is that sub-key mould 2 adds conversion (3), contrary S box alternative transforms (10), the shift transformation (11) that drives in the wrong direction in proper order, and last takes turns retrograde shift transformation (11) the output plaintext of decryption round; The transform method that sub-key mould 2 adds conversion (3) is: it is exactly each byte that will be added to by the wheel sub-key mould 2 that key diffusion obtains in the state that sub-key mould 2 adds conversion; The shift transformation (11) that drives in the wrong direction is the inverse transformation of capable shift transformation (1); Contrary row mixing transformation (9) is the conversion of the operation that state is listed as and is listed as according to the coefficient that is listed as the mixing inverse transformation; Contrary S box alternative transforms (10) is the inverse transformation of S box alternative transforms (8); S box alternative transforms (8) is a nonlinear byte alternative transforms; A S box is used in this conversion, and the one dimension table that it is made up of 256 elements is according to corresponding substitution value in the numerical value retrieval S box of each byte of intermediate result, according to the substitution value of correspondence in the numerical value retrieval S box of each byte of intermediate result; The S box is a kind of reversible permutation table, is made up of two sub-conversion:
1. finite field gf (2
8) on multiplication contrary, { 00} is mapped as itself to element;
2. affine on the finite field gf (2), shown in following equation:
b′
i=b
ib
(i+4)mod8b
(i+5)mod8b
(i+6)mod8b
(i+7)mod8c
i
Wherein, 0≤i<8, b
iBe the i bit of conversion byte, { c
7c
6c
5c
4c
3c
2c
1c
0}={ 63h}={01100011b}.
5. the decryption method of high safety grade symmetric key algorithm according to claim 4, it is characterized in that contrary row mixing transformation (9) transform method is: the order that does not change each 4 conversion taking turns, just contrary row mixing transformation is made amendment, work out four multiplier factor table: LUT02, LUT03, LUT04 and LUT05 in advance, wherein the specific descriptions of these 4 tables and qualification are shown in following equation:
LUT02[i]=i·02mod m(x)
LUT03[i]=i·03mod m(x)
LUT04[i]=i·04mod m(x)
LUT05[i]=i·05mod m(x)
I=0 wherein, 1,2...255, m (x)=x
8+ 1
In the time of conversion, first coefficient according to row mixing inverse transformation finds the numerical value after each row byte mould of state is taken advantage of from each multiplier factor table, then these numerical value are carried out XOR, new numerical value after a certain byte inverse transformation of the state that obtains, by that analogy, can obtain new numerical value after other byte conversion of state.
6. the decryption method of high safety grade symmetric key algorithm according to claim 4, the inverse transformation of shift transformation (11) for row shift transformation (1) is characterized in that driving in the wrong direction, the transform method of row shift transformation (1) is: the row shift transformation carries out circulative shift operation separately to byte of each row of state, satisfies following relationship: the 0th row and the 4th capablely is not shifted; The 1st row and the 5th row move 1 byte; If the 2nd row and the 6th row Nb=4, the length that Nb is to enter data block in the encryption round in this cryptographic algorithm at every turn is divided by 64, or Nb=6, moves 2 bytes, otherwise moves 3 bytes; If the 3rd row and the 7th row Nb=4 or Nb=6 move 3 bytes, otherwise move 4 bytes.
7. the encryption equipment of a high safety grade symmetric key algorithm, it is characterized in that encryption equipment is by DSP module (13), FLASH module (14), McBSP0 expansion mouthful (15) is formed, " D15-D0 " of DSP module (13) joins with " D15-D0 " end of FLASH module (14), " A15-A0 " of DSP module (13) joins with " A15-A0 " end of FLASH module (14), " MSTRB; R/W " of DSP module (13) by with door connect FLASH module (14) " WE " end, " MSTRB " of DSP module (13) connects the input end of a not gate, " R/W " of this non-gate output terminal and DSP module (13) connects two input ends of a Sheffer stroke gate respectively, " OE " end of the output termination FLASH module (14) of this Sheffer stroke gate, " the BCLKR0; BFSR0; BDR0; BCLKX0; BFSX0; BDX0 of DSP module (13), INT0, INT1, IACK " connect McBSP0 expansion mouthful (15).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03113387 CN1258148C (en) | 2003-05-01 | 2003-05-01 | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03113387 CN1258148C (en) | 2003-05-01 | 2003-05-01 | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1445681A CN1445681A (en) | 2003-10-01 |
| CN1258148C true CN1258148C (en) | 2006-05-31 |
Family
ID=27814708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03113387 Expired - Fee Related CN1258148C (en) | 2003-05-01 | 2003-05-01 | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1258148C (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100080395A1 (en) * | 2006-11-17 | 2010-04-01 | Koninklijke Philips Electronics N.V. | Cryptographic method for a white-box implementation |
| CN102023937A (en) * | 2010-11-19 | 2011-04-20 | 苏州国芯科技有限公司 | Dataflow encryption method for USB (Universal Serial Bus) storage equipment |
| CN102404123A (en) * | 2012-01-04 | 2012-04-04 | 王勇 | Encryption method based on algorithm transformation |
| CN102624520B (en) * | 2012-05-02 | 2014-10-29 | 西安电子科技大学 | 192 bit key expansion system and method based on AES (Advanced Encryption Standard) |
| CN102664730B (en) * | 2012-05-02 | 2014-11-12 | 西安电子科技大学 | 128 bit secret key expansion method based on AES (Advanced Encryption Standard) |
| CN102857334B (en) * | 2012-07-10 | 2015-07-08 | 记忆科技(深圳)有限公司 | Method and device for realizing AES (advanced encryption standard) encryption and decryption |
| CN103500294B (en) * | 2013-09-23 | 2016-03-23 | 北京荣之联科技股份有限公司 | A kind of file encryption-decryption method and device |
| DE102015211668B4 (en) | 2015-06-24 | 2019-03-28 | Volkswagen Ag | Method and device for increasing the safety of a remote release, motor vehicle |
| KR101914453B1 (en) * | 2015-10-29 | 2018-11-02 | 삼성에스디에스 주식회사 | Apparatus and method for encryption |
| CN105939190A (en) * | 2016-06-23 | 2016-09-14 | 天津中安华典数据安全科技有限公司 | AES data encryption method for offline key generation based on FPGA |
| CN116186742A (en) * | 2023-04-24 | 2023-05-30 | 东方空间技术(山东)有限公司 | Method, device and equipment for encrypting and storing arrow-mounted data |
-
2003
- 2003-05-01 CN CN 03113387 patent/CN1258148C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1445681A (en) | 2003-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mathur et al. | AES based text encryption using 12 rounds with dynamic key selection | |
| CN1172235C (en) | Extended secret key generator, encryption/decryption element, extended secret key producing method and storage medium | |
| US8094816B2 (en) | System and method for stream/block cipher with internal random states | |
| CN1258148C (en) | Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer | |
| CN1663172A (en) | Round key generation for AES RIJNDAEL block cipher | |
| CN1758591A (en) | In encryption system, handle method, circuit and the program product of masked data | |
| CN108964872B (en) | Encryption method and device based on AES | |
| CN1648967A (en) | Cryptographic apparatus, cryptographic method, and storage medium thereof | |
| CN1672352A (en) | Advanced encryption standard (AES) hardware cryptographic engine | |
| CN1527531A (en) | Method of realizing data enciphering standard or double data enciphering standard | |
| CN101034978A (en) | Table splitting for cryptographic processes | |
| CA2414261A1 (en) | Method of encryption using multi-key process to create a variable-length key | |
| CN1677921A (en) | Method for enciphering data through programmable device | |
| CN106982116B (en) | Local file encryption method of AES (advanced encryption Standard) based on reversible logic circuit | |
| CN111478766B (en) | Method, device and storage medium for realizing block cipher MEG | |
| Gueron et al. | Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8) | |
| CN1180351C (en) | Encrypting method for reinforcing disordered block cipher | |
| CN103873229A (en) | Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment | |
| CN1835586A (en) | Stream cipher generator, random digit generation method, encrypting system and encryption method | |
| CN107835070B (en) | Simple embedded encryption method | |
| CN1719766A (en) | Sbox module optimizing method and circuit in AES encryption and decryption circuit | |
| CN111314054A (en) | Novel high-security lightweight ECEG block cipher realization method, system and storage medium | |
| CN106921486A (en) | The method and apparatus of data encryption | |
| JP5207153B2 (en) | Pseudo random number generation system | |
| CN1549105A (en) | Method for realizing AES algorithm by serial hardware in intelligent card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |