CN111478766A - Method, device and storage medium for realizing block cipher MEG - Google Patents

Method, device and storage medium for realizing block cipher MEG Download PDF

Info

Publication number
CN111478766A
CN111478766A CN202010068953.7A CN202010068953A CN111478766A CN 111478766 A CN111478766 A CN 111478766A CN 202010068953 A CN202010068953 A CN 202010068953A CN 111478766 A CN111478766 A CN 111478766A
Authority
CN
China
Prior art keywords
key
transformation
matrix
round
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010068953.7A
Other languages
Chinese (zh)
Other versions
CN111478766B (en
Inventor
李秋萍
李浪
刘波涛
赵军霞
张剑
李康满
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN202010068953.7A priority Critical patent/CN111478766B/en
Publication of CN111478766A publication Critical patent/CN111478766A/en
Application granted granted Critical
Publication of CN111478766B publication Critical patent/CN111478766B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The adopted extended generalized Feistel structure generates an optimal diffusion layer for column aliasing operation after 4 iterations. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved. When the technical scheme is implemented by hardware, the matrix used for key expansion is a circular matrix, and the original key can be expanded by only storing 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.

Description

Method, device and storage medium for realizing block cipher MEG
Technical Field
The invention belongs to the field of computers, and particularly relates to a method and a device for realizing a block cipher MEG and a storage medium.
Background
With the rapid development of the information age, the information security technology plays an increasingly important role in the social life of people, and cryptography is a basis of the information security technology and receives more and more attention. Block cipher algorithms are widely used in computer communications and information system security because of their advantages in encryption speed, amount of encrypted data, design criteria, and software and hardware implementation.
However, with the application of micro-computing storage devices such as infrared sensing devices, Radio Frequency Identification Devices (RFID), Wireless Sensors (WSN), personal digital assistant terminals (PDA) and other micro embedded devices in recent years, the technology of internet of things is advanced to the aspect of people's life, and it also bears a great amount of private information of countries, enterprises and individuals, and how to ensure the security of these resource-limited devices on the internet of things has become an urgent problem to be solved. In this context, research on lightweight block ciphers has been ongoing.
In recent years, a batch of lightweight Block ciphers are designed, such as L ED, TWINE, PRESENT, Piccolo, L Block, and microdori, which have a better contract with the encryption environment of resource-constrained devices in the internet of things, but sometimes reduce the security for reducing the resource occupation, or reduce the encryption and decryption efficiency for ensuring a lower resource area, so the designed lightweight Block ciphers are easy to attack.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, aiming at overcoming the problem that the security is not high and the MEG is easy to be attacked on the premise of ensuring that the occupied area of the resources of the existing lightweight block cipher algorithm is not high.
The technical scheme of the invention is as follows:
on one hand, a method for implementing a block cipher MEG comprises the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
In the block cipher MEG, M refers to a maximum distance separable generator matrix (MDS matrix), and EG refers to an Extended general Feistel Structure.
Further, the specific process of expanding the original key by using the maximum distance separable generator matrix is as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
Figure BDA0002376799090000021
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure BDA0002376799090000022
wherein, the elements in W are in 16-system representation.
The matrix W (MDS matrix) can be used to construct an optimal diffusion layer that is best able to withstand differential analysis and linear analysis, thus further ensuring the security of the key. Meanwhile, the diffusion means that each input bit affects output bits as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, which description is exactly consistent with diffusion.
Further, the matrix used by the EFG column hybrid transformation operation adopts a MDS matrix of 4 × 4 formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
Figure BDA0002376799090000031
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In the technical scheme, two construction modes of the MDS matrix exist, including a generation mode of applying maximum distance divisible codes and a generation mode of iterating 4 times by utilizing an extended generalized Feistel structure.
The MDS matrix constructed by the generator matrix applying the maximum distance separable codes is used for performing key expansion operation, the first MDS matrix is used for performing key expansion, the construction of the MDS matrix through an iteration mode is firstly proposed in L ED block ciphers in 2011, but a linear feedback shift register is adopted for performing iteration construction at the moment.
In one aspect, an apparatus for implementing a block cipher MEG includes:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after the 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG row mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant adding inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
Further, the expanded key module is to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
Figure BDA0002376799090000041
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure BDA0002376799090000042
wherein, the elements in W are in 16-system representation.
Further, the matrix structure used by the EFG column hybrid transformation module is an MDS matrix structure of 4 × 4 formed after 4 iterations by using an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure BDA0002376799090000043
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In another aspect, a computer storage medium includes a computer program that, when executed by a processing terminal, causes the processing terminal to execute a block cipher MEG implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, matrix multiplication on a finite field is carried out on a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer and an original key, thereby finishing the operation of expanding the original key. The diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, and this description is exactly consistent with the diffusion definition. The optimal diffusion layer can resist differential analysis and linear analysis best, so that the safety of the algorithm can be further improved.
The technical scheme of the invention also provides an extended generalized Feistel structure, and a best diffusion layer is generated after 4 iterations, and corresponds to the column confusion operation in the encryption algorithm. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved.
According to the technical scheme, when hardware is implemented, the matrix corresponding to the key expansion algorithm is a circular matrix, so that all elements do not need to be stored, and the seed key can be expanded only by storing the 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Drawings
FIG. 1 is a MEG lightweight block cipher algorithm encryption flow chart of the method of the present invention;
FIG. 2 is a MEG lightweight block cipher algorithm decryption flow chart of the method of the present invention;
fig. 3 is a diagram of a corresponding extended generalized Feistel structure in a column hybrid transform operation according to the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples.
A method for realizing a block cipher MEG is characterized in that the MEG algorithm has a block length of 64 bits and a key length of 64 bits, and comprises 32 rounds of operation. As shown in fig. 1, the encryption operation includes six modules, namely, a key expansion algorithm (KeyExpansion), round key addition transformation (addroundkey), constant addition transformation (addrontents), S-box substitution transformation (SubCell), shift transformation (ShiftRow), and column obfuscation transformation (mixcolumns), and after the round key addition transformation is started once, every 2 rounds of constant addition transformation, S-box substitution transformation, shift transformation, and column hybrid transformation are performed once. Decryption operation flow as shown in fig. 2, the algorithm decryption round operation includes six modules, namely, column confusion inverse transform (InvMixColumns), row shift inverse transform (InvShiftRows), S-box replacement inverse transform (InvSubCells), constant plus inverse transform (invaddcondonstants), round key plus transform (addroundkey) and key expansion algorithm (KeyExpansion).
The block cipher MEG algorithm pseudo-code is described below.
Algorithm 1: block cipher MEG algorithm encryption process
Inputting: plaintext, Key;
and (3) outputting: ciphertext;
1.State←Plaintext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.AddConstants(State);
7.SubCells(State);
8.ShiftRows(State);
9.MixColumns(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs the corresponding round key; if i is even, KeyiIs an original Key, if i is an odd number, KeyiIs an expanded key.
And (3) key expansion operation: the original key is represented as 16 finite fields GF (2) of 4-bit one bit4) And arranged in a matrix of 4 × 4 as follows.
Figure BDA0002376799090000061
And applying a generating matrix W of the following maximum distance divisible codes to perform matrix multiplication operation on a finite field with the seed key so as to obtain a new round key K'. Namely, it is
Figure BDA0002376799090000062
Wherein the data in the matrix W is in 16-ary representation.
Round key addition: performing XOR operation on the 64-bit plaintext or the intermediate value of each 2 rounds and the ith (i is more than or equal to 1 and less than or equal to 17) round key 64-bit, and performing XOR operation on the 64-bit plaintext or the intermediate value State (State) of each 2 rounds0,…,state15) I-th round key
Figure BDA0002376799090000063
Is operated in relation to
Figure BDA0002376799090000064
(j is more than or equal to 0 and less than or equal to 16), wherein if i is an odd number, Key isiIs the original Key, i is even number, KeyiIs the expanded key.
Constant plus variationChanging: the intermediate state matrix is exclusive-or-ed by a round constant matrix; the wheel constants are specifically defined as shown in the following matrix, (rc)5,rc4,rc3,rc2,r1c,r0c) For 6 bits, the initial value takes 0. Is shifted to the left and will
Figure BDA0002376799090000065
As new rc0The value of (c).
Figure BDA0002376799090000071
S box replacement transformation: the S-box of the PRESENT algorithm is used, 16 4-bits of the intermediate state matrix are used for S-box conversion of each 4-bit, and the conversion relation is shown in a table 1.
TABLE 1 MEG S-Box
Figure BDA0002376799090000072
Line shift transformation for a matrix of 4 × 4 consisting of 16 cells, each line of the matrix is shifted to a different cell in the left cycle, the 0 th line cycle is left unchanged, the 1 st line cycle is shifted to the left by 1 cell, the 2 nd line is shifted to the left by 2 cells, and the 3 rd line cycle is shifted to the left by 3 cells.
Column mixing transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
Figure BDA0002376799090000073
The column hybrid transformation operation is that the 4 × 4 matrix composed of 16 units in the column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (1), where the data is represented in 16-ary form.
Figure BDA0002376799090000074
The block cipher MEG decryption algorithm is described as follows.
Inputting: cipertext, Key;
and (3) outputting: plaintext;
1.State←Ciphertext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.InvMixColumns(State);
7.InvShiftRows(State);
8.InvSubCells(State);
9.InvAddConstants(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs a round key; when i is even, KeyiIs an original Key, when i is odd, KeyiIs an expanded key.
The MEG decryption uses four inverse transformations in encryption transformation, round key addition transformation and key expansion transformation, wherein the round key addition, constant addition operation and key expansion operation inverse transformation are performed to the MEG decryption; and decrypting the ciphertext in the reverse order of the encryption operation, wherein the key used in the decryption process is the same as the encryption process.
S-box replacement inverse transformation: the inverse transformation of the S-box using the PRESENT algorithm is followed, 16 4-bits of the intermediate state matrix are subjected to S-box transformation for each 4-bit, and the transformation relation thereof is shown in Table 2
TABLE 2 inverse S-box transform of MEG
Figure BDA0002376799090000081
And (3) line shift inverse transformation, namely for a 4 × 4 matrix consisting of 16 units, each line of the matrix is shifted to the right by different units, the cycle of the 0 th line is kept unchanged, the cycle of the 1 st line is shifted to the right by 1 unit, the 2 nd line is shifted to the right by 2 units, and the cycle of the 3 rd line is shifted to the right by 3 units.
Column hybrid inverse transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as the following m', wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
Figure BDA0002376799090000082
The column hybrid transformation operation is that the 4 × 4 matrix composed of 16 units in the column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (2), where the data is represented in 16-ary.
Figure BDA0002376799090000083
MEG-64 Algorithm test data is shown in Table 3:
TABLE 3 Block cipher MEG Algorithm test data
Plaintext key CiPhertext
0000-0000-0000-0000 0000-0000-0000-0000 A481-5A45-1DA0-C5F2
0000-0000-0000-0000 FFFF-FFFF-FFFF-FFFF BBDE-C811-2B31-E305
FFFF-FFFF-FFFF-FFFF 0000-0000-0000-0000 524E-898B-B3C5-C9A2
FFFF-FFFF-FFFF-FFFF FFFF-FFFF-FFFF-FFFF 57A3-5E98-A4F2-3AF2
6666-6666-6666-6666 0123-4567-89AB-CDEF EF8E-9A7F-760B-3EAD
The block cipher MEG algorithm is realized by hardware in an ASIC, and is synthesized in a Synopsys design compiler Version B-6008.09, wherein a comprehensive process library is SMIC 0.18umCMOS, and in a comprehensive experiment, the unit of area resources is GE. The resource area occupied by the MEG-64 algorithm is 1318 GE. The area comparison achieved by each lightweight block cipher algorithm is shown in table 4.
TABLE 4 area comparison for lightweight block cipher algorithms
Figure BDA0002376799090000091
Based on the above method, an embodiment of the present invention further provides an apparatus for implementing a block cipher MEG, including:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after the 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG row mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant adding inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
The expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
Figure BDA0002376799090000101
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure BDA0002376799090000102
wherein, the elements in W are in 16-system representation.
The matrix structure used by the EFG column hybrid transformation module is an MDS (Multi-dimensional System) matrix structure of 4 × 4 formed after 4 iterations by adopting an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure BDA0002376799090000103
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
It should be understood that the functional unit modules in the embodiments of the present invention may be integrated into one processing unit, or each unit module may exist alone physically, or two or more unit modules are integrated into one unit module, and may be implemented in the form of hardware or software.
The embodiment of the present invention further provides a computer storage medium, which includes a computer program, and when the computer program instruction is executed by a processing terminal, the processing terminal executes a method for implementing a group cipher MEG, which has the beneficial effects of the method part, and is not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (7)

1. A method for realizing a block cipher MEG is characterized by comprising the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
2. The method of claim 1, wherein the original key is expanded by using the maximum distance separable generator matrix as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
Figure FDA0002376799080000011
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure FDA0002376799080000012
wherein, the elements in W are in 16-system representation.
3. The method of claim 1, wherein the EFG column mixture transform operation uses a matrix of MDS 4 × 4 formed after 4 iterations of an extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
Figure FDA0002376799080000021
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
4. A block cipher MEG implementation device is characterized by comprising:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
5. The apparatus of claim 4, wherein the expanded key module is configured to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
Figure FDA0002376799080000022
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
Figure FDA0002376799080000031
wherein, the elements in W are in 16-system representation.
6. The apparatus of claim 4, wherein the matrix structure used by the EFG column hybrid transform module is an MDS matrix structure of 4 × 4 formed after 4 iterations with an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
Figure FDA0002376799080000032
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
7. A computer storage medium comprising a computer program, wherein the computer program instructions, when executed by a processing terminal, cause the processing terminal to perform the method of any of claims 1 to 3.
CN202010068953.7A 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG Active CN111478766B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010068953.7A CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010068953.7A CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Publications (2)

Publication Number Publication Date
CN111478766A true CN111478766A (en) 2020-07-31
CN111478766B CN111478766B (en) 2021-09-28

Family

ID=71747039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010068953.7A Active CN111478766B (en) 2020-01-21 2020-01-21 Method, device and storage medium for realizing block cipher MEG

Country Status (1)

Country Link
CN (1) CN111478766B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134691A (en) * 2020-10-27 2020-12-25 衡阳师范学院 Method, device and medium for realizing NLCS block cipher with repeatable components
CN113645615A (en) * 2021-08-12 2021-11-12 衡阳师范学院 Lightweight block cipher encryption and decryption method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025484A (en) * 2010-12-17 2011-04-20 北京航空航天大学 Block cipher encryption and decryption method
US8130946B2 (en) * 2007-03-20 2012-03-06 Michael De Mare Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation
CN104065474A (en) * 2014-07-14 2014-09-24 衡阳师范学院 Novel low-resource efficient lightweight Surge block cipher implementation method
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
US9960908B1 (en) * 2015-06-19 2018-05-01 Amazon Technologies, Inc. Reduced-latency packet ciphering
CN108206735A (en) * 2016-12-16 2018-06-26 波音公司 The method and system of password round key is generated by bit mixer
CN108206736A (en) * 2018-01-11 2018-06-26 衡阳师范学院 A kind of lightweight cryptographic algorithm HBcipher implementation methods and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8130946B2 (en) * 2007-03-20 2012-03-06 Michael De Mare Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation
CN102025484A (en) * 2010-12-17 2011-04-20 北京航空航天大学 Block cipher encryption and decryption method
CN104065474A (en) * 2014-07-14 2014-09-24 衡阳师范学院 Novel low-resource efficient lightweight Surge block cipher implementation method
US9960908B1 (en) * 2015-06-19 2018-05-01 Amazon Technologies, Inc. Reduced-latency packet ciphering
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method
CN108206735A (en) * 2016-12-16 2018-06-26 波音公司 The method and system of password round key is generated by bit mixer
CN107707343A (en) * 2017-11-08 2018-02-16 贵州大学 The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN108206736A (en) * 2018-01-11 2018-06-26 衡阳师范学院 A kind of lightweight cryptographic algorithm HBcipher implementation methods and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134691A (en) * 2020-10-27 2020-12-25 衡阳师范学院 Method, device and medium for realizing NLCS block cipher with repeatable components
CN113645615A (en) * 2021-08-12 2021-11-12 衡阳师范学院 Lightweight block cipher encryption and decryption method
CN113645615B (en) * 2021-08-12 2023-12-22 衡阳师范学院 Lightweight block cipher encryption and decryption method

Also Published As

Publication number Publication date
CN111478766B (en) 2021-09-28

Similar Documents

Publication Publication Date Title
Guo et al. The PHOTON family of lightweight hash functions
CN110572255B (en) Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium
CN112202547B (en) Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN105959107B (en) A kind of lightweight SFN block cipher implementation method of new high safety
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
CN109450632B (en) Key recovery method based on white-box block cipher CLEFIA analysis
CN110784307B (en) Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium
CN103634101A (en) Encryption processing method and encryption processing equipment
Zhang et al. Differential cryptanalysis on block cipher skinny with MILP program
CN111478766B (en) Method, device and storage medium for realizing block cipher MEG
Li et al. Keyed hash function based on a dynamic lookup table of functions
Dawood et al. The new block cipher design (Tigris Cipher)
CN111245598A (en) Method for realizing lightweight AEROGEL block cipher
CN111614457B (en) P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium
CN111314054B (en) Lightweight ECEG block cipher realization method, system and storage medium
Luo et al. Optimization of AES-128 encryption algorithm for security layer in zigbee networking of internet of things
Buell Modern symmetric ciphers—Des and Aes
Kumar et al. Efficient implementation of Advanced Encryption Standard (AES) for ARM based platforms
Gueron et al. Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8)
Faraoun Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata
CN114244496B (en) SM4 encryption and decryption algorithm parallelization realization method based on tower domain optimization S box
CN106921486A (en) The method and apparatus of data encryption
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
Orhanou et al. Analytical evaluation of the stream cipher ZUC
CN105577362B (en) A kind of byte replacement method and system applied to aes algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant