CN111478766A - Method, device and storage medium for realizing block cipher MEG - Google Patents
Method, device and storage medium for realizing block cipher MEG Download PDFInfo
- Publication number
- CN111478766A CN111478766A CN202010068953.7A CN202010068953A CN111478766A CN 111478766 A CN111478766 A CN 111478766A CN 202010068953 A CN202010068953 A CN 202010068953A CN 111478766 A CN111478766 A CN 111478766A
- Authority
- CN
- China
- Prior art keywords
- key
- transformation
- matrix
- round
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The invention discloses a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer is subjected to matrix multiplication on a finite field with an original key, so that the operation of expanding the original key is completed. The adopted extended generalized Feistel structure generates an optimal diffusion layer for column aliasing operation after 4 iterations. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved. When the technical scheme is implemented by hardware, the matrix used for key expansion is a circular matrix, and the original key can be expanded by only storing 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Description
Technical Field
The invention belongs to the field of computers, and particularly relates to a method and a device for realizing a block cipher MEG and a storage medium.
Background
With the rapid development of the information age, the information security technology plays an increasingly important role in the social life of people, and cryptography is a basis of the information security technology and receives more and more attention. Block cipher algorithms are widely used in computer communications and information system security because of their advantages in encryption speed, amount of encrypted data, design criteria, and software and hardware implementation.
However, with the application of micro-computing storage devices such as infrared sensing devices, Radio Frequency Identification Devices (RFID), Wireless Sensors (WSN), personal digital assistant terminals (PDA) and other micro embedded devices in recent years, the technology of internet of things is advanced to the aspect of people's life, and it also bears a great amount of private information of countries, enterprises and individuals, and how to ensure the security of these resource-limited devices on the internet of things has become an urgent problem to be solved. In this context, research on lightweight block ciphers has been ongoing.
In recent years, a batch of lightweight Block ciphers are designed, such as L ED, TWINE, PRESENT, Piccolo, L Block, and microdori, which have a better contract with the encryption environment of resource-constrained devices in the internet of things, but sometimes reduce the security for reducing the resource occupation, or reduce the encryption and decryption efficiency for ensuring a lower resource area, so the designed lightweight Block ciphers are easy to attack.
Disclosure of Invention
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, aiming at overcoming the problem that the security is not high and the MEG is easy to be attacked on the premise of ensuring that the occupied area of the resources of the existing lightweight block cipher algorithm is not high.
The technical scheme of the invention is as follows:
on one hand, a method for implementing a block cipher MEG comprises the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
In the block cipher MEG, M refers to a maximum distance separable generator matrix (MDS matrix), and EG refers to an Extended general Feistel Structure.
Further, the specific process of expanding the original key by using the maximum distance separable generator matrix is as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
The matrix W (MDS matrix) can be used to construct an optimal diffusion layer that is best able to withstand differential analysis and linear analysis, thus further ensuring the security of the key. Meanwhile, the diffusion means that each input bit affects output bits as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, which description is exactly consistent with diffusion.
Further, the matrix used by the EFG column hybrid transformation operation adopts a MDS matrix of 4 × 4 formed after 4 iterations of the extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In the technical scheme, two construction modes of the MDS matrix exist, including a generation mode of applying maximum distance divisible codes and a generation mode of iterating 4 times by utilizing an extended generalized Feistel structure.
The MDS matrix constructed by the generator matrix applying the maximum distance separable codes is used for performing key expansion operation, the first MDS matrix is used for performing key expansion, the construction of the MDS matrix through an iteration mode is firstly proposed in L ED block ciphers in 2011, but a linear feedback shift register is adopted for performing iteration construction at the moment.
In one aspect, an apparatus for implementing a block cipher MEG includes:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after the 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG row mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant adding inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
Further, the expanded key module is to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
Further, the matrix structure used by the EFG column hybrid transformation module is an MDS matrix structure of 4 × 4 formed after 4 iterations by using an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
In another aspect, a computer storage medium includes a computer program that, when executed by a processing terminal, causes the processing terminal to execute a block cipher MEG implementation method.
Advantageous effects
The invention provides a method, a device and a storage medium for realizing a block cipher MEG, and provides a novel key expansion mode, namely, matrix multiplication on a finite field is carried out on a generating matrix of maximum distance divisible codes which can be used for constructing an optimal diffusion layer and an original key, thereby finishing the operation of expanding the original key. The diffusion means that each input bit affects the output bit as much as possible to conceal the statistical characteristics of the input and prevent the statistical analysis attack. This is exactly the same as the statistical independence and sensitivity in the design goal of the key expansion algorithm, since sensitivity refers to changing a few bits of the seed key, and the corresponding sub-key should be changed to a large extent, and this description is exactly consistent with the diffusion definition. The optimal diffusion layer can resist differential analysis and linear analysis best, so that the safety of the algorithm can be further improved.
The technical scheme of the invention also provides an extended generalized Feistel structure, and a best diffusion layer is generated after 4 iterations, and corresponds to the column confusion operation in the encryption algorithm. The optimal diffusion layer has ideal confusion characteristics and has the best effect of resisting differential attack and linear attack, so that the safety of the algorithm can be further improved.
According to the technical scheme, when hardware is implemented, the matrix corresponding to the key expansion algorithm is a circular matrix, so that all elements do not need to be stored, and the seed key can be expanded only by storing the 16-bit elements, so that the security of the cryptographic algorithm is improved, the storage space is saved, and the resource occupation area of the algorithm is reduced.
Drawings
FIG. 1 is a MEG lightweight block cipher algorithm encryption flow chart of the method of the present invention;
FIG. 2 is a MEG lightweight block cipher algorithm decryption flow chart of the method of the present invention;
fig. 3 is a diagram of a corresponding extended generalized Feistel structure in a column hybrid transform operation according to the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples.
A method for realizing a block cipher MEG is characterized in that the MEG algorithm has a block length of 64 bits and a key length of 64 bits, and comprises 32 rounds of operation. As shown in fig. 1, the encryption operation includes six modules, namely, a key expansion algorithm (KeyExpansion), round key addition transformation (addroundkey), constant addition transformation (addrontents), S-box substitution transformation (SubCell), shift transformation (ShiftRow), and column obfuscation transformation (mixcolumns), and after the round key addition transformation is started once, every 2 rounds of constant addition transformation, S-box substitution transformation, shift transformation, and column hybrid transformation are performed once. Decryption operation flow as shown in fig. 2, the algorithm decryption round operation includes six modules, namely, column confusion inverse transform (InvMixColumns), row shift inverse transform (InvShiftRows), S-box replacement inverse transform (InvSubCells), constant plus inverse transform (invaddcondonstants), round key plus transform (addroundkey) and key expansion algorithm (KeyExpansion).
The block cipher MEG algorithm pseudo-code is described below.
Algorithm 1: block cipher MEG algorithm encryption process
Inputting: plaintext, Key;
and (3) outputting: ciphertext;
1.State←Plaintext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.AddConstants(State);
7.SubCells(State);
8.ShiftRows(State);
9.MixColumns(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs the corresponding round key; if i is even, KeyiIs an original Key, if i is an odd number, KeyiIs an expanded key.
And (3) key expansion operation: the original key is represented as 16 finite fields GF (2) of 4-bit one bit4) And arranged in a matrix of 4 × 4 as follows.
And applying a generating matrix W of the following maximum distance divisible codes to perform matrix multiplication operation on a finite field with the seed key so as to obtain a new round key K'. Namely, it is
Wherein the data in the matrix W is in 16-ary representation.
Round key addition: performing XOR operation on the 64-bit plaintext or the intermediate value of each 2 rounds and the ith (i is more than or equal to 1 and less than or equal to 17) round key 64-bit, and performing XOR operation on the 64-bit plaintext or the intermediate value State (State) of each 2 rounds0,…,state15) I-th round keyIs operated in relation to(j is more than or equal to 0 and less than or equal to 16), wherein if i is an odd number, Key isiIs the original Key, i is even number, KeyiIs the expanded key.
Constant plus variationChanging: the intermediate state matrix is exclusive-or-ed by a round constant matrix; the wheel constants are specifically defined as shown in the following matrix, (rc)5,rc4,rc3,rc2,r1c,r0c) For 6 bits, the initial value takes 0. Is shifted to the left and willAs new rc0The value of (c).
S box replacement transformation: the S-box of the PRESENT algorithm is used, 16 4-bits of the intermediate state matrix are used for S-box conversion of each 4-bit, and the conversion relation is shown in a table 1.
TABLE 1 MEG S-Box
Line shift transformation for a matrix of 4 × 4 consisting of 16 cells, each line of the matrix is shifted to a different cell in the left cycle, the 0 th line cycle is left unchanged, the 1 st line cycle is shifted to the left by 1 cell, the 2 nd line is shifted to the left by 2 cells, and the 3 rd line cycle is shifted to the left by 3 cells.
Column mixing transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as m below, wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
The column hybrid transformation operation is that the 4 × 4 matrix composed of 16 units in the column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (1), where the data is represented in 16-ary form.
The block cipher MEG decryption algorithm is described as follows.
Inputting: cipertext, Key;
and (3) outputting: plaintext;
1.State←Ciphertext;
2.KeyExpansion(Key);
3.AddRoundKey(State,Key);
4.for i=1 to 16 do
5.for j=1 to 2 do
6.InvMixColumns(State);
7.InvShiftRows(State);
8.InvSubCells(State);
9.InvAddConstants(State);
10.end for
11.AddRoundKey(State,Keyi);
12.end for
13.Ciphertext←State;
wherein, Key is an original KeyiIs a round key; when i is even, KeyiIs an original Key, when i is odd, KeyiIs an expanded key.
The MEG decryption uses four inverse transformations in encryption transformation, round key addition transformation and key expansion transformation, wherein the round key addition, constant addition operation and key expansion operation inverse transformation are performed to the MEG decryption; and decrypting the ciphertext in the reverse order of the encryption operation, wherein the key used in the decryption process is the same as the encryption process.
S-box replacement inverse transformation: the inverse transformation of the S-box using the PRESENT algorithm is followed, 16 4-bits of the intermediate state matrix are subjected to S-box transformation for each 4-bit, and the transformation relation thereof is shown in Table 2
TABLE 2 inverse S-box transform of MEG
And (3) line shift inverse transformation, namely for a 4 × 4 matrix consisting of 16 units, each line of the matrix is shifted to the right by different units, the cycle of the 0 th line is kept unchanged, the cycle of the 1 st line is shifted to the right by 1 unit, the 2 nd line is shifted to the right by 2 units, and the cycle of the 3 rd line is shifted to the right by 3 units.
Column hybrid inverse transformation: the generalized Feistel structure is iterated for 4 times by adopting an extended generalized Feistel structure shown in FIG. 3, and a specific matrix is shown as the following m', wherein the matrix power operation is in a finite field GF (2)4) In the above process, the data in the matrix are all represented in 16-ary.
The column hybrid transformation operation is that the 4 × 4 matrix composed of 16 units in the column hybrid transformation matrix M and State is in a finite field GF (2)4) The multiplicative transformation above, corresponding to transformation formula (2), where the data is represented in 16-ary.
MEG-64 Algorithm test data is shown in Table 3:
TABLE 3 Block cipher MEG Algorithm test data
Plaintext | key | CiPhertext |
0000-0000-0000-0000 | 0000-0000-0000-0000 | A481-5A45-1DA0-C5F2 |
0000-0000-0000-0000 | FFFF-FFFF-FFFF-FFFF | BBDE-C811-2B31-E305 |
FFFF-FFFF-FFFF-FFFF | 0000-0000-0000-0000 | 524E-898B-B3C5-C9A2 |
FFFF-FFFF-FFFF-FFFF | FFFF-FFFF-FFFF-FFFF | 57A3-5E98-A4F2-3AF2 |
6666-6666-6666-6666 | 0123-4567-89AB-CDEF | EF8E-9A7F-760B-3EAD |
The block cipher MEG algorithm is realized by hardware in an ASIC, and is synthesized in a Synopsys design compiler Version B-6008.09, wherein a comprehensive process library is SMIC 0.18umCMOS, and in a comprehensive experiment, the unit of area resources is GE. The resource area occupied by the MEG-64 algorithm is 1318 GE. The area comparison achieved by each lightweight block cipher algorithm is shown in table 4.
TABLE 4 area comparison for lightweight block cipher algorithms
Based on the above method, an embodiment of the present invention further provides an apparatus for implementing a block cipher MEG, including:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after the 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG row mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant adding inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
The expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
The matrix structure used by the EFG column hybrid transformation module is an MDS (Multi-dimensional System) matrix structure of 4 × 4 formed after 4 iterations by adopting an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
It should be understood that the functional unit modules in the embodiments of the present invention may be integrated into one processing unit, or each unit module may exist alone physically, or two or more unit modules are integrated into one unit module, and may be implemented in the form of hardware or software.
The embodiment of the present invention further provides a computer storage medium, which includes a computer program, and when the computer program instruction is executed by a processing terminal, the processing terminal executes a method for implementing a group cipher MEG, which has the beneficial effects of the method part, and is not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (7)
1. A method for realizing a block cipher MEG is characterized by comprising the following steps:
loading data: loading 64-bit plaintext/64-bit ciphertext to a register to be used as data to be encrypted/decrypted, and performing encryption/decryption operation;
round operation: carrying out 32 rounds of iterative round operation on the data to be encrypted/decrypted according to the following steps;
firstly, carrying out one-time key addition transformation on input data to be encrypted/decrypted to obtain input data of 32-time iterative round operation, and after the 32-time iterative round operation is completed, carrying out one-time key addition transformation again to obtain ciphertext/plaintext data;
the method comprises the steps that a key used in round key adding transformation before the 1 st round of operation starts and after the 1 st round of operation ends is an original key, after the 2 x t round of operation, the key is used for carrying out round key adding transformation once, obtained data are used as input data of subsequent operation, t is {1,2, …, 15}, when t is an odd number, the key participating in round key adding transformation is an expanded key, and when t is an even number, the key participating in round key adding transformation is the original key;
the expanded key is obtained by expanding the original key by using a maximum distance separable code generating matrix;
if encryption operation is carried out, round operation is constant adding transformation, S box transformation, line shift transformation and EFG row mixed transformation in sequence, and if decryption operation is carried out, round operation is EFG row mixed inverse transformation, line shift inverse transformation, S box inverse transformation and constant adding inverse transformation in sequence;
and the EFG column mixed inverse transformation, the EFG column mixed transformation, the row shift inverse transformation, the row shift transformation, the S box inverse transformation, the S box transformation, the constant plus inverse transformation and the constant plus transformation are all operated in an inverse way.
2. The method of claim 1, wherein the original key is expanded by using the maximum distance separable generator matrix as follows:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
3. The method of claim 1, wherein the EFG column mixture transform operation uses a matrix of MDS 4 × 4 formed after 4 iterations of an extended generalized Feistel structure:
the corresponding matrix in the MDS matrix construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
4. A block cipher MEG implementation device is characterized by comprising:
a data loading unit: loading 64-bit plaintext/64-bit ciphertext to a register to serve as data to be encrypted/decrypted, and performing encryption/decryption operation;
the front-end round key encryption and transformation unit is used for inputting the input data to be encrypted/decrypted into the round key encryption and transformation module to obtain the input data of round operation;
a round operation unit: performing 32 rounds of iterative round operation by using input data of round operation, wherein after 2 × t round operation, performing round key addition transformation by using a key, taking the obtained data as input data of subsequent operation, wherein t is {1,2, …, 15}, when t is an odd number, the key participating in round key addition transformation is an expanded key obtained by using an expanded key module, and when t is an even number, the key participating in round key addition transformation is an original key; the expanded key module is used for expanding the original key by utilizing a maximum distance separable code generating matrix to obtain an expanded key;
if the encryption operation is carried out, the round operation unit sequentially comprises a constant addition conversion module, an S box conversion module, a row shift conversion module and an EFG row mixing conversion module; if the decryption operation is carried out, the round operation unit sequentially comprises an EFG column mixed inverse transformation module, a row shift inverse transformation module, an S box inverse transformation module and a constant addition inverse transformation module;
end round key plus transform unit: inputting the data after 32 rounds of iterative operation into a round key and transformation module to obtain ciphertext/plaintext data;
the key used in the front-end wheel key and transformation unit and the tail-end wheel key and transformation unit is an original key;
the EFG column mixed inverse transformation module, the EFG column mixed transformation module, the row shift inverse transformation module, the row shift transformation module, the S box inverse transformation module, the S box transformation module, the constant inverse transformation module and the constant transformation module are all inverse operation modules.
5. The apparatus of claim 4, wherein the expanded key module is configured to expand the original key by using a maximum distance separable generator matrix to obtain an expanded key:
dividing the original key from high bit to low bit to obtain 16 finite fields GF (2) with 4-bit and one bit4) The above elements, and arranged in turn as the original key matrix K of 4 × 4:
applying a maximum distance separable code generating matrix W to perform matrix multiplication operation on a limited domain with an original key matrix K, thereby obtaining a new key matrix K':
wherein, the elements in W are in 16-system representation.
6. The apparatus of claim 4, wherein the matrix structure used by the EFG column hybrid transform module is an MDS matrix structure of 4 × 4 formed after 4 iterations with an extended generalized Feistel structure:
the corresponding matrix structure in the MDS matrix structure construction process is as follows:
wherein M refers to a matrix corresponding to the extended generalized Feistel structure, M is an MDS matrix, and elements in M and M are both in a 16-system.
7. A computer storage medium comprising a computer program, wherein the computer program instructions, when executed by a processing terminal, cause the processing terminal to perform the method of any of claims 1 to 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068953.7A CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068953.7A CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111478766A true CN111478766A (en) | 2020-07-31 |
CN111478766B CN111478766B (en) | 2021-09-28 |
Family
ID=71747039
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010068953.7A Active CN111478766B (en) | 2020-01-21 | 2020-01-21 | Method, device and storage medium for realizing block cipher MEG |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111478766B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112134691A (en) * | 2020-10-27 | 2020-12-25 | 衡阳师范学院 | Method, device and medium for realizing NLCS block cipher with repeatable components |
CN113645615A (en) * | 2021-08-12 | 2021-11-12 | 衡阳师范学院 | Lightweight block cipher encryption and decryption method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025484A (en) * | 2010-12-17 | 2011-04-20 | 北京航空航天大学 | Block cipher encryption and decryption method |
US8130946B2 (en) * | 2007-03-20 | 2012-03-06 | Michael De Mare | Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation |
CN104065474A (en) * | 2014-07-14 | 2014-09-24 | 衡阳师范学院 | Novel low-resource efficient lightweight Surge block cipher implementation method |
CN105959107A (en) * | 2016-06-24 | 2016-09-21 | 衡阳师范学院 | Novel and highly secure lightweight SFN block cipher implementation method |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
US9960908B1 (en) * | 2015-06-19 | 2018-05-01 | Amazon Technologies, Inc. | Reduced-latency packet ciphering |
CN108206735A (en) * | 2016-12-16 | 2018-06-26 | 波音公司 | The method and system of password round key is generated by bit mixer |
CN108206736A (en) * | 2018-01-11 | 2018-06-26 | 衡阳师范学院 | A kind of lightweight cryptographic algorithm HBcipher implementation methods and device |
-
2020
- 2020-01-21 CN CN202010068953.7A patent/CN111478766B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8130946B2 (en) * | 2007-03-20 | 2012-03-06 | Michael De Mare | Iterative symmetric key ciphers with keyed S-boxes using modular exponentiation |
CN102025484A (en) * | 2010-12-17 | 2011-04-20 | 北京航空航天大学 | Block cipher encryption and decryption method |
CN104065474A (en) * | 2014-07-14 | 2014-09-24 | 衡阳师范学院 | Novel low-resource efficient lightweight Surge block cipher implementation method |
US9960908B1 (en) * | 2015-06-19 | 2018-05-01 | Amazon Technologies, Inc. | Reduced-latency packet ciphering |
CN105959107A (en) * | 2016-06-24 | 2016-09-21 | 衡阳师范学院 | Novel and highly secure lightweight SFN block cipher implementation method |
CN108206735A (en) * | 2016-12-16 | 2018-06-26 | 波音公司 | The method and system of password round key is generated by bit mixer |
CN107707343A (en) * | 2017-11-08 | 2018-02-16 | 贵州大学 | The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption |
CN108206736A (en) * | 2018-01-11 | 2018-06-26 | 衡阳师范学院 | A kind of lightweight cryptographic algorithm HBcipher implementation methods and device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112134691A (en) * | 2020-10-27 | 2020-12-25 | 衡阳师范学院 | Method, device and medium for realizing NLCS block cipher with repeatable components |
CN113645615A (en) * | 2021-08-12 | 2021-11-12 | 衡阳师范学院 | Lightweight block cipher encryption and decryption method |
CN113645615B (en) * | 2021-08-12 | 2023-12-22 | 衡阳师范学院 | Lightweight block cipher encryption and decryption method |
Also Published As
Publication number | Publication date |
---|---|
CN111478766B (en) | 2021-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Guo et al. | The PHOTON family of lightweight hash functions | |
CN110572255B (en) | Encryption method and device based on lightweight block cipher algorithm Shadow and computer readable medium | |
CN112202547B (en) | Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium | |
CN105959107B (en) | A kind of lightweight SFN block cipher implementation method of new high safety | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
CN109450632B (en) | Key recovery method based on white-box block cipher CLEFIA analysis | |
CN110784307B (en) | Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium | |
CN103634101A (en) | Encryption processing method and encryption processing equipment | |
Zhang et al. | Differential cryptanalysis on block cipher skinny with MILP program | |
CN111478766B (en) | Method, device and storage medium for realizing block cipher MEG | |
Li et al. | Keyed hash function based on a dynamic lookup table of functions | |
Dawood et al. | The new block cipher design (Tigris Cipher) | |
CN111245598A (en) | Method for realizing lightweight AEROGEL block cipher | |
CN111614457B (en) | P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium | |
CN111314054B (en) | Lightweight ECEG block cipher realization method, system and storage medium | |
Luo et al. | Optimization of AES-128 encryption algorithm for security layer in zigbee networking of internet of things | |
Buell | Modern symmetric ciphers—Des and Aes | |
Kumar et al. | Efficient implementation of Advanced Encryption Standard (AES) for ARM based platforms | |
Gueron et al. | Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8) | |
Faraoun | Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata | |
CN114244496B (en) | SM4 encryption and decryption algorithm parallelization realization method based on tower domain optimization S box | |
CN106921486A (en) | The method and apparatus of data encryption | |
CN114826560A (en) | Method and system for realizing lightweight block cipher CREF | |
Orhanou et al. | Analytical evaluation of the stream cipher ZUC | |
CN105577362B (en) | A kind of byte replacement method and system applied to aes algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |