584998 A7 B7 五、發明說明() 【本發明之領域】 本發明係關於一種先進加密標準演算法,尤指一種適 用於先進加密標準演算法之動態置換盒方法。【本發明之背景】 按,隨著資訊產業不斷地進步,資訊安全成為一不可 忽視的重要議題。其中,重要資料之加密處理方法廣泛地 被人們使用。由於自1 997年以來所使用的資料加密標準 DES (Data EnCrypu〇n Standarci)之加密金鑰長度只 有56位το,這對現在具有高速計算處理能力之電腦而言, 其加密金鑰的長度似乎太短而容易被破解,以致於DEs之 安全性被質疑良久。因此,美國標準技術局NIST (National Institute of Standard and Technology) 自1 997年起公開微求先進加密標準AES ( Advanceci Encryption Standard)以取代DES,該八£8之加密金鑰 分為三種不同長度·· 128位元、192位元、及256位元, 以提升加密之安全性。而20〇〇年1〇月時NIST宣佈aes之 演算法確定採用由兩位比利時密碼研究者所設計的演算法 版本。 然而,當利用AE S演算法對資料做加密處理時,待加 密之資料需經過特定回合數的運算過程,該回合數的運算 過程主要包括··位元組取代轉換(ByteSub transformation )、移列轉換(shiftR〇w transformation )、混行轉換(MixColumn 閱 讀 背 面 之 注 項 再 填 頁 訂 % 584998 A7 五、發明說明(>) transformation)、增加回合金鑰(AddR0undKey)等 運算過程。其中,位元組取代轉換是一個以位元組為單位 的非線性取代運算,其置換盒(s_Box)需經過二個運算 過和·而建JL ’且該二個運算過程是可逆的。由於該置換盒 之建乂係以一固定之不可分解多項式為基礎來運算達成, 以致於經置換盒之運算結果成為一可預測之結果,使得駭 客可利用差分攻擊法,以建構一置換盒的差分分佈表來達 成攻擊目的。 發明人爰因於此,本於積極發明之精神,亟思一種可 以解決上述問題之「先進加密標準演算法之動態置換盒方 法」,幾經研究實驗終至完成此項嘉惠世人之發明。 【本發明之概述】 % 本發明之主要.目的係在提供—種先進加密標準演算法 之動態置換盒方法,係利用加密金瑜來運算產生不可分解 多項式,制賴不可分解多項式來重建新的動態置換 盒’使得加解密時利用新的動態置換盒來進行加解密,以 提高安全性。 濟 部 智 慧 員 X 消 費 為達成上述之目的,本發明所提出之方法主要包括下 述之步驟:(A)隨機選取一亂碼作為加密金输;(B) 利用步驟(A )所產生之加多令 刀诒金鑰,經由一特定運算產生 不可分解多項式;(C )以步騾( ’ % 所產生之不可分解 多項式,運算出加密金鑰之每一位 母仏兀組的乘法反元素;以 [________ 5584998 A7 B7 V. Description of the Invention (Field of the Invention) The present invention relates to an advanced encryption standard algorithm, especially a dynamic replacement box method applicable to the advanced encryption standard algorithm. [Background of the invention] According to the continuous progress of the information industry, information security has become an important issue that cannot be ignored. Among them, the encryption processing method of important data is widely used. Since the encryption key of the Data Encryption Standard DES (Data EnCrypuon Standarci) used since 1997 is only 56 bits το, it seems that the length of the encryption key for computers with high-speed computing and processing capabilities now Too short and easy to crack, so that the security of DEs has been questioned for a long time. Therefore, the National Institute of Standards and Technology (NIST) has publicly sought the Advanced Encryption Standard AES (Advance Encryption Standard) to replace DES since 1997. The £ 8 encryption key is divided into three different lengths. · 128-bit, 192-bit, and 256-bit to improve the security of encryption. In October 2000, NIST announced that the algorithm of aes was determined to use a version of the algorithm designed by two Belgian cryptographers. However, when the AES algorithm is used to encrypt the data, the data to be encrypted needs to undergo a specific number of rounds of calculation. The number of rounds of calculation includes: ByteSub transformation, shift Transformation (shiftRoww transformation), mixed line transformation (MixColumn read the note on the back and then fill in the page order% 584998 A7 V. invention description (transformation), add alloy key (AddR0undKey) and other computing processes. Among them, the byte substitution conversion is a non-linear substitution operation in bytes. The replacement box (s_Box) needs to undergo two operations to sum and build JL ′, and the two operations are reversible. Because the construction of the replacement box is calculated based on a fixed indecomposable polynomial, the calculation result of the replacement box becomes a predictable result, so that the hacker can use the differential attack method to construct a replacement box. To achieve the purpose of the attack. Because of this, the inventor, in the spirit of active invention, urgently thought of a "dynamic replacement box method of advanced encryption standard algorithms" that can solve the above problems. After several research experiments, he finally completed this invention that benefits the world. [Overview of the invention]% The main purpose of the present invention is to provide a dynamic replacement box method of advanced encryption standard algorithms, which uses encryption Jinyu to generate nondecomposable polynomials and relies on indecomposable polynomials to reconstruct new ones. 'Dynamic replacement box' enables new dynamic replacement box to be used for encryption and decryption during encryption and decryption to improve security. The wisdom of the Ministry of Economic Affairs X Consumption In order to achieve the above-mentioned purpose, the method proposed by the present invention mainly includes the following steps: (A) randomly selecting a garbled code as the encrypted gold loser; (B) using the extra amount generated in step (A) Let the knife key generate an indecomposable polynomial through a specific operation; (C) calculate the multiplicative inverse element of each mother group of the encryption key with the indecomposable polynomial generated by step ('%); [________ 5
本紙張尺度_中關家標準(CNS)A4規格⑽XPaper size_Zhongguanjia Standard (CNS) A4 size ⑽X
I 584998 A7I 584998 A7
584998 A7 ___ B7 五、發明說明(斗)(S112 )、置換盒(S113 )、仿射轉換 ha—)運算⑻Μ)等步驟。而加密金:; 可做金鑰擴无(S14〇)以使㈣增加回合金鑰處理。 第2圖係顯示產生動態置換盒之方法的動作流程圖, 其主要係經由··產生加密金鑰(S 1 〇 1 、產生不可分解 多,式(S1G2 )、乘法反元素運算(S1G3 )、仿射轉換 運算(S104)等主要步騾所產生。 產生加密金鑰(S 1 0 1 )之方式係可由一亂碼產生器 隨機產生一特定位元數之加密金鑰,例如:1 2 8位元、或 1 9 2位元、或2 5 6位元。並利用該加密金输經過一餘數運 算以產生不可分解多項式(S102),該餘數運算之過程 如下: 若加密金鑰為{〇〇 0 1 02 03 04 05 06 07 08 09 Oa Ob 0c 0d 0e Of} (16 進位) 則令 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印 ml = {〇〇 〇i } = {1} m2={〇2 03} ={515} m3={〇4 05} ={1029} (1 6進位) (1 0進位) (1 6進位) (1 0進位) (1 6進位) 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐〉 五、發明說明(乂) 並選取前三項來做運#,運算式可為m=(mlxm2+ =3 ) mGd 3G則得到則4,並利用此結果對照儲存於唯 謂記憶體(ROM)中的不可分多項式對照表,以得到一 不可分解多項式為?u7+;c2+x + 1。 、在此餘數運算中,如何設定多少位元為一組數字、該 j擇那幾組數子做運算、及該模餘多少皆由使用者自行設 疋。當然,除了使用餘數運算外,亦可使用其他等效之 定運算,以取得一索引値m。 、取得新的不可分解多項式後,以此新的不可分解多項 式作為AES加密演算法之數學運算GF ( y )基礎,並找 出加密金鑰之每一位元組在GF (28)中的乘法反元素 (S103),接著經過一仿射轉換運算(sl〇4),該運算 定義如下: V "1000111Γ Χ〇· V 少1 11000111 Χ0 1 少2 11100011 Χ0 0 11110001 Χ0 0 少4 11111000 Χ0 + 0 01111100 Χ0 1 少6 00111110 Χ0 1 00011111 Χ0 _0_ 其中,AES的仿射矩陣共有1 2 8種可選擇之矩陣,該 陣列可經一特定數字(2進位表示,8位元長),再將此2 進位表示之特定數字經連續左移1位元,以建構一 8 χ 8的 二進位矩陣。例如:1 3 ( 1 6進制)其2進位表示為 0 0 0 1 0 0 1 1 ( 8位元長),故其所建構成之仿射矩陣為· 8 584998 A7 五、發明說明(^ 經濟部智慧財產局員工消費合作社印製 0 0 0 1 0 0 1 1- 1 〇 0 0 1 0 〇 1 1 1 0 0 0 1 0 0 〇 1 1 0 0 0 1 〇 0 0 1 1 0 0 0 1 1 〇 〇 1 1 0 0 〇 〇 1 0 0 1 1 〇 〇 0 0 10 0 110 而其反矩陣可利用高斯消去法( GF(2)方式計算,如加法即乂〇11,而乘法即為and )來 得到,其運算結果如下: 0 0 1 1 0 0 0 1' 1 〇 〇 1 1〇〇〇 0 10 0 110 0 0 0 1 0 0 1 1 0 0 〇 0 1 0 0 1 1 1 0 0 0 1 0 0 1 1 1 〇 〇 0 1 0 〇 .〇 1 1 〇 〇 〇 1· 〇 而可選擇之128組有:〇1 1 〇e、......、8a、8c、8f fe等特足數冬可供建構成a e s仿射矩陣,其中,$ f (2進位表示為1 000 1 1 1 1 )即為AES預設之仿射矩陣, 且孩等特定數字係儲存於唯讀記憶體中,俾供運算時選取 該特定數字以建構仿射矩陣。 經過乘法反元素運算(S103 )、仿射轉換運算 (S 1 0 4 )之後,則得到一新的動態置換盒。 有關本發明之先進加密標準演算法之動態置換盒方法 之另一較佳實施例,請再參照第1圖所示,產生動態置換 其中運算皆以over (請先閱讀背面之注意事項再填寫本頁) 裝 i — I — · 0d fd •02 9 1 、04 〜07 > 〇8 92、......、f8584998 A7 ___ B7 Fifth, the description of the invention (bucket) (S112), the replacement box (S113), the affine transformation ha—) operation (⑻Μ) and other steps. Encryption gold :; Key expansion can be done (S14〇) to add ㈣ back to alloy key processing. Figure 2 is a flow chart showing the method of generating a dynamic replacement box, which is mainly generated by generating a cryptographic key (S 1 〇1, generating unresolvable poly, formula (S1G2), multiplication inverse element operation (S1G3), Generated by the main steps such as affine transformation operation (S104). The way to generate the encryption key (S 1 0 1) is to generate a certain number of encryption keys randomly by a garbled generator, for example: 1 2 8 bits Yuan, or 192 bits, or 256 bits. The encrypted gold is used to undergo a remainder operation to generate an indecomposable polynomial (S102). The process of the remainder operation is as follows: If the encryption key is {〇〇〇 0 1 02 03 04 05 06 07 08 09 Oa Ob 0c 0d 0e Of} (16 round) Order (Please read the precautions on the back before filling this page) Printed by the Intellectual Property Bureau Employee Consumer Cooperatives of the Ministry of Economic Affairs ml = {〇〇 〇i} = {1} m2 = {〇2 03} = {515} m3 = {〇4 05} = {1029} (1 6-round) (1 0-round) (16-round) (1 0-round) ( 1 6 round) This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm) 5. Invention Description (乂) and select the first three来做 运 #, the calculation formula can be m = (mlxm2 + = 3) mGd 3G then get 4, and use this result to compare the indivisible polynomial comparison table stored in the ROM (memory) to get an indecomposable polynomial For? U7 +; c2 + x + 1. In this remainder operation, how to set how many bits are a group of numbers, the number of groups the j chooses to perform the operation, and how much the modulus remainder are set by the user. . Of course, in addition to using the remainder operation, other equivalent definite operations can also be used to obtain an index 値 m. After obtaining a new indecomposable polynomial, use the new indecomposable polynomial as the mathematical operation of the AES encryption algorithm GF (y) basis, and find the multiplication inverse element of each byte of the encryption key in GF (28) (S103), and then go through an affine transformation operation (s104). The operation is defined as follows: V " 1000111Γ Χ〇 · V less 1 11000111 χ0 1 less 2 11100011 χ0 0 11110001 χ0 0 less 4 11111000 χ0 + 0 01111100 χ0 1 less 6 00111110 χ0 1 00011111 χ0 _0_ Among them, there are 1 2 8 kinds of AES affine matrices Selectable matrix The array may be a specific number (2 into bits, 8 yuan length), then this represents a specific number of bits into two successive left by one yuan, to construct a binary matrix of 8 χ 8. For example: 1 3 (hexadecimal) whose binary representation is 0 0 0 1 0 0 1 1 (8-bit long), so the affine matrix it constructs is · 8 584998 A7 V. Description of the invention (^ Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 0 0 0 1 0 0 1 1- 1 〇 0 0 1 0 〇1 1 1 0 0 1 0 0 〇1 1 0 0 0 1 〇0 0 1 1 0 0 0 1 1 〇〇1 1 0 0 〇〇1 0 0 1 1 〇0 0 0 0 0 110 and its inverse matrix can be calculated using the Gaussian elimination method (GF (2) method, such as addition is 乂 〇11, and multiplication is and) to get, and the operation result is as follows: 0 0 1 1 0 0 0 1 '1 〇〇1 1〇〇〇0 10 0 110 0 0 0 1 0 0 1 1 0 0 〇0 1 0 0 1 1 1 0 0 0 1 0 0 1 1 1 〇〇0 1 0 〇.〇1 1 〇〇〇1 · 〇 And selectable 128 groups are: 〇1 1 〇e, ..., 8a, 8c, 8f Fe and other special numbers can be used to construct the aes affine matrix. Among them, $ f (the 2 rounds are represented as 1 000 1 1 1 1) is the AES preset affine matrix, and specific numbers such as children are stored in the unique In the read memory, the specific number is selected to construct an affine matrix during calculation. After multiplication and inverse element operation (S103), After the affine transformation operation (S 104), a new dynamic replacement box is obtained. For another preferred embodiment of the dynamic replacement box method of the advanced encryption standard algorithm of the present invention, please refer to FIG. 1 again. As shown in the figure, the dynamic replacement is generated. The operations are over (please read the precautions on the back before filling in this page). Install i — I — · 0d fd • 02 9 1 、 04 ~ 07 > 〇8 92 、 ..... ., F8
Ob fb 訂--------- M4998 經 濟 部 智 慧 財 產 局 員 工 消 費 合 作 社 印 製 而非僅限於上述實 A7 B7 五、發明說明(]) 盒方式可以只單獨選擇利用加密金鑰所產生的新不可分解 夕項式’以該不可分解多項式做為數學運算Gf (28)之 基礎,並對應AES所預設之仿射矩陣來產生新的動態置換 盒。 有關本發明之先進加密標準演算法之動態置換盒方法 之再一較佳實施例,產生動態置換盒方式可以使用一 AES 所預設之不可分解多項式㈣χ) = /+χ4+χ3+χ + 1,且於每一次 加铂時選擇该1 2 8種仿射矩陣之其中一種仿射矩陣,選擇 方式可依順序或隨機方式於128種中選取一種,或其他等 效之選取方式,以產生新的動態置換盒。 由以上之説明可知,本發明係以一隨機亂碼產生一加 铪金鑰,並利用該加密金鑰經過一餘數運算後以產生新的 不可分解多項式,餅以該新的不可分解多項式作為aes數 學運算GF (28)·之基礎,以求得加密金鑰之每一組的乘 法反元素,之後,再經過一仿射轉換運算後,即可得到一 隨加密金鑰、不可分解多項式、及仿射矩陣而改變的動態 置換盒。 综上所陳,本發明無論就目的、手段及功效,在在均 顯示其迥異於習知技術之特徵,為「先進加密標準演算 法」之一大突破,懇請貴審查委員明察,早日賜准專 利,俾嘉惠社會,實感德便。惟應注意的是,上述諸多實 犯例僅係為了便於説明而舉例而已,本發明所主張之權利 範圍自應以申請專利範圍所述為準 例。 LI — — — — — — — — ·1111111 ^·1111111 (請先閱讀背面之注意事項再填寫本頁)Ob fb order --------- M4998 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, not limited to the above real A7 B7 V. Description of the invention ()) The box method can only be generated by using the encryption key alone The new indecomposable evening term 'uses the indecomposable polynomial as the basis of the mathematical operation Gf (28) and generates a new dynamic permutation box corresponding to the affine matrix preset by AES. Regarding another preferred embodiment of the dynamic replacement box method of the advanced encryption standard algorithm of the present invention, the method of generating a dynamic replacement box can use an indecomposable polynomial preset by AES (㈣χ) = / + χ4 + χ3 + χ + 1 , And each time platinum is added, one of the 1 2 8 affine matrices is selected. The selection method can be selected sequentially or randomly from 128 types, or other equivalent selection methods to generate new Dynamic replacement box. As can be seen from the above description, the present invention generates a random key with a random garble, and uses the encrypted key to perform a remainder operation to generate a new indecomposable polynomial. The new indecomposable polynomial is used as the aes math Calculate the basis of GF (28) · to obtain the inverse multiplication element of each group of the encryption key, and then after an affine transformation operation, you can obtain a cryptographic key, an indecomposable polynomial, and a parity Dynamic permutation box with changing matrix. In summary, the present invention, regardless of its purpose, means, and effect, shows its characteristics that are quite different from those of the conventional technology. It is a major breakthrough in "advanced encryption standard algorithms". Your reviewers are kindly requested to make a clear observation and give them accuracy as soon as possible. Patents are a good way to benefit society. However, it should be noted that many of the above actual crimes are just examples for the convenience of explanation. The scope of the rights claimed in the present invention should be based on the scope of the patent application. LI — — — — — — — — · 1111111 ^ · 1111111 (Please read the notes on the back before filling this page)