[go: up one dir, main page]

CN108123791B - A kind of implementation method and device of lightweight block cipher SCS - Google Patents

A kind of implementation method and device of lightweight block cipher SCS Download PDF

Info

Publication number
CN108123791B
CN108123791B CN201711428178.6A CN201711428178A CN108123791B CN 108123791 B CN108123791 B CN 108123791B CN 201711428178 A CN201711428178 A CN 201711428178A CN 108123791 B CN108123791 B CN 108123791B
Authority
CN
China
Prior art keywords
round
key
box
function
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711428178.6A
Other languages
Chinese (zh)
Other versions
CN108123791A (en
Inventor
李浪
刘观良
邹祎
焦铬
邓红卫
刘沛林
李永超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengyang Normal University
Original Assignee
Hengyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengyang Normal University filed Critical Hengyang Normal University
Priority to CN201711428178.6A priority Critical patent/CN108123791B/en
Publication of CN108123791A publication Critical patent/CN108123791A/en
Application granted granted Critical
Publication of CN108123791B publication Critical patent/CN108123791B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种轻量级分组密码SCS的实现方法与装置,在密钥中划分轮密钥和控制密钥,轮密钥参与轮密钥加操作,控制密钥对每轮S盒的生成进行控制,从而得到随机S盒,控制密钥和轮密钥的更新与上一轮的运算结果有关,不仅每轮所使用的S盒是随机的,而且每轮的运算结果是随机的,能够增加混淆程度;在轮函数中每轮通过梅森旋转算法生成高伪随机P置换来实现扩散,轮函数迭代结束后再通过行移位和列混淆变换,利用这种双重扩散方式加大扩散效果,提高了安全性。本发明所述装置的内部结构相比固定密码结构在消耗资源差别不大的情况下,大幅度提高了该方案本身的安全性,能够在一定程度上增加对线性攻击、差分攻击等攻击的防御系数。

The invention discloses a method and a device for realizing a lightweight block cipher SCS. The key is divided into a round key and a control key, the round key participates in the round key adding operation, and the control key is used for each round of S boxes. Generate and control to obtain a random S box. The update of the control key and the round key is related to the operation result of the previous round. Not only the S box used in each round is random, but also the operation result of each round is random. It can increase the degree of confusion; in each round of the round function, the Mersenne rotation algorithm is used to generate high pseudo-random P permutation to achieve diffusion, and after the iteration of the round function is completed, row shift and column confusion transformation are used to increase the diffusion effect by using this double diffusion method. , which improves security. Compared with the fixed cryptographic structure, the internal structure of the device of the present invention greatly improves the security of the scheme itself, and can increase the defense against linear attacks, differential attacks and other attacks to a certain extent under the condition that the consumption of resources is not much different. coefficient.

Description

A kind of implementation method and device of lightweight block cipher SCS
Technical field
The invention belongs to information security field, in particular to a kind of the implementation method and device of lightweight block cipher SCS.
Background technique
In recent years, with the leap sexual development of network, microelectronics and information technology, Internet of Things is as generation information Typical Representative is being deep into the various aspects of human being's production and life, such as intelligent city and traffic, modern logistics and environment Monitoring etc..And the data safety of internet of things field is since its own is resource-constrained, computing capability is weaker and storage capacity has The problems such as limit, cannot be solved by legacy packets password, thus adapt to resource-constrained lightweight block cipher meet the tendency of and It is raw.The scholar of related fields also starts to carry out numerous studies to lightweight password, these researchs are concentrated mainly on lightweight password Design, security performance analysis and Performance Evaluation etc..Since the research of lightweight block cipher is at the early-stage, The lightweight cryptographic algorithm of unified standard and clear ahead status there is no to occur, meanwhile, cryptographic technique must lean on independent research, needle To China's information security actual conditions, a kind of lightweight block cipher important in inhibiting for possessing independent intellectual property right is researched and developed.
Since 2011, international academic community just delivered some related lightweight block cipher papers successively, learned One forward position focus problem of art circle research is exactly lightweight block cipher.A series of lightweight block ciphers are successive It is suggested, the LBIock and Gong Zheng that the Chinese scholar Wu Wen tinkling of pieces of jade and Zhang Lei are proposed on ACNS 2011 are in RFID Sec 2011 The Piccolo and LED (CHES 2011) that the KLEIN of proposition, cryptographic hardware and embedded system international conference propose, world letter Cease LEA, world security, privacy and Applied cryptography engineering conference (SPACE that security application meeting (IWISA 2013) is proposed 2014) Khudra etc. proposed.The lightweight block encryption algorithm adapted under resource constraint environment is ground by global password Study carefully extensive concern and the research of personnel and scholar.
At present lightweight block cipher there are the problem of have the following aspects:
(1) block cipher mainly uses following two structure: first is that Feistel structure, structure height is symmetrical, certain journey It can guarantee the similitude of its enciphering/deciphering on degree and consumption resource is less, but the structure cryptographic algorithm diffusion velocity is slow, a wheel changes In generation, can only change the packet data of half, especially using supercomputer as the machine of the series of computation excellent ability of representative and side The realization of method, a possibility that being cracked increase, security performance are low;Second is that SPN structure, clear in structure, obscure and diffusion effect It is superior, but due to its structure asymmetry, enciphering/deciphering is dissimilar, so it is consumed, resource is more, and efficiency is also wanted in contrast It is low.
(2) current lightweight block cipher there are problems that pursuing low consumption of resources and losing safety, such as many light Magnitude algorithm in order to pursue smaller resource consumption and operation in round function and replacement module are designed it is excessively single and simple, Cause algorithm not have in this way and resist the bypass attack method that existing multiple technologies combine, to bring security risk.
(3) existing some lightweight algorithms are by the way of a kind of fixed key, using fixed bit in round function Key goes to participate in operation, even if providing the key of not isotopic number, but in addition to operation wheel number is different during enciphering/deciphering Outer operation and displaced module or identical, do not greatly improve safety not only in this way, however significantly reduce algorithm Performance and efficiency, while also increasing the resource consumption of hardware.
(4) in some encryption modes of lightweight algorithm, the process and operation transform module of encryption are that height determines, this The certainty of kind height can bring security risk to algorithm.For example the S box replacement module of some lightweight algorithms is directly with fixation S box go to participate in operation transform, while other computing modules are also according to fixed mode operation or transformation, to a certain degree On increase a possibility that being cracked, reduce the safety of algorithm
Summary of the invention
The present invention provides the implementation methods and device of a kind of lightweight block cipher SCS, it is intended that overcoming existing In technology Feistel network structure algorithm one take turns interative computation can only changing section packet data, spread and to obscure degree not high; Key participate in module arithmetic control process and method it is too simple, the key not realization process or encryption round number between isotopic number It is different to cause resource consumption too big;Diffusion and obfuscated manner are too simple and step is many and diverse, inefficient;Algorithm for encryption process It is fixed with operation transform module, leads to a possibility that being attacked and being analyzed increase, the not high problem of safety.
A kind of implementation method of lightweight block cipher SCS, comprising the following steps:
Step 1: utilizing high pseudorandom P1Displacement key is replaced after key, and from close after displacement Initial round key, initial control key and data splitting H are extracted in key1、H2
Step 2: carrying out xor operations in plain text to 64 using low 64 of key after step 1 displacement, obtain the One intermediate result data, and the first intermediate result data is divided into 4 groups from a high position to low level by 16 one group, obtain M0、M1、M2、 M3
Step 3: high 32 of the first intermediate result data and low 32 being carried out respectively according to Feistel structure r wheel F1 Round function and F2Round function operation;
F1Round function: by M0As participation F1The input data of round function operation carries out F1Round function operation, by what is obtained As a result with M1Exclusive or is carried out, participates in F for obtained XOR operation result as next round1The input data M of round function operation0, together When previous round participated in into F1The input data M of round function operation0M as next round1
F2Round function: by M2As participation F2The input data of round function operation carries out F2Round function operation, by what is obtained As a result with M3Exclusive or is carried out, participates in F for obtained XOR operation result as next round2The input data M of round function operation2, together When previous round participated in into F2The M of the input data of round function operation2M as next round3
Wherein, the F1Round function is successively including the use of F1The input data of round function operation to the round key of each round into Row xor operation, S1Box update, P1Displacement, S1Box replacement and P2Replacement operator;
The F2Round function is successively including the use of F2The input data of round function operation carries out exclusive or to the round key of each round Operation, S2Box update, P2Displacement, S2Box replacement and P1Replacement operator;
The S1Box updates and S2Box is updated to be updated using the control key of each round;
The round key and control key of each round are close to initially taking turns respectively according to the round function operation input data of each round Key and initial control key are updated acquisition;
Step 4: the M that will be obtained by r wheel round function operation1、M0、M3、M2As the second intermediate result data;
Step 5: data splitting H1、H2It is individually placed to behind high 32 of the second intermediate result data and low 32 Below, third intermediate result data is obtained;
The data splitting H1And H2It is chosen from key, and H1And H2It is 32;
Step 6: third intermediate result data being successively subjected to capable displacement and column obscure operation, obtains encryption of plaintext knot Fruit.
Further, the initial round key, initial control key and data splitting are from the high pseudorandom P of utilization1Displacement It is extracted in key after being replaced to key:
Initial round key is used as by the 32nd to 63 of the key after displacement;
Initial control key is used as by low 32 of the key after displacement;
If key length is 96, it regard key high 32 after displacement as data splitting H1, H1Backward as combination Data H2
If key length is 192, using the key after displacement the 96th to the 159th first half as number of combinations According to H1, latter half is as data splitting H2
Using the first half of the initial round key and latter half as the first initial round key Lkey and second Initial round key Rkey;
Using the first half of the initial control key and latter half as the first initial control key wk and Two initial control key vk;
Each round F1The control key W of round function is by the first initial control key wk and participates in each round F1Round function operation Input data M0Exclusive or is carried out to obtain;
Each round F2The control key V of round function is by the second initial control key vk and participates in each round F2Round function operation Input data M2Exclusive or is carried out to obtain;
Each round F1The round key K of round function1By the first initial control key wk, the first initial round key Lkey and ginseng With each round F2The input data M of round function operation2Exclusive or is carried out to obtain;
Each round F2The round key K of round function2By the second initial control key vk, the second initial round key Rkey and ginseng With each round F1The input data M of round function operation0Exclusive or is carried out to obtain.
Further, in each round F1Round function and F2S in round function1Box updates and S2The process that box updates is by each round Control key control, S1Box replacement and S2Box is replaced to be controlled by the round key of each round;
The S1Box updates and S2The process that box updates is identical, comprising the following steps:
Step 1.1: using the decimal number of the control key of each round as random number seed, generating 16 pseudo random numbers;
Step 1.2: by obtain 16 mutual exclusive or of pseudo random number, obtaining an exclusive or as a result, being denoted as dex;
Step 1.3: regarding obtained dex as random number seed again, generate the pseudo random number between 16 0 to 15, protect There are in array d [i], 0≤i≤15;
Step 1.4: successively comparing i and d [i], if unequal, exchange the value of the position i and d [i] institute in initial S box In positional value, i, until completing all exchanges, obtains updated S box from 0 value to 15;
The initial value of the S box is S (i)=i, S1Box updates and S2It is respectively W and V that box, which updates the control key used,;
The S1Box replacement and S2The process of box replacement is identical, comprising the following steps:
Step 2.1: the data of S box to be entered being pressed from a high position to low level, every group 4 are divided into 4 groups of { statej, 0 ≤j≤3;
Step 2.2: the round key of each round being pressed from a high position to low level, every group 4 are divided into 4 groups of { Kj, 0≤j≤ 3;
Step 2.3: successively carrying out (statej+Kj) mod16 operation, 0≤j≤3 obtain 44 result data { sj};
Step 2.4: 44 result data { s that step 2.3 is obtainedjInput S box converted, the change that will be obtained It changes result to merge according to from a high position to low level, obtains S box replacement result.
Further, according to key length, the wheel number r for carrying out wheel operation is determined;
If key length is 96, wheel number r is 20;Key length is 192, and wheel number r is 32.
Further, when ciphertext is decrypted, ciphertext is first subjected to inverse column and is obscured, then carries out Retrograde transposition, then Fractured operation is carried out, obtained split result is carried out to the iteration of respective wheel number r using broad sense Feistel structure, after iteration As a result using by P1Low 64 progress XOR operation of key after displacement, the plaintext after being decrypted;
The iterative process is identical as the round function operation in ciphering process;
The inverse column, which are obscured, to be obscured with Retrograde transposition with the column in ciphering process and row shift operation is reciprocal;
The fractured operation, which refers to, takes the 64th of the result after Retrograde transposition operation to the 95th and low 32 After out, remaining data every group 16, splits into 4 groups, is followed successively by C according to from a high position to low level0、C1、C2、C3, fractionation is obtained Data as the input data in iterative process.
A kind of realization device of lightweight block cipher SCS, comprising:
Initialization unit utilizes high pseudorandom P1Displacement key is replaced after key, and from displacement Initial round key, initial control key and data splitting H are extracted in key afterwards1、H2
Data split cells carries out exclusive or behaviour to 64 using low 64 of the key after replacing in initialization unit in plain text Make, obtains the first intermediate result data, and the first intermediate result data is divided into 4 groups from a high position to low level by 16 one group, obtain To M0、M1、M2、M3
Round function iteration unit, adopt with the aforedescribed process by high 32 of the first intermediate result data and low 32 according to Feistel structure carries out r wheel F respectively1Round function and F2Round function operation;
F1Round function module: by M0As participation F1The input data of round function operation carries out F1Round function operation, will The result and M arrived1Exclusive or is carried out, participates in F for obtained XOR operation result as next round1The input data of round function operation M0, while previous round is participated in into F1The input data M of round function operation0M as next round1
F2Round function: by M2As participation F2The input data of round function operation carries out F2Round function operation, by what is obtained As a result with M3Exclusive or is carried out, participates in F for obtained XOR operation result as next round2The input data M of round function operation2, together When previous round participated in into F2The M of the input data of round function operation2M as next round3
Wherein, the F1Round function is successively including the use of F1The input data of round function operation to the round key of each round into Row xor operation, S1Box update, P1Displacement, S1Box replacement and P2Replacement operator;
The F2Round function is successively including the use of F2The input data of round function operation carries out exclusive or to the round key of each round Operation, S2Box update, P2Displacement, S2Box replacement and P1Replacement operator;
The S1Box updates and S2Box is updated to be updated using the control key of each round;
The round key and control key of each round are close to initially taking turns respectively according to the round function operation input data of each round Key and initial control key are updated acquisition;
Combining unit: the M that will be obtained by r wheel round function operation1、M0、M3、M2As the second intermediate result data, group Close data H1、H2Be individually placed to behind high 32 of the second intermediate result data and low 32 below, obtain tying among third Fruit data;
The data splitting H1And H2It is chosen from key, and H1And H2It is 32;
Ranks operating unit: the third intermediate result data that combining unit exports successively is subjected to capable displacement and column obscure behaviour Make, obtains encryption of plaintext result.
The broad sense Feistel structure, the structure used in encryption and decryption processes are identical.
Algorithm uses broad sense Feistel structure, and encryption and decryption is similar, and symmetrical configuration improves efficiency, and decrypts and do not need structure Make inverse S box, it is easy to accomplish.Decryption only need to obscure fractionation, Retrograde transposition and inverse column be put into broad sense Feistel locations of structures it Before.
Beneficial effect
The present invention provides the implementation methods and device of a kind of lightweight block cipher SCS, using a kind of new encryption Key is marked off round key and two kinds of control key by mode, and round key participates in round function F1And F2In operation, control key The generation of every wheel S box is controlled;The data of P displacement are to generate high pseudo-random data by Mason's Rotation Algorithm to sieve again Choosing generates;Column are obscured to 128 data after combination using the multiplication under Galois Field, and diffusion is increased;F round function uses two A different function F1And F2.The internal structure of algorithm compares fixed password structure in the case where consumption resource difference is little, greatly Amplitude improves the safety of algorithm itself, can increase to a certain extent and prevent attacks such as linear attack, differential attacks Imperial coefficient.SCS algorithm has the characteristics that strong flexibility height, scalability, low consumption of resources and high randomness, is based on compared to other The lightweight algorithm security and encryption performance of Feistel structure are more superior.
The mode is based on broad sense Feistel network structure, and length of the plaintext is 64, according to key length 96 and 192, Iteration wheel number is divided into 20 wheels and 32 wheels.SCS algorithm includes three parts: splitting built-up section, arithmetic section and control section.It tears open Branch point, carries out fractionation with key for plaintext and combines;Arithmetic section, round function operation include two kinds of operation modes, each mode Including five basic operation modules: InvAddRoundKey, the update of S box, P1Displacement, the replacement of S box, P2Displacement, after round function operation also There is the processing of an expansion bit map, iteration result bound fraction secret key bits are extended to 128, then passes through row displacement and column again Ciphertext is obtained after obscuring transform operation;Control section is calculated, for 96 keys, by the 65th by a high position to low level from the 0th Position is to the 79th and the 80th to the 95th initial control key wk and vk as SCS algorithm, for 192 keys, by the 160 to the 175th and the 176th to the 191st initial control key wk and vk as SCS algorithm, control key (W, V) It is the operation result (M by initial control key (wk, vk) and every wheel0、M2) determine, S box is in round function F1In be known as S1Box, In round function F2In be known as S2Box, S1Box and S2Box is updated and is generated by the control key of every wheel, and control key and wheel Updating for key is again related with the operation result of every wheel, and so not only the operation result of every wheel is random, control key Also become to be randomized with round key, so that enciphering/deciphering process is further randomized, this is a kind of new cipher mode, energy Enough effectively improve the safety of cryptographic algorithm.
Many hardware realization areas can be saved using the broad sense Feistel structure design of SCS algorithm of the present invention The expense of resource, and also designed much than being reconstructed between algorithm in terms of effectiveness of performance.Compared to current some lightweights Block cipher be simply by round function the replacement of replacement module carry out sequence, use single S box to participate in operation and change It changes, go to convert using modes such as transformation in fixed key participation round function, SCS algorithm has the following advantages: first is that because of its structure height Degree is symmetrical, and the resource that encryption and decryption is realized is relatively fewer;Second is that the design of S box passes through control key using every wheel in round function It controls it to generate and update, is not fixed the S box in every wheel operation, the update of control key and round key and the operation knot of every wheel Fruit is related, and so the operation result of every wheel is random, and nonlinear transformation degree greatly improves, this is a kind of new encryption Mode, safety are also further promoted;Third is that the P displacement used in different round functions is different, after completing/32 wheel iteration of 20 wheel, The ciphertext that ciphertext bound fraction secret key bits are extended to 128 is carried out capable displacement and column obscure transformation, two kinds of diffusion ways combine Key increases diffusion effect, improves safety.This mode continues to use Feistel structure and realizes the few advantage of resource, decryption Process is similar to encryption, and without constructing inverse S box, and safety is also enough to cope with linear attack and differential attack etc. existing one A little attacks and analysis means.SCS cryptographic algorithm be some disadvantages of existing algorithm exposure are comprehensively considered and design, thus Making cryptographic algorithm more on the basis of saving a large amount of software and hardware resources has flexibility, scalability, randomness and safety.
Detailed description of the invention
Fig. 1 is the ciphering process schematic diagram of the method for the invention;
Fig. 2 is round key of the present invention and control key renewal process schematic diagram;
Fig. 3 is the decrypting process schematic diagram of the method for the invention;
Fig. 4 is the S of the method for the invention1Box renewal process schematic diagram;
Fig. 5 is the round function F of the method for the invention1Flow diagram;
Specific embodiment
Below in conjunction with attached drawing and example, the present invention is described further.
A kind of lightweight SCS block cipher implementation method of novel high safety, SCS algorithm length of the plaintext are 64, key Length is divided into 96 and 192 two kinds, carries out 20 wheels and 32 round function iteration respectively.SCS algorithm is based on broad sense Feistel network Structure, round function F include F1、F2Two kinds of round functions, as shown in Figure 1.
F1Round function includes: InvAddRoundKey (AddRoundKey), S1Box updates (SubUpdata1), P1Displacement (Permutation1)、S1Box replaces (SubCells1), P2Replace (Permutation2) five modules.
F2Round function includes: InvAddRoundKey (AddRoundKey), S2Box updates (SubUpdata2), P2Displacement (Permutation2)、S2Box replaces (SubCells2), P1Replace (Permutation1) five modules.
The key of algorithm input of the present invention, through excessively high pseudorandom P1Displacement, is further partitioned into initial control key (wk, vk) and initial round key (Lkey, Rkey).SCS algorithm is divided by key, real by updating control key and round key Now to the update of S box, and then control enciphering/deciphering operation.
In SCS cryptographic algorithm of the present invention, first by plaintext and 64 progress xor operations after the key after displacement. Again by it is each it is on duty by turns be all divided into 4 units, each module arithmetic unit is 16, is expressed as M0(state0~ state15)、M1(state16~state31)、M2(state32~state47)、M3(state48~state65).Will through it is high pseudo- with Machine P1The key of displacement transformation is divided into 6 groups, respectively wk, vk, Lkey, Rkey, H1, H2, wherein wk and vk be initially control it is close Key divides, and is respectively 16, for 96 bit cipher key lengths, wk (key64~key79), vk (key80~key95);For 192 keys Length, wk (key160~key175), vk (key176~key191).Initial round key Lkey and Rkey, are respectively 16, wherein F1Wheel The round key of function is Lkey (key32~key47), F2The round key of round function is Rkey (key48~key63).Complete iteration After/32 wheel of 20 wheel, for 96 bit cipher key lengths, key part H is taken1(key0~key31) and H2(key31~key0), it changes with passing through 64 data in generation are combined into 128;For 192 bit cipher key lengths, key part H is taken1(key96~key127) and H2(key128 ~key159), H1With H2It is respectively 32.Table 1 is that key divides grouping.For round key there are two effect partial, one is to participate in F wheel letter The operation of InvAddRoundKey module in number obtains the other is first doing corresponding operation with round key before be-encrypted data enters S box It enters back into S box to result to be replaced, as shown in Figure 5;
1 key of table divides grouping
The encryption flow of SCS algorithm is as shown in Figure 1.SCS cipher algorithm encryption is described as follows shown in algorithm 1.
SCS block cipher encrypts pseudocode description:
Algorithm 1:SCS algorithm for encryption process, according to key length 96 or 192, NRFor 20 wheels or 32 wheels;
Input: M(64), K;
Output: C(128)
Key is replaced below, modules are described in detail in key division and two parts round function.
Round function F1And F2P is respectively adopted1-S1-P2And P2-S2-P1Both different modes carry out transformation fortune respectively, close Key carries out replacing high pseudorandom P permutation table used being P1Permutation table, P1Permutation table is to replace 16 data every time by bit map, Are divided by 6 groups by 96, every group 16, carries out P respectively by by a high position to low level for 96 keys1Displacement;It is close for 192 Key is divided into 12 groups for 192, every group 16, carries out P respectively by by a high position to low level1Displacement.P1Permutation table data such as 5 institute of table Show.
Division for key, the initial round key (Lkey, Rkey) of 16 marked off and 16 initial control keys (wk, vk), needing to carry out respective update just can enter in the round function of epicycle, and round key and control key renewal process are as schemed Shown in 2.The update for dividing key and round key and control key is specific as follows:
Key divides grouping such as table 1.The round key of division, wherein (key32~key47), it is denoted as Lkey;(key48~ key63), it is denoted as Rkey, the following formula of relationship (1) (2):
Lkeyi=key32+i(0≤i≤15) (1)
Rkeyi=key48+i(0≤i≤15) (2)
If 96 bit cipher key lengths, the control key of division, wherein (key64~key79), it is denoted as wk;(key80~key95), It is denoted as vk, the following formula of relationship (3) (4):
wki=key(64+i)(0≤i≤15) (3)
vki=key(80+i)(0≤i≤15) (4)
If 192 bit cipher key lengths, the control key of division, wherein (key160~key175), it is denoted as wk;(key176~ key191), it is denoted as vk, the following formula of relationship (5) (6):
wki=key(160+i)(0≤i≤15) (5)
vki=key(176+i)(0≤i≤15) (6)
Round key updates (K1schedule, K2schedule): the initial round key divided is before entering F round function It needs to carry out key updating, by initial round key Lkey and F2The M of round function2Exclusive or, then with initial control key wk exclusive or, make For current round function F1Round key K1;By initial round key Rkey and F1The right plaintext M of round function0Exclusive or, then controlled with initial Key vk exclusive or, as current round function F2Round key K2.As shown in Figure 2.The following formula of operation relation (7) (8):
Control key updates (Wschedule, Vschedule): by initial control key wk and F1The right plaintext M of round function0 Exclusive or, obtained result W is as current round function F1Control key;By initial control key vk and F2The right plaintext of round function M2Exclusive or, obtained result V is as current round function F2Control key.As shown in Figure 2.The following formula of operation relation (9) (10):
F1Round function cryptographic calculation module description: F1Round function is divided into about the same length of two for 64 plaintext first half 32 Half, 16, a left side half is denoted as M0, 16, the right side half is denoted as M1, round function F1Detailed design structure it is as shown in Figure 5:
InvAddRoundKey (AddRoundKey): by 16 M0Value and round key K1Value carries out XOR operation, and operation relation is such as Lower formula (11):
S1Box updates (SubUpdata1): round function F1In S box be known as S1Box, using the decimal number of control key W as The seed of random number first generates 16 pseudo random numbers, carries out mutual exclusive or, obtain an operation result dex, which is remake For random number seed, the pseudo random number between 16 0 to 15 is generated, is stored in array d [i] (i < 16), as needed for transformation Data, initial S box is acted on, shown in initial S box such as formula (12).Generate random number in two times is that guarantee is generated D [i] is as random as possible, and correlativity is not present.In Feistel network structure, decryption does not need additionally to write inverse S1Box adds solution It is close similar, module height multiplexing.Each round S1Box updates, the 16 data d [i] (i < 16) generated by control key, to first Beginning S box is updated.Update specific steps: i is since 0, with subscript i compared with the value d [i] of subscript position, if not phase Deng the value of the value of the position i and the position d [i] in initial S box then being exchanged, until completing all exchanges.For example, for 16 pseudo random numbers, being designated as 0 under, d [0] exchanges S if d [0] is not equal to 0 with 0 comparison1[0] and S1[d [0]] Value;Then subscript 1 is arrived, d [1] exchanges S if d [1] is not equal to 1 with 1 comparison1[1] and S1The value of [d [1]], and so on, Until having converted all numbers.As shown in Figure 4.The update of initial S box is carried out generating new S by control key1Box, thus Make ciphering process S1Box randomization, is no longer a S box of single fixation;
S1={ 0,1,2,3,4,5,6,7,8,9, A, B, C, D, E, F } (12)
When key length is 96,16 pseudo random numbers that random number operation generates are generated by two-wheeled, are only listed here Preceding 6 wheel is such as table 2, raw for key 0000-0000-0000-0000-0000-0000 with plaintext 0000-0000-0000-0000 At corresponding preceding 6 wheel S1Box such as table 3.
Table 2 generates 6 wheels before 16 pseudo random numbers that random number operation generates through two-wheeled
Take turns number 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 13 11 1 14 8 7 3 4 3 6 10 5 15 2 8 10
2 7 15 13 13 15 3 12 6 13 8 4 10 12 10 0 10
3 0 7 12 2 11 13 3 3 13 11 10 7 7 2 1 14
4 11 4 10 10 5 14 5 14 6 4 6 9 6 14 11 4
5 5 15 4 6 12 8 14 15 2 5 6 6 3 3 11 13
6 0 10 8 10 6 13 4 6 9 9 3 6 9 15 0 3
The preceding 6 wheel S that 3 96 key pairs of table should generate1Box
Take turns number 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 d 2 0 4 5 1 9 8 3 e c 7 f b 6 a
2 e f d 5 a 2 0 c 9 3 4 1 6 b 7 8
3 0 e 8 1 b d c 2 5 4 a 6 9 3 f 7
4 b 4 a 2 f 6 c 1 e 0 8 d 3 7 5 9
5 5 f 0 d c 9 b 1 4 8 e 3 6 7 a 2
6 e a 8 5 4 d b 6 9 c 1 7 2 f 0 3
When key length is 192, with plaintext 0000-0000-0000-0000, key 0000-0000-0000-0000- For 0000-0000-0000-0000-0000-0000-0000-0000, the preceding 6 wheel S of generation is only listed1Box such as table 4.
The preceding 6 wheel S that 4 192 keys of table generate1Box
Take turns number 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 5 1 2 8 6 a e 9 b 7 c 3 4 0 d f
2 6 2 c 1 7 0 3 5 e f d a 4 9 8 b
3 8 a 4 7 6 c e 1 b 0 d 3 2 f 9 5
4 1 5 c 7 a e 9 4 2 3 6 d 0 f 8 b
5 7 d 5 3 1 f 6 2 b 4 a e 8 0 c 9
6 8 2 d b 6 7 f 4 1 5 9 e a 2 c 3
P1Replace (Permutation1) and P2Replace (Permutation2): P1、P2Displacement transformation is according to shown in table 5, table 6 Location rule swaps the position of each bit.It is learnt by table 5,6 location rule of table, 16 digits of P displacement will be carried out According to position represented by each bit P (i) running transform to i.Table 5, table 6 data produced at random using Mason's Rotation Algorithm Raw, Mason's Rotation Algorithm is a kind of random function algorithm, and the number that random function generates has high-intensitive pseudo-randomness, and algorithm Generated number does not repeat, and mass data is obtained by limiting the range of its generating random number, finally by manual screening Method chooses the higher two groups of data of two groups of confusions as P1、P2Permutation table, round function F1、F2The P used1、P2Permutation table phase Together.
Table 5P1Permutation table data
i 0 1 2 3 4 5 6 7
P1[i] 4 10 2 12 6 0 9 3
i 8 9 10 11 12 13 14 15
P1[i] 11 5 15 8 1 13 7 14
Table 6P2Permutation table data
i 0 1 2 3 4 5 6 7
P2[i] 9 3 11 5 13 4 15 1
i 8 9 10 11 12 13 14 15
P2[i] 10 2 8 14 7 0 6 12
S1Box replaces (SubCells1): in broad sense Feistel network structure, S1Box replacement be most important part it One, directly be-encrypted data is directly entered in S box different from traditional algorithm, but S will be carried out116 of box transformation are to be added Ciphertext data is divided into 4 groups, is denoted as state0、state1、state2、state3, every group 4;Round key K116 data be divided into 4 Group, every group 4, respectivelyHexadecimal addition operation is carried out with 4 groups of be-encrypted datas respectively, and right 16 modulus, acquired results enter S1Box is replaced, as shown in Figure 5.By round key and be-encrypted data operation, greatly increase Algorithm obscures degree.
P1、S1、P2Correlation between module, according to Fig. 5, round function F1Shown in detailed design structure.
F2Round function cryptographic calculation module description: F2Round function is divided into about the same length of two for 64 plaintext latter half 32 Half, 16, a left side half is denoted as M2, 16, the right side half is denoted as M3:
InvAddRoundKey (AddRoundKey): by 16 M2Value and round key K2Value carries out XOR operation, and operation relation is such as Lower formula (13):
S2Box updates (SubUpdata2): S2The update of box and S1Box update is identical, using control key V as random number Seed, by two-wheeled generate random number operation, generate 16 pseudo random numbers and be stored in d [i] (i < 16), i since 0, if under The mark i and value d [i] of subscript position is unequal, then exchanges the value of the position i and the position d [i] in initialization S box Value generate new S until completing all exchanges2Box, by control key to S2The update of box is controlled, to make to encrypt Process S2Box randomization, is no longer the S box of single fixation;
S2Box replaces (SubCells1): S2Box and S1The alternative of box is identical, and data are different, S2Box is close by controlling Key V generates 16 pseudo random numbers through two-wheeled operation, controls S as random number seed2The update of box, so that each round be made to have not Same S2Box.It will carry out S216 be-encrypted datas of box transformation are divided into 4 groups, are denoted as state0、state1、state2、state3, Every group 4;Round key K216 data be divided into 4 groups, every group 4, respectivelyIt is to be added with 4 groups respectively Ciphertext data carries out hexadecimal addition operation, and to 16 modulus, acquired results enter S2Box is replaced.
It combines (SplCom): by M0, M1, M2, M3, H1, H2' combine in certain sequence, obtain 128 data, H1, H2Value As shown in table 1, wherein the key of 96 bit lengths, H2For H1Inverse arrangement.The following formula of built-up sequence (14):
C128=M1||M0||H1||M3||M2||H2 (14)
Shiftrows (ShiftRows): by the 128 bit encryption data synthesized with part of key hyte, 16 are first divided into Group, every group 8, i.e. every group of byte form one 4 × 4 matrix, carry out shiftrows, specific method, the first row is not Become, the second byte of row ring shift left 1,2 bytes of the third line ring shift left, 3 bytes of fourth line ring shift left.
Column obscure transformation (MixColumns): the value of the rank transformation of generation can be changed by changing formula (15), it is public Formula (16) can be by changing GF (28) polynomial coefficient on domain, determine column confusion matrix;
S ' (x)=C (x) S (x) mod (x4+1) (15)
C (x)={ 03 } x3+{02}·x2+{01}·x+{02} (16)
GF(28) multinomial on domain: the vector that 4 bytes are constituted can be expressed as coefficient in GF (28) number on domain is small In 4 multinomial.Regulation multiplication of polynomial operation has to modulus M (x)=x4+ 1, make number multinomial less than 4 in this way The product of formula is still a multinomial of the number less than 4, and polynomial modular multiplication is denoted asIf such as formula (17) (18) (19):
A (x)=a3x3+a2x2+a1x+a0 (17)
B (x)=b3x3+b2x2+b1x+b0 (18)
Due to xj mod(x4+ 1)=xj mod 4, so such as formula (20):
Above-mentioned calculating can be expressed as (21):
M (x) is not GF (28) on irreducible function, therefore this multiplication of unzero multinomi al is not group operatione.It is right In multinomial b (x), this multiplying is only limited to shown multiplied by an intrinsic multinomial for having inverse element such as (22):
A (x)=a3x3+a2x2+a1x+a0 (22)
Coefficient is in GF (28) on multinomial a3x3+a2x2+a1x+a0It is mould x4+ 1 is reversible, exists as follows and if only if matrix GF(28) on it is reversible as shown in formula (23):
According to shown in formula (23), so that M (x) matrix norm x4+ 1 is reversible, M (x) matrix such as formula used in SCS algorithm (24) shown in:
The decryption process of SCS algorithm is as shown in Figure 3.The decryption of SCS cryptographic algorithm is described as follows shown in algorithm 2.
SCS block cipher decrypts pseudocode description:
Algorithm 2:SCS algorithm decrypting process, according to key length 96 or 192, NRFor 20 wheels or 32 wheels;
Input: C(128), K;
Output: M(64)
Broad sense Feistel network structure use is identical with ciphering process in SCS algorithm decrypting process of the present invention Module, it is only necessary to the sequence of part of module slightly be converted, decryption oprerations can be completed;A row is increased outside round function Displacement and column obscure the inverse transformation of transformation, and relative to the various components sequence of encryption function, the exclusive or of plaintext and key is adjusted To end position, Retrograde transposition and inverse column, which obscure transformation and are adjusted to sequence first place, to be set, other are constant, decrypting process and ciphering process Use identical initial round key and initial control key.
Retrograde transposition transformation (InvShiftRow): by 128 data to be decrypted, 16 groups are first divided into, every group 8, i.e., every group One byte forms one 4 × 4 matrix, carries out Retrograde transposition transformation, and specific method, the first row is constant, and the second row circulation is right Move 1 byte, 2 bytes of the third line ring shift right, 3 bytes of fourth line ring shift right.
Inverse column obscure transformation (InvMixColumns): the processing method that inverse column obscure transformation obscures similar, the square of transformation with column Battle array transformation for mula such as formula (25):
SCS test of heuristics data are as shown in table 7 and table 8:
7 SCS-96 test vector of table
8 SCS-192 test vector of table
SCS-96 cryptographic algorithm of the present invention is emulated on ModelSim SE 6.1f Evaluation;? Synopsys Design Compiler Version B-2008.09 is integrated, and wherein composite technology library is 0.18 μ of SMIC M CMOS, in Comprehensive Experiment, area resource is measured with equivalent gate number GE.
Each component hardware realization resource of SCS-96 algorithm specifically describes are as follows: 64 plaintext preservations need in a register 344GE, 96 keys of key, which are stored in the register of 128 bit combination data of storage, to be needed for 688GE.The 64 of key and plaintext Position XOR operation, needs 64 exclusive or units, it is therefore desirable to 172GE.InvAddRoundKey in F round function is operated and other are different Or operation, it is 16 xor operations, 16 exclusive or units need 43GE.One S box replacement module accounts for 28GE, the realization of S box 28* (4+4)=224GE is needed altogether.P replacement module and row shift module, are realized, hardware realization does not need to disappear using connection mode Cost source.Column obscure module, and partial product operation is converted to exclusive or and shift operation, it is possible to reduce resource are realized, thus only Needing to consume resource is 40GE.During algorithm is realized, control logic unit and counter need 40GE altogether.SCS hardware algorithm is real Now only need 1551GE.Table 9 is SCS algorithm ASIC resource area list.
Table 9SCS-96 area the Resources list
Algoritic module GE
Plaintext register 344
Cipher key register 688
64 exclusive or units 172
16 exclusive or units 43
S box replaces layer 224
P displacement layer/row displacement 0
Column obscure layer 40
Control logic unit and counter 40
Summation 1551
Meet the multi-level security requirement of different user, using two kinds of key lengths, the key of 96 bit lengths is more suitable for Resource constrained environment, and the key of 192 bit lengths is mainly used for more considering the environment of safety factor.Algorithm uses structure height Symmetrical Feistel structure participates in the operation of round function and the generation of control S box by the way that key is divided into different function key Deng, while using P displacement and data are generated by not repeating the screening of high pseudo-random data largely in round function, it is complete in round function iteration Data are expanded again after last wheel and obscure transformation for the primary row displacement of 128 progress and column to further increase diffusivity etc.. To sum up make algorithm have the characteristics that strong flexibility height, scalability, low consumption of resources and high randomness, is based on compared to other The lightweight algorithm security and encryption performance of Feistel structure are more superior.
Table 10 is the realization of each lightweight block cipher ASIC hardware, shows that SCS is compared by the data comparison of table 10 Other block cipher area occupied resources are smaller, are suitable for resource constrained environment.
Each block cipher ASIC of table 10 is realized
A kind of realization device of lightweight block cipher SCS, comprising:
Initialization unit utilizes high pseudorandom P1Displacement key is replaced after key, and from displacement Initial round key, initial control key and data splitting H are extracted in key afterwards1、H2
Data split cells carries out exclusive or behaviour to 64 using low 64 of the key after replacing in initialization unit in plain text Make, obtains the first intermediate result data, and the first intermediate result data is divided into 4 groups from a high position to low level by 16 one group, obtain To M0、M1、M2、M3
Round function iteration unit, adopt with the aforedescribed process by high 32 of the first intermediate result data and low 32 according to Feistel structure carries out r wheel F respectively1Round function and F2Round function operation;
F1Round function module: by M0As participation F1The input data of round function operation carries out F1Round function operation, will The result and M arrived1Exclusive or is carried out, participates in F for obtained XOR operation result as next round1The input data of round function operation M0, while previous round is participated in into F1The input data M of round function operation0M as next round1
F2Round function: by M2As participation F2The input data of round function operation carries out F2Round function operation, by what is obtained As a result with M3Exclusive or is carried out, participates in F for obtained XOR operation result as next round2The input data M of round function operation2, together When previous round participated in into F2The M of the input data of round function operation2M as next round3
Wherein, the F1Round function is successively including the use of F1The input data of round function operation to the round key of each round into Row xor operation, S1Box update, P1Displacement, S1Box replacement and P2Replacement operator;
The F2Round function is successively including the use of F2The input data of round function operation carries out exclusive or to the round key of each round Operation, S2Box update, P2Displacement, S2Box replacement and P1Replacement operator;
The S1Box updates and S2Box is updated to be updated using the control key of each round;
The round key and control key of each round are close to initially taking turns respectively according to the round function operation input data of each round Key and initial control key are updated acquisition;
Combining unit: the M that will be obtained by r wheel round function operation1、M0、M3、M2As the second intermediate result data, group Close data H1、H2It is individually placed to behind high 32 and low 32 of the second intermediate result data, obtains third intermediate result number According to;
The 32 bit combination data H1And H2It is chosen from key;
Ranks operating unit: combining unit output third intermediate result data is successively subjected to capable displacement and column obscure behaviour Make, obtains encryption of plaintext result.
Invention is explained in detail in conjunction with specific embodiments above, these not constitute the limitation to invention. Without departing from the principles of the present invention, those skilled in the art can also make many modification and improvement, these are also answered It belongs to the scope of protection of the present invention.

Claims (6)

1.一种轻量级分组密码SCS的实现方法,其特征在于,包括以下步骤:1. a realization method of lightweight block cipher SCS, is characterized in that, comprises the following steps: 步骤1:利用高伪随机P1置换对密钥进行置换得到置换后的密钥,并从置换后的密钥中提取初始轮密钥、初始控制密钥和组合数据H1、H2Step 1: use high pseudo-random P 1 replacement to replace the key to obtain the replaced key, and extract the initial round key, the initial control key and the combined data H 1 , H 2 from the replaced key; 步骤2:利用经过步骤1置换后的密钥的低64位对64位明文进行异或操作,得到第一中间结果数据,并将第一中间结果数据从高位至低位按16位一组分成4组,得到M0、M1、M2、M3Step 2: XOR the 64-bit plaintext with the lower 64 bits of the key replaced in Step 1 to obtain the first intermediate result data, and divide the first intermediate result data into 4 groups of 16 bits from high bits to low bits. group, get M 0 , M 1 , M 2 , M 3 ; 步骤3:将第一中间结果数据的高32位和低32位按照Feistel结构分别进行r轮F1轮函数和F2轮函数运算;Step 3 : perform r rounds of F1 and F2 function operations on the upper 32 bits and the lower 32 bits of the first intermediate result data respectively according to the Feistel structure; F1轮函数:将M0作为参与F1轮函数运算的输入数据,进行F1轮函数运算,将得到的结果与M1进行异或,将得到的异或运算结果作为下一轮参与F1轮函数运算的输入数据M0,同时将前一轮参与F1轮函数运算的输入数据M0作为下一轮的M1F 1 round function: take M 0 as the input data to participate in the F 1 round of function operation, perform the F 1 round of function operation, XOR the obtained result with M 1 , and use the obtained XOR operation result as the next round to participate in F The input data M 0 of 1 round of function operation, and the input data M 0 of the previous round participating in the F 1 round of function operation is taken as M 1 of the next round ; F2轮函数:将M2作为参与F2轮函数运算的输入数据,进行F2轮函数运算,将得到的结果与M3进行异或,将得到的异或运算结果作为下一轮参与F2轮函数运算的输入数据M2,同时将前一轮参与F2轮函数运算的输入数据的M2作为下一轮的M3F 2 round function: take M 2 as the input data for participating in the F 2 round function operation, perform the F 2 round function operation, perform XOR with the obtained result and M 3 , and use the obtained XOR operation result as the next round to participate in F The input data M 2 of the 2 rounds of function operations, and the M 2 of the input data of the previous round participating in the F 2 round of function operations is taken as the M 3 of the next round; 其中,所述F1轮函数依次包括利用F1轮函数运算的输入数据对每一轮的轮密钥进行异或操作、S1盒更新、P1置换、S1盒替换以及P2置换操作;Wherein, the F 1 round function sequentially includes performing XOR operation, S 1 box update, P 1 permutation, S 1 box replacement and P 2 permutation operations on the round key of each round using the input data of the F 1 round function operation. ; 所述F2轮函数依次包括利用F2轮函数运算的输入数据对每一轮的轮密钥进行异或操作、S2盒更新、P2置换、S2盒替换以及P1置换操作; The F2 round function sequentially includes using the input data of the F2 round function operation to perform XOR operation, S2 box update, P2 replacement, S2 box replacement and P1 replacement operation on the round key of each round ; 所述S1盒更新和S2盒更新采用每一轮的控制密钥更新; The S1 box update and the S2 box update use each round of control key update ; 每一轮的轮密钥和控制密钥依据每一轮的轮函数运算输入数据分别对初始轮密钥和初始控制密钥进行更新获得;The round key and the control key of each round are obtained by respectively updating the initial round key and the initial control key according to the input data of the round function operation of each round; 步骤4:将经过r轮轮函数运算得到的M1、M0、M3、M2作为第二中间结果数据;Step 4: take M 1 , M 0 , M 3 , and M 2 obtained through r rounds of function operations as the second intermediate result data; 步骤5:把组合数据H1、H2分别放在第二中间结果数据的高32位的后面和低32位的后面,得到第三中间结果数据;Step 5: put the combined data H 1 and H 2 on the back of the upper 32 bits and the lower 32 bits of the second intermediate result data, respectively, to obtain the third intermediate result data; 所述组合数据H1和H2从密钥中选取,且H1和H2均为32位;The combined data H 1 and H 2 are selected from the key, and both H 1 and H 2 are 32 bits; 步骤6:将第三中间结果数据依次进行行移位和列混淆操作,得到明文的加密结果。Step 6: Perform row shift and column obfuscation operations on the third intermediate result data in sequence to obtain a plaintext encryption result. 2.根据权利要求1所述的方法,其特征在于,所述初始轮密钥、初始控制密钥和组合数据是从利用高伪随机P1置换对密钥进行置换后的密钥中提取:2. The method according to claim 1, wherein the initial round key, the initial control key and the combined data are extracted from the key after the key is replaced by a high pseudo-random P 1 permutation: 将置换后的密钥的第32位至63位作为初始轮密钥;Use the 32nd to 63rd bits of the replaced key as the initial round key; 将置换后的密钥的低32位作为初始控制密钥;Use the lower 32 bits of the replaced key as the initial control key; 若密钥长度为96位,则将置换后的密钥高32位作为组合数据H1,H1的逆序作为组合数据H2If the key length is 96 bits, the high 32 bits of the replaced key are used as the combined data H 1 , and the reverse order of H 1 is used as the combined data H 2 ; 若密钥长度为192位,则将置换后的密钥第96位至第159位的前半部分作为组合数据H1,后半部分作为组合数据H2If the key length is 192 bits, the first half of the 96th to 159th bits of the replaced key is used as the combined data H 1 , and the second half is used as the combined data H 2 ; 将所述初始轮密钥的前半部分和后半部分分别作为第一初始轮密钥Lkey和第二初始轮密钥Rkey;Taking the first half and the second half of the initial round key as the first initial round key Lkey and the second initial round key Rkey, respectively; 将所述初始控制密钥的前半部分和后半部分分别作为第一初始控制密钥wk和第二初始控制密钥vk;Taking the first half and the second half of the initial control key as the first initial control key wk and the second initial control key vk, respectively; 每一轮F1轮函数的控制密钥W由第一初始控制密钥wk和参与每一轮F1轮函数运算的输入数据M0进行异或得到;The control key W of each round of F1 - round function is obtained by XORing the first initial control key wk and the input data M0 participating in each round of F1 - round function operation ; 每一轮F2轮函数的控制密钥V由第二初始控制密钥vk和参与每一轮F2轮函数运算的输入数据M2进行异或得到;The control key V of each round of F 2 round function is obtained by XORing the second initial control key vk and the input data M 2 participating in each round of F 2 round function operation; 每一轮F1轮函数的轮密钥K1由第一初始控制密钥wk、第一初始轮密钥Lkey以及参与每一轮F2轮函数运算的输入数据M2进行异或得到;The round key K 1 of each round F 1 round function is obtained by XORing the first initial control key wk, the first initial round key Lkey and the input data M 2 participating in each round F 2 round function operation; 每一轮F2轮函数的轮密钥K2由第二初始控制密钥vk、第二初始轮密钥Rkey以及参与每一轮F1轮函数运算的输入数据M0进行异或得到。The round key K 2 of each round of the F 2 round function is obtained by XORing the second initial control key vk, the second initial round key Rkey and the input data M 0 participating in the operation of each round of the F 1 round function. 3.根据权利要求2所述的方法,其特征在于,在每一轮F1轮函数和F2轮函数中S1盒更新和S2盒更新的过程由每一轮的控制密钥控制,S1盒替换和S2盒替换由每一轮的轮密钥控制;3. method according to claim 2, is characterized in that, in each round F 1 round function and F 2 round function, the process of S 1 box update and S 2 box update is controlled by the control key of each round, S1 box replacement and S2 box replacement are controlled by the round key for each round ; 所述S1盒更新和S2盒更新的过程相同,包括以下步骤: The process of the S1 box update and the S2 box update is the same, including the following steps: 步骤1.1:将每一轮的控制密钥的十进制数作为随机数种子,生成16个伪随机数;Step 1.1: Use the decimal number of the control key of each round as the random number seed to generate 16 pseudo-random numbers; 步骤1.2:将得到的16个伪随机数相互异或,得到一个异或结果,记为dex;Step 1.2: XOR the obtained 16 pseudo-random numbers with each other to obtain an XOR result, which is recorded as dex; 步骤1.3:将得到的dex再次作为随机数种子,生成16个0到15之间的伪随机数,保存在数组d[i]中,0≤i≤15;Step 1.3: Use the obtained dex as a random number seed again, generate 16 pseudo-random numbers between 0 and 15, and store them in the array d[i], 0≤i≤15; 步骤1.4:依次比较i与d[i],若不相等,则交换初始S盒中i所在位置的值与d[i]所在位置值,i从0取值到15,直到完成所有交换,得到更新后的S盒;Step 1.4: Compare i and d[i] in turn, if they are not equal, then exchange the value of the position of i in the initial S box with the value of the position of d[i], i takes the value from 0 to 15, until all the exchanges are completed, get Updated S box; 所述S盒的初始值为S(i)=i,S1盒更新和S2盒更新使用的控制密钥分别为W和V;The initial value of the S box is S(i) = i, and the control keys used for the S1 box update and the S2 box update are W and V respectively ; 所述S1盒替换和S2盒替换的过程相同,包括以下步骤: The process of replacing the S1 box and the S2 box is the same, including the following steps: 步骤2.1:将待输入S盒的数据按从高位至低位,每组4位依次分为4组{statej},0≤j≤3;Step 2.1: Divide the data to be input into the S box into 4 groups {state j }, 0≤j≤3; 步骤2.2:将每一轮的轮密钥按从高位至低位,每组4位依次分为4组{Kj},0≤j≤3;Step 2.2: Divide the round key of each round into 4 groups {K j }, 0≤j≤3; 步骤2.3:依次进行(statej+Kj)mod16运算,0≤j≤3,得到4个4位结果数据{sj};Step 2.3: Perform (state j +K j )mod16 operation in sequence, 0≤j≤3, and obtain 4 4-bit result data {s j }; 步骤2.4:将步骤2.3得到的4个4位结果数据{sj}均输入S盒进行变换,将得到的变换结果按照从高位至低位进行合并,得到S盒替换结果。Step 2.4: Input the four 4-bit result data {s j } obtained in step 2.3 into the S box for transformation, and combine the obtained transformation results from high order to low order to obtain the S box replacement result. 4.根据权利要求1-3任一项所述的方法,其特征在于,依据密钥长度,确定进行轮运算的轮数r;4. The method according to any one of claims 1-3, wherein, according to the key length, it is determined that the number of rounds r for round operation is carried out; 若密钥长度为96位,轮数r为20;密钥长度为192位,轮数r为32。If the key length is 96 bits, the number of rounds r is 20; if the key length is 192 bits, the number of rounds r is 32. 5.根据权利要求4所述的方法,其特征在于,在对密文进行解密时,先将密文进行逆列混淆,再进行逆行移位,接着进行拆分操作,将得到的拆分结果采用广义Feistel结构进行相应轮数r的迭代,将迭代后结果利用经过P1置换后的密钥的低64位进行异或运算,得到解密后的明文;5. method according to claim 4, is characterized in that, when ciphertext is decrypted, first ciphertext is carried out inverse column confusion, then carry out reverse row shift, then carry out splitting operation, the splitting result that obtains The generalized Feistel structure is used to iterate the corresponding number of rounds r, and the result after iteration is XORed with the lower 64 bits of the key after P 1 replacement, and the decrypted plaintext is obtained; 所述迭代过程与加密过程中的轮函数运算相同;The iterative process is the same as the round function operation in the encryption process; 所述逆列混淆和逆行移位与加密过程中的列混淆和行移位运算互逆;The inverse column confusion and the reverse row shift are mutually inverse with the column confusion and row shift operations in the encryption process; 所述拆分操作是指将经过逆行移位运算后的结果的第64位到第95位和低32位取出后,剩余数据按照从高位至低位,每组16位,拆分成4组,依次为C0、C1、C2、C3,将拆分得到的数据作为迭代过程中的输入数据。The splitting operation means that after the 64th to 95th bits and the lower 32 bits of the result after the reverse shift operation are taken out, the remaining data is divided into 4 groups according to the high order to the low order, each group of 16 bits, The sequence is C 0 , C 1 , C 2 , and C 3 , and the data obtained by splitting is used as the input data in the iterative process. 6.一种轻量级分组密码SCS的实现装置,其特征在于,包括:6. A realization device of lightweight block cipher SCS, characterized in that, comprising: 初始化单元,利用高伪随机P1置换对密钥进行置换得到置换后的密钥,并从置换后的密钥中提取初始轮密钥、初始控制密钥和组合数据H1、H2an initialization unit, using a high pseudo-random P 1 permutation to permute the key to obtain a permuted key, and extracting the initial round key, the initial control key and the combined data H 1 , H 2 from the permuted key; 数据拆分单元,利用初始化单元中置换后的密钥的低64位对64位明文进行异或操作,得到第一中间结果数据,并将第一中间结果数据从高位至低位按16位一组分成4组,得到M0、M1、M2、M3The data splitting unit uses the low 64 bits of the replaced key in the initialization unit to perform an exclusive OR operation on the 64-bit plaintext to obtain the first intermediate result data, and group the first intermediate result data from high to low in 16-bit groups Divide into 4 groups to obtain M 0 , M 1 , M 2 , M 3 ; 轮函数迭代单元,采用权利要求1-5任一项所述的方法将第一中间结果数据的高32位和低32位按照Feistel结构分别进行r轮F1轮函数和F2轮函数运算;The round function iteration unit, adopts the method described in any one of claims 1-5 to carry out r rounds of F 1 round functions and F 2 round functions respectively by the high 32 bits and the low 32 bits of the first intermediate result data according to the Feistel structure; F1轮函数模块:将M0作为参与F1轮函数运算的输入数据,进行F1轮函数运算,将得到的结果与M1进行异或,将得到的异或运算结果作为下一轮参与F1轮函数运算的输入数据M0,同时将前一轮参与F1轮函数运算的输入数据M0作为下一轮的M1F 1 round function module: take M 0 as the input data to participate in the F 1 round of function operation, perform the F 1 round of function operation, XOR the obtained result with M 1 , and use the obtained XOR operation result as the next round of participation. The input data M 0 of the F1 round of function operation, and at the same time, the input data M 0 that participated in the F1 round of function operation in the previous round is used as the next round of M1 ; F2轮函数:将M2作为参与F2轮函数运算的输入数据,进行F2轮函数运算,将得到的结果与M3进行异或,将得到的异或运算结果作为下一轮参与F2轮函数运算的输入数据M2,同时将前一轮参与F2轮函数运算的输入数据的M2作为下一轮的M3F 2 round function: take M 2 as the input data for participating in the F 2 round function operation, perform the F 2 round function operation, perform XOR with the obtained result and M 3 , and use the obtained XOR operation result as the next round to participate in F The input data M 2 of the 2 rounds of function operations, and the M 2 of the input data of the previous round participating in the F 2 round of function operations is taken as the M 3 of the next round; 其中,所述F1轮函数依次包括利用F1轮函数运算的输入数据对每一轮的轮密钥进行异或操作、S1盒更新、P1置换、S1盒替换以及P2置换操作;Wherein, the F1 round function sequentially includes using the input data of the F1 round function operation to perform XOR operation, S1 box update, P1 replacement, S1 box replacement and P2 replacement operations on the round key of each round. ; 所述F2轮函数依次包括利用F2轮函数运算的输入数据对每一轮的轮密钥进行异或操作、S2盒更新、P2置换、S2盒替换以及P1置换操作; The F2 round function sequentially includes using the input data of the F2 round function operation to perform XOR operation, S2 box update, P2 replacement, S2 box replacement and P1 replacement operation on the round key of each round ; 所述S1盒更新和S2盒更新采用每一轮的控制密钥更新; The S1 box update and the S2 box update use each round of control key update ; 每一轮的轮密钥和控制密钥依据每一轮的轮函数运算输入数据分别对初始轮密钥和初始控制密钥进行更新获得;The round key and the control key of each round are obtained by respectively updating the initial round key and the initial control key according to the input data of the round function operation of each round; 合并单元:将经过r轮轮函数运算得到的M1、M0、M3、M2作为第二中间结果数据,把组合数据H1、H2分别放在第二中间结果数据的高32位的后面和低32位的后面,得到第三中间结果数据;Merging unit: take M 1 , M 0 , M 3 , M 2 obtained through r rounds of function operations as the second intermediate result data, and put the combined data H 1 and H 2 in the upper 32 bits of the second intermediate result data respectively After and the lower 32 bits, get the third intermediate result data; 所述组合数据H1和H2从密钥中选取,且H1和H2均为32位;The combined data H 1 and H 2 are selected from the key, and both H 1 and H 2 are 32 bits; 行列操作单元:将合并单元输出的第三中间结果数据依次进行行移位和列混淆操作,得到明文的加密结果。Row-column operation unit: perform row shift and column obfuscation operations on the third intermediate result data output by the merging unit in turn, to obtain a plaintext encryption result.
CN201711428178.6A 2017-12-26 2017-12-26 A kind of implementation method and device of lightweight block cipher SCS Active CN108123791B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711428178.6A CN108123791B (en) 2017-12-26 2017-12-26 A kind of implementation method and device of lightweight block cipher SCS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711428178.6A CN108123791B (en) 2017-12-26 2017-12-26 A kind of implementation method and device of lightweight block cipher SCS

Publications (2)

Publication Number Publication Date
CN108123791A CN108123791A (en) 2018-06-05
CN108123791B true CN108123791B (en) 2019-03-08

Family

ID=62231631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711428178.6A Active CN108123791B (en) 2017-12-26 2017-12-26 A kind of implementation method and device of lightweight block cipher SCS

Country Status (1)

Country Link
CN (1) CN108123791B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617681A (en) * 2018-12-06 2019-04-12 成都卫士通信息产业股份有限公司 Encryption and decryption method and device, electronic equipment, computer readable storage medium
CN109600215B (en) * 2018-12-07 2021-09-24 北京宏思电子技术有限责任公司 Efficient implementation method and efficient implementation device for packet encryption algorithm
CN111314079B (en) * 2018-12-11 2023-09-12 北京思源理想控股集团有限公司 Encryption and decryption method and device
CN111314050B (en) * 2018-12-11 2023-06-30 北京思源理想控股集团有限公司 Encryption and decryption method and device
CN111314051B (en) * 2018-12-11 2023-09-12 北京思源理想控股集团有限公司 Encryption and decryption method and device
CN109697174B (en) * 2018-12-14 2023-06-23 中国航空工业集团公司西安航空计算技术研究所 Sensitive partition protection method for airborne computer storage system
CN109768854B (en) * 2019-03-29 2020-02-04 衡阳师范学院 Method for realizing lightweight block cipher algorithm
CN112035854B (en) * 2020-08-13 2024-02-23 南京低功耗芯片技术研究院有限公司 Method for resisting power consumption attack based on cyclic shift of bit permutation and fixed permutation table
CN112910630B (en) * 2021-02-02 2022-12-06 浙江大华技术股份有限公司 Method and device for replacing expanded key
CN113438067B (en) * 2021-05-30 2022-08-26 衡阳师范学院 Side channel attack method for compressed key guessing space
CN113691364B (en) * 2021-08-31 2024-02-09 衡阳师范学院 Encryption and decryption method of dynamic S-box block cipher based on bit slice technology
CN114024675B (en) * 2021-11-24 2024-01-23 衡阳师范学院 Lightweight block cipher IoVCipher implementation method and system suitable for Internet of vehicles terminal
CN114531223B (en) * 2022-01-04 2025-04-01 上海交通大学 Encryption and decryption method based on lightweight block cipher tenon algorithm
CN115801227B (en) * 2022-11-10 2023-07-21 北京海泰方圆科技股份有限公司 A method and device for generating a substitution table
CN117978367B (en) * 2024-03-28 2024-06-28 青岛青软晶尊微电子科技有限公司 Encryption method based on RISC-V architecture

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5745577A (en) * 1996-07-25 1998-04-28 Northern Telecom Limited Symmetric cryptographic system for data encryption
CN103746795A (en) * 2013-12-23 2014-04-23 衡阳师范学院 Method for realizing Magpie encryption and decryption
CN104333446A (en) * 2014-11-10 2015-02-04 衡阳师范学院 Novel ultra-lightweight QTL (Quasi-Transmission Line) block cipher implementation method
CN104639312A (en) * 2013-11-08 2015-05-20 国家电网公司 Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method
CN106027221A (en) * 2015-09-29 2016-10-12 深圳华视微电子有限公司 Data processing system for resisting high-order differential power analysis attack

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025484B (en) * 2010-12-17 2012-07-04 北京航空航天大学 Block cipher encryption and decryption method
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN104618094B (en) * 2015-01-28 2015-12-30 山东华翼微电子技术股份有限公司 A kind of password Mask method strengthening anti-attack ability

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5745577A (en) * 1996-07-25 1998-04-28 Northern Telecom Limited Symmetric cryptographic system for data encryption
CN104639312A (en) * 2013-11-08 2015-05-20 国家电网公司 Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm
CN103746795A (en) * 2013-12-23 2014-04-23 衡阳师范学院 Method for realizing Magpie encryption and decryption
CN104333446A (en) * 2014-11-10 2015-02-04 衡阳师范学院 Novel ultra-lightweight QTL (Quasi-Transmission Line) block cipher implementation method
CN106027221A (en) * 2015-09-29 2016-10-12 深圳华视微电子有限公司 Data processing system for resisting high-order differential power analysis attack
CN105959107A (en) * 2016-06-24 2016-09-21 衡阳师范学院 Novel and highly secure lightweight SFN block cipher implementation method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"一种基于动态S-盒P-盒的快速分组密码算法——DSP";陈利科 等;《计算机科学》;20090228;第36卷(第2期);全文

Also Published As

Publication number Publication date
CN108123791A (en) 2018-06-05

Similar Documents

Publication Publication Date Title
CN108123791B (en) A kind of implementation method and device of lightweight block cipher SCS
Chen et al. Exploiting self-adaptive permutation–diffusion and DNA random encoding for secure and efficient image encryption
Muir A tutorial on white-box AES
WO2008072455A1 (en) Encryption device, encryption method, and computer program
WO2012132623A1 (en) Encryption processing device, encryption processing method, and programme
CN105959107B (en) A New High Security Lightweight SFN Block Cipher Implementation Method
CN110784307B (en) Lightweight cryptographic algorithm SCENERY implementation method, device and storage medium
Biryukov Analysis of involutional ciphers: Khazad and Anubis
CN108206736B (en) A kind of lightweight cryptographic algorithm HBcipher implementation method and device
WO2017076911A1 (en) Key sequence generation for cryptographic operations
US7499542B2 (en) Device and method for encrypting and decrypting a block of data
Dawood et al. The new block cipher design (Tigris Cipher)
Al-Rahman et al. A hybrid lightweight cipher algorithm
US20030210783A1 (en) Method and system of encryption
Hans et al. An extended Playfair Cipher using rotation and random swap patterns
CN113691364B (en) Encryption and decryption method of dynamic S-box block cipher based on bit slice technology
Singh et al. Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish
US20040120521A1 (en) Method and system for data encryption and decryption
Kumar et al. Image encryption using simplified data encryption standard (S-DES)
Moldovyan On cipher design based on switchable controlled operations
Dawood et al. New Symmetric Cipher Fast Algorithm of Revertible Operations' Queen (FAROQ) Cipher
Lee et al. Related-key differential attacks on Cobra-H64 and Cobra-H128
Natarajan et al. A novel approach for data security enhancement using multi level encryption scheme
Abdulwahed Chaos-Based Advanced Encryption Standard
CN116436594A (en) An Implementation Method of Improved Algorithm SAFE for ROCCA Algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant