[go: up one dir, main page]

CN114531223A - Encryption and decryption method based on lightweight block cipher tenon type algorithm - Google Patents

Encryption and decryption method based on lightweight block cipher tenon type algorithm Download PDF

Info

Publication number
CN114531223A
CN114531223A CN202210002951.7A CN202210002951A CN114531223A CN 114531223 A CN114531223 A CN 114531223A CN 202210002951 A CN202210002951 A CN 202210002951A CN 114531223 A CN114531223 A CN 114531223A
Authority
CN
China
Prior art keywords
bit
round
bits
key
mod64
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210002951.7A
Other languages
Chinese (zh)
Other versions
CN114531223B (en
Inventor
张嘉宁
唐灯
王浩洋
董新锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiao Tong University
Original Assignee
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiao Tong University filed Critical Shanghai Jiao Tong University
Priority to CN202210002951.7A priority Critical patent/CN114531223B/en
Publication of CN114531223A publication Critical patent/CN114531223A/en
Application granted granted Critical
Publication of CN114531223B publication Critical patent/CN114531223B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

一种基于轻量级分组密码榫式(Tenon)算法的加密解密方法,通过将待加密数据按照分组长度每组n比特划分为等长的明文分组P,设置主密钥K,长度为m1比特,由主密钥K通过密钥编排算法产生Tenon分组密码算法的轮密钥

Figure DDA0003454259490000011
1≤r≤30,长度为m2比特,m1=128,m2=64,在加密过程中,将输入的待加密数据经过R轮迭代加密运算操作,输出n比特密文分组C。本发明综合考虑了安全性与实现代价,基于SPN结构设计,能够实现高效、安全、轻量的Tenon分组密码算法,适于应用在资源受限的设备上。

Figure 202210002951

An encryption and decryption method based on a lightweight block cipher tenon (Tenon) algorithm, by dividing the data to be encrypted into equal-length plaintext blocks P according to the block length of each group of n bits, and setting a master key K with a length of m 1 Bit, the master key K generates the round key of the Tenon block cipher algorithm through the key arrangement algorithm

Figure DDA0003454259490000011
1≤r≤30, the length is m 2 bits, m 1 =128, m 2 =64, in the encryption process, the input to-be-encrypted data is subjected to R rounds of iterative encryption operations, and an n-bit ciphertext block C is output. The present invention comprehensively considers security and implementation cost, based on SPN structure design, can realize efficient, safe and lightweight Tenon block cipher algorithm, and is suitable for application in resource-limited equipment.

Figure 202210002951

Description

基于轻量级分组密码榫式算法的加密解密方法Encryption and decryption method based on lightweight block cipher tenon algorithm

技术领域technical field

本发明涉及的是一种信息安全领域的技术,具体是一种轻量级分组密码榫式(Tenon)算法的实现方法。The invention relates to a technology in the field of information security, in particular to an implementation method of a lightweight block cipher tenon (Tenon) algorithm.

背景技术Background technique

现有的分组密码算法需要通过较为复杂的运算与结构来达到已知情况下最好的安全性,但需要耗费大量的软硬件资源,使得算法实现变慢,难以应用在微型物联网设备上。而若使用过于简单的逻辑结构,在安全性方面则难以达到要求。Existing block cipher algorithms require complex operations and structures to achieve the best security under known conditions, but consume a lot of hardware and software resources, making the algorithm implementation slow and difficult to apply to micro IoT devices. However, if a too simple logical structure is used, it is difficult to meet the requirements in terms of security.

发明内容SUMMARY OF THE INVENTION

本发明针对现有技术存在的上述不足,提出一种基于轻量级分组密码榫式算法的加密解密方法,综合考虑了安全性与实现代价,基于SPN结构设计,能够实现高效、安全、轻量的Tenon分组密码算法,适于应用在资源受限的设备上。Aiming at the above-mentioned shortcomings of the prior art, the present invention proposes an encryption and decryption method based on a lightweight block cipher tenon algorithm, which comprehensively considers security and implementation cost, and is designed based on SPN structure, which can achieve high efficiency, safety, and light weight. The Tenon block cipher algorithm is suitable for application on resource-constrained devices.

本发明是通过以下技术方案实现的:The present invention is achieved through the following technical solutions:

本发明涉及一种基于轻量级分组密码榫式算法的加密方法,包括:The present invention relates to an encryption method based on a lightweight block cipher tenon algorithm, comprising:

步骤1)将待加密数据按照分组长度每组n比特划分为等长的明文分组P,n=64;Step 1) divide the data to be encrypted into equal-length plaintext groups P according to the grouping length of each group of n bits, n=64;

步骤2)设置主密钥K,长度为m1比特,由主密钥K通过密钥编排算法产生Tenon分组密码算法的轮密钥

Figure BDA0003454259470000011
长度为m2比特,m1=128,m2=64,具体为:对于第r轮轮密钥,将128比特主密钥的第
Figure BDA0003454259470000012
位依次赋值给64比特长度的轮密钥
Figure BDA0003454259470000013
如对于第1轮,将主密钥的第1,2,4,7,…,97比特依次赋给轮密钥的第0,1,2,…,63位。再将
Figure BDA0003454259470000014
按16比特长度依次划分为4组
Figure BDA0003454259470000015
对于轮数r,将其表示为5位二进制数,最右侧为低位:如对于轮数r=11,表示为01011。之后进行:1.将轮密钥中的第15,16,31,47,63位与r的二进制表示的五位依次进行与操作,结果更新为新的k15,k16,k31,k47,k63;2.将
Figure BDA0003454259470000016
的16比特进行按位取反得到新的k32k33…k47;3.将k48k49…k63与k32k33…k47按位与操作后,再与k0k1…k15按位进行异或操作得到新的k48k49…k63。更新完成后的64比特k0k1…k63按16比特长度分为4组
Figure BDA0003454259470000017
即为第r轮的轮密钥,并将主密钥更新为128比特的
Figure BDA0003454259470000018
Step 2) Set the master key K, the length is m 1 bit, and the round key of the Tenon block cipher algorithm is generated by the master key K through the key arrangement algorithm
Figure BDA0003454259470000011
The length is m 2 bits, m 1 =128, m 2 =64, specifically: for the rth round key, the 128-bit master key
Figure BDA0003454259470000012
Bits are sequentially assigned to the round key of 64-bit length
Figure BDA0003454259470000013
For example, for the first round, assign the 1st, 2nd, 4th, 7th, ..., 97th bits of the master key to the 0th, 1st, 2nd, ..., 63rd bits of the round key in sequence. again
Figure BDA0003454259470000014
Divided into 4 groups according to the length of 16 bits
Figure BDA0003454259470000015
For the number of rounds r, it is represented as a 5-bit binary number, and the lowermost bit is on the far right: for example, for the number of rounds r=11, it is represented as 01011. Then proceed: 1. Perform the AND operation on the 15th, 16th, 31st, 47th, 63rd bits in the round key and the five bits of the binary representation of r in turn, and update the results to new k 15 , k 16 , k 31 , k 47 ,k 63 ; 2. will
Figure BDA0003454259470000016
Perform bitwise inversion of the 16 bits to obtain new k 32 k 33 ... k 47 ; 3. After k 48 k 49 ... k 63 and k 32 k 33 ... k 47 are bitwise ANDed with k 0 k 1 ... k 15 performs bitwise XOR operation to obtain new k 48 k 49 . . . k 63 . After the update is completed, the 64-bit k 0 k 1 ... k 63 is divided into 4 groups according to the length of 16 bits
Figure BDA0003454259470000017
is the round key of the rth round, and the master key is updated to a 128-bit
Figure BDA0003454259470000018

步骤3)在加密过程中,将输入的待加密数据经过R轮迭代加密运算操作,输出密文,具体为:Step 3) In the encryption process, the input data to be encrypted is subjected to R rounds of iterative encryption operation operations, and the ciphertext is output, specifically:

3.1)对于R=1,2,3,…,29轮,在每一轮加密运算中:将n比特明文分组P与m2比特的第i轮的轮密钥Ki进行轮密钥加后,将其分为8个8比特的字节,依次经过非线性层S盒替换,线性层置换后,输出的数据作为下一轮的输入。3.1) For R=1, 2, 3, ..., 29 rounds, in each round of encryption operation: add the n-bit plaintext block P and the m 2 -bit round key K i of the i-th round to the round key. , which is divided into 8 8-bit bytes, which are sequentially replaced by the nonlinear layer S box, and after the linear layer replacement, the output data is used as the input of the next round.

所述的正整数n=64;m1=128;m2=64;R=30;The positive integer n=64; m 1 =128; m 2 =64; R=30;

所述的轮密钥加具体实现如下:每一轮输入的64比特明文分组P从高位到低位表示为{P0,P1,P2,…,P62,P63},第r轮64比特的轮密钥

Figure BDA0003454259470000021
从高位到低位表示为{k0,k1,k2,k3,…,k61,k62,k63},按位将Pi与ki(0≤i≤63)进行异或得到新的明文分组P={P0,P1,P2,…,P62,P63};The specific implementation of the round key addition is as follows: the 64-bit plaintext packet P input in each round is expressed as {P 0 , P 1 , P 2 ,..., P 62 , P 63 } from high order to low order, and the rth round 64 bit round key
Figure BDA0003454259470000021
It is expressed as {k 0 ,k 1 ,k 2 ,k 3 ,...,k 61 ,k 62 ,k 63 } from the high order to the low order, and the bitwise XOR of P i and k i (0≤i≤63) is obtained New plaintext packet P={P 0 , P 1 , P 2 ,...,P 62 ,P 63 };

所述的过非线性层S盒替换的具体实现为:将进行过轮密钥加后的明文P={P0,P1,P2,…,P62,P63}从高位到低位按照每8比特分为一组,得到8个8比特的字节组,记为W0,W1,W2,W3,W4,W5,W6,W7,其中,Wi={w8i+0,w8i+1,w8i+2,w8i+3,w8i+4,w8i+5,w8i+6,w8i+7},0≤i≤7,将W0,W1,W2,W3,W4,W5,W6,W7同时经过8个并置的S盒中,具体过程为取八个相同的8比特输入8比特输出的S盒变换,变换是将Wi作为8比特输入经过S盒运算得到新的8比特输出W′i={w′8i+0,w′8i+1,…,w′8i+6,w′8i+7}=S(Wi)=S({w8i+0,w8i+1,…,w8i+6,w8i+7})。本Tenon算法S盒基于8级NFSR(非线性反馈移位寄存器)进行构造,一次S盒运算需要迭代11拍,上一拍的输出将作为下一拍的输入,每一拍将第六个比特的输入作为输出的第一比特;输入的第三个比特取反后与第八个比特进行与运算,后分别与第五比特、第六比特进行异或得到输出的第二比特;输入的第二比特作为输出的第三比特;输入的第八比特作为输出的第四比特;输入的第六比特作为输出的第七比特;输入的第四比特作为输出的第六比特;输入的第三比特作为输出的第七比特;输入的第六比特先与第八比特进行与运算后分别与第一比特、第五比特进行异或得到输出的第八比特。8个并置的S盒各自经过上述的11拍运算后输出为W′0,W′1,W′2,W′3,W′4,W′5,W′6,W′7,将其从高位到低位组合为64比特C={C0,C1,C2,…,C62,C63};The specific implementation of the above-mentioned non-linear layer S-box replacement is as follows: the plaintext P = {P 0 , P 1 , P 2 , . Divide each 8 bits into a group to obtain 8 byte groups of 8 bits, denoted as W 0 , W 1 , W 2 , W 3 , W 4 , W 5 , W 6 , W 7 , where Wi = { w 8i+0 ,w 8i+1 ,w 8i+2 ,w 8i+3 ,w 8i+4 ,w 8i+5 ,w 8i+6 ,w 8i+7 }, 0≤i≤7, set W 0 ,W 1 ,W 2 ,W 3 ,W 4 ,W 5 ,W 6 ,W 7 pass through 8 juxtaposed S-boxes at the same time, the specific process is to take eight identical 8-bit input and 8-bit output S-box transformation , the transformation is to take Wi as 8-bit input and obtain a new 8-bit output through S-box operation W′ i = {w′ 8i+0 ,w′ 8i+1 ,...,w′ 8i+6 ,w′ 8i+7 }=S(W i )=S({w 8i+0 , w 8i+1 , . . . , w 8i+6 , w 8i+7 }). This Tenon algorithm S-box is constructed based on 8-level NFSR (Non-Linear Feedback Shift Register). One S-box operation requires 11 iterations. The output of the previous beat will be used as the input of the next beat. The input is used as the first bit of the output; the third bit of the input is inverted and then ANDed with the eighth bit, and then XORed with the fifth bit and the sixth bit respectively to obtain the second bit of the output; the first bit of the input Two bits as the third bit of the output; the eighth bit of the input as the fourth bit of the output; the sixth bit of the input as the seventh bit of the output; the fourth bit of the input as the sixth bit of the output; the third bit of the input As the output seventh bit; the input sixth bit is first ANDed with the eighth bit and then XORed with the first bit and the fifth bit to obtain the output eighth bit. The 8 juxtaposed S-boxes are respectively output as W′ 0 , W′ 1 , W′ 2 , W′ 3 , W′ 4 , W′ 5 , W′ 6 , W′ 7 after the above-mentioned 11-beat operation. Its combination from high order to low order is 64 bits C={C 0 , C 1 , C 2 , . . . , C 62 , C 63 };

所述的过线性层置换具体为:将经过非线性层S盒替换运算后的64比特进行比特级的拉线置换。具体过程是64比特按照8个S盒的顺序将输出的8比特置换到新位置:Wi经过一个S盒替换后得到的8比特输出W′i={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7}变换为The over-linear layer replacement is specifically: performing bit-level pull-wire replacement on the 64 bits after the nonlinear layer S-box replacement operation. The specific process is that 64 bits replace the output 8 bits to the new position in the order of 8 S boxes: the 8-bit output of W i after one S box replacement is W′ i ={w′ 8i+0 ,w′ 8i+ 1 ,w′ 8i+2 ,w′ 8i+3 ,w′ 8i+4 ,w′ 8i+5 ,w′ 8i+6 ,w′ 8i+7 } are transformed into

{C[8(i+1)]mod64+(2i+1)mod8,C[8(i+2)]mod64+(2i+2)mod8,C[8(i+3)]mod64+(2i+3)mod8,C[8(i+4)]mod64+(2i+4)mod8,C[8(i+5)]mod64+(2i+5)mod8,C[8(i+6)]mod64+(2i+6)mod8,C[8(i+7)]mod64+(2i+7)mod8,C[8(i+8)]mod64+(2i+8)mod8},其中0≤i≤7。{C [8(i+1)]mod64+(2i+1)mod8 ,C [8(i+2)]mod64+(2i+2)mod8 ,C [8(i+3)]mod64+(2i+3) mod8 ,C [8(i+4)]mod64+(2i+4)mod8 ,C [8(i+5)]mod64+(2i+5)mod8 ,C [8(i+6)]mod64+(2i+6 )mod8 ,C [8(i+7)]mod64+(2i+7)mod8 ,C [8(i+8)]mod64+(2i+8)mod8 }, where 0≤i≤7.

3.2)对于R=30轮,将n比特分组P与m2比特的第i轮的轮密钥Ki进行轮密钥加后,将其分为8个8比特的字节,经过非线性层S盒替换,直接输出最终的64比特密文分组C。3.2) For R=30 rounds, add the n-bit group P and the round key K i of the i-th round of m 2 bits to the round key, divide it into 8 8-bit bytes, and pass through the nonlinear layer. The S box is replaced, and the final 64-bit ciphertext block C is directly output.

本发明涉及上述加密方法的解密方法,包括:密钥编排算法生成轮密钥、非线性层逆S盒代替、轮密钥加和线性层逆置换。The present invention relates to a decryption method of the above encryption method, including: key arrangement algorithm generating round key, nonlinear layer inverse S-box substitution, round key addition and linear layer inverse permutation.

所述的密钥编排算法与加密过程中步骤2)相同;非线性层逆S盒代替是将64比特密文分组C按照8比特宽度分为8组,第i组记为W′i={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7},0≤i≤7,将W′i经过逆S盒代替得到Wi,其中选取的逆S盒在具体实施方式中有叙述;轮密钥加操作与步骤3.1所述轮密钥加相同;线性层逆变换是将密文分组C的{C[8(i+1)]mod64+(2i+1)mod8,C[8(i+2)]mod64+(2i+2)mod8,C[8(i+3)]mod64+(2i+3)mod8,C[8(i+4)]mod64+(2i+4)mod8,C[8(i+5)]mod64+(2i+5)mod8,C[8(i+6)]mod64+(2i+6)mod8,C[8(i+7)]mod64+(2i+7)mod8,C[8(i+8)]mod64+(2i+8)mod8}变换到W′i={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7},这与加密过程中选取的拉线置换是相反的。The described key arrangement algorithm is the same as step 2) in the encryption process; instead of the nonlinear layer inverse S box, the 64-bit ciphertext group C is divided into 8 groups according to the 8-bit width, and the i-th group is denoted as W′ i = { w′ 8i+0 ,w′ 8i+1 ,w′ 8i+2 ,w′ 8i+3 ,w′ 8i+4 ,w′ 8i+5 ,w′ 8i+6 ,w′ 8i+7 },0 ≤i≤7, replace W′ i through the inverse S box to obtain W i , wherein the selected inverse S box is described in the specific embodiment; the round key addition operation is the same as the round key addition described in step 3.1; the linear layer The inverse transformation is to group the ciphertext of C {C [8(i+1)]mod64+(2i+1)mod8 ,C [8(i+2)]mod64+(2i+2)mod8 ,C [8(i+ 3)]mod64+(2i+3)mod8 ,C [8(i+4)]mod64+(2i+4)mod8 ,C [8(i+5)]mod64+(2i+5)mod8 ,C [8(i +6)]mod64+(2i+6)mod8 ,C [8(i+7)]mod64+(2i+7)mod8 ,C [8(i+8)]mod64+(2i+8)mod8 } transform to W′ i ={w′ 8i+0 ,w′ 8i+1 ,w′ 8i+2 ,w′ 8i+3 ,w′ 8i+4 ,w′ 8i+5 ,w′ 8i+6 ,w′ 8i+7 }, which is the opposite of the pull-wire replacement chosen during encryption.

对于R=30,只需将密文分组C经过逆S盒代替和轮密钥加两个运算;对于1≤R≤29,解密过程需要依次进行线性层逆置换、逆S盒代替和轮密钥加三次运算,最终得到正确的明文分组P。For R=30, the ciphertext block C only needs to undergo two operations of inverse S-box substitution and round key addition; for 1≤R≤29, the decryption process needs to perform linear layer inverse permutation, inverse S-box substitution and round key in turn. The key is added three times, and finally the correct plaintext packet P is obtained.

技术效果technical effect

本发明使用的8比特非线性层S盒的基于非线性反馈移位寄存器设计,可以显著降低硬件实现代价;在密码学性质方面,达到差分均匀度8,非线性度96;选用的线性变换与PRESENT算法中使用的变换相比,64比特经过置换都可以改变位置,防止因具有不动点造成的潜在弱点;密钥编排算法采用非线性的编排方式,增加了安全性。The 8-bit nonlinear layer S box used in the present invention is designed based on the nonlinear feedback shift register, which can significantly reduce the hardware implementation cost; in terms of cryptographic properties, the differential uniformity is 8 and the nonlinearity is 96; the selected linear transformation and Compared with the transformation used in the PRESENT algorithm, the position of 64 bits can be changed after permutation to prevent potential weaknesses caused by fixed points; the key arrangement algorithm adopts a non-linear arrangement, which increases security.

附图说明Description of drawings

图1为本发明S盒使用的非线性反馈移位寄存器单拍结构示意图;1 is a schematic diagram of the single-shot structure of the nonlinear feedback shift register used in the S box of the present invention;

图2为本发明采用的线性层拉线置换示意图;Fig. 2 is a schematic diagram of the replacement of the linear layer cable used in the present invention;

图3为本发明流程图。Figure 3 is a flow chart of the present invention.

具体实施方式Detailed ways

如图3所示,本实施例中采用SPN结构,分组长度为64比特,密钥长度128比特,算法迭代轮数30轮,P为64比特明文分组,C为64比特密文分组,R为算法迭代轮数,r为算法当前所在轮,1≤r≤30,ri为当前轮数的二进制表示形式,1≤r≤30,0≤i≤4,K为128比特主密钥,

Figure BDA0003454259470000031
为第r轮的轮密钥,长度64比特,r=1,2,…,30,Pi为明文分组由高位到低位的第i比特,i=0,1,2,…,62,63,Ki为主密钥由高位到低位的第i比特,i=0,1,2,…,126,127,ki为轮密钥由高位到低位的第i比特,i=0,1,2,…,62,63,
Figure BDA0003454259470000041
为密钥扩展中使用的64比特轮密钥中16比特过程字,i=0,1,2,3,
Figure BDA0003454259470000042
为最终输出的64比特轮密钥中的16比特字,
Figure BDA0003454259470000043
Figure BDA0003454259470000044
Wi为进入S盒替换前的状态字,每个字的长度为8比特,i=0,1,…,6,7,W′i为经过S盒替换后的状态字,每个字的长度为8比特,i=0,1,…,6,7,S为长度为16比特的全1序列,
Figure BDA0003454259470000045
为比特级异或运算,&为比特级与运算,||为字符串连接符,本发明Tenon算法基于SPN结构设计,实现过程主要分为S盒代替(非线性层)和拉线置换(线性层)两部分。As shown in Figure 3, the SPN structure is adopted in this embodiment, the block length is 64 bits, the key length is 128 bits, the number of algorithm iteration rounds is 30, P is a 64-bit plaintext block, C is a 64-bit ciphertext block, and R is a 64-bit ciphertext block. The number of iteration rounds of the algorithm, r is the current round of the algorithm, 1≤r≤30 , ri is the binary representation of the current round number, 1≤r≤30, 0≤i≤4, K is the 128-bit master key,
Figure BDA0003454259470000031
is the round key of the rth round, with a length of 64 bits, r=1,2,...,30, P i is the i-th bit of the plaintext packet from high to low, i=0,1,2,...,62,63 , K i is the i-th bit of the master key from high to low, i=0,1,2,...,126,127, ki is the i -th bit of the round key from high to low, i=0,1,2 ,…,62,63,
Figure BDA0003454259470000041
is the 16-bit process word in the 64-bit round key used in key expansion, i=0, 1, 2, 3,
Figure BDA0003454259470000042
is the 16-bit word in the final output 64-bit round key,
Figure BDA0003454259470000043
Figure BDA0003454259470000044
W i is the status word before entering the S box replacement, the length of each word is 8 bits, i=0,1,...,6,7, W' i is the status word after the S box replacement, the length of each word is The length is 8 bits, i=0,1,...,6,7, S is an all-one sequence with a length of 16 bits,
Figure BDA0003454259470000045
is a bit-level XOR operation, & is a bit-level AND operation, and || is a string connector. The Tenon algorithm of the present invention is designed based on the SPN structure. ) in two parts.

如图1所示,为本实施例涉及一种轻量级分组密码算法的实现方法,包括以下步骤:As shown in Figure 1, the present embodiment relates to a method for implementing a lightweight block cipher algorithm, comprising the following steps:

步骤1、将要加密的待加密数据按照64比特的长度进行分组,分别对各分组进行加密,一组待加密数据记为P;设置主密钥,主密钥长度为128比特,按照密钥扩展算法得到64比特长度的轮密钥,第r轮轮密钥记为

Figure BDA0003454259470000046
Step 1. Group the data to be encrypted to be encrypted according to the length of 64 bits, encrypt each group separately, and record a group of data to be encrypted as P; set the master key, the length of the master key is 128 bits, and expand according to the key. The algorithm obtains a round key with a length of 64 bits, and the rth round key is recorded as
Figure BDA0003454259470000046

步骤2、设置主密钥K,长度为m1比特,由主密钥K通过密钥编排算法产生Tenon分组密码算法的轮密钥

Figure BDA0003454259470000047
长度为m2比特,m1=128,m2=64,其中Tenon算法的密钥编排算法如下:对于r=1,2,…,30,取128比特主密钥K的第
Figure BDA0003454259470000048
Figure BDA0003454259470000049
位:
Figure BDA00034542594700000410
共64比特,按序依次赋给
Figure BDA00034542594700000411
Step 2. Set the master key K, the length is m 1 bit, and the round key of the Tenon block cipher algorithm is generated by the master key K through the key arrangement algorithm
Figure BDA0003454259470000047
The length is m 2 bits, m 1 =128, m 2 =64, and the key arrangement algorithm of Tenon algorithm is as follows: For r=1,2,...,30, take the first 128-bit master key K
Figure BDA0003454259470000048
Figure BDA0003454259470000049
Bit:
Figure BDA00034542594700000410
A total of 64 bits, assigned in order
Figure BDA00034542594700000411

当前轮数r以5位二进制数表示为r0,r1,r2,r3,r4,计算k15=k15&r0;k16=k16&r1;k31=k31&r2;k47=k47&r3;k63=k63&r4;将得到的

Figure BDA00034542594700000412
以16比特长度划分为4组,记为
Figure BDA00034542594700000413
计算:
Figure BDA00034542594700000414
Figure BDA00034542594700000415
输出当前轮密钥
Figure BDA00034542594700000416
主密钥更新为
Figure BDA00034542594700000417
再进行下一轮轮密钥的计算。The current round number r is expressed as r 0 , r 1 , r 2 , r 3 , r 4 in 5-bit binary numbers, and k 15 = k 15 &r 0 ; k 16 = k 16 &r 1 ; k 31 = k 31 &r 2 ; k 47 =k 47 &r 3 ; k 63 =k 63 &r 4 ; will be obtained
Figure BDA00034542594700000412
Divided into 4 groups with a length of 16 bits, denoted as
Figure BDA00034542594700000413
calculate:
Figure BDA00034542594700000414
Figure BDA00034542594700000415
Output current round key
Figure BDA00034542594700000416
Master key updated to
Figure BDA00034542594700000417
Then perform the calculation of the next round key.

步骤3)在加密过程中,将输入的待加密数据经过R轮迭代加密运算操作,输出密文,对于R=1,2,3,…,29轮,在每一轮加密运算中:将n比特明文分组P与m2比特的第i轮的轮密钥Ki进行轮密钥加后,将其分为8个8比特的字节,依次经过非线性层S盒替换,线性层置换后,输出的数据作为下一轮的输入,具体过程如下:将明文分组和轮密钥按照比特顺序分为P0,P1,…,P62,P63和k0,k1,…,k62,k63,对i=0,1,2,3,4,5,6,7,计算

Figure BDA00034542594700000418
Step 3) In the encryption process, the input data to be encrypted is subjected to R rounds of iterative encryption operations, and the ciphertext is output. For R=1, 2, 3, ..., 29 rounds, in each round of encryption operations: n After the bit plaintext packet P and the m 2 -bit round key K i of the i-th round are round key added, it is divided into 8 8-bit bytes, which are sequentially replaced by the nonlinear layer S box, and after the linear layer replacement , the output data is used as the input of the next round. The specific process is as follows: divide the plaintext block and the round key into P 0 , P 1 ,...,P 62 ,P 63 and k 0 ,k 1 ,...,k according to the bit order 62 ,k 63 , for i=0,1,2,3,4,5,6,7, calculate
Figure BDA00034542594700000418

所述的非线性层S盒代替操作,具体为:将轮密钥加得到的新明文分组划分为8个状态字,每个状态字长度为8比特,即P=W0||W1||W2|W3||W4||W5||W6||W7;对于Wi,将其经过一个8比特进8比特出的S盒变换,得到新的8比特状态字Wi′。每次变换需迭代11拍,每一拍的过程包括;w′0=w5

Figure BDA00034542594700000419
w′2=w1;w′3=w7;w′4=w6;w′5=w3;w′6=w2
Figure BDA00034542594700000420
w′0w′1w′2w′3w′4w′5w′6w′7作为新的w0w1w2w3w4w5w6w7,进入下一拍。;也可以将各状态字Wi以10进制表示,通过查找S盒真值表,再转为二进制表示,得到新的状态字W′i,0≤i≤7。The non-linear layer S-box substitution operation is specifically: dividing the new plaintext packet obtained by adding the round key into 8 state words, each state word having a length of 8 bits, that is, P=W 0 ||W 1 | |W 2 |W 3 ||W 4 ||W 5 ||W 6 || W 7 ; for Wi, convert it through an 8-bit in 8-bit out S-box to obtain a new 8-bit state word W i '. Each transformation needs to iterate 11 beats, and the process of each beat includes: w′ 0 =w 5 ;
Figure BDA00034542594700000419
w' 2 =w 1 ; w' 3 =w 7 ; w' 4 =w 6 ; w' 5 =w 3 ; w' 6 =w 2 ;
Figure BDA00034542594700000420
w′ 0 w′ 1 w′ 2 w′ 3 w′ 4 w′ 5 w′ 6 w′ 7 as the new w 0 w 1 w 2 w 3 w 4 w 5 w 6 w 7 , enter the next beat. ; It is also possible to represent each state word W i in decimal system, by searching the truth table of the S box, and then converting it into binary representation to obtain a new state word W' i , 0≤i≤7.

所采用S盒真值表十进制表示为{0,191,119,88,130,86,165,114,57,77,91,139,148,132,200,84,34,120,180,209,203,42,234,249,61,236,223,192,18,195,21,95,121,219,122,11,221,123,31,60,163,7,112,246,46,55,56,194,210,102,116,143,47,45,173,224,63,141,190,201,17,25,157,133,205,87,28,147,152,30,64,158,129,248,125,182,176,188,154,100,159,230,105,153,103,5,8,89,73,92,107,247,241,238,174,26,229,81,2,104,43,49,227,137,68,212,211,66,251,127,242,76,189,94,111,109,235,36,70,169,14,78,183,22,170,23,214,74,255,250,231,1,79,85,110,178,150,96,240,71,69,29,51,93,185,144,145,12,215,33,217,175,135,166,161,59,155,118,24,75,13,131,128,156,115,228,186,54,149,196,98,167,37,138,67,237,233,207,99,126,216,254,58,3,136,140,41,97,6,53,225,164,39,181,162,38,19,253,83,142,90,171,220,198,226,52,27,199,101,80,218,239,117,9,50,48,108,124,206,15,252,177,208,35,44,62,151,245,168,243,10,222,32,244,179,193,65,134,232,72,213,202,113,160,20,187,4,204,106,184,172,16,197,146,40,82}。所采用S盒真值表十进制表示为{0,191,119,88,130,86,165,114,57,77,91,139,148,132,200,84,34,120,180,209,203,42,234,249,61,236,223,192,18,195,21,95,121,219,122,11,221,123,31,60,163,7,112,246,46,55,56,194,210,102,116,143 ,47,45,173,224,63,141,190,201,17,25,157,133,205,87,28,147,152,30,64,158,129,248,125,182,176,188,154,100,159,230,105,153,103,5,8,89,73,92,107,247,241,238,174,26,229,81,2,104,43,49,227,137,68,212,211,66,251,127,242,76,189,94,111,109,235,36,70,169 ,14,78,183,22,170,23,214,74,255,250,231,1,79,85,110,178,150,96,240,71,69,29,51,93,185,144,145,12,215,33,217,175,135,166,161,59,155,118,24,75,13,131,128,156,115,228,186,54,149,196,98,167,37,138,67,237,233,207,99,126,216,254 ,58,3,136,140,41,97,6,53,225,164,39,181,162,38,19,253,83,142,90,171,220,198,226,52,27,199,101,80,218,239,117,9,50,48,108,124,206,15,252,177,208,35,44,62,151,245,168,243,10,222,32,244,179,193,65,134,232,72,213,202,113,160 , 20, 187, 4, 204, 106, 184, 172, 16, 197, 146, 40, 82}.

将经过非线性层得到的8个状态字W0′||W1′||W2′||W3′||W4′||W5′||W6′||W7′从高位到低位按比特顺序排列得到64比特C={C0,C1,C2,…,C62,C63}。The 8 state words W 0 ′||W 1 ′||W 2 ′||W 3 ′||W 4 ′||W 5 ′||W 6 ′||W 7 ′ obtained from the nonlinear layer are converted from The high-order to low-order bits are arranged in bit order to obtain 64 bits C={C 0 , C 1 , C 2 , . . . , C 62 , C 63 }.

步骤5所述的线性层置换运算如下:The linear layer permutation operation described in step 5 is as follows:

将经过非线性层S盒替换运算后的64比特进行比特级的拉线置换。具体过程是64比特按照8个S盒的顺序将输出的8比特置换到新位置:Wi经过一个S盒替换后得到的8比特输出W′I={C8i+0,C8i+1,C8i+2,C8i+3,C8i+4,C8i+5,C8i+6,C8i+7}变换得到下一轮的输入明文分组,为{P[8(i+1)]mod64+(2i+1)mod8,P[8(i+2)]mod64+(2i+2)mod8,P[8(i+3)]mod64+(2i+3)mod8,P[8(i+4)]mod64+(2i+4)mod8,The 64 bits after the non-linear layer S-box replacement operation are subjected to bit-level pull-wire replacement. The specific process is that 64 bits replace the output 8 bits to the new position in the order of 8 S boxes: the 8-bit output of W i after one S box replacement is obtained W′ I ={C 8i+0 ,C 8i+1 , C 8i+2 , C 8i+3 , C 8i+4 , C 8i+5 , C 8i+6 , C 8i+7 } transform to obtain the next round of input plaintext packets, which is {P [8(i+1) ]mod64+(2i+1)mod8 ,P [8(i+2)]mod64+(2i+2)mod8 ,P [8(i+3)]mod64+(2i+3)mod8 ,P [8(i+4 )]mod64+(2i+4)mod8 ,

P[8(i+5)]mod64+(2i+5)mod8,P[8(i+6)]mod64+(2i+6)mod8,P[8(i+7)]mod64+(2i+7)mod8,P[8(i+8)]mod64+(2i+8)mod8},其中0≤i≤7。P [8(i+5)]mod64+(2i+5)mod8 ,P [8(i+6)]mod64+(2i+6)mod8 ,P [8(i+7)]mod64+(2i+7)mod8 ,P [8(i+8)]mod64+(2i+8)mod8 }, where 0≤i≤7.

表1为线性层置换对应关系。Table 1 shows the linear layer permutation correspondence.

Figure BDA0003454259470000051
Figure BDA0003454259470000051

Figure BDA0003454259470000061
Figure BDA0003454259470000061

对于第30轮,不进行线性层置换运算,直接将经过S盒代替操作后的8个状态字按顺序组合为最终密文输出,即令C=W0′||W1′||W2′||W3′||W4′||W5′||W6′||W7′。For the 30th round, the linear layer permutation operation is not performed, and the 8 state words after the S-box substitution operation are directly combined into the final ciphertext output in sequence, that is, C=W 0 ′||W 1 ′||W 2 ′ ||W 3 ′||W 4 ′||W 5 ′||W 6 ′||W 7 ′.

对于步骤4、步骤5中的解密过程如下:The decryption process in steps 4 and 5 is as follows:

将128比特主密钥K按照密钥编排算法扩展成64比特的轮子密钥

Figure BDA0003454259470000063
对于r=1,2,3,…,30,重复执行下列操作。Extend the 128-bit master key K into a 64-bit wheel key according to the key arrangement algorithm
Figure BDA0003454259470000063
For r=1, 2, 3, . . . , 30, the following operations are repeated.

将密文以64比特固定长度进行分组,对于每个密文分组C按照顺序划分为8个8比特长度的状态字W0′||W1′||W2′||W3′||W4′||W5′||W6′||W7′。The ciphertext is grouped with a fixed length of 64 bits, and each ciphertext block C is divided into eight 8-bit length state words W 0 ′||W 1 ′||W 2 ′||W 3 ′|| W 4 ′||W 5 ′||W 6 ′||W 7 ′.

对于每个状态字W′i,经过逆S盒代替运算,得到新状态字Wi,0≤i≤7。逆S盒的十进制表示为:{0,131,98,183,246,85,188,41,86,213,230,35,147,160,120,219,251,60,28,196,244,30,123,125,158,61,95,206,66,141,69,38,232,149,16,223,117,172,195,192,254,186,21,100,224,53,44,52,215,101,214,142,205,189,167,45,46,8,182,155,39,24,225,56,70,236,107,174,104,140,118,139,239,88,127,159,111,9,121,132,209,97,255,198,15,133,5,65,3,87,200,10,89,143,113,31,137,187,170,178,79,208,49,84,99,82,248,90,216,115,134,114,42,242,7,164,50,212,157,2,17,32,34,37,217,74,179,109,162,72,4,161,13,63,237,152,184,103,173,11,185,57,199,51,145,146,253,67,12,168,136,226,68,83,78,156,163,62,71,80,243,154,194,40,191,6,153,171,228,119,124,201,250,54,94,151,76,221,135,234,18,193,75,122,249,144,166,245,77,112,58,1,27,235,47,29,169,252,203,207,14,59,241,20,247,64,218,177,222,19,48,106,105,240,126,148,180,150,210,33,202,36,231,26,55,190,204,102,165,96,81,130,238,176,22,116,25,175,93,211,138,92,110,229,233,227,43,91,73,23,129,108,220,197,181,128}For each state word W' i , a new state word W i is obtained through the inverse S-box substitution operation, 0≤i≤7.逆S盒的十进制表示为:{0,131,98,183,246,85,188,41,86,213,230,35,147,160,120,219,251,60,28,196,244,30,123,125,158,61,95,206,66,141,69,38,232,149,16,223,117,172,195,192,254,186,21,100,224,53,44,52,215,101,214,142,205,189,167,45,46 ,8,182,155,39,24,225,56,70,236,107,174,104,140,118,139,239,88,127,159,111,9,121,132,209,97,255,198,15,133,5,65,3,87,200,10,89,143,113,31,137,187,170,178,79,208,49,84,99,82,248,90,216,115,134,114,42,242,7,164,50,212,157 ,2,17,32,34,37,217,74,179,109,162,72,4,161,13,63,237,152,184,103,173,11,185,57,199,51,145,146,253,67,12,168,136,226,68,83,78,156,163,62,71,80,243,154,194,40,191,6,153,171,228,119,124,201,250,54,94,151 ,76,221,135,234,18,193,75,122,249,144,166,245,77,112,58,1,27,235,47,29,169,252,203,207,14,59,241,20,247,64,218,177,222,19,48,106,105,240,126,148,180,150,210,33,202,36,231,26,55,190,204,102,165,96,81,130,238,176,22,116,25,175,93,211,138,92,110,229,233,227 ,43,91,73,23,129,108,220,197,181,128}

得到的新的8个状态字Wi按照顺序排列组合为64比特分组P={P0,P1,P2,…,P62,P63}。The obtained new 8 state words Wi are arranged and combined in sequence into a 64-bit group P={P 0 , P 1 , P 2 , . . . , P 62 , P 63 } .

所述的轮密钥加是指:将当前轮密钥Kr按照从高位到低位的顺序记为Kr={k0,k1,k2,…,k63},对于i=0,1,…,63,计算:

Figure BDA0003454259470000062
The round key addition refers to: the current round key K r is recorded as K r ={k 0 ,k 1 ,k 2 ,...,k 63 } in the order from high to low. For i=0, 1,…,63, calculate:
Figure BDA0003454259470000062

所述的逆线性层置换是指:将轮密钥加后得到的P={P0,P1,P2,…,P62,P63}经过与加密运算相逆的拉线置换得到下一轮的C={C0,C1,C2,…,C62,C63}。The inverse linear layer permutation refers to: P={P 0 , P 1 , P 2 ,..., P 62 , P 63 } obtained after adding the round key is subjected to the pull-wire permutation inverse to the encryption operation to obtain the next step. C = {C 0 , C 1 , C 2 , . . . , C 62 , C 63 } for a round.

表2为解密过程中线性层置换对应关系。Table 2 shows the linear layer permutation correspondence in the decryption process.

Figure BDA0003454259470000071
Figure BDA0003454259470000071

经过具体实际实验,在128比特主密钥设置全0的情况下(0000 0000 0000 00000000 0000 0000 0000),各轮轮密钥依次为(十六进制表示):After specific practical experiments, when the 128-bit master key is set to all 0s (0000 0000 0000 00000000 0000 0000 0000), the keys of each round are (in hexadecimal notation):

01轮:0000 0000 FFFF 0000Round 01: 0000 0000 FFFF 0000

02轮:0002 0420 FDF6 0816Round 02: 0002 0420 FDF6 0816

03轮:0000 0CB0 BDB2 2C90Round 03: 0000 0CB0 BDB2 2C90

04轮:0020 252B 3F73 1430Round 04: 0020 252B 3F73 1430

05轮:0302 4861 65B7 0713Round 05: 0302 4861 65B7 0713

06轮:C04E 4525 D5F8 D026Round 06: C04E 4525 D5F8 D026

07轮:185A 00DC 4DC5 105FRound 07: 185A 00DC 4DC5 105F

08轮:72A0 85A6 453F 73A8Round 08: 72A0 85A6 453F 73A8

09轮:460A 4316 F0D5 561ERound 09: 460A 4316 F0D5 561E

10轮:01B2 2526 94D7 0136Round 10: 01B2 2526 94D7 0136

11轮:AD40 6A88 DA87 A5C711 rounds: AD40 6A88 DA87 A5C7

12轮:1802 C2CC 2E6D 300612 rounds: 1802 C2CC 2E6D 3006

13轮:6420 012964BB 2423Round 13: 6420 012964BB 2423

14轮:0228 440F 9E37 8228Round 14: 0228 440F 9E37 8228

15轮:147C 4622 77F7 367F15 rounds: 147C 4622 77F7 367F

16轮:590E 0B76 5DB5 41BARound 16: 590E 0B76 5DB5 41BA

17轮:3E02 2EC4 CEE7 FC81Round 17: 3E02 2EC4 CEE7 FC81

18轮:B2DC 48A4 1703 B3DCRound 18: B2DC 48A4 1703 B3DC

19轮:4EC7 58FC C49C CAD3Round 19: 4EC7 58FC C49C CAD3

20轮:9740 265B 3109 B64820 rounds: 9740 265B 3109 B648

21轮:DF8C 6F09 3E03 ED8FRound 21: DF8C 6F09 3E03 ED8F

22轮:DB6E 3529 A3E2 F9CCRound 22: DB6E 3529 A3E2 F9CC

23轮:ABE6 19CF C4AF 6B45Round 23: ABE6 19CF C4AF 6B45

24轮:DD01 4CE0 A0C3 7DC324 rounds: DD01 4CE0 A0C3 7DC3

25轮:D805 E5A8 E0F3 389625 rounds: D805 E5A8 E0F3 3896

26轮:8ABB 560E EEF3 2EE926 rounds: 8ABB 560E EEF3 2EE9

27轮:625F A074 8437 667DRound 27: 625F A074 8437 667D

28轮:7A48 DA2F 0003 7A48Round 28: 7A48 DA2F 0003 7A48

29轮:FCB2 8FA6 6859 FCBARound 29: FCB2 8FA6 6859 FCBA

30轮:8DE9 CC93 4885 856D30 rounds: 8DE9 CC93 4885 856D

算法加密测试向量(TestVector):在主密钥分别为全1和全0的情况下,明文数据分别为全1和全0的情况下,计算密文数据。表3为Tenon算法的测试向量(十六进制表示)。Algorithm encryption test vector (TestVector): When the master key is all 1s and all 0s, respectively, and the plaintext data is all 1s and all 0s, respectively, calculate the ciphertext data. Table 3 is the test vector (hexadecimal notation) of the Tenon algorithm.

Figure BDA0003454259470000081
Figure BDA0003454259470000081

与现有技术相比,本发明在硬件资源消耗上具有显著优势,在安全性与实现性能上达到较好的平衡。在非线性层中,采用的S盒相比同类型8比特S盒甚至是一些4比特S盒具有更少的硬件资源消耗,每一次S盒替换运算需要消耗1个非门,2个与门和4个异或门,共约1×0.5+2×1.3+4×2.65=13.7标准门电路(GE)。相比之下,现有流行的轻量级分组密码算法PRESENT-80所采用的4比特S盒约消耗28个标准门电路,在分组长度均为64比特的情况下,PRESENT一轮需要使用16个S盒,共占用28×16=448GE,本发明Tenon一轮需要则只使用8个S盒,占用13.7×8=109.6GE。此外,本算法采用的线性层为比特级的拉线置换,无需有多余的硬件资源来实现。Compared with the prior art, the present invention has significant advantages in hardware resource consumption, and achieves a better balance in security and implementation performance. In the nonlinear layer, the S-box used has less hardware resource consumption than 8-bit S-boxes of the same type or even some 4-bit S-boxes. Each S-box replacement operation needs to consume 1 NOT gate and 2 AND gates. And 4 XOR gates, a total of about 1×0.5+2×1.3+4×2.65=13.7 standard gate circuits (GE). In contrast, the 4-bit S-box used by the existing popular lightweight block cipher algorithm PRESENT-80 consumes about 28 standard gate circuits. When the block length is 64 bits, the PRESENT round needs to use 16 A total of 28×16=448 GE is occupied by each S box, and only 8 S boxes are used for one round of the Tenon of the present invention, which occupies 13.7×8=109.6 GE. In addition, the linear layer used in this algorithm is bit-level wire replacement, which does not require redundant hardware resources to implement.

在安全性方面,算法采用的S盒也具有良好的密码学性质,差分均匀度为8,非线性度为96,代数次数为7,且采用的8比特宽度的S盒相较4比特宽度的S盒具有更强的抵抗攻击的能力。在线性层中,应用了bit-slice技术,使得同一S盒输出的各比特在下一轮加密中分别进入不同的S盒,而下一轮中同一S盒输入的各比特来自上一轮不同S盒的输出。若将S盒视为双射函数而不考虑具体的输入输出对应关系,利用MILP(混合整数线性规划)求得算法在30轮下最小活跃S盒个数为44个,安全性不弱于PRESENT-80算法的结果。In terms of security, the S-box used in the algorithm also has good cryptographic properties, with a differential uniformity of 8, a non-linearity of 96, and an algebraic degree of 7. The 8-bit S-box used is better than the 4-bit wide S-box. The S box has a stronger ability to resist attacks. In the linear layer, the bit-slice technology is applied, so that the bits output by the same S box enter different S boxes in the next round of encryption, and the bits input in the same S box in the next round come from different S boxes in the previous round. output of the box. If the S-box is regarded as a bijective function without considering the specific input-output correspondence, MILP (mixed integer linear programming) is used to find that the minimum number of active S-boxes is 44 under 30 rounds, and the security is not weaker than that of PRESENT. -80 for the result of the algorithm.

上述具体实施可由本领域技术人员在不背离本发明原理和宗旨的前提下以不同的方式对其进行局部调整,本发明的保护范围以权利要求书为准且不由上述具体实施所限,在其范围内的各个实现方案均受本发明之约束。The above-mentioned specific implementation can be partially adjusted by those skilled in the art in different ways without departing from the principle and purpose of the present invention. The protection scope of the present invention is based on the claims and is not limited by the above-mentioned specific implementation. Each implementation within the scope is bound by the present invention.

Claims (8)

1. An encryption method based on a lightweight block cipher tenon type algorithm is characterized in that data to be encrypted are divided into equal-length plaintext blocks P according to block length, each block of n bits is divided into equal-length plaintext blocks P, a master key K is set, and the length of the master key K is m1Bits, round keys of the Tenon block cipher algorithm generated by the key arrangement algorithm from the master key K
Figure FDA0003454259460000018
1≤r≤30, length m2Bit, m1=128,m2And 64, in the encryption process, carrying out R rounds of iterative encryption operation on the input data to be encrypted, and outputting an n-bit ciphertext block C.
2. The encryption method based on the lightweight block cipher tenon algorithm as claimed in claim 1, which specifically comprises:
step 1), dividing data to be encrypted into plaintext blocks P with equal length according to the block length, wherein each block of n bits is 64;
step 2) setting a master key K with the length of m1Bits, round keys of the Tenon block cipher algorithm generated by the key arrangement algorithm from the master key K
Figure FDA0003454259460000019
R is more than or equal to 1 and less than or equal to 30, and the length is m2Bit, m1=128,m264, specifically: for the r round key, the first of 128 bit master key
Figure FDA0003454259460000011
Bit-sequentially assigning to 64-bit length round key
Figure FDA0003454259460000016
As for round 1, bits 1,2,4,7, …,97 of the master key are sequentially assigned to bits 0,1,2, …,63 of the round key; then will be
Figure FDA0003454259460000017
Divided into 4 groups in sequence according to 16 bit length
Figure FDA0003454259460000012
For the round number r, it is represented as a 5-bit binary number, with the rightmost bit being the lower bit: as 01011 for a wheel number r ═ 11; then, carrying out: 1. the 15 th, 16 th, 31 th, 47 th, 63 th bit in the round key is ANDed with the five bits of the binary representation of r in sequence, and the result is updated to a new k15,k16,k31,k47,k63(ii) a 2. Will be provided with
Figure FDA0003454259460000013
Is inverted bit by bit to obtain a new k32k33…k47(ii) a 3. Will k48k49…k63And k is32k33…k47After bitwise AND operation, then K is ANDed0k1…k15Carrying out XOR operation according to bit to obtain new k48k49…k63(ii) a 64 bits k after update completion0k1…k63Divided into 4 groups according to 16 bit length
Figure FDA0003454259460000014
I.e. the round key of the r-th round, and updates the master key to 128 bits
Figure FDA0003454259460000015
Step 3) in the encryption process, carrying out R-round iterative encryption operation on the input data to be encrypted, and outputting a ciphertext, specifically:
3.1) for round R1, 2,3, …,29, in each round of encryption: n-bit plaintext blocks P and m2Round key K for ith round of bitsiAfter round key addition is carried out, the round key is divided into 8 bytes with 8 bits, the bytes are sequentially replaced by a nonlinear layer S box, and after linear layer replacement, output data is used as the input of the next round;
the positive integer n is 64; m is1=128;m2=64;R=30;
3.2) for R ═ 30 rounds, n bits are grouped into P and m2Round key K for ith round of bitsiAnd after round key addition, dividing the round key into 8-bit bytes, and directly outputting a final 64-bit ciphertext block C through nonlinear layer S box replacement.
3. The encryption method based on lightweight block cipher tenon algorithm of claim 2, wherein said roundThe key plus implementation is as follows: the 64-bit plaintext block P for each round of input is represented as P from high order to low order0,P1,P2,...,P62,P63}, round r 64-bit round key
Figure FDA0003454259460000021
From high to low, denoted by k0,k1,k2,k3,...,k61,k62,k63Get P out of placeiAnd k isi(i is 0. ltoreq. i.ltoreq.63) is XOR-ed to obtain a new plaintext block P ═ P0,P1,P2,...,P62,P63}。
4. The encryption method based on the lightweight block cipher tenon algorithm of claim 2, wherein the non-linear layer S-box replacement is implemented as follows: the plaintext P after the round key addition is set as { P }0,P1,P2,...,P62,P63Divide the high order to the low order into a group according to every 8 bits, get 8 byte groups of 8 bits, mark as W0,W1,W2,W3,W4,W5,W6,W7Wherein W isi={w8i+0,w8i+1,w8i+2,w8i+3,w8i+4,w8i+5,w8i+6,w8i+7I is more than or equal to 0 and less than or equal to 7, and W is0,W1,W2,W3,W4,W5,W6,W7Simultaneously through 8 juxtaposed S boxes, the concrete process is to take eight same 8-bit input 8-bit output S box conversion, the conversion is to convert WiObtaining a new 8-bit output W 'through S-box calculation as an 8-bit input'i={w′8i+0,w′8i+1,...,w′8i+6,w′8i+7}=S(Wi)=S({w8i+0,w8i+1,...,w8i+6,w8i+7}) the present Tenon algorithm S-box is based on an 8-stage NFSR (non-linear NFSR)Feedback shift register), one S-box operation needs to iterate for 11 beats, the output of the previous beat is used as the input of the next beat, and the input of the sixth bit is used as the first bit of the output in each beat; after inverting the input third bit, carrying out AND operation on the inverted input third bit and the eighth bit, and then respectively carrying out XOR operation on the inverted input third bit and the eighth bit and the fifth bit and the sixth bit to obtain an output second bit; the second bit of the input is used as the third bit of the output; the eighth bit is input as the fourth bit of the output; the sixth bit is input as the seventh bit of the output; the fourth bit is input as the sixth bit of the output; the third bit of the input is used as the seventh bit of the output; the sixth bit and the eighth bit are input and then are subjected to AND operation, and then are subjected to exclusive OR operation with the first bit and the fifth bit respectively to obtain an eighth bit of output, and the 8 juxtaposed S boxes are subjected to the 11-beat operation respectively and then are output as W'0,W′1,W′2,W′3,W′4,W′5,W′6,W′7From high to low, into 64 bits C ═ C0,C1,C2,...,C62,C63}。
5. The encryption method based on the lightweight block cipher tenon algorithm of claim 2, wherein the linear layer permutation specifically comprises: performing bit-level wire-drawing replacement on 64 bits subjected to nonlinear layer S-box replacement operation, wherein the specific process is that the 64 bits replace the output 8 bits to a new position according to the sequence of 8S-boxes: wi8-bit output W 'obtained after S-box replacement'I={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7Is transformed into { C[8(iI1)]mod64+(2i+1)mod8,C[8(iI2)]mod64+(2i+2)mod8,C[8(iI3)]mod64+(2i+3)mod8,C[8(iI4)]mod64+(2i+4)mod8
C[8(i+5)]mod64+(2i+5)mod8,C[8(i+6)]mod64+(2i+6)mod8,C[8(i+7)]mod64+(2i+7)mod8,C[8(i+8)]mod64+(2i+8)mod8I is more than or equal to 0 and less than or equal to 7.
6. A decryption method according to any one of claims 1 to 5, comprising: the key orchestration algorithm generates round keys, nonlinear layer inverse S-box substitution, round key addition, and linear layer inverse permutation.
7. The decryption method according to claim 6, wherein the key arrangement algorithm comprises: the nonlinear layer inverse S box replacement is to divide 64-bit ciphertext blocks C into 8 groups according to the 8-bit width, and the ith group is marked as W'i={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7H, i is more than or equal to 0 and less than or equal to 7, and W'iW is obtained by inverse S box substitutioniWherein the selected inverse S-box is described in the detailed description; the round key adding operation is the same as the round key adding operation in the step 3.1; the linear layer inverse transform is to group the ciphertext into group C[8(i+1)]mod64+(2i+1)mod8,C[8(i+2)]mod64+(2i+2)mod8,C[8(i+3)]mod64+(2i+3)mod8,C[8(i+4)]mod64+(2i+4)mod8,C[8(i+5)]mod64+(2i+5)mod8,C[8(i+6)]mod64+(2i+6)mod8,C[8(i+7)]mod64+(2i+7)mod8,C[8(i+8)]mod64+(2i+8)mod8Is converted to W'i={w′8i+0,w′8i+1,w′8i+2,w′8i+3,w′8i+4,w′8i+5,w′8i+6,w′8i+7This is the opposite of the bracing wire replacement chosen in the encryption process.
8. The decryption method according to claim 7, wherein for R-30, only the ciphertext block C needs to be subjected to the inverse S-box substitution and round key plus two operations; for R is more than or equal to 1 and less than or equal to 29, the decryption process needs to sequentially perform linear layer inverse replacement, inverse S box replacement and round key plus three times of operation, and finally correct plaintext subdivision P is obtained.
CN202210002951.7A 2022-01-04 2022-01-04 Encryption and decryption method based on lightweight block cipher tenon algorithm Active CN114531223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210002951.7A CN114531223B (en) 2022-01-04 2022-01-04 Encryption and decryption method based on lightweight block cipher tenon algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210002951.7A CN114531223B (en) 2022-01-04 2022-01-04 Encryption and decryption method based on lightweight block cipher tenon algorithm

Publications (2)

Publication Number Publication Date
CN114531223A true CN114531223A (en) 2022-05-24
CN114531223B CN114531223B (en) 2025-04-01

Family

ID=81621423

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210002951.7A Active CN114531223B (en) 2022-01-04 2022-01-04 Encryption and decryption method based on lightweight block cipher tenon algorithm

Country Status (1)

Country Link
CN (1) CN114531223B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123791A (en) * 2017-12-26 2018-06-05 衡阳师范学院 A kind of implementation method and device of lightweight block cipher SCS
KR20190037980A (en) * 2017-09-29 2019-04-08 한밭대학교 산학협력단 System and method for efficient lightweight block cipher in pervasive computing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190037980A (en) * 2017-09-29 2019-04-08 한밭대학교 산학협력단 System and method for efficient lightweight block cipher in pervasive computing
CN108123791A (en) * 2017-12-26 2018-06-05 衡阳师范学院 A kind of implementation method and device of lightweight block cipher SCS

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
冯秀涛 等: "轻量级分组密码算法 FBC", 《密码学报》, vol. 6, no. 6, 10 December 2019 (2019-12-10) *
吴文玲;张蕾;郑雅菲;李灵琛;: "分组密码uBlock", 密码学报, no. 06, 15 December 2019 (2019-12-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Also Published As

Publication number Publication date
CN114531223B (en) 2025-04-01

Similar Documents

Publication Publication Date Title
CN100392688C (en) Data conversion device and data conversion method
US6314186B1 (en) Block cipher algorithm having a robust security against differential cryptanalysis, linear cryptanalysis and higher-order differential cryptanalysis
CN102138170B (en) Data conversion device and data conversion method
CN111431697B (en) A New Lightweight Block Cipher CORL Implementation Method
CN104333446B (en) A new ultra-lightweight QTL block cipher implementation method
CN105959107B (en) A New High Security Lightweight SFN Block Cipher Implementation Method
CN107707343A (en) The consistent SP network structure lightweight LBT block cipher implementation methods of encryption and decryption
CN110572255A (en) Lightweight Block Cipher Algorithm Shadow Implementation Method, Device, and Computer-Readable Medium
CN117411618B (en) Key generation method, device and encryption method applied to international event
JP5504592B2 (en) Data conversion apparatus, data conversion method, and program
CN114422111B (en) A Lightweight Hardware Implementation Circuit of SM4 Algorithm
KR20010034058A (en) Method for the cryptographic conversion of binary data blocks
CN114531223A (en) Encryption and decryption method based on lightweight block cipher tenon type algorithm
US7103180B1 (en) Method of implementing the data encryption standard with reduced computation
CN104219045A (en) RC4 stream cipher generator
CN114598444A (en) Audio encryption method based on SM4 and dynamic S box
CN113691364A (en) A kind of encryption and decryption method of dynamic S-box block cipher based on bit slice technology
JPH0697930A (en) Block cipher processor
CN115967483B (en) A white-box block cipher encryption method and system using matrix transformation to construct a lookup table
JP4515716B2 (en) Extended key generation device, encryption device, and encryption system
CN110247754B (en) A method and device for realizing block cipher FBC
CN116318669A (en) A Lightweight Encryption Method Based on NB-IoT
JP5113833B2 (en) ENCRYPTION METHOD AND ENCRYPTION APPARATUS FOR IMPROVING OPERATION PERFORMANCE OF A CENTRAL PROCESSOR
Shakiba et al. Non-isomorphic biclique cryptanalysis of full-round Crypton
RU2140716C1 (en) Method for cryptographic conversion of digital data blocks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant