[go: up one dir, main page]

CN1258148C - Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer - Google Patents

Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer Download PDF

Info

Publication number
CN1258148C
CN1258148C CN 03113387 CN03113387A CN1258148C CN 1258148 C CN1258148 C CN 1258148C CN 03113387 CN03113387 CN 03113387 CN 03113387 A CN03113387 A CN 03113387A CN 1258148 C CN1258148 C CN 1258148C
Authority
CN
China
Prior art keywords
transformation
encryption
round
key
row
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 03113387
Other languages
Chinese (zh)
Other versions
CN1445681A (en
Inventor
潘志铂
郑宝玉
吴蒙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post & Telecommunication College
Original Assignee
Nanjing Post & Telecommunication College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post & Telecommunication College filed Critical Nanjing Post & Telecommunication College
Priority to CN 03113387 priority Critical patent/CN1258148C/en
Publication of CN1445681A publication Critical patent/CN1445681A/en
Application granted granted Critical
Publication of CN1258148C publication Critical patent/CN1258148C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

高安全等级的对称密钥算法的加密、解密方法及加密器是一种对称密钥DSP加密器,加密方法是由N轮加密轮相串联组合而成,每个加密轮的加密顺序是行移位变换、S盒替代列混合变换、子密钥模2加变换,每个加密轮的最后输出即子密钥模2加变换接下一加密轮的输入即行移位变换,解密方法为:由N轮解密轮相串联组合而成,每个解密轮的解密顺序是子密钥模2加变换、逆列混合变换、逆S盒替代变换、逆行移位变换,每个解密轮的最后输出即逆行移位变换接下一解密轮的输入即子密钥模2加变换,加密器由DSP模块、FLASH模块、McBSPO扩展口所组成,该方法可以将加密速度提高2.16倍,解密速度提高2倍。

Figure 03113387

The encryption and decryption method and the encryptor of the high-security symmetric key algorithm are a kind of symmetric key DSP encryptor. The encryption method is composed of N rounds of encryption rounds connected in series. The encryption order of each encryption round is Bit transformation, S-box replacement column mixed transformation, subkey modulo 2 plus transformation, the final output of each encryption round is the subkey modulo 2 plus transformation, and then the input of the next encryption round is the row shift transformation. The decryption method is as follows: N rounds of decryption rounds are combined in series, and the decryption sequence of each decryption round is subkey modulo 2 addition transformation, inverse row mixing transformation, inverse S-box substitution transformation, and inverse row shift transformation. The final output of each decryption round is The retrograde shift transformation is connected to the input of the next decryption round, which is the subkey modulo 2 plus transformation. The encryptor is composed of a DSP module, a FLASH module, and a McBSPO expansion port. This method can increase the encryption speed by 2.16 times and the decryption speed by 2 times. .

Figure 03113387

Description

高安全等级对称密钥算法的加密、解密方法及加密器Encryption and decryption method and encryptor of high security level symmetric key algorithm

一、技术领域:1. Technical field:

本发明是一种对称密钥DSP加密器,属于信息加密保护的技术领域。The invention is a symmetric key DSP encryptor, which belongs to the technical field of information encryption protection.

二、技术背景2. Technical background

由于计算机计算能力不断的提高以及基于Internet的分布式计算的发展,对密钥长度只有56bit的DES算法构成了巨大的威胁,因此,1997年4月15日美国国家标准技术研究所(NIST)发起征集高级加密标准(AES)算法的活动,并于2000年10月2日公布Rijndael作为美国新一代的数据加密标准,旨在保护政府及其他组织的敏感、非机密信息的传输。Due to the continuous improvement of computer computing power and the development of Internet-based distributed computing, it poses a huge threat to the DES algorithm with a key length of only 56 bits. Therefore, on April 15, 1997, the National Institute of Standards and Technology (NIST) launched Solicit activities for the Advanced Encryption Standard (AES) algorithm, and announced Rijndael on October 2, 2000 as a new generation of data encryption standards in the United States, aiming to protect the transmission of sensitive and non-confidential information of the government and other organizations.

Rijndael算法是一种数据块长度为128bits,密钥长度可变的迭代分组密码,密钥块长度可分别为128、192或256bits。由于Rijndael算法源自Square算法,其结构具有很强灵活性,易于扩展。The Rijndael algorithm is an iterative block cipher with a data block length of 128 bits and a variable key length. The key block length can be 128, 192 or 256 bits respectively. Since the Rijndael algorithm is derived from the Square algorithm, its structure is highly flexible and easy to expand.

但是,Rijndael算法也存在字节模乘运算速度慢,密钥长度还比较短(最长也只有256bits),不能满足高安全等级的场合,另外原算法存在加解密速度不等的缺点。However, the Rijndael algorithm also has the slow speed of byte modular multiplication, and the key length is relatively short (only 256 bits at the longest), which cannot meet the high security level. In addition, the original algorithm has the disadvantage of unequal encryption and decryption speed.

采用Rijndael算法作为核心的基于DSP的专用加密器,市面上还没出现。将Rijndael算法进行扩展并做成一种能在DSP器件上快速运行的加密器在国内外也是一种空白。The DSP-based special-purpose encryptor using the Rijndael algorithm as the core has not yet appeared on the market. Extending the Rijndael algorithm and making it an encryptor that can run quickly on DSP devices is also a blank at home and abroad.

三.发明内容3. Contents of the invention

1.技术问题1. Technical issues

本发明的目的是提供一种可以将加密速度提高2倍以上、结构简单、成本低、易操作的一种高安全等级对称密钥算法的加密、解密方法及加密器The purpose of the present invention is to provide a kind of encryption, decryption method and encryptor of a kind of high security level symmetric key algorithm that can increase encryption speed more than 2 times, simple in structure, low in cost, easy to operate

2.技术方案2. Technical solution

本发明的高安全等级对称密钥算法的加密、解密方法,由N轮加密轮相串联组合而成,每个加密轮的加密顺序是行移位变换、S盒替代列混合变换、子密钥模2加变换,每个加密轮的最后输出即子密钥模2加变换接下一加密轮的输入即行移位变换,明文和种子密钥进行数据/密钥相加,数据/密钥相加的结果送第0轮的行移位变换,同时种子密钥经密钥扩散7产生的加密轮子密钥Wi分别送每个加密轮的最后一个变换即子密钥模2加变换;最后一轮的加密轮的加密顺序是S盒替代变换、行移位变换、子密钥模2加变换,最后一轮加密轮的子密钥模2加变换输出密文。The encryption and decryption method of the high-security level symmetric key algorithm of the present invention is composed of N rounds of encryption rounds connected in series, and the encryption sequence of each encryption round is row shift transformation, S-box substitution column mixing transformation, and subkey Modulo 2 plus transformation, the final output of each encryption round is the subkey modulo 2 plus transformation, then the input of the next encryption round is row shift transformation, the plaintext and the seed key are added to the data/key, and the data/key phase The result of the addition is sent to the row shift transformation of the 0th round, and at the same time, the encryption wheel key W i generated by the seed key through key diffusion 7 is respectively sent to the last transformation of each encryption round, that is, the subkey modulo 2 plus transformation; finally The encryption sequence of one encryption round is S-box substitution transformation, row shift transformation, subkey modulo 2 plus transformation, and the subkey modulo 2 plus transformation of the last round of encryption outputs the ciphertext.

行移位变换的变换方法为:行移位变换对状态的每一行的字节单独进行循环移位操作,满足下列关系:第0行和第4行不移位;第1行和第5行移1个字节;第2行和第6行如果Nb=4或Nb=6,移2个字节,否则移3个字节;第3行和第7行如果Nb=4或Nb=6,移3个字节,否则移4个字节。The transformation method of the row shift transformation is: the row shift transformation performs a circular shift operation on the bytes of each row of the state separately, and satisfies the following relationship: the 0th row and the 4th row are not shifted; the 1st row and the 5th row Shift 1 byte; if Nb=4 or Nb=6 in the 2nd and 6th rows, shift 2 bytes, otherwise shift 3 bytes; if Nb=4 or Nb=6 in the 3rd and 7th rows , shift 3 bytes, otherwise shift 4 bytes.

S盒替代列混合变换的变换方法为:预先对S盒的每个字节分别和02,03,04,05模m(x)乘,构成4张一维扩展的S盒置换表,(MUL02,MUL03,MUL04,MUL05),对扩展算法的加密轮的变换顺序进行重新排列,把S盒替代和行移位顺序对调,将S盒替代变换合并到列混合变换。变换的时候先根据列混合变换的系数从各张扩展S盒置换表中找到状态每一列字节变换后的数值,然后把这些数值进行异或运算,等到状态某一字节整个变换后的新数值;以此类推,可以得到状态其他字节变换后的新数值。子密钥模2加变换的变换方法为:子密钥模2加变换就是将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节。The transformation method of S-box replacement column mixed transformation is: multiply each byte of S-box by 02, 03, 04, 05 modulo m(x) in advance to form 4 one-dimensional extended S-box replacement tables, (MUL02, MUL03 , MUL04, MUL05), rearrange the transformation order of the encryption round of the extended algorithm, reverse the order of S-box substitution and row shift, and merge the S-box substitution transformation into column mixing transformation. When transforming, first find the transformed value of each column byte of the state from each extended S-box replacement table according to the coefficients of the column mixed transformation, and then perform XOR operation on these values, and wait until a certain byte of the state is transformed into a new value value; by analogy, you can get the new value after the other bytes of the state are transformed. The transformation method of the subkey modulo 2 plus transformation is as follows: the subkey modulo 2 plus transformation is to add the wheel key modulo 2 obtained by key diffusion to each byte in the state.

加密的轮次数Nr由Nk和Nb共同确定,也就是Nr的数值等于Nk和Nb中的大的数值再加上6,因而得到Nr为10,12或14。The number of encryption rounds Nr is jointly determined by Nk and Nb, that is, the value of Nr is equal to the larger value of Nk and Nb plus 6, so that Nr is 10, 12 or 14.

密钥扩散由两个过程组成:Key diffusion consists of two processes:

1)密钥扩散:种子密钥扩散成扩散密钥;1) Key diffusion: the seed key is diffused into a diffusion key;

2)轮子密钥的选取:每轮使用的子密钥从扩散密钥中选取。2) The selection of the round key: the sub-key used in each round is selected from the diffusion key.

与原算法的不同之处在于:The difference from the original algorithm is:

每次选取的字是64bits即8字节Each selected word is 64bits or 8 bytes

轮常数由8字节的常数构成,这8字节的前面7个字节为0,第一轮的最后一个字节为01,其余各轮的最后一个字节由前面一轮的轮常数的最后一个字节模乘’02’构成。The round constant is composed of 8-byte constants, the first 7 bytes of these 8 bytes are 0, the last byte of the first round is 01, and the last byte of the remaining rounds is the number of round constants of the previous round. The last byte is formed by modulo multiplying '02'.

解密方法为:由N轮解密轮相串联组合而成,每个解密轮的解密顺序是子密钥模2加变换、逆列混合变换、逆S盒替代变换、逆行移位变换,每个解密轮的最后输出即逆行移位变换接下一解密轮的输入即子密钥模2加变换,密文和种子密钥经过数据/密钥相加,数据/密钥相加的结果送第0轮的子密钥模2加变换,同时种子密钥经密钥扩散产生的解密轮子密钥Wi分别送每个解密轮的第一个变换即子密钥模2加变换;最后一轮的解密轮的解密顺序是子密钥模2加变换、逆S盒替代变换、逆行移位变换,最后一轮解密轮的逆行移位变换输出明文。The decryption method is as follows: it is composed of N rounds of decryption rounds in series. The decryption sequence of each decryption round is subkey modulo 2 addition transformation, inverse column mixing transformation, inverse S-box substitution transformation, and inverse row shift transformation. Each decryption The final output of the round is the reverse shift transformation, which is the input of the next decryption round, that is, the subkey modulo 2 addition transformation. The ciphertext and the seed key are added by data/key, and the result of the data/key addition is sent to the 0th round. The subkey modulo 2 plus transformation of the round, and the decryption wheel key W i generated by the seed key through key diffusion are respectively sent to the first transformation of each decryption round, that is, the subkey modulo 2 plus transformation; The decryption sequence of the decryption round is the subkey modulo 2 addition transformation, the inverse S-box substitution transformation, and the reverse shift transformation, and the last round of decryption round reverses the shift transformation to output the plaintext.

逆列混合变换变换方法为:不改变每一轮的4个变换的顺序,只是对逆列混合变换进行修改,预先编制4张从0到255分别和02,03,04,05模m(x)乘的一维因子表(LUT02,LUT03,LUT04,LUT05),变换的时候,先根据列混合逆变换的系数从各张乘数因子表中找到状态每一列字节模乘后的数值,然后把这些数值进行异或运算,等到状态某一字节逆变换后的新数值,以此类推,可以得到状态其他字节变换后的新数值。The inverse mixed transformation transformation method is as follows: the order of the four transformations in each round is not changed, but only the inverse mixed transformation is modified, and four sheets from 0 to 255 are pre-programmed with 02, 03, 04, 05 modulo m(x ) multiplied one-dimensional factor table (LUT02, LUT03, LUT04, LUT05), when transforming, first find the value after modular multiplication of each column byte of the state from each multiplier factor table according to the coefficient of column mixed inverse transformation, and then Perform XOR operation on these values, wait until the new value of a certain byte of the state after inverse transformation, and so on, you can get the new value of other bytes of the state after transformation.

高安全等级的对称密钥算法的加密器,由DSP模块、FLASH模块、McBSP0扩展口所组成,DSP模块的“D15-D0”与FLASH模块的“D15-D0”端相接,DSP模块的“A15-A0”与FLASH模块的“A15-A0”端相接,DSP模块的“MSTRB、R/W”通过与门接FLASH模块的“WE”端,DSP模块的“MSTRB”解一非门的输入端,该非门的输出端和DSP模块(13)的“R/W”分别接一与非门的两个输入端,该与非门的输出端接FLASH模块的“OE”端,DSP模块的“BCLKR0、BFSR0、BDR0、BCLKX0、BFSX0、BDX0、INT0、INT1、IACK”接McBSP0扩展口。The symmetric key algorithm encryption device with high security level is composed of DSP module, FLASH module and McBSP0 expansion port. "D15-D0" of DSP module is connected with "D15-D0" end of FLASH module, and " A15-A0" is connected to the "A15-A0" end of the FLASH module, "MSTRB, R/W" of the DSP module is connected to the "WE" end of the FLASH module through the AND gate, and the "MSTRB" of the DSP module solves the Input terminal, the output terminal of this NAND gate and " R/W " of DSP module (13) connect two input terminals of a NAND gate respectively, the output terminal of this NAND gate connects " OE " end of FLASH module, DSP The "BCLKR0, BFSR0, BDR0, BCLKX0, BFSX0, BDX0, INT0, INT1, IACK" of the module are connected to the McBSP0 expansion port.

3.技术效果3. Technical effects

本发明对一种扩展的Rijndael算法的加密过程和解密过程分别提出快速实现方案,并将快速实现方案应用在一种普通的TMS320VC5402的硬件平台构成的一种高安全等级的对称密钥算法加密器,通过对加密器的实测说明使用我们的提出的快速实现方法,可以将加密速度提高2.16倍,解密速度提高2倍。如果结合DSPs技术,可以使该加密器的加密速度提高5.80倍,解密速度提高5.50倍。同时加解密近似相等。The present invention respectively proposes a rapid implementation scheme for the encryption process and decryption process of an extended Rijndael algorithm, and applies the rapid implementation scheme to a high-security symmetric key algorithm encryptor composed of a common TMS320VC5402 hardware platform , the encryption speed can be increased by 2.16 times, and the decryption speed can be increased by 2 times through the actual measurement of the encryption device. If combined with DSPs technology, the encryption speed of the encryptor can be increased by 5.80 times, and the decryption speed can be increased by 5.50 times. At the same time, encryption and decryption are approximately equal.

四.附图说明4. Description of drawings

图1是本发明加密方法的流程示意图。其中有:行移位变换1、S盒替代_列混合变换2、子密钥模2加变换3,明文4、种子密钥5、数据/密钥相加6、密钥扩散7。Fig. 1 is a schematic flow chart of the encryption method of the present invention. Among them: row shift transformation 1, S box substitution_column mixing transformation 2, subkey modulo 2 plus transformation 3, plaintext 4, seed key 5, data/key addition 6, key diffusion 7.

图2是本发明解密方法的流程示意图。其中有:逆列混合变换9、逆S盒替代变换10、逆行移位变换11,密文12。Fig. 2 is a schematic flow chart of the decryption method of the present invention. Among them are: inverse column mixing transformation 9, inverse S-box substitution transformation 10, inverse row shift transformation 11, and ciphertext 12.

图3是本发明加密器的结构示意图。其中有:DSP模块13、FLASH模块14、McBSP0扩展口15。Fig. 3 is a schematic structural diagram of the encryptor of the present invention. Among them are: DSP module 13, FLASH module 14, McBSP0 expansion port 15.

图4时本发明加密器的实现电路图。Fig. 4 is the realization circuit diagram of the encryptor of the present invention.

五.具体实施方式5. Specific implementation

本发明的高安全等级对称密钥算法的加密、解密方法,由N轮加密轮相串联组合而成,每个加密轮的加密顺序是行移位变换、S盒替代_列混合变换、子密钥模2加变换,每个加密轮的最后输出即子密钥模2加变换接下一加密轮的输入即行移位变换,明文和种子密钥进行数据/密钥相加,数据/密钥相加的结果送第0轮的行移位变换,同时种子密钥经密钥扩散7产生的加密轮子密钥Wi分别送每个加密轮的最后一个变换即子密钥模2加变换;最后一轮的加密轮的加密顺序是S盒替代变换、行移位变换、子密钥模2加变换,最后一轮加密轮的子密钥模2加变换输出密文。The encryption and decryption method of the high security level symmetric key algorithm of the present invention is composed of N rounds of encryption rounds connected in series. Key modulo 2 plus transformation, the final output of each encryption round is the subkey modulo 2 plus transformation, and then the input of the next encryption round is line shift transformation, the plaintext and the seed key are added to the data/key, and the data/key The result of the addition is sent to the row shift transformation of the 0th round, and at the same time, the encryption wheel key Wi generated by the seed key through key diffusion 7 is sent to the last transformation of each encryption round, that is, the subkey modulo 2 plus transformation; finally The encryption sequence of one encryption round is S-box substitution transformation, row shift transformation, subkey modulo 2 plus transformation, and the subkey modulo 2 plus transformation of the last round of encryption outputs the ciphertext.

行移位变换的变换方法为:行移位变换对状态的每一行的字节单独进行循环移位操作,满足下列关系:第0行和第4行不移位;第1行和第5行移1个字节;第2行和第6行如果Nb=4或Nb=6,移2个字节,否则移3个字节;第3行和第7行如果Nb=4或Nb=6,移3个字节,否则移4个字节。The transformation method of the row shift transformation is: the row shift transformation performs a circular shift operation on the bytes of each row of the state separately, and satisfies the following relationship: the 0th row and the 4th row are not shifted; the 1st row and the 5th row Shift 1 byte; if Nb=4 or Nb=6 in the 2nd and 6th rows, shift 2 bytes, otherwise shift 3 bytes; if Nb=4 or Nb=6 in the 3rd and 7th rows , shift 3 bytes, otherwise shift 4 bytes.

S盒替代列混合变换的变换方法为:预先对S盒的每个字节分别和02,03,04,05模m(x)乘,构成4张一维扩展S盒替代_列混合变换表(MUL02,MUL03,MUL04,MUL05),对扩展算法的加密轮的变换顺序进行重新排列,把S盒替代列混合变换和行移位顺序对调,将S盒替代列混合变换合并到列混合变换。变换的时候先根据列混合变换的系数从各张扩展S盒置换表中找到状态每一列字节变换后的数值,然后把这些数值进行异或运算,等到状态某一字节整个变换后的新数值;以此类推,可以得到状态其他字节变换后的新数值。The transformation method of the S-box replacement column mixed transformation is as follows: each byte of the S box is multiplied by 02, 03, 04, and 05 modulo m(x) in advance to form 4 one-dimensional extended S-box replacement_column mixed transformation tables (MUL02 , MUL03, MUL04, MUL05), rearrange the transformation sequence of the encryption round of the extended algorithm, reverse the order of the S-box replacement column mixing transformation and row shifting, and merge the S-box replacement column mixing transformation into the column mixing transformation. When transforming, first find the transformed value of each column byte of the state from each extended S-box replacement table according to the coefficients of the column mixed transformation, and then perform XOR operation on these values, and wait until a certain byte of the state is transformed into a new value value; by analogy, you can get the new value after the other bytes of the state are transformed.

子密钥模2加变换的变换方法为:子密钥模2加变换就是将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节。The transformation method of the subkey modulo 2 plus transformation is as follows: the subkey modulo 2 plus transformation is to add the wheel key modulo 2 obtained by key diffusion to each byte in the state.

加密的轮次数Nr由Nk和Nb共同确定,也就是Nr的数值等于Nk和Nb中的大的数值再加上6,因而得到Nr为10,12或14。The number of encryption rounds Nr is jointly determined by Nk and Nb, that is, the value of Nr is equal to the larger value of Nk and Nb plus 6, so that Nr is 10, 12 or 14.

密钥扩散由两个过程组成:Key diffusion consists of two processes:

1)密钥扩散:种子密钥扩散成扩散密钥;1) Key diffusion: the seed key is diffused into a diffusion key;

2)轮子密钥的选取:每轮使用的子密钥从扩散密钥中选取。2) The selection of the round key: the sub-key used in each round is selected from the diffusion key.

与原算法的不同之处在于:The difference from the original algorithm is:

每次选取的字是64bits即8字节Each selected word is 64bits or 8 bytes

轮常数由8字节的常数构成,这8字节的前面7个字节为0,第一轮的最后一个字节为01,其余各轮的最后一个字节由前面一轮的轮常数的最后一个字节左移1位构成。The round constant is composed of 8-byte constants, the first 7 bytes of these 8 bytes are 0, the last byte of the first round is 01, and the last byte of the remaining rounds is the number of round constants of the previous round. The last byte is shifted left by 1 bit.

本发明根据Rijndael的特点,设计一种数据和密钥长度均可为256/384/512比特的扩展的Rijndael算法,使加解密速度基本相等。在此基础上,分别对该扩展算法的加密和解密过程提出快速实现方案,解决包括原算法和扩展算法的字节模乘运算速度慢的缺点。将该算法移植到普通DSP硬件平台上(该平台以TMS320VC5402为核心,包括外围的基本的数据输入输出通道),并结合DSPs存储器的特点,采用代码段的定位方法,以及使用相应的支持软件提供的代码优化器,对扩展的Rijndael算法综合优化,加解密速度得到了很大的提高。According to the characteristics of Rijndael, the present invention designs an extended Rijndael algorithm whose data and key lengths can be 256/384/512 bits, so that the encryption and decryption speeds are basically equal. On this basis, fast implementation schemes are proposed for the encryption and decryption processes of the extended algorithm, respectively, to solve the shortcomings of the slow speed of byte modular multiplication including the original algorithm and the extended algorithm. Transplant the algorithm to the ordinary DSP hardware platform (the platform takes TMS320VC5402 as the core, including the peripheral basic data input and output channels), and combine the characteristics of DSPs memory, adopt the positioning method of the code segment, and use the corresponding support software to provide The advanced code optimizer comprehensively optimizes the extended Rijndael algorithm, and the speed of encryption and decryption has been greatly improved.

快速实现方案:Quick implementation plan:

在扩展的Rijndael算法的列混合变换(MixColumn)中,需要进行64·Nb(Nb为数据块长度除以64)次字节模乘运算,程序的运算量是192·Nb次查表运算和64·Nb次GF(28)上的加法运算,运算量比较大。如果我们将这192·Nb次模乘运算化成64·Nb次查表运算,将大大减少运算开销。本专利针对扩展的Rijndael算法每轮加解密的特点,分别提出快速实现方案。In the column mixing transformation (MixColumn) of the extended Rijndael algorithm, 64 Nb (Nb is the length of the data block divided by 64) byte modular multiplication operations are required, and the calculation amount of the program is 192 Nb table lookup operations and 64 ·Nb times of addition operations on GF(2 8 ), the amount of computation is relatively large. If we convert these 192·Nb times of modular multiplication operations into 64·Nb times of look-up table operations, the operation cost will be greatly reduced. According to the characteristics of each round of encryption and decryption of the extended Rijndael algorithm, this patent proposes fast implementation schemes respectively.

加密过程的快速实现方案:A quick implementation of the encryption process:

由于行移位变换是一种线性变换,它并不改变每一输入状态的元素的数值,只是对其中的第1、2、3、5、6、7行元素进行重新排列,因此可以把扩展算法的加密轮的变换顺序进行重新排列,把S盒替代和行移位顺序对调,根据(1)式和(2)式,可将S盒替代变换合并到列混合变换。Since the row shift transformation is a linear transformation, it does not change the value of the elements of each input state, but only rearranges the elements of the 1st, 2nd, 3rd, 5th, 6th, and 7th rows, so the extended The transformation order of the encryption round of the algorithm is rearranged, and the order of S-box substitution and row shifting is reversed. According to (1) and (2), the S-box substitution transformation can be combined into the column mixing transformation.

s′(x)=a(x)s(x)mod(x8+1)                                   (1)s'(x)=a(x)s(x)mod(x 8 +1) (1)

其中in

a(x)={03}x7+{05}x6+{03}x5+{02}x4+{02}x3+{04}x2+{02}x+{02}    (2)a(x)={03}x 7 +{05}x 6 +{03}x 5 +{02}x 4 +{02}x 3 +{04}x 2 +{02}x+{02} (2 )

根据(2)式,可得如下式子:According to formula (2), the following formula can be obtained:

MUL02[·]=S[·]·02mod m(x)                                  (3)MUL02[·]=S[·]·02mod m(x) (3)

MUL03[·]=S[·]·03mod m(x)                 (4)MUL03[·]=S[·]·03mod m(x) (4)

MUL04[·]=S[·]·04mod m(x)                 (5)MUL04[·]=S[·]·04mod m(x) (5)

MUL05[·]=S[·]·05mod m(x)                 (6)MUL05[·]=S[·]·05mod m(x) (6)

由(3)、(4)、(5)和(6)式可以分别编制4张一维扩展的S盒置换表,它们的元素分别是S盒的元素mod m(x)乘02、mod m(x)乘03、mod m(x)乘04和mod m(x)乘05。According to (3), (4), (5) and (6), four one-dimensional extended S-box permutation tables can be compiled respectively, and their elements are the elements of S-box mod m(x) times 02, mod m(x ) by 03, mod m(x) by 04 and mod m(x) by 05.

解密过程的快速实现方案:A quick implementation of the decryption process:

解密方法为:由N轮解密轮相串联组合而成,每个解密轮的解密顺序是子密钥模2加变换、逆列混合变换、逆S盒替代变换、逆行移位变换,每个解密轮的最后输出即逆行移位变换接下一解密轮的输入即子密钥模2加变换,密文和种子密钥经过数据/密钥相加,数据/密钥相加的结果送第0轮的子密钥模2加变换,同时种子密钥经密钥扩散产生的解密轮子密钥Wi分别送每个解密轮的第一个变换即子密钥模2加变换;最后一轮的解密轮的解密顺序是子密钥模2加变换、逆S盒替代变换、逆行移位变换,最后一轮解密轮的逆行移位变换输出明文。The decryption method is as follows: it is composed of N rounds of decryption rounds in series. The decryption sequence of each decryption round is subkey modulo 2 addition transformation, inverse column mixing transformation, inverse S-box substitution transformation, and inverse row shift transformation. Each decryption The final output of the round is the reverse shift transformation, which is the input of the next decryption round, that is, the subkey modulo 2 addition transformation. The ciphertext and the seed key are added by data/key, and the result of the data/key addition is sent to the 0th round. The subkey modulo 2 plus transformation of the round, and the decryption wheel key W i generated by the seed key through key diffusion are respectively sent to the first transformation of each decryption round, that is, the subkey modulo 2 plus transformation; The decryption sequence of the decryption round is the subkey modulo 2 addition transformation, the inverse S-box substitution transformation, and the reverse shift transformation, and the last round of decryption round reverses the shift transformation to output the plaintext.

逆列混合变换变换方法为:不改变每一轮的4个变换的顺序,只是对逆列混合变换进行修改,预先编制4张从0到255分别和02,03,04,05模m(x)乘的一维因子表(LUT02,LUT03,LUT04,LUT05),变换的时候,先根据列混合逆变换的系数从各张乘数因子表中找到状态每一列字节模乘后的数值,然后把这些数值进行异或运算,等到状态某一字节逆变换后的新数值,以此类推,可以得到状态其他字节变换后的新数值。The inverse mixed transformation transformation method is as follows: the order of the four transformations in each round is not changed, but only the inverse mixed transformation is modified, and four sheets from 0 to 255 are pre-programmed with 02, 03, 04, 05 modulo m(x ) multiplied one-dimensional factor table (LUT02, LUT03, LUT04, LUT05), when transforming, first find the value after modular multiplication of each column byte of the state from each multiplier factor table according to the coefficient of column mixed inverse transformation, and then Perform XOR operation on these values, wait until the new value of a certain byte of the state after inverse transformation, and so on, you can get the new value of other bytes of the state after transformation.

不改变每一轮的4个变换的顺序,只是对逆列混合变换进行修改,但不改变其基本的思想。某一状态s’=(s’i,j,i=0,1...7,j=0,1,...Nb-1)经过逆列混合变换后变换为s=(si,j,i=0,1...7,j=0,1,...Nb-1),那么它们两者的关系如(7)式和(8)式所示。The order of the four transformations in each round is not changed, only the inverse column hybrid transformation is modified, but the basic idea is not changed. A certain state s'=(s' i, j , i=0, 1...7, j=0, 1,...Nb-1) is transformed into s=(si , j , i=0, 1...7, j=0, 1,...Nb-1), then the relationship between them is shown in formula (7) and formula (8).

s(x)=a-1(x)s′(x)mod(x8+1)                                   (7)s(x)=a -1 (x)s′(x)mod(x 8 +1) (7)

其中in

a-1(x)={03}x7+{04}x6+{03}x5+{03}x4+{02}x3+{05}x2+{02}x+{03}    (8)a -1 (x)={03}x 7 +{04}x 6 +{03}x 5 +{03}x 4 +{02}x 3 +{05}x 2 +{02}x+{03} (8)

根据(8)式,可得如下式子:According to formula (8), the following formula can be obtained:

LUT02[i]=i·02mod m(x)                                         (9)LUT02[i]=i·02mod m(x) (9)

LUT03[i]=i·03mod m(x)                                         (10)LUT03[i]=i·03mod m(x) (10)

LUT04[i]=i·04mod m(x)                                         (11)LUT04[i]=i·04mod m(x)

LUT05[i]=i·05mod m(x)                               (12)LUT05[i]=i·05mod m(x) (12)

(9)~(12)式中i=0,1,2...255(9)~(12) where i=0, 1, 2...255

因此,LUT02、LUT03、LUT04、LUT05实质上就是一张普通的mod m(x)乘因子表,这4张一维表用于列混合逆变换。Therefore, LUT02, LUT03, LUT04, and LUT05 are essentially an ordinary mod m(x) multiplication factor table, and these four one-dimensional tables are used for column mixing inverse transformation.

在TMS320VC5402上加解密算法的实现以及代码的优化:Implementation of encryption and decryption algorithm and code optimization on TMS320VC5402:

TMS320VC5402中有两种片内存储器:双寻址存储器(DARAM)和单寻址存储器。双寻址存储器的特点是允许CPU在单个周期内对其访问两次。单寻址存储器有两种形式:(1)单寻址读/写存储器(SARAM),(2)单寻址只读存储器(ROM或DROM),CPU可以在单个周期内对每个存储单元访问一次。这两种存储器均可映射到程序空间和数据空间。另外,TMS320VC5402可以外挂片外存储器,但CPU对片外存储单元访问一次,至少要两个周期。与片外存储器相比,片内存储器具有不需要插入等待状态、成本和功耗低等优点。There are two kinds of on-chip memory in TMS320VC5402: Dual addressing memory (DARAM) and single addressing memory. Dual addressable memory is characterized by allowing the CPU to access it twice in a single cycle. Single-addressable memory comes in two forms: (1) single-addressable read/write memory (SARAM), (2) single-addressable read-only memory (ROM or DROM), and the CPU can access each memory location in a single cycle once. Both types of memory can be mapped into program space and data space. In addition, TMS320VC5402 can be plugged with off-chip memory, but the CPU needs at least two cycles to access the off-chip memory unit once. Compared with off-chip memory, on-chip memory has the advantages of not needing to insert wait state, low cost and power consumption.

与之相配套,TI公司提供了相应的代码开发集成环境-Code ComposerStudio(CCS),它将代码生成工具和调试工具集成在一起,可以提供处理器信息和监视程序性能。CCS能在一个控制窗口内使用所有的工具。Correspondingly, TI provides a corresponding code development integrated environment - Code ComposerStudio (CCS), which integrates code generation tools and debugging tools, and can provide processor information and monitor program performance. CCS can use all tools in one control window.

CCS自带有代码优化器Optimizer,它能够对包含在CCS Project里面的所有源代码进行4个不同层次的优化:寄存器(Register)级优化、局部变量(Local)级优化、全局变量(Global)级优化、文件(FILE)级优化,这4个层次的优化范围和程度是逐步扩展和深化的。CCS has its own code optimizer Optimizer, which can optimize all source codes contained in CCS Project at 4 different levels: register (Register) level optimization, local variable (Local) level optimization, global variable (Global) level Optimization, file (FILE) level optimization, the scope and degree of optimization of these four levels are gradually expanded and deepened.

结合我们提出的方案1、方案2、程序段映射方式和CCS自带有程序优化器,我们在TMS320VC5402硬件平台上用ANSI C语言实现了扩展的Rijndael加解密算法,并且对算法的进行不同层次的优化,使得加密器的运算速度的到了大幅度的提高。Combined with our proposal 1, scheme 2, program segment mapping method and CCS own program optimizer, we implemented the extended Rijndael encryption and decryption algorithm with ANSI C language on the TMS320VC5402 hardware platform, and carried out different levels of algorithm Optimization has greatly improved the operation speed of the encryptor.

扩展的Rijndael算法:Extended Rijndael algorithm:

本扩展算法能实现的数据块长度和种子密钥长度均为256/384/512bits。加密的中间结果,即状态(State)是一个8行、Nb列的矩阵,其中Nb为数据块长度除以64。加秘密钥是一个8行、Nk列的矩阵,其中Nk为密钥长度除以64。The data block length and seed key length that can be realized by this extended algorithm are both 256/384/512bits. The intermediate result of the encryption, that is, the state (State) is a matrix with 8 rows and Nb columns, where Nb is the length of the data block divided by 64. The encryption key is a matrix with 8 rows and Nk columns, where Nk is the key length divided by 64.

加密的轮数(Nr)由(13)式确定。The number of rounds of encryption (Nr) is determined by (13).

Nr=max{Nk,Nb}+6                                   (13)Nr=max{Nk,Nb}+6

由于Nk,Nb∈{4,6,8},所以Nr∈{10,12,14}Since Nk, Nb ∈ {4, 6, 8}, so Nr ∈ {10, 12, 14}

加密过程由以下几个部分组成:The encryption process consists of the following parts:

1.一个初始轮的密钥模2加。1. An initial round key modulo 2 plus.

2.Nr-1轮:依次进行S盒替代变换(SubBytes)、行移位变换(ShiftRows)、列混合变换(MixColumns)和子密钥模2加(Key Addition)。2. Nr-1 round: S-box substitution transformation (SubBytes), row shift transformation (ShiftRows), column mixing transformation (MixColumns) and subkey modulo 2 addition (Key Addition) are performed in sequence.

3.一个结束轮:依次进行S盒替代变换、行移位变换和子密钥模2加,不包括列混合变换。3. An end round: S-box substitution transformation, row shift transformation and subkey modulo 2 addition are performed sequentially, excluding column mixing transformation.

加密轮和原算法一样,由4个变换组成:S盒替代变换、行移位变换、列混合变换和子密钥模2加。The encryption round is the same as the original algorithm, consisting of four transformations: S-box substitution transformation, row shift transformation, column mixing transformation and subkey modulo 2 addition.

S盒替代变换:S-box substitution transformation:

与原算法一样,S和替代变换是一个非线性的字节替代变换。该变换使用一个和原算法一样的S盒(由256个元素组成的一维表),根据中间结果的每一字节的数值检索S盒中对应的替代值。Like the original algorithm, the S and substitution transformation is a non-linear byte substitution transformation. This transformation uses the same S-box as the original algorithm (a one-dimensional table composed of 256 elements), and retrieves the corresponding replacement value in the S-box according to the value of each byte of the intermediate result.

S盒的构建:S-box construction:

S盒是一种可逆的置换表,由两个子变换组成:An S-box is a reversible permutation table consisting of two sub-transformations:

1.有限域GF(28)上的乘法逆,元素{00}的映射为本身。1. The multiplicative inverse over the finite field GF(2 8 ), the mapping of the element {00} is itself.

2.有限域GF(2)上的仿射,如(14)式所示。2. Affine on finite field GF(2), as shown in formula (14).

b′i=bib(i+4)mod8b(i+5)mod8b(i+6)mod8b(i+7)mod8ci    (14)b′ i = b i b (i+4)mod8 b (i+5)mod8 b (i+6)mod8 b (i+7)mod8 c i (14)

其中,0≤i≤8,bi是变换字节的第ibit,{c7c6c5c4c3c2c1c0}=(63h)=(01100011b}。Wherein, 0≤i≤8, b i is the ibit of the transformed byte, {c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 }=(63h)=(01100011b}.

行移位变换:Row shift transformation:

行移位变换对状态的每一行的字节单独进行循环移位操作,每一行移位的字节数满足如下关系:The row shift transformation performs a circular shift operation on the bytes of each row of the state separately, and the number of shifted bytes in each row satisfies the following relationship:

s′r,c=sr,(c+shift(r,Nb))mod Nb,0<r<8,0≤c<Nb    (15)s' r, c = s r, (c+shift(r, Nb)) mod Nb , 0<r<8, 0≤c<Nb (15)

移位值shift(r,Nb)是由状态中该字节的行号和状态的列数(Nb)所决定的,它们满足下列关系:第0行和第4行不移位,其它各行右移的值满足下表所示。 r=1   r=2   r=3   r=5   r=6   r=7  Nb=4   1   2   3   1   2   3  Nb=6   1   2   3   1   2   3  Nb=8   1   3   4   1   3   4 The shift value shift(r, Nb) is determined by the row number of the byte in the state and the column number (Nb) of the state, and they satisfy the following relationship: row 0 and row 4 are not shifted, other rows are right The shifted value satisfies the table below. r=1 r=2 r=3 r=5 r=6 r=7 Nb=4 1 2 3 1 2 3 Nb=6 1 2 3 1 2 3 Nb=8 1 3 4 1 3 4

列混合变换:Column blend transformation:

这一部分和原算法差别比较大。列混合变换对状态进行列与列的操作。状态的每一列被看作一个8项多项式s(x),多项式的系数在GF(28)上,并且和一个固定多项式a(x)模x8+1乘,即,列混合变换满足下列关系:This part is quite different from the original algorithm. Column blending transformations perform column-by-column operations on the state. Each column of the state is regarded as an 8-term polynomial s(x), the coefficient of the polynomial is on GF(2 8 ), and it is multiplied with a fixed polynomial a(x) modulo x 8 +1, that is, the column mixing transformation satisfies the following relation:

s′(x)=a(x)s(x)mod(x8+1)                                   (16)s'(x)=a(x)s(x)mod(x 8 +1) (16)

其中,s(x)、s’(x)分别为对应状态的列变换的输入和输出,Among them, s(x), s’(x) are the input and output of the column transformation corresponding to the state, respectively,

a(x)={03}x7+{05}x6+{03}x5+{02}x4+{02}x3+{04}x2+{02}x+{02}    (17)a(x)={03}x 7 +{05}x 6 +{03}x 5 +{02}x 4 +{02}x 3 +{04}x 2 +{02}x+{02} (17 )

在逆变换中,满足下式的变换关系。In the inverse transformation, the transformation relation of the following formula is satisfied.

s(x)=a-1(x)s′(x)mod(x8+1)                                 (18)s(x)=a -1 (x)s′(x)mod(x 8 +1) (18)

其中in

a-1(x)={03}x7+{04}x6+{03}x5+{03}x4+{02}x3+{05}x2+{02}x+{03}  (19)a -1 (x)={03}x 7 +{04}x 6 +{03}x 5 +{03}x 4 +{02}x 3 +{05}x 2 +{02}x+{03} (19)

由(17)式和(19)式可以看出,a(x)和a-1(x)的系数均不为0,同时都分布在1~5之间,上界为5。相对于原算法(其列混合变换的系数的上界为3,而逆变换的上界为14),扩展算法的系数分布非常的集中,具有的扩散能力和抗各种攻击能力更强。从我们对算法开销的测试,可以看出,加解密速度近似相等;其主要原因就是因为系数分布在相同的并且非常集中的区间上。It can be seen from (17) and (19) that the coefficients of a(x) and a -1 (x) are not 0, and both are distributed between 1 and 5, with an upper bound of 5. Compared with the original algorithm (the upper bound of the coefficients of column mixing transformation is 3, and the upper bound of the inverse transformation is 14), the coefficient distribution of the extended algorithm is very concentrated, and it has stronger diffusion ability and anti-attack ability. From our test of the algorithm overhead, we can see that the encryption and decryption speeds are approximately equal; the main reason is that the coefficients are distributed in the same and very concentrated interval.

子密钥模2加变换:Subkey modulo 2 plus transformation:

与原算法一样,子密钥模2加变换就是将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节。其变换关系满足下式。Same as the original algorithm, the subkey modulo 2 plus transformation is to add the wheel key modulo 2 obtained by key diffusion to each byte in the state. Its conversion relation satisfies the following formula.

[s’0,c,s’1,c,s’2,c,s’3,c,s’4,c,s’5,c,s’6,c,s’7,c]=[s0,c,s1,c,s2,c,s3,c,s4,c,s5,c,s6,c,s7,c]xor[wround*Nb+c]                                        (20)[ s'0, c , s'1, c , s'2, c , s'3, c , s'4, c , s'5, c , s'6, c , s'7, c ]= [s 0, c , s 1, c , s 2, c , s 3, c , s 4, c , s 5, c , s 6, c , s 7, c ]xor[w round*Nb+c ] (20)

其中,0≤c<Nb,0≤round<Nr,[wi]为密钥扩散形成的轮子密钥。Wherein, 0≤c<Nb, 0≤round<Nr, [w i ] is the round key formed by key diffusion.

密钥扩散:Key Diffusion:

与原算法一样,密钥扩散由两个过程组成:Like the original algorithm, key diffusion consists of two processes:

1.密钥扩散:种子密钥扩散成扩散密钥;1. Key diffusion: the seed key is diffused into a diffusion key;

2.轮子密钥的选取:每轮使用的子密钥从扩散密钥中选取。2. Selection of round keys: The sub-keys used in each round are selected from the diffusion keys.

与原算法的不同之处在于:The difference from the original algorithm is:

每次选取的字是64bits(8字节)而不是32bits(4字节);The word selected each time is 64bits (8 bytes) instead of 32bits (4 bytes);

轮常数的由(21)式定义。The wheel constant is defined by (21).

Rcon[i]=(RC[i],{00},{00},{00},{00},{00},{00},{00})    (21)Rcon[i]=(RC[i], {00}, {00}, {00}, {00}, {00}, {00}, {00}) (21)

RC[i]的值由下面两式确定:The value of RC[i] is determined by the following two formulas:

RC[1]=’01’                                   (22)RC[1]='01' (22)

RC[i]=x·(RC[i-1])=x(x-1)                     (23)RC[i]=x·(RC[i-1])=x (x-1) (23)

高安全等级的对称密钥算法的加密器,由DSP模块、FLASH模块、McBSP0扩展口所组成,DSP模块的“D15-D0”与FLASH模块的“D15-D0”端相接,DSP模块的“A15-A0”与FLASH模块的“A15-A0”端相接,DSP模块的“MSTRB、R/W”通过与门接FLASH模块的“WE”端,DSP模块的“MSTRB”解一非门的输入端,该非门的输出端和DSP模块(13)的“R/W”分别接一与非门的两个输入端,该与非门的输出端接FLASH模块的“OE”端,DSP模块的“BCLKR0、BFSR0、BDR0、BCLKX0、BFSX0、BDX0、INT0、INT1、IACK”接McBSP0扩展口。The symmetric key algorithm encryption device with high security level is composed of DSP module, FLASH module and McBSP0 expansion port. "D15-D0" of DSP module is connected with "D15-D0" end of FLASH module, and " A15-A0" is connected to the "A15-A0" end of the FLASH module, "MSTRB, R/W" of the DSP module is connected to the "WE" end of the FLASH module through the AND gate, and the "MSTRB" of the DSP module solves the Input terminal, the output terminal of this NAND gate and " R/W " of DSP module (13) connect two input terminals of a NAND gate respectively, the output terminal of this NAND gate connects " OE " end of FLASH module, DSP The "BCLKR0, BFSR0, BDR0, BCLKX0, BFSX0, BDX0, INT0, INT1, IACK" of the module are connected to the McBSP0 expansion port.

Claims (7)

1.一种高安全等级对称密钥算法的加密方法,其特征在于加密方法为:由N轮加密轮相串联组合而成,每个加密轮的加密顺序是行移位变换(1)、S盒替代列混合变换(2)、子密钥模2加变换(3)、每个加密轮的最后输出,即子密钥模2加变换(3),接下一加密轮的输入即行移位变换(1),明文(4)和种子密钥(5)进行数据/密钥相加,数据/密钥相加(6)的结果送第0轮的行移位变换(1),同时种子密钥(5)经密钥扩散(7)产生的加密轮子密钥Wi分别送每个加密轮的最后一个变换即子密钥模2加变换(3);最后一轮的加密轮的加密顺序是S盒替代变换(8)、行移位变换(1)、子密钥模2加变换(3),最后一轮加密轮的子密钥模2加变换(3)输出密文;其中:行移位变换(1)即对状态的每一行的字节单独进行循环移位操作;S盒替代_列混合变换(2)即对扩展算法的加密轮的变换顺序进行重新排列,把S盒替代和行移位顺序对调,将S盒替代变换合并到列混合变换;子密钥模2加变换(3)即将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节;行移位变换(1)的变换方法为:行移位变换对状态的每一行的字节单独进行循环移位操作,满足下列关系:第0行和第4行不移位;第1行和第5行移1个字节;第2行和第6行如果Nb=4,其中Nb为该加密算法中每次进入加密轮中数据块的长度除以64,或Nb=6,移2个字节,否则移3个字节;第3行和第7行如果Nb=4或Nb=6,移3个字节,否则移4个字节;S盒替代_列混合变换(2)的变换方法为:预先对S盒的每个字节分别和02,03,04,05模m(x)乘,其中m(x)=x8+1,构成4张一维扩展的S盒置换表:MUL02、MUL03、MUL04、MUL05,其中这4张表的具体描述和限定如下列方程式所示:1. an encryption method of a high security level symmetric key algorithm is characterized in that the encryption method is: formed by N rounds of encryption rounds in series, and the encryption sequence of each encryption round is row shift transformation (1), S Box substitution column mix transformation (2), subkey modulo 2 plus transformation (3), the final output of each encryption round, that is, subkey modulo 2 plus transformation (3), then the input of the next encryption round is row shift Transform (1), add the data/key to the plaintext (4) and the seed key (5), the result of the data/key addition (6) is sent to the row shift transformation (1) of the 0th round, and the seed Key (5) sends the last transformation of each encryption round through the encryption wheel key Wi that key diffusion (7) produces respectively, namely the subkey modulo 2 plus transformation (3); the encryption of the encryption round of the last round The sequence is S-box substitution transformation (8), row shift transformation (1), subkey modulo 2 plus transformation (3), and the subkey modulo 2 plus transformation (3) of the last encryption round outputs ciphertext; : Row shift transformation (1) is to carry out cyclic shift operation separately to the byte of each row of the state; S box replacement_column mixed transformation (2) is to rearrange the transformation order of the encryption round of the extension algorithm, put S The order of box substitution and row shifting is reversed, and the S-box substitution transformation is merged into the column mixing transformation; the subkey modulo 2 plus transformation (3) is to add the wheel key modulo 2 obtained by key diffusion to each state in the state Byte; the transformation method of row shift transformation (1) is: the row shift transformation performs a circular shift operation on the bytes of each row of the state separately, and satisfies the following relationship: the 0th row and the 4th row are not shifted; Line 1 and line 5 are shifted by 1 byte; line 2 and line 6 if Nb=4, where Nb is the length of the data block entering the encryption round in the encryption algorithm divided by 64, or Nb=6, Shift 2 bytes, otherwise shift 3 bytes; if Nb=4 or Nb=6 in the 3rd row and the 7th row, shift 3 bytes, otherwise shift 4 bytes; S box replaces_column mixed transformation ( 2) The conversion method is: multiply each byte of the S-box by 02, 03, 04, and 05 modulo m(x) in advance, where m(x)=x 8 +1, to form 4 one-dimensionally expanded S-boxes Substitution tables: MUL02, MUL03, MUL04, MUL05. The specific descriptions and limitations of these 4 tables are shown in the following equations: MUL02[·]=S[·]·02mod m(x)MUL02[·]=S[·]·02mod m(x) MUL03[·]=S[·]·03mod m(x)MUL03[·]=S[·]·03mod m(x) MUL04[·]=S[·]·04mod m(x)MUL04[·]=S[·]·04mod m(x) MUL05[·]=S[·]·05mod m(x)MUL05[·]=S[·]·05mod m(x) 其中m(x)=x8+1where m(x)=x 8 +1 对扩展算法的加密轮的变换顺序进行重新排列,把S盒替代和行移位顺序对调,将S盒替代变换合并到列混合变换;变换的时候先根据列混合变换的系数从各张扩展S盒置换表中找到状态每一列字节变换后的数值,然后把这些数值进行异或运算,得到状态某一字节整个变换后的新数值;以此类推,可以得到状态其他字节变换后的新数值;子密钥模2加变换(3)的变换方法为:子密钥模2加变换就是将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节。Rearrange the transformation order of the encryption round of the extension algorithm, reverse the order of S-box substitution and row shifting, and merge the S-box substitution transformation into the column mixing transformation; when transforming, first expand the S from each sheet according to the coefficients of the column mixing transformation Find the converted value of each column of the status byte in the box permutation table, and then perform XOR operation on these values to obtain the new value after the entire conversion of a certain byte of the status; and so on, you can get the converted value of other bytes of the status New numerical value; The transformation method of subkey modulo 2 plus transformation (3) is: subkey modulo 2 plus transformation is to add the wheel key modulo 2 obtained by key diffusion to each byte in the state. 2.根据权利要求1所述的高安全等级对称密钥算法的加密方法,其特征在于加密的轮次数Nr由Nk和Nb共同确定,其中Nk为种子密钥的长度整除64所得的整数,Nb为该加密算法中每次进入加密轮中数据块的长度整除64所得的整数,也就是Nr的数值等于Nk和Nb中的大的数值再加上6,因而得到Nr为10,12或14。2. The encryption method of the high security level symmetric key algorithm according to claim 1, wherein the number of rounds Nr of encryption is jointly determined by Nk and Nb, wherein Nk is the integer obtained by dividing the length of the seed key by 64, and Nb It is the integer obtained by dividing the length of the data block in each encryption round in the encryption algorithm by 64, that is, the value of Nr is equal to the larger value of Nk and Nb plus 6, so that Nr is 10, 12 or 14. 3.根据权利要求1所述的高安全等级对称密钥算法的加密方法,其特征在于密钥扩散(7)由两个过程组成:3. according to the encryption method of the described high security level symmetric key algorithm of claim 1, it is characterized in that key diffusion (7) is made up of two processes: 1)密钥扩散:种子密钥扩散成扩散密钥;1) Key diffusion: the seed key is diffused into a diffusion key; 2)轮子密钥的选取:2) Selection of the wheel key: ●每轮使用的子密钥从扩散密钥中选取;●The subkey used in each round is selected from the diffusion key; ●每次选取的字是64bits即8字节;●The word selected each time is 64bits or 8 bytes; ●轮常数由8字节的常数构成,这8字节的前面7个字节为0,第一轮的最后一个字节为01,其余各轮的最后一个字节由前面一轮的轮常数的最后一个字节模乘’02’构成。The round constant is composed of 8-byte constants, the first 7 bytes of these 8 bytes are 0, the last byte of the first round is 01, and the last byte of the remaining rounds is the round constant of the previous round The last byte is multiplied by '02'. 4.一种高安全等级对称密钥算法的解密方法,其特征在于解密方法为:由N轮解密轮相串联组合而成,每个解密轮的解密顺序是子密钥模2加变换(3)、逆列混合变换(9)、逆S盒替代变换(10)、逆行移位变换(11)、每个解密轮的最后输出即逆行移位变换(11)接下一解密轮的输入即子密钥模2加变换(3),密文(12)和种子密钥(5)经过数据/密钥相加(6),数据/密钥相加(6)的结果送第0轮的子密钥模2加变换(3),同时种子密钥(5)经密钥扩散(7)产生的解密轮子密钥Wi分别送每个解密轮的第一个变换即子密钥模2加变换(3);最后一轮的解密轮的解密顺序是子密钥模2加变换(3)、逆S盒替代变换(10)、逆行移位变换(11),最后一轮解密轮的逆行移位变换(11)输出明文;子密钥模2加变换(3)的变换方法为:子密钥模2加变换就是将由密钥扩散而得到的轮子密钥模2加到状态中的每一字节;逆行移位变换(11)即为行移位变换(1)的逆变换;逆列混合变换(9)即为根据列混合逆变换的系数对状态进行列与列的操作的变换;逆S盒替代变换(10)为S盒替代变换(8)的逆变换;S盒替代变换(8)是一个非线性的字节替代变换;该变换使用一个S盒,它由256个元素组成的一维表,根据中间结果的每一字节的数值检索S盒中对应的替代值,根据中间结果的每一字节的数值检索S盒中对应的替代值;S盒是一种可逆的置换表,由两个子变换组成:4. a decryption method of a high security level symmetric key algorithm is characterized in that the decryption method is: it is formed by series connection and combination of N rounds of decryption rounds, and the decryption sequence of each decryption round is subkey modulo 2 plus transformation (3 ), inverse column mixing transformation (9), inverse S-box substitution transformation (10), inverse row shift transformation (11), the final output of each decryption round is the inverse row shift transformation (11), and then the input of the next decryption round is Subkey modulo 2 plus transformation (3), ciphertext (12) and seed key (5) undergo data/key addition (6), and the result of data/key addition (6) is sent to the 0th round The subkey modulo 2 plus transformation (3), and the decryption wheel key W i generated by the seed key (5) through key diffusion (7) are respectively sent to the first transformation of each decryption round, that is, the subkey modulo 2 Add transformation (3); the decryption order of the last round of decryption round is subkey modulo 2 plus transformation (3), inverse S-box substitution transformation (10), retrograde shift transformation (11), and the last round of decryption round The retrograde shift transformation (11) outputs the plaintext; the transformation method of the subkey modulo 2 plus transformation (3) is: the subkey modulo 2 plus transformation is to add the wheel key modulo 2 obtained by key diffusion to the state Each byte; the inverse shift transformation (11) is the inverse transformation of the row shift transformation (1); the inverse column mixed transformation (9) is the operation of performing column and column operations on the state according to the coefficient of the column mixed inverse transformation Transformation; inverse S-box substitution transformation (10) is the inverse transformation of S-box substitution transformation (8); S-box substitution transformation (8) is a non-linear byte substitution transformation; this transformation uses an S-box, which consists of 256 A one-dimensional table composed of elements, according to the value of each byte of the intermediate result, retrieve the corresponding substitute value in the S box, and retrieve the corresponding substitute value in the S box according to the value of each byte of the intermediate result; the S box is a A reversible permutation table, consisting of two subtransformations: 1.有限域GF(28)上的乘法逆,元素{00}的映射为本身;1. The multiplicative inverse on the finite field GF(2 8 ), the mapping of the element {00} is itself; 2.有限域GF(2)上的仿射,如下列方程式所示:2. Affine over the finite field GF(2), as shown in the following equation:      b′i=bib(i+4)mod8b(i+5)mod8b(i+6)mod8b(i+7)mod8ci b′ i = b i b (i+4)mod8 b (i+5)mod8 b (i+6)mod8 b (i+7)mod8 c i 其中,0≤i<8,bi是变换字节的第i bit,{c7c6c5c4c3c2c1c0}={63h}={01100011b}。Wherein, 0≤i<8, b i is the i-th bit of the converted byte, {c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 }={63h}={01100011b}. 5.根据权利要求4所述的高安全等级对称密钥算法的解密方法,其特征在于逆列混合变换(9)变换方法为:不改变每一轮的4个变换的顺序,只是对逆列混合变换进行修改,预先编制四张乘数因子表:LUT02、LUT03、LUT04和LUT05,其中这4张表的具体描述和限定如下列方程式所示:5. according to the decryption method of the high security grade symmetric key algorithm described in claim 4, it is characterized in that the inverse column mixed transformation (9) transformation method is: do not change the order of 4 transformations of each round, just to inverse column The mixed transformation is modified, and four multiplier tables are prepared in advance: LUT02, LUT03, LUT04, and LUT05. The specific description and limitation of these four tables are shown in the following equations: LUT02[i]=i·02mod m(x)LUT02[i]=i·02mod m(x) LUT03[i]=i·03mod m(x)LUT03[i]=i·03mod m(x) LUT04[i]=i·04mod m(x)LUT04[i]=i·04mod m(x) LUT05[i]=i·05mod m(x)LUT05[i]=i·05mod m(x) 其中i=0,1,2...255,m(x)=x8+1where i=0, 1, 2...255, m(x)=x 8 +1 变换的时候,先根据列混合逆变换的系数从各张乘数因子表中找到状态每一列字节模乘后的数值,然后把这些数值进行异或运算,得到状态某一字节逆变换后的新数值,以此类推,可以得到状态其他字节变换后的新数值。When transforming, first find the value after modular multiplication of each column byte of the state from each multiplier factor table according to the coefficient of the column mixed inverse transformation, and then perform XOR operation on these values to obtain a certain byte of the state after inverse transformation The new value of , and so on, can get the new value of other bytes of the state after transformation. 6.根据权利要求4所述的高安全等级对称密钥算法的解密方法,其特征在于逆行移位变换(11)为行移位变换(1)的逆变换,行移位变换(1)的变换方法为:行移位变换对状态的每一行的字节单独进行循环移位操作,满足下列关系:第0行和第4行不移位;第1行和第5行移1个字节;第2行和第6行如果Nb=4,Nb为该加密算法中每次进入加密轮中数据块的长度除以64,或Nb=6,移2个字节,否则移3个字节;第3行和第7行如果Nb=4或Nb=6,移3个字节,否则移4个字节。6. according to the decryption method of the high security grade symmetric key algorithm described in claim 4, it is characterized in that the retrograde shift transformation (11) is the inverse transformation of the row shift transformation (1), and the row shift transformation (1) The transformation method is: the row shift transformation performs a separate circular shift operation on the bytes of each row of the state, and satisfies the following relationship: the 0th row and the 4th row are not shifted; the 1st row and the 5th row are shifted by 1 byte ;If Nb=4 in the 2nd row and the 6th row, Nb is the length of the data block entering the encryption round in the encryption algorithm divided by 64, or Nb=6, shift 2 bytes, otherwise shift 3 bytes ; If Nb=4 or Nb=6 in line 3 and line 7, shift 3 bytes, otherwise shift 4 bytes. 7.一种高安全等级对称密钥算法的加密器,其特征在于加密器由DSP模块(13)、FLASH模块(14)、McBSP0扩展口(15)所组成,DSP模块(13)的“D15-D0”与FLASH模块(14)的“D15-D0”端相接,DSP模块(13)的“A15-A0”与FLASH模块(14)的“A15-A0”端相接,DSP模块(13)的“MSTRB、R/W”通过与门接FLASH模块(14)的“WE”端,DSP模块(13)的“MSTRB”接一非门的输入端,该非门输出端和DSP模块(13)的“R/W”分别接一与非门的两个输入端,该与非门的输出端接FLASH模块(14)的“OE”端,DSP模块(13)的“BCLKR0、BFSR0、BDR0、BCLKX0、BFSX0、BDX0、INT0、INT1、IACK”接McBSP0扩展口(15)。7. A kind of encryption device of high security level symmetric key algorithm, it is characterized in that encryption device is made up of DSP module (13), FLASH module (14), McBSP0 extension port (15), " D15 of DSP module (13) -D0" is connected with the "D15-D0" end of the FLASH module (14), the "A15-A0" of the DSP module (13) is connected with the "A15-A0" end of the FLASH module (14), and the DSP module (13 )'s " MSTRB, R/W " connects the " WE " end of the FLASH module ( 14 ) through the AND gate, and the " MSTRB " of the DSP module ( 13 ) connects the input end of a NOT gate, and this NOT gate output terminal and the DSP module ( 13) " R/W " connects two input ends of a NAND gate respectively, the output terminal of this NAND gate connects the " OE " end of FLASH module (14), " BCLKR0, BFSR0, BCLKR0, BFSR0, BDR0, BCLKX0, BFSX0, BDX0, INT0, INT1, IACK" are connected to the McBSP0 expansion port (15).
CN 03113387 2003-05-01 2003-05-01 Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer Expired - Fee Related CN1258148C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03113387 CN1258148C (en) 2003-05-01 2003-05-01 Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03113387 CN1258148C (en) 2003-05-01 2003-05-01 Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer

Publications (2)

Publication Number Publication Date
CN1445681A CN1445681A (en) 2003-10-01
CN1258148C true CN1258148C (en) 2006-05-31

Family

ID=27814708

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03113387 Expired - Fee Related CN1258148C (en) 2003-05-01 2003-05-01 Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer

Country Status (1)

Country Link
CN (1) CN1258148C (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100080395A1 (en) * 2006-11-17 2010-04-01 Koninklijke Philips Electronics N.V. Cryptographic method for a white-box implementation
CN102023937A (en) * 2010-11-19 2011-04-20 苏州国芯科技有限公司 Dataflow encryption method for USB (Universal Serial Bus) storage equipment
CN102404123A (en) * 2012-01-04 2012-04-04 王勇 An Encryption Method Based on the Idea of Algorithm Transformation
CN102664730B (en) * 2012-05-02 2014-11-12 西安电子科技大学 128 bit secret key expansion method based on AES (Advanced Encryption Standard)
CN102624520B (en) * 2012-05-02 2014-10-29 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN102857334B (en) * 2012-07-10 2015-07-08 记忆科技(深圳)有限公司 Method and device for realizing AES (advanced encryption standard) encryption and decryption
CN103500294B (en) * 2013-09-23 2016-03-23 北京荣之联科技股份有限公司 A kind of file encryption-decryption method and device
DE102015211668B4 (en) 2015-06-24 2019-03-28 Volkswagen Ag Method and device for increasing the safety of a remote release, motor vehicle
KR101914453B1 (en) * 2015-10-29 2018-11-02 삼성에스디에스 주식회사 Apparatus and method for encryption
CN105939190A (en) * 2016-06-23 2016-09-14 天津中安华典数据安全科技有限公司 AES data encryption method for offline key generation based on FPGA
CN113472835B (en) * 2020-08-17 2024-09-03 海信集团控股股份有限公司 Data reading and uploading method and device
CN116186742A (en) * 2023-04-24 2023-05-30 东方空间技术(山东)有限公司 Method, device and equipment for encrypting and storing arrow-mounted data

Also Published As

Publication number Publication date
CN1445681A (en) 2003-10-01

Similar Documents

Publication Publication Date Title
CN1258148C (en) Encryption, decryption method using high security level symmetry secret key algorithm and its encipherer
CN1898896A (en) Programmable data encryption engine for advanced encryption standard algorithm
CN112202547B (en) Lightweight block cipher GFCS (generic fragment signature Circuit) implementation method and device and readable storage medium
CN1672352A (en) Advanced encryption standard (AES) hardware cryptographic engine
CN1172235C (en) Extended key generator, encryption/decryption unit, extended key generation method
CN1663172A (en) Round key generation for AES RIJNDAEL block cipher
WO2020188269A1 (en) Cryptography using a cryptographic state
CN1527531A (en) Implementation method of a data encryption standard or a triple data encryption standard
CN112287333B (en) A lightweight adjustable block cipher implementation method, system, electronic device and readable storage medium
JPH07199808A (en) Method and system for encryption
CN102185692A (en) Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm
CN105959107B (en) A New High Security Lightweight SFN Block Cipher Implementation Method
Gueron Advanced encryption standard (AES) instructions set
CN111314054B (en) A lightweight ECEG block cipher implementation method, system and storage medium
CN1677921A (en) Method for enciphering data through programmable device
CN111478766A (en) Method, device and storage medium for realizing block cipher MEG
CN112134691B (en) A component repeatable NLCS block cipher implementation method, device and medium
CN1281023C (en) Discrete Data Block Encryption Method
CN1180351C (en) Encryption methods for hardened garbled block ciphers
CN104011732A (en) Dual composite field advanced encryption standard memory encryption engine
CN202257543U (en) Instruction optimization processor aiming at advanced encryption standard (AES) symmetry encrypting program
CN1633030A (en) A Fast Calculation Method of Cyclic Redundancy Check
Gueron et al. Hardware implementation of AES using area-optimal polynomials for composite-field representation GF (2^ 4)^ 2 of GF (2^ 8)
CN107171782B (en) AES private log encryption method based on reversible logic circuit
CN1795637A (en) Method and apparatus for a low memory hardware implementation of the key expansion function

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee