CN102082668A - Message integrity authentication method based on coupling chaotic mapping - Google Patents
Message integrity authentication method based on coupling chaotic mapping Download PDFInfo
- Publication number
- CN102082668A CN102082668A CN2010105763364A CN201010576336A CN102082668A CN 102082668 A CN102082668 A CN 102082668A CN 2010105763364 A CN2010105763364 A CN 2010105763364A CN 201010576336 A CN201010576336 A CN 201010576336A CN 102082668 A CN102082668 A CN 102082668A
- Authority
- CN
- China
- Prior art keywords
- message
- key
- integer
- steps
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Compression, Expansion, Code Conversion, And Decoders (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a message integrity authentication method. The method comprises the following steps: 1) a message sender generates an initial chaining value and a secret authentication key; 2) the sender inputs the authentication key, the initial chaining value and messages into hash methods to output message authentication codes, wherein the hash methods adopt one-dimensional coupling chaotic mapping systems; the messages and expanded subkeys are input as the parameters of the chaotic systems; and through limited times of iterative operations carried out by the chaotic systems, the messages and the key can be chaotic and dispersed sufficiently to generate un-repeated hash values (authentication codes) which are randomly distributed; 3) the sender sends the initial chaining value, the authentication key, the messages and the authentication codes to a message receiver; 4) the receiver inputs the authentication key, the initial chaining value and the messages into the hash methods to generate message authentication codes; and 5) the receiver carries out message integrity authentication according to the authentication codes generated in the step 4) and the received authentication codes, and the received messages are proved to be integral if the generated authentication codes and the received authentication codes are consistent. The method has the characteristic of strong security and is easy for software implementation.
Description
Technical field
The present invention relates to field of information security technology, relate to the method that is used for the message integrity authentication.
Technical background
In the face of various threats and attack in the Internet, the recipient of information is necessary that the information of it being received or preserve carries out integrity check, checking message transmit or storing process in whether distorted, deleted or insertion etc.Usually will carry out hash to the message of authentication and handle, output has the hashed value (also claiming eap-message digest) of regular length, as the foundation of message integrity authentication.Suppose communicating pair A and B, A calculates hashed value when B sends message, and message and hashed value are sent to B; B carries out identical hash computing to the message of receiving, obtains new hashed value, and the hashed value that the hashed value that receives and B calculate is compared, if the source that identical then B can acknowledge messages and not distorted.If hashed value is controlled by a key of communicating pair appointment, the hashed value of message is also referred to as message authentication code.
It is open that the generation of the authentication code of a safety will be satisfied (1) concrete method of operation, unique need to be keep secret be key; (2) message of random length produces the authentication code with regular length; (3) given method of operation, message and key require to obtain easily authentication code; (4) given method and message are not being known under the condition of key, are difficult to obtain correct authentication code.
In conventional cipher was learned, the method that produces authentication code was usually based on existing ashing technique, such as HMAC, also can be based on grouping encryption method, and perhaps based on general hash function family method, so its fail safe often depends on these basic passwords itself.The present invention is special one brand-new, based on the completeness certification method of coupling chaotic maps, be independent of existing ashing technique and encryption method.Its main feature is to adopt the one dimension coupled chaotic mapping system, input message and key are as the parameter of chaotic mapping system, iterative operation by the coupled chaotic mapping system limited number of time, can make message and key reach enough confusion and diffusions, produce random distribution, unduplicated hashed value (authentication code), guaranteed the fail safe of this method and the characteristic that software is realized fast operation.
Summary of the invention
The objective of the invention is to design a kind of message integrity authentication method, its process feature is following treatment step:
A1) sender of the message produces initial chaining value and secret authenticate key;
A2) sender of the message imports authenticate key, initial chaining value and message in the following ashing technique, generates authentication code, and concrete step is:
A2.1) carry out the message shaping, message is divided into groups after filling cover;
A2.2) carry out cipher key spreading, the authenticate key K of 256 bits is extended to the sub-key of 1024 bits;
A2.3) carry out parameter and generate, import the blocking message and the expansion sub-key of 1024 bits, produce two groups of parameters of one dimension coupling mapped system;
A2.4) carry out message compression,, export 256 bits the compression of 1024 bit message of input;
A2.5) handle all message groupings successively, and the output valve of last grouping is carried out conversion, the output message authentication code;
A3) sender of the message issues message recipient to initial chaining value, secret authenticate key, message and message authentication code;
A4) message recipient is in authenticate key, initial chaining value and the message input ashing technique, and each step among the repeating step A2 generates message authentication code;
A5) message recipient carries out the message integrity authentication according to steps A 4 authentication code that is generated and the authentication code that receives, if both unanimities prove that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete.
In steps A 1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) form H
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) all be to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, with 8 integer representations, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
In steps A 2) in the production process of message authentication code, steps A 2.1) the message shaping is meant message replenished the position by filling, and add the original text length information of 128 bit lengths, making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and the original text message-length is the 1024t bit after the shaping, and t is an integer; Message is grouped into M
1, M
2..., M
t
In steps A 2) in the production process of message authentication code, steps A 2.2) cipher key spreading is the sub-key that the authenticate key K of 256 bits is extended to 1024 bits, sub-key is represented with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Kk (j)=kk (j-8)+(kk (j-8)>>>12) ⊕ (kk (j-5)>>>11)+(kk (j-3)<<<11), j=9,10 ..., 16 operation ⊕ are by the bit XOR, operate+be mould 2
32Addition, operation x>>>(<<<) y represents the x right side (left side) cyclic shift y bit;
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...,8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32; It is the sub-key of 1024 bits that total has been exported length overall, ka (j), and j=1,2 ..., 32.
In steps A 2) in the production process of message authentication code, steps A 2.3) parameter generates is blocking message M by input
iWith expansion sub-key ka (j), produce two groups of parameters of one dimension coupling mapped system, concrete production method is as follows:
First group of parameter can be i message grouping M by linear transformation
iBe converted into 32 double precision real number b
I, j, promptly
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8;
Second group of parameter, sub-key ka (j) that expansion obtains and the message grouping M that imports
iAfter the mixing, be converted into other one group 32 double precision real number a
I, j, promptly
a
I, j=2.0+[ka ((i-1) * 8+j) ⊕ (m ((i-1) * 8+j)>>>8)]/2
31, i=1,2,3,4j=1,2 ..., 8 wherein to operate ⊕ be by the bit XOR, operation x>>>y represents the bit to the right cyclic shift y of x.
In steps A 2) in the production process of message authentication code, steps A 2.4) compression process is the compression of 1024 bit message of input, exports 256 bits, described method is realized by following one dimension coupling mapped system and nonlinear transformation:
A2.4.1) dynamics of one dimension coupled chaotic mapping system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1(a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1)) (1)
+f
2(a
4,j+4,c
j+4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1(b
1,j,x
n+1(j))+f
1(b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1))(2)
+f
2(b
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is a discrete time iteration step number, and j is the lattice point coordinate, and lattice point length is 8, to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is logistic mapping, when a>3.57, the logistic mapping is a chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
I, jAnd b
I, jBy steps A 2.3) obtain; At parameter a
I, jAnd b
I, jIn the scope of being got, one dimension coupling mapped system is a chaos system; Carry out formula (1) and (2) successively and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (1) and (2) iterative operation, when iterations equals 4 and 8 times, and promptly when r=4 and r=8, output variable x
2r(j) carry out A2.4.2) nonlinear transformation;
Described one dimension coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (1) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be in steps A 1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (1) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
I-1(j) be to (i-1) individual message grouping M
I-1Compression process is calculated the intermediate variable H of output
I-1, i.e. H
I-1={ h
I-1(1), h
I-1(2) ..., h
I-1(8) }, each h
I-1(j) all be to belong to [0,2
32) integer on the interval;
A2.4.2) nonlinear transformation is above-mentioned steps A2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, promptly during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50?mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into the double precision real number at last again;
For the 8th iteration, promptly during r=8, according to following formula it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50?mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer h of 32 bit long
i(j).
In steps A 2) in the production process of message authentication code, steps A 2.5) handle all message groupings successively, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps A2.3), A2.4), the M of message grouping to the last
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
t(8) }, each h
t(j), j=1,2 ..., 8, all be to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
The present invention has the following advantages:
(1). input message and the parameter of expansion sub-key as chaos system, and, increased the Theoretical Calculation difficulty of attacking to Chaos Variable employing nonlinear transformation, strengthened security of system effectively.
(2). have high Message Processing speed.
(3). this method is easy to software and realizes.
Description of drawings
Fig. 1 is the compression method schematic diagram.
Fig. 2 produces the authentication code schematic diagram.
Fig. 3 is that message only changes a bit, the variation of authentication code.
Fig. 4 is that key only changes a bit, the variation of authentication code.
Fig. 5 is that initial value only changes a bit, the variation of authentication code.
Embodiment
Below in conjunction with accompanying drawing and example the present invention is described in further detail, the concrete building method of integrated authentication comprises following five steps:
B1) sender of the message produces initial chaining value and secret authenticate key;
B2) sender of the message imports authenticate key, initial chaining value and message in the following ashing technique, generates authentication code, and concrete step is:
B2.1) carry out the message shaping, message is divided into groups after filling cover;
B2.2) carry out cipher key spreading, the authenticate key K of 256 bits is extended to the sub-key of 1024 bits;
B2.3) carry out parameter and generate, import the blocking message and the expansion sub-key of 1024 bits, produce two groups of parameters of one dimension coupling mapped system;
B2.4) carry out message compression,, export 256 bits the compression of 1024 bit message of input;
B2.5) handle all message groupings successively, and the output valve of last grouping is carried out conversion, the output message authentication code;
B3) sender of the message sends to message recipient to initial chaining value, secret authenticate key, message and message authentication code;
B4) message recipient is in authenticate key, initial chaining value and the message input ashing technique, and each step among the repeating step B2 generates message authentication code;
B5) message recipient carries out the message integrity authentication according to step B4 authentication code that is generated and the authentication code that receives, if both unanimities prove that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete.
At step B1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) H is formed in cascade
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) all be to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, represents with 8 integer cascades, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
At step B2) in the production process of message authentication code, step B2.1) the message shaping is meant message replenished the position by filling, and add the original text length information of 128 bit lengths, making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and the original text message-length is the 1024t bit after the shaping, and t is an integer; Message is grouped into M
1, M
2..., M
t
Described process by original text message generation shaping message further comprises:
Origination message to input is filled cover, so that the message-length behind its cover is being 896 to the remainder behind 1024 deliverys, cover is to mend earlier to mend 0 again for one 1, satisfying 1024 delivery remainders up to length is 896, cover is mended one at least, mending 1024 bits at most, is 896 even length satisfies 1024 delivery remainders, and cover also must carry out; Mend length then, the data of mending one 128 bit length are represented the length of origination message, mend the message back of having carried out the cover operation; Last whole message is divided into the message packet data block M of 1024 bits one by one in order
1, M
2..., M
t, represent final grouping number after the message shaping with t; Every group of message M
iAvailable 32 integer representations, M
i=m (1), m (2) ..., m (32) }, each m (j) belongs to [0,2
32) integer on the interval.
At step B2) in the production process of message authentication code, step B2.2) cipher key spreading is the sub-key that the key K of 256 bits is extended to 1024 bits, sub-key is represented with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Kk (j)=kk (j-8)+(kk (j-8)>>>12) ⊕ (kk (j-5)>>>11)+(kk (j-3)<<<11), j=9,10 ..., 16 operation ⊕ are by the bit XOR, operate+be mould 2
32Addition, operation x>>>(<<<) y represents the x right side (left side) cyclic shift y bit;
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...,8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32; It is the sub-key of 1024 bits that total has been exported length overall, ka (j), and j=1,2 ..., 32.
At step B2) in the production process of message authentication code, step B2.3) parameter generates is blocking message M by input
iWith expansion sub-key ka (j), produce two groups of parameters of one dimension coupling mapped system, concrete grammar is as follows:
First group of parameter can be i message grouping M by linear transformation
iBe converted into 32 double precision real number b
I, j, promptly
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8;
Second group of parameter, sub-key ka (j) that expansion obtains and the message grouping M that imports
iAfter the mixing, be converted into other one group 32 double precision real number a
I, j, promptly
a
I, j=2.0+[ka ((i-1) * 8+j) ⊕ (m ((i-1) * 8+j)>>>8)]/2
31, i=1,2,3,4, j=1,2 ..., 8 wherein to operate ⊕ be by the bit XOR, operation x>>>y represents the bit to the right cyclic shift y of x.
At step B2) in the production process of message authentication code, step B2.4) compression process is the compression of 1024 bit message of input, exports 256 bits, described method realizes (as shown in Figure 1) by one dimension iteration coupling mapped system and nonlinear transformation:
B2.4.1) dynamics of one dimension coupling mapped system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1(a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1)) (3)
+f
2(a
4,j+4,c
j=4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1(b
1,j,x
n+1(j))+f
1(b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1))(4)
+f
2(f
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is a discrete time iteration step number, and j is the lattice point coordinate, and lattice point length is 8, to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is logistic mapping, when a>3.57, the logistic mapping is a chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
I, jAnd b
I, jBy step B2.3) obtain; At parameter a
I, jAnd b
I, jIn the scope of being got, one dimension coupling mapped system is a chaos system; Carry out formula (3) and (4) successively and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (3) and (4) iterative operation, when iterations equals 4 and 8 times, and promptly when r=4 and r=8, output variable x
2r(j) carry out B2.4.2) nonlinear transformation;
Described one dimension iteration coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (3) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be at step B1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (3) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
I-1(j) be to (i-1) individual message grouping M
I-1Compression process is calculated the intermediate variable H of output
I-1, i.e. H
I-1={ h
I-1(1), h
I-1(2) ..., h
I-1(8) }, each h
I-1(j) all be to belong to [0,2
32) integer on the interval;
B2.4.2) nonlinear transformation is above-mentioned steps B2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, promptly during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50?mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into the double precision real number at last again;
For the 8th iteration, promptly during r=8, according to following formula it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50?mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer h of 32 bit long
i(j).
At step B2) in the production process of message authentication code, step B2.5) handle all message groupings successively, as shown in Figure 2, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps B2.3), B2.4), the M of message grouping to the last
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
t(8) }, each h
t(j), j=1,2 ..., 8, all be to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32After adding, and to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
Below in conjunction with a concrete message, further specify technical scheme of the present invention, comprise intermediate operations process and partial results.
(1). the sender of the message determines initial chaining value and authenticate key
The sender of the message determines initial chaining value H
0={ h
0(1), h
0(2) ..., h
0(8) } and authenticate key k (1) respectively as follows to k (8):
h
0(1) to h
0(8) (hexadecimal representation) is 51ff5c 9044df76 317b9d08 cf0661f395c0d47e 7ad70a51 59ab4ca9 e55a354b;
K (1) is 11111111 to k (8) (hexadecimal representation).
(2). set up shaping message
With these three letters of original text abc is example, ASCII character value corresponding to hexadecimal representation is 61,62,63, obtaining shaping message is a grouping, be that m (1) is respectively 60,616,280 0000 00 000000000000000000000 00 0 18 (hexadecimal representations) to m (32), wherein four of the end numerals 000 18 have been represented the length of message, i.e. 24 bit long.
(3). carry out expanded keys
Given key 11111111, the sub-key ka (1) that is expanded is 14a1645b 19ba6c2d 99260a39 830ea697 e2fcf1d3 817789d1 c1681f285fe0a91c 9d2dd5bc feb86830 e31551d9 3d710ec3 a5fdc73c a220ffbf68e564cb 6e38ed8c 133abcfc 3378c729 576127e8 56bc9cd8 27894f4454aad7 f4cbf12f e0fed5ee d41a7ab4 cd241afc 7f47beb0 f0f383e095ea8b57 c20ba1d0 cc1553aa f435eae1 to ka (32).
(4). calculating parameter
Double precision parameter b by message and the generation of expansion sub-key
I, jAnd a
I, jSee Table 1 and table 2 respectively.
(5). compression process is calculated
Compression process calculates output variable H
1, h
1(1) to h
1(8) be respectively 54af1fa6 7fce8103ca9c2df7 9069e931 d4c0dc60 d0e381a4 eba7eebf fb99486c.
(6). the output message authentication code
h
1(i) and key k (i) mould 2
32Add operation obtains the hashed value 54af1fa7 7fce8104ca9c2df8 9069e932 d4c0dc61 d0e381a5 eba7eec0 fb99486d of 256 bits.
Only change information " abc " and arrive " abd ", key K and initial value H
0Constant, the authentication code that obtains 256 bits is c17052fe 48ad9c91 60,e28,ad3 17339804 54ab43da fc58ba20 e99134cdfaa7e02.For the variation of authentication code is described better, authentication code before and after changing is pressed the bit xor operation, obtain 95df4d59 37631d95 aa7ea72b 875a7136 806b9fbb 2cbb3b85236da0d f433366f, The above results is represented (each 32 bit is arranged from low to high by bit) with Bit String
1?0?0?1?1?0?1?0?1?0?1?1?0?0?1?0?1?1?1?1?1?0?1?1?1?0?1?0?1?0?0?1
1?0?1?0?1?0?0?1?1?0?1?1?1?0?0?0?1?1?0?0?0?1?1?0?1?1?1?0?1?1?0?0
1?1?0?1?0?1?0?0?1?1?1?0?0?1?0?1?0?1?1?1?1?1?1?0?0?1?0?1?0?1?0?1
0?1?1?0?1?1?0?0?1?0?0?0?1?1?1?0?0?1?0?1?1?0?1?0?1?1?1?0?0?0?0?1
1?1?0?1?1?1?0?1?1?1?1?1?1?0?0?1?1?1?0?1?0?1?1?0?0?0?0?0?0?0?0?1
1?0?1?0?0?0?0?1?1?1?0?1?1?1?0?0?1?1?0?1?1?1?0?1?0?0?1?1?0?1?0?0
1?0?1?1?0?0?0?0?0?1?0?1?1?0?1?1?0?1?1?0?1?1?0?0?0?1?0?0?0?0?0?0
1?1?1?1?0?1?1?0?0?1?1?0?1?1?0?0?1?1?0?0?1?1?0?0?0?0?1?0?1?1?1?1
Fig. 3 has shown 256 bit values behind the XOR, and variation has taken place about 50% bit, shows that authentication code has good randomness.
Only change the k (1) in the key K, other key values are constant, and k (1) changes to " 0 " by " 1 ", information " abc " and initial value H
0Constant, authentication code eaafdbc8 75e6ef59 7d1e3eda99ba7fc0 5de9720e 79333fa9 3e4e4d85 b7b9534b and Fig. 3 of obtaining 256 bits are similar, and Fig. 4 has shown that authentication code has good randomness.
Only change initial value H
0In h
0(1), other initial values are constant, h
0(1) changes to " 51ff5d " by " 51ff5c ", information " abc " and key K are constant, obtain the authentication code ec1b8616 a3f7f9e2 4ad40e7055e31abd a6df20fb cd98582d 1ad38158 367c45e2 of 256 bits, similar with Fig. 3, Fig. 5 has shown that authentication code has good randomness.
The inventive method provides a kind of method of message integrity authentication, can be used for software programming and realizes that treatment effeciency is faster arranged.
The above is preferred embodiment of the present invention, but the present invention should not be confined to this embodiment.So every do not break away from finish under the spirit disclosed in this invention the equivalence or the change, all fall into the scope of protection of the invention.
The parameter b that table 1 double-precision floating point is represented
I, j
| ? |
1 | 2 | 3 | 4 |
| 1 | 2.752971947193146 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 2 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 3 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 4 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 5 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 6 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 7 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 8 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000011175871 |
The parameter a that table 2 double-precision floating point is represented
I, j
| a i,j | 1 | 2 | 3 | 4 |
| 1 | 3.162140515167266 | 3.227961270138621 | 2.150230048224330 | 3.657058084383607 |
| 2 | 2.201001665089279 | 3.990002654492855 | 2.402123351115733 | 3.602664349600673 |
| 3 | 3.196473386604339 | 3.774088126141578 | 2.682652462273836 | 2.994376979768276 |
| 4 | 3.023884605150670 | 2.480012746062130 | 2.677631001919508 | 3.882431492209435 |
| 5 | 3.773344257380813 | 3.296807197853923 | 2.019304865971208 | 3.171220223885030 |
| 6 | 3.011460520792753 | 3.266632049810141 | 2.033833842258900 | 3.515979982912540 |
| 7 | 3.510990042239428 | 2.819500540848821 | 3.912473819684237 | 3.594400842674077 |
| 8 | 2.749043596908450 | 2.861112302169204 | 3.757776967249811 | 3.845395431388170 |
Claims (7)
1. the completeness certification method of a message, its process feature is following treatment step:
A1) sender of the message produces initial chaining value and secret authenticate key;
A2) sender of the message imports authenticate key, initial chaining value and message in the following ashing technique, generates authentication code, and concrete step is:
A2.1) carry out the message shaping, message is divided into groups after filling cover;
A2.2) carry out cipher key spreading, the key K of 256 bits is extended to the sub-key of 1024 bits;
A2.3) carry out parameter and generate, input message and expansion sub-key, two groups of parameters of generation one dimension coupling mapped system;
A2.4) carry out message compression,, export 256 bits the compression of 1024 bit message of input;
A2.5) handle all message groupings successively, and the output valve of last grouping is carried out conversion, the output message authentication code;
A3) sender of the message issues message recipient to initial chaining value, secret authenticate key, message and message authentication code;
A4) message recipient is in authenticate key, initial chaining value and the message input ashing technique, and each step among the repeating step A2 generates message authentication code;
A5) message recipient carries out the message integrity authentication according to steps A 4 authentication code that is generated and the authentication code that receives, if both unanimities prove that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete.
2. a kind of completeness certification method according to claim 1 is characterized in that described steps A 1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) H is formed in cascade
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) all be to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, represents with 8 integer cascades, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
3. a kind of completeness certification method according to claim 1, steps A 2.1) the message shaping is meant message is replenished the position by filling, and adds the original text length information of 128 bit lengths, and making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and the original text message-length is the 1024t bit after the shaping, and t is an integer.
4. a kind of completeness certification method according to claim 1, steps A 2.2) cipher key spreading is the sub-key that the key K of 256 bits is extended to 1024 bits, and sub-key is represented with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Kk (j)=kk (j-8)+(kk (j-8)>>>12) ⊕ (kk (j-5)>>>11)+(kk (j-3)<<<11), j=9,10 ..., 16 operation ⊕ are by the bit XOR, operate+be mould 2
32Addition, operation x>>>(<<<) y represents the x right side (left side) cyclic shift y bit;
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...,8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32; It is the sub-key of 1024 bits that total has been exported length overall, ka (j), and j=1,2 ..., 32.
5. a kind of completeness certification method according to claim 1, steps A 2.3) to generate be blocking message M by input to parameter
iWith expansion sub-key ka (j), produce two groups of parameters of one dimension coupling mapped system, concrete grammar is as follows:
First group of parameter can be i message grouping M by linear transformation
iBe converted into 32 double precision real number b
I, j, promptly
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8;
Second group of parameter, sub-key ka (j) that expansion obtains and the message grouping M that imports
iAfter the mixing, be converted into other one group 32 double precision real number a
I, j, promptly
a
I, j=2.0+[ka ((i-1) * 8+j) ⊕ (m ((i-1) * 8+j)>>>8)]/2
31, i=1,2,3,4, j=1,2 ..., 8 wherein to operate ⊕ be by the bit XOR, operation x>>>y represents the bit to the right cyclic shift y of x.
6. a kind of completeness certification method according to claim 1, steps A 2.4) compression process is the compression of 1024 bit message of input, exports 256 bits, and described method is realized by one dimension iteration coupling mapped system and nonlinear transformation:
A2.4.1) dynamics of one dimension iteration coupling mapped system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1(a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1)) (1)
+f
2(a
4,j+4,c
j=4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1(b
1,j,x
n+1(j))+f
1(b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1)) (2)
+f
2(b
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is a discrete time iteration step number, and j is the lattice point coordinate, and lattice point length is 8, to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is logistic mapping, when a>3.57, the logistic mapping is a chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
I, jAnd b
I, j, i=1,2,3,4, j=1,2 ..., 8, by steps A 2.3) obtain; At parameter a
I, jAnd b
I, jIn the scope of being got, one dimension coupling mapped system is a chaos system; Carry out formula (1) and (2) successively and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (1) and (2) iterative operation, when iterations equals 4 and 8 times, and promptly when r=4 and r=8, output variable x
2r(j) carry out A2.4.2) nonlinear transformation;
Described one dimension iteration coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (1) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be in steps A 1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (1) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
I-1(j) be to (i-1) individual message grouping M
I-1Compression process is calculated the intermediate variable H of output
I-1, i.e. H
I-1={ h
I-1(1), h
I-1(2) ..., h
I-1(8) }, each h
I-1(j) all be to belong to [0,2
32) integer on the interval;
A2.4.2) nonlinear transformation is above-mentioned steps A2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, promptly during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50?mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into the double precision real number at last again;
For the 8th iteration, promptly during r=8, according to following formula it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50?mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real number x
2r(j) amplify 2
50Doubly, delivery 2 then
32, obtain the integer h of 32 bit long
i(j).
7. a kind of completeness certification method according to claim 1, steps A 2.5) handle all message groupings successively, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps A2.3), A2.4), the M of message grouping to the last
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
t(8) }, each h
t(j), j=1,2 ..., 8, all be to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010576336 CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010227914.3 | 2010-07-16 | ||
| CN2010102279143A CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
| CN 201010576336 CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102082668A true CN102082668A (en) | 2011-06-01 |
| CN102082668B CN102082668B (en) | 2013-06-19 |
Family
ID=43227555
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102279143A Pending CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
| CN 201010576336 Expired - Fee Related CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102279143A Pending CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN101902332A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110089068A (en) * | 2016-10-13 | 2019-08-02 | 西门子股份公司 | For authenticating and the method for integrity protected message's content, transmitters and receivers |
| CN111143247A (en) * | 2019-12-31 | 2020-05-12 | 海光信息技术有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8892908B2 (en) * | 2010-12-23 | 2014-11-18 | Morega Systems Inc. | Cryptography module for use with fragmented key and methods for use therewith |
| CN102904715B (en) * | 2012-09-27 | 2015-08-26 | 北京邮电大学 | Based on the parallel Pseudo-random bit generator of coupled chaotic mapping system |
| CN103441968A (en) * | 2013-09-03 | 2013-12-11 | 上海交通大学 | Improved Jakes channel estimation method based on chaos random phase |
| CN105391544A (en) * | 2015-11-19 | 2016-03-09 | 北京石油化工学院 | Hash function construction method applicable to RFID authentication system |
| CN109412791B (en) * | 2018-11-29 | 2019-11-22 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003104969A2 (en) * | 2002-06-06 | 2003-12-18 | Cryptico A/S | Method for improving unpredictability of output of pseudo-random number generators |
| EP1467512A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing chaotic maps and digital signature process |
| CN101741560A (en) * | 2008-11-14 | 2010-06-16 | 北京石油化工学院 | Integral nonlinear mapping-based hash function constructing method |
-
2010
- 2010-07-16 CN CN2010102279143A patent/CN101902332A/en active Pending
- 2010-12-07 CN CN 201010576336 patent/CN102082668B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003104969A2 (en) * | 2002-06-06 | 2003-12-18 | Cryptico A/S | Method for improving unpredictability of output of pseudo-random number generators |
| EP1467512A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing chaotic maps and digital signature process |
| CN101741560A (en) * | 2008-11-14 | 2010-06-16 | 北京石油化工学院 | Integral nonlinear mapping-based hash function constructing method |
Non-Patent Citations (1)
| Title |
|---|
| DI XIAO , XIAOFENG LIAO , YONG WANG: "Improving the security of a parallel keyed hash function based on chaotic maps", 《PHYSICS LETTERS A》, vol. 373, no. 47, 23 November 2009 (2009-11-23), XP 026699782, DOI: doi:10.1016/j.physleta.2009.09.059 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110089068A (en) * | 2016-10-13 | 2019-08-02 | 西门子股份公司 | For authenticating and the method for integrity protected message's content, transmitters and receivers |
| US11288400B2 (en) | 2016-10-13 | 2022-03-29 | Siemens Aktiengesellschaft | Method, transmitter, and receiver for authenticating and protecting the integrity of message contents |
| CN111143247A (en) * | 2019-12-31 | 2020-05-12 | 海光信息技术有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
| CN111143247B (en) * | 2019-12-31 | 2023-06-30 | 海光信息技术股份有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102082668B (en) | 2013-06-19 |
| CN101902332A (en) | 2010-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102082668B (en) | Message integrity authentication method based on coupling chaotic mapping | |
| CA2792571C (en) | Hashing prefix-free values in a signature scheme | |
| KR100930577B1 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
| CN101741560B (en) | Integral nonlinear mapping-based hash function constructing method | |
| US20120008767A1 (en) | System for encrypting and decrypting a plaintext message with authentication | |
| CN102594566B (en) | Chaos message authentication code realization method for wireless sensor network | |
| Tiwari et al. | A secure and efficient cryptographic hash function based on NewFORK-256 | |
| Wang et al. | An attack on hash function HAVAL-128 | |
| Bakhtiari et al. | A message authentication code based on latin squares | |
| CN103490876A (en) | Data encryption method for constructing Hash function based on hyper-chaotic Lorenz system | |
| CN101414904A (en) | Hash function method with single-wheel time anti-collision | |
| CN105391546A (en) | Lightweight block cipher technology VHF based on double pseudo random transformation and Feistel structure | |
| CN101262334A (en) | Encryption method for Bluetooth data transmission | |
| CN105162580A (en) | Lightweight stream cipher technology VHO based on OFB mode and block cipher VH | |
| CN112332988B (en) | Agile quantum privacy query method based on anti-rotation noise | |
| CN107769911A (en) | A kind of lightweight hash function construction method based on Sponge structures | |
| Elkamchouchi et al. | A new Secure Hash Dynamic Structure Algorithm (SHDSA) for public key digital signature schemes | |
| Noura et al. | Efficient and secure keyed hash function scheme based on RC4 stream cipher | |
| CN114065233A (en) | Digital signature aggregation method for big data and block chain application | |
| Katti et al. | On the security of key-based interval splitting arithmetic coding with respect to message indistinguishability | |
| Abad et al. | Enhanced key generation algorithm of hashing message authentication code | |
| CA2642399C (en) | Collision-resistant elliptic curve hash functions | |
| Knapskog | New cryptographic primitives | |
| CN106712925A (en) | S-box acquisition method and acquisition apparatus based on Logistic mapping | |
| KR100525124B1 (en) | Method for Verifying Digitally Signed Documents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20151207 |
|
| EXPY | Termination of patent right or utility model |