CN102082668B - Message integrity authentication method based on coupling chaotic mapping - Google Patents
Message integrity authentication method based on coupling chaotic mapping Download PDFInfo
- Publication number
- CN102082668B CN102082668B CN 201010576336 CN201010576336A CN102082668B CN 102082668 B CN102082668 B CN 102082668B CN 201010576336 CN201010576336 CN 201010576336 CN 201010576336 A CN201010576336 A CN 201010576336A CN 102082668 B CN102082668 B CN 102082668B
- Authority
- CN
- China
- Prior art keywords
- message
- key
- integer
- steps
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Compression, Expansion, Code Conversion, And Decoders (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a message integrity authentication method. The method comprises the following steps: 1) a message sender generates an initial chaining value and a secret authentication key; 2) the sender inputs the authentication key, the initial chaining value and messages into hash methods to output message authentication codes, wherein the hash methods adopt one-dimensional coupling chaotic mapping systems; the messages and expanded subkeys are input as the parameters of the chaotic systems; and through limited times of iterative operations carried out by the chaotic systems, the messages and the key can be chaotic and dispersed sufficiently to generate un-repeated hash values (authentication codes) which are randomly distributed; 3) the sender sends the initial chaining value, the authentication key, the messages and the authentication codes to a message receiver; 4) the receiver inputs the authentication key, the initial chaining value and the messages into the hash methods to generate message authentication codes; and 5) the receiver carries out message integrity authentication according to the authentication codes generated in the step 4) and the received authentication codes, and the received messages are proved to be integral if the generated authentication codes and the received authentication codes are consistent. The method has the characteristic of strong security and is easy for software implementation.
Description
Technical field
The present invention relates to field of information security technology, relate to the method for the message integrity authentication.
Technical background
In the face of various threats and attack in the Internet, the recipient of information is necessary that receive to it or information that preserve is carried out integrity check, checking message transmit or storing process in whether be tampered, delete or insertion etc.Usually will carry out hashing to the message of authentication, output has the hashed value (also claiming eap-message digest) of regular length, as the foundation of message integrity authentication.Suppose communicating pair A and B, A calculates hashed value when B sends message, and message and hashed value are sent to B; B carries out identical hash computing to the message of receiving, obtains new hashed value, and the hashed value that the hashed value that receives and B calculate is compared, the source that if the same B can acknowledge messages and not being tampered.If hashed value is controlled by a key of communicating pair appointment, the hashed value of message is also referred to as message authentication code.
It is open that the generation of the authentication code of a safety will be satisfied (1) concrete method of operation, unique need to be keep secret be key; (2) message of random length produces the authentication code with regular length; (3) given method of operation, message and key require easily to obtain authentication code; (4) given method and message are not being known under the condition of key, are difficult to obtain correct authentication code.
In conventional cipher is learned, produce the method for authentication code usually based on existing ashing technique, such as HMAC, also can the group-based encryption method, perhaps based on general hash function family method, so its fail safe often depends on these basic passwords itself.The present invention is special one brand-new, based on the completeness certification method of coupling chaotic mapping, be independent of existing ashing technique and encryption method.Its main feature is to adopt the one dimension coupled chaotic mapping system, input message and key are as the parameter of chaotic mapping system, iterative operation by the coupled chaotic mapping system limited number of time, can make message and key reach enough confusion and diffusions, produce random distribution, unduplicated hashed value (authentication code), guaranteed the fail safe of the method and the characteristic that software is realized fast operation.
Summary of the invention
The objective of the invention is to design a kind of message integrity authentication method, its process feature is following treatment step:
A1) sender of the message produces initial chaining value and secret authenticate key;
A2) sender of the message in authenticate key, initial chaining value and the following ashing technique of message input, generates authentication code, and concrete step is:
A2.1) carry out the message shaping, message is divided into groups after filling cover;
A2.2) carry out cipher key spreading, the authenticate key K of 256 bits is extended to the sub-key of 1024 bits;
A2.3) carry out parameter and generate, the blocking message of input 1024 bits and expansion sub-key, two groups of parameters of generation one dimension coupling mapped system;
A2.4) carry out message compression, 1024 bit message compressions of input, output 256 bits;
A2.5) process successively all message groupings, and the output valve of last grouping is carried out conversion, the output message authentication code;
A3) sender of the message issues message recipient to initial chaining value, secret authenticate key, message and message authentication code;
A4) message recipient is inputted authenticate key, initial chaining value and message in ashing technique, each step in repeating step A2, generating message authentication code;
A5) message recipient carries out the message integrity authentication according to steps A 4 authentication code that generates and the authentication code that receives, if both are consistent, proves that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete.
In steps A 1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) form H
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) be all to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, with 8 integer representations, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
In steps A 2) in the production process of message authentication code, steps A 2.1) the message shaping refers to message is replenished the position by filling, and add the original text length information of 128 bit lengths, making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and after shaping, the original text message-length is the 1024t bit, and t is integer; Message is grouped into M
1, M
2..., M
t
In steps A 2) in the production process of message authentication code, steps A 2.2) cipher key spreading is the authenticate key K of 256 bits to be extended to the sub-key of 1024 bits, sub-key represents with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32;
It is the sub-key of 1024 bits that total has been exported overall length, ka (j), and j=1,2 ..., 32.
In steps A 2) in the production process of message authentication code, steps A 2.3) parameter generates is blocking message M by input
iWith expansion sub-key ka (j), produce two groups of parameters of one dimension coupling mapped system, concrete production method is as follows:
First group of parameter can be i message grouping M by linear transformation
iM (1), m (2) ..., m (32) } be converted into 32 double precision real numbers b
i,j, namely
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8,
Wherein each m (k) ∈ [0,2
32), k=1,2 ..., 32;
Second group of parameter, the sub-key ka (j) that expansion obtains and the message grouping M that inputs
iAfter mixing, be converted into other one group of 32 double precision real numbers a
i,j, namely
In steps A 2) in the production process of message authentication code, steps A 2.4) compression process is 1024 bit message compressions input, output 256 bits, described method is realized by following one dimension coupling mapped system and nonlinear transformation:
A2.4.1) dynamics of one dimension coupled chaotic mapping system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1(a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1))(1)
+f
2(a
4,j+4,c
j+4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1(b
1,j,x
n+1(j))+f
1(b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1))(2)
+f
2(b
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is the discrete time iterative steps, and j is the lattice point coordinate, and lattice point length is 8, x
n+1(j) state value of j grid n+1 time in step of expression, x
n(j) state value of j grid n time in step of expression, x
n+2(j) state value of j grid n+2 time in step of expression is to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is Logistic Map, and when a>3.57, Logistic Map is chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
i,jAnd b
i,jBy steps A 2.3) obtain; At parameter a
i,jAnd b
i,jIn the scope of getting, one dimension coupling mapped system is a chaos system; Carry out successively formula (1) and (2) and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (1) and (2) iterative operation, when iterations equals 4 and 8 times, and namely when r=4 and r=8, output variable x
2r(j) carry out A2.4.2) nonlinear transformation;
Described one dimension coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (1) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be in steps A 1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (1) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
i-1(j) be to (i-1) individual message grouping M
i-1Compression process is calculated the intermediate variable H of output
i-1, i.e. H
i-1={ h
i-1(1), h
i-1(2) ..., h
i-1(8) }, each h
i-1(j) be all to belong to [0,2
32) integer on the interval;
A2.4.2) nonlinear transformation is above-mentioned steps A2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, namely during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into again at last double precision real numbers;
For the 8th iteration, namely during r=8, according to following formula, it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer h of 32 bit long
i(j).
In steps A 2) in the production process of message authentication code, steps A 2.5) process successively all message groupings, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps A2.3), A2.4), to the last message grouping M
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
t(8) }, each h
t(j), j=1,2 ..., 8, be all to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
The present invention has the following advantages:
(1). input message and the parameter of expansion sub-key as chaos system, and Chaos Variable is adopted nonlinear transformation, and increased the difficulty that theoretical calculating is attacked, effectively strengthened security of system.
(2). have high Message Processing speed.
(3). the method is easy to software and realizes.
Description of drawings
Fig. 1 is the compression method schematic diagram.
Fig. 2 produces the authentication code schematic diagram.
Fig. 3 is that message only changes a bit, the variation of authentication code.
Fig. 4 is that key only changes a bit, the variation of authentication code.
Fig. 5 is that initial value only changes a bit, the variation of authentication code.
Embodiment
Below in conjunction with accompanying drawing and example, the present invention is described in further detail, the concrete building method of integrated authentication comprises following five steps:
B1) sender of the message produces initial chaining value and secret authenticate key;
B2) sender of the message in authenticate key, initial chaining value and the following ashing technique of message input, generates authentication code, and concrete step is:
B2.1) carry out the message shaping, message is divided into groups after filling cover;
B2.2) carry out cipher key spreading, the authenticate key K of 256 bits is extended to the sub-key of 1024 bits;
B2.3) carry out parameter and generate, the blocking message of input 1024 bits and expansion sub-key, two groups of parameters of generation one dimension coupling mapped system;
B2.4) carry out message compression, 1024 bit message compressions of input, output 256 bits;
B2.5) process successively all message groupings, and the output valve of last grouping is carried out conversion, the output message authentication code;
B3) sender of the message sends to message recipient to initial chaining value, secret authenticate key, message and message authentication code;
B4) message recipient is inputted authenticate key, initial chaining value and message in ashing technique, each step in repeating step B2, generating message authentication code;
B5) message recipient carries out the message integrity authentication according to step the B4 authentication code that generates and the authentication code that receives, if both are consistent, proves that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete.
At step B1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) cascade forms H
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) be all to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, represents with 8 integer cascades, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
At step B2) in the production process of message authentication code, step B2.1) the message shaping refers to message is replenished the position by filling, and add the original text length information of 128 bit lengths, making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and after shaping, the original text message-length is the 1024t bit, and t is integer; Message is grouped into M
1, M
2..., M
t
Described process by original text message generation shaping message further comprises:
Origination message to input is filled cover, so that the message-length after its cover is being 896 to the remainder after 1024 deliverys, cover is first to mend one 1 to mend 0 again, 896 until length satisfies to 1024 delivery remainders, cover is mended one at least, mending at most 1024 bits, is 896 even length satisfies to 1024 delivery remainders, and cover also must carry out; Then mend length, the data of mending 128 bit lengths represent the length of origination message, mend to the message back of having carried out the cover operation; Last whole message is divided into the message packet data block M of 1024 bits one by one in order
1, M2 ..., M
t, represent final grouping number after the message shaping with t; Every group of message M
iAvailable 32 integer representations, M
i=m (1), m (2) ..., m (32) }, each m (j) belongs to [0,2
32) integer on the interval.
At step B2) in the production process of message authentication code, step B2.2) cipher key spreading is the key K of 256 bits to be extended to the sub-key of 1024 bits, sub-key represents with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...,8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32; It is the sub-key of 1024 bits that total has been exported overall length, ka (j), and j=1,2 ..., 32.
At step B2) in the production process of message authentication code, step B2.3) parameter generates is blocking message Mi and expansion sub-key ka (j) by input, produces two groups of parameters of one dimension coupling mapped system, and concrete grammar is as follows:
First group of parameter can be i message grouping M by linear transformation
iBe converted into 32 double precision real numbers b
i,j, namely
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8;
Second group of parameter, the sub-key ka (j) that expansion obtains and the message grouping M that inputs
iAfter mixing, be converted into other one group of 32 double precision real numbers a
i,j, namely
At step B2) in the production process of message authentication code, step B2.4) compression process is 1024 bit message compressions input, output 256 bits, described method realizes (as shown in Figure 1) by one dimension iteration coupling mapped system and nonlinear transformation:
B2.4.1) dynamics of one dimension coupling mapped system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1(a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1))(3)
+f
2(a
4,j+4,c
j=4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1(b
1,j,x
n+1(j))+f
1(b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1))(4)
+f
2(b
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is the discrete time iterative steps, and j is the lattice point coordinate, and lattice point length is 8, to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is Logistic Map, and when a>3.57, Logistic Map is chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
i,jAnd b
i,jBy step B2.3) obtain; At parameter a
i,jAnd b
i,jIn the scope of getting, one dimension coupling mapped system is a chaos system; Carry out successively formula (3) and (4) and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (3) and (4) iterative operation, when iterations equals 4 and 8 times, and namely when r=4 and r=8, output variable x
2r(j) carry out B2.4.2) nonlinear transformation;
Described one dimension iteration coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (3) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be at step B1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (3) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
i-1(j) be to (i-1) individual message grouping M
i-1Compression process is calculated the intermediate variable H of output
i-1, i.e. H
i-1={ h
i-1(1), h
i-1(2) ..., h
i-1(8) }, each h
i-1(j) be all to belong to [0,2
32) integer on the interval;
B2.4.2) nonlinear transformation is above-mentioned steps B2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, namely during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into again at last double precision real numbers;
For the 8th iteration, namely during r=8, according to following formula, it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer h of 32 bit long
i(j).
At step B2) in the production process of message authentication code, step B2.5) process successively all message groupings, as shown in Figure 2, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps B2.3), B2.4), to the last message grouping M
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
i(8) }, each h
t(j), j=1,2 ..., 8, be all to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32After adding, and to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
Below in conjunction with a concrete message, further illustrate technical scheme of the present invention, comprise intermediate operations process and partial results.
(1). the sender of the message determines initial chaining value and authenticate key
The sender of the message determines initial chaining value H
0={ h
0(1), h
0(2) ..., h
0(8) } and authenticate key k (1) respectively as follows to k (8):
h
0(1) to h
0(8) (hexadecimal representation) is 51ff5c9044df76317b9d08cf0661f395c0d47e7ad70a5159ab4ca9e5 5a354b;
K (1) is 11111111 to k (8) (hexadecimal representation).
(2). set up shaping message
Take these three letters of original text abc as example, ASCII character value corresponding to hexadecimal representation is 61,62,63, obtaining shaping message is a grouping, be that m (1) is respectively 6061628000000000000000000000000000000018 (hexadecimal representations) to m (32), wherein four of the end numerals 00018 have represented the length of message, i.e. 24 bit long.
(3). carry out expanded keys
Given key 11111111, the sub-key ka (1) that is expanded is 14a1645b19ba6c2d99260a39830ea697e2fcf1d3817789d1c1681f28 5feOa91c9d2dd5bc feb86830e31551d93d710ec3a5fdc73c a220ffbf68e564cb6e38ed8c133abcfc3378c729576127e856bc9cd8 27894f4454aad7f4cbf12f eOfed5ee d41a7ab4cd241afc7f47bebO fOf383eO95ea8b57c20ba1dO cc1553aa f435eae1 to ka (32).
(4). calculating parameter
Double precision parameter b by message and the generation of expansion sub-key
i,jAnd a
i,jSee Table respectively 1 and table 2.
(5). compression process is calculated
Compression process calculates output variable H
1, h
1(1) to h
1(8) be respectively 54af1fa67fce8103ca9c2df79069e931d4cOdc60d0e381a4eba7eebf fb99486c.
(6). the output message authentication code
h
1(i) and key k (i) mould 2
32Add operation obtains the hashed value 54af1fa77fce8104ca9c2df89069e932d4cOdc61d0e381a5eba7eecO fb99486d of 256 bits.
Only change information " abc " and arrive " abd ", key K and initial value H
0Constant, the authentication code that obtains 256 bits is c17052fe48ad9c9160e28ad31733980454ab43da fc58ba20e99134cdfaa7e02.For the variation of authentication code is described better, authentication code before and after changing is pressed the bit xor operation, obtain 95df4d5937631d95aa7ea72b875a7136806b9fbb2cbb3b85236daOd f433366f, the above results is represented (each 32 bit is arranged from low to high by bit) with Bit String
10011010101100101111101110101001
10101001101110001100011011101100
11010100111001010111111001010101
01101100100011100101101011100001
11011101111110011101011000000001
10100001110111001101110100110100
10110000010110110110110001000000
11110110011011001100110000101111
Fig. 3 has shown 256 bit values after the XOR, and approximately variation has occured 50% bit, shows that authentication code has good randomness.
Only change the k (1) in key K, other key values are constant, and k (1) changes to " 0 " by " 1 ", information " abc " and initial value H
0Constant, obtain the authentication code eaafdbc875e6ef597d1e3eda99ba7fcO5de9720e79333fa93e4e4d85 b7b9534b of 256 bits, and Fig. 3 is similar, Fig. 4 has shown that authentication code has good randomness.
Only change initial value H
0In h
0(1), other initial values are constant, h
0(1) change to " 51ff5d " by " 51ff5c ", information " abc " and key K are constant, obtain the authentication code ec1b8616a3f7f9e24ad40e7055e31abd a6df20fb cd98582d1ad38158367c45e2 of 256 bits, similar with Fig. 3, Fig. 5 has shown that authentication code has good randomness.
The inventive method provides a kind of method of message integrity authentication, can be used for software programming and realizes that treatment effeciency is faster arranged.
The above is preferred embodiment of the present invention, but the present invention should not be confined to this embodiment.So every do not break away from complete under spirit disclosed in this invention the equivalence or the change, all fall into the scope of protection of the invention.
The parameter b that table 1 double-precision floating point represents
i,j
| |
1 | 2 | 3 | 4 |
| 1 | 2.752971947193146 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 2 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 3 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 4 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 5 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 6 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 7 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 |
| 8 | 2.000000000000000 | 2.000000000000000 | 2.000000000000000 | 2.000000011175871 |
The parameter a that table 2 double-precision floating point represents
i,j
| a i,j | 1 | 2 | 3 | 4 |
| 1 | 3.162140515167266 | 3.227961270138621 | 2.150230048224330 | 3.657058084383607 |
| 2 | 2.201001665089279 | 3.990002654492855 | 2.402123351115733 | 3.602664349600673 |
| 3 | 3.196473386604339 | 3.774088126141578 | 2.682652462273836 | 2.994376979768276 |
| 4 | 3.023884605150670 | 2.480012746062130 | 2.677631001919508 | 3.882431492209435 |
| 5 | 3.773344257380813 | 3.296807197853923 | 2.019304865971208 | 3.171220223885030 |
| 6 | 3.011460520792753 | 3.266632049810141 | 2.033833842258900 | 3.515979982912540 |
| 7 | 3.510990042239428 | 2.819500540848821 | 3.912473819684237 | 3.594400842674077 |
| 8 | 2.749043596908450 | 2.861112302169204 | 3.757776967249811 | 3.845395431388170 |
Claims (5)
1. the completeness certification method of a message, its process feature is following treatment step:
A1) sender of the message produces initial chaining value and secret authenticate key;
A2) sender of the message in authenticate key, initial chaining value and the following ashing technique of message input, generates authentication code, and concrete step is:
A2.1) carry out the message shaping, message is divided into groups after filling cover;
A2.2) carry out cipher key spreading, the key K of 256 bits is extended to the sub-key of 1024 bits;
A2.3) carry out parameter and generate, input message and expansion sub-key, two groups of parameters of generation one dimension coupling mapped system;
A2.4) carry out message compression, 1024 bit message compressions of input, output 256 bits;
A2.5) process successively all message groupings, and the output valve of last grouping is carried out conversion, the output message authentication code;
A3) sender of the message issues message recipient to initial chaining value, secret authenticate key, message and message authentication code;
A4) message recipient is inputted authenticate key, initial chaining value and message in ashing technique, each step in repeating step A2, generating message authentication code;
A5) message recipient carries out the message integrity authentication according to steps A 4 authentication code that generates and the authentication code that receives, if both are consistent, proves that the message that receives is complete; If both are inconsistent, prove that the message that receives is incomplete;
Wherein steps A 2.3) parameter generates is blocking message M by input
iWith expansion sub-key ka (j), produce two groups of parameters of one dimension coupling mapped system, concrete grammar is as follows:
First group of parameter can be i message grouping M by linear transformation
iM (1), m (2) ..., m (32) } be converted into 32 double precision real numbers b
i,j, namely
b
i,j=2.0+m((i-1)*8+j)/2
31,i=1,2,3,4,j=1,2,...,8
Wherein each m (k) ∈ [0,2
32), k=1,2 ..., 32;
Second group of parameter, sub-key ka (j) ∈ [0,2 that expansion obtains
32) with the message grouping M of input
iAfter mixing, be converted into other one group of 32 double precision real numbers a
i,j, namely
Wherein steps A 2.4) compression process is 1024 bit message compressions input, output 256 bits, described method is realized by one dimension iteration coupling mapped system and nonlinear transformation:
A2.4.1) dynamics of one dimension iteration coupling mapped system is expressed as:
x
n+1(j)=f
1(a
1,j,x
n(j))+f
1a
2,j+1,x
n(j+1))+f
1(a
3,j-1,x
n(j-1))(1)
+f
2(a
4,j+4,c
j=4,x
n(j+4))mod1,j=1,2,...,8
x
n+2(j)=f
1b
1,j,x
n+1(j))+f
1b
2,j+1,x
n+1(j+1))+f
1(b
3,j-1,x
n+1(j-1))(2)
+f
2(b
4,j+4,c
j+4,x
n+1(j+4))mod1,j=1,2,...,8
Wherein n is the discrete time iterative steps, and j is the lattice point coordinate, and lattice point length is 8, x
n+1(j) state value of j grid n+1 time in step of expression, x
n(j) state value of j grid n time in step of expression, x
n+2(j) state value of j grid n+2 time in step of expression is to all parameter life cycle boundary conditions; f
1(a, x)=ax (1-x) is Logistic Map, and when a>3.57, Logistic Map is chaos; f
2(a, c, x)=ax+c; c
1=0.1, c
4=0.2, other c
j=0; Parameter a
I, jAnd b
I, j, i=1,2,3,4, j=1,2 .., 8, by steps A 2.3) obtain; At parameter a
i,jAnd b
I, jIn the scope of getting, one dimension coupling mapped system is a chaos system; Carry out successively formula (1) and (2) and obtain output variable x for r time
2r(j), j=1,2 ..., 8; When iterations is not equal to 4 and 8 times, i.e. r ≠ 4 and r ≠ 8 o'clock, output variable x
2r(j) directly feedback is carried out (1) and (2) iterative operation, when iterations equals 4 and 8 times, and namely when r=4 and r=8, output variable x
2r(j) carry out A2.4.2) nonlinear transformation;
Described one dimension iteration coupling mapped system further comprises following two kinds of situations:
For first message grouping M
1, the initial value of formula (1) is defined as:
x
0(j)=h
0(j)/2
32,j=1,2,...,8
H wherein
0(j) be in steps A 1) in the initial link variable H that selectes of sender of the message
0, i.e. H
0={ h
0(1), h
0(2) ..., h
0(8) };
For i (i>1) message grouping M
i, the initial value of formula (1) is defined as:
x
0(j)=h
i-1(j)/2
32,j=1,2,...,8,i=1,2,...,t
H wherein
i-1(j) be to (i-1) individual message grouping M
i-1Compression process is calculated the intermediate variable H of output
i-1, i.e. H
i-1={ h
i-1(1), h
i-1(2) ..., h
i-1(8) }, each h
i-1(j) be all to belong to [0,2
32) integer on the interval;
A2.4.2) nonlinear transformation is above-mentioned steps A2.4.1) in analog signal x
2r(j) carry out nonlinear transformation twice, the process of described nonlinear transformation further comprises:
For the 4th iteration, namely during r=4, according to following formula to output variable x
2r(j) carry out nonlinear operation:
x
2r(j)=(x
2r(j)×2
50mod2
32)/2
32,j=1,2,...,8
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer (analog-to-digital conversion) of 32 bit long, be converted into again at last double precision real numbers;
For the 8th iteration, namely during r=8, according to following formula, it is carried out nonlinear operation, and obtain intermediate variable H
i={ h
i(1), h
i(2) ..., h
i(8) }:
h
i(j)=x
2r(j)×2
50mod2
32,j=1,2,...,8,i=1,2,...,t
Described following formula is at first double precision real numbers x
2r(j) amplify 2
50Doubly, then delivery 2
32, obtain the integer h of 32 bit long
i(j).
2. a kind of completeness certification method according to claim 1, is characterized in that described steps A 1) in, the sender of the message produces initial chaining value H
0, H
0By 8 initializaing variable h
0(j) cascade forms H
0={ h
0(1), h
0(2) ..., h
0(8) }, each h
0(j) be all to belong to [0,2
32) integer on the interval; The sender of the message produces 256 secret bit authenticate keys, represents with 8 integer cascades, and K={k (1), k (2) ..., k (8) }, each k (j) belongs to [0,2
32) integer on the interval.
3. a kind of completeness certification method according to claim 1, steps A 2.1) the message shaping refers to message is replenished the position by filling, and adds the original text length information of 128 bit lengths, and making message-length is the integral multiple of block length; Every group of message is fixed as 1024 bits, and after shaping, the original text message-length is the 1024t bit, and t is integer.
4. a kind of completeness certification method according to claim 1, steps A 2.2) cipher key spreading is the key K of 256 bits to be extended to the sub-key of 1024 bits, sub-key represents with 32 integers, ka (1), ka (2) ..., ka (32), each ka (j) belongs to [0,2
32) integer on the interval;
The concrete implementation step of described cipher key spreading is:
Step 1: input key value K, obtain 8 integer k k (j), i.e. kk (j)=k (j), j=1,2 ..., 8;
Step 2: 8 integer k k (j) are extended to 16 integer k k (j), and extended mode is as follows:
Step 3: 16 integer k k (j) recompression that expansion is obtained is new 8 integer k k (j), and compress mode is as follows:
kk(j)=kk(j+8)+kk(9-j),j=1,2,...,8
Repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=1,2 ..., 8; Repeated execution of steps 2 and step 3 are three times again, export 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=9,10 ..., 16; Continue repeated execution of steps 2 and step 3 three times, export 8 integer k k (j), j=1,2 ..., 8, as sub-key ka (j), j=17,18 ..., 24; Last repeated execution of steps 2 and step 3 three times are exported 8 integer k k (j), j=1, and 2 ..., 8, as sub-key ka (j), j=25,26 ..., 32; It is the sub-key of 1024 bits that total has been exported overall length, ka (j), and j=1,2 ..., 32.
5. a kind of completeness certification method according to claim 1, steps A 2.5) process successively all message groupings, to all grouping M
1, M
2..., M
tPress order of packets repeated execution of steps A2.3), A2.4), to the last message grouping M
tProcessing finishes, and obtains output valve H
t={ h
t(1), h
t(2) ..., h
t(8) }, each h
t(j), j=1,2 ..., 8, be all to belong to [0,2
32) integer on the interval; And to 256 bit output valve H
tCarry out mould 2 with the key K of 256 bits
32Add:
h(j)=k(j)+h
t(j)
Output message authentication code h (1) h (2) in order ... h (8).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010576336 CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010227914.3 | 2010-07-16 | ||
| CN2010102279143A CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
| CN 201010576336 CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102082668A CN102082668A (en) | 2011-06-01 |
| CN102082668B true CN102082668B (en) | 2013-06-19 |
Family
ID=43227555
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102279143A Pending CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
| CN 201010576336 Expired - Fee Related CN102082668B (en) | 2010-07-16 | 2010-12-07 | Message integrity authentication method based on coupling chaotic mapping |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102279143A Pending CN101902332A (en) | 2010-07-16 | 2010-07-16 | Hashing method with secrete key based on coupled chaotic mapping system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN101902332A (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8892908B2 (en) * | 2010-12-23 | 2014-11-18 | Morega Systems Inc. | Cryptography module for use with fragmented key and methods for use therewith |
| CN102904715B (en) * | 2012-09-27 | 2015-08-26 | 北京邮电大学 | Based on the parallel Pseudo-random bit generator of coupled chaotic mapping system |
| CN103441968A (en) * | 2013-09-03 | 2013-12-11 | 上海交通大学 | Improved Jakes channel estimation method based on chaos random phase |
| CN105391544A (en) * | 2015-11-19 | 2016-03-09 | 北京石油化工学院 | Hash function construction method applicable to RFID authentication system |
| DE102016219926A1 (en) | 2016-10-13 | 2018-04-19 | Siemens Aktiengesellschaft | Method, sender and receiver for authentication and integrity protection of message content |
| CN109412791B (en) * | 2018-11-29 | 2019-11-22 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
| CN111143247B (en) * | 2019-12-31 | 2023-06-30 | 海光信息技术股份有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1467512A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing chaotic maps and digital signature process |
| WO2003104969A3 (en) * | 2002-06-06 | 2005-03-24 | Cryptico As | Computations in a mathematical system |
| CN101741560A (en) * | 2008-11-14 | 2010-06-16 | 北京石油化工学院 | Integral nonlinear mapping-based hash function constructing method |
-
2010
- 2010-07-16 CN CN2010102279143A patent/CN101902332A/en active Pending
- 2010-12-07 CN CN 201010576336 patent/CN102082668B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003104969A3 (en) * | 2002-06-06 | 2005-03-24 | Cryptico As | Computations in a mathematical system |
| EP1467512A1 (en) * | 2003-04-07 | 2004-10-13 | STMicroelectronics S.r.l. | Encryption process employing chaotic maps and digital signature process |
| CN101741560A (en) * | 2008-11-14 | 2010-06-16 | 北京石油化工学院 | Integral nonlinear mapping-based hash function constructing method |
Non-Patent Citations (2)
| Title |
|---|
| Di Xiao , Xiaofeng Liao , Yong Wang.Improving the security of a parallel keyed hash function based on chaotic maps.《Physics Letters A》.2009,第373卷(第47期), |
| Di Xiao, Xiaofeng Liao, Yong Wang.Improving the security of a parallel keyed hash function based on chaotic maps.《Physics Letters A》.2009,第373卷(第47期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101902332A (en) | 2010-12-01 |
| CN102082668A (en) | 2011-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102082668B (en) | Message integrity authentication method based on coupling chaotic mapping | |
| CA2792571C (en) | Hashing prefix-free values in a signature scheme | |
| CN101076968B (en) | Cryptographic primitives, error coding, and pseudo-random number improvement methods using quasigroups | |
| US9049022B2 (en) | Hashing prefix-free values in a certificate scheme | |
| KR100930577B1 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
| US20160006568A1 (en) | Tag generation device, tag generation method, and tag generation program | |
| CN104270247A (en) | Efficient generic Hash function authentication scheme suitable for quantum cryptography system | |
| Tiwari et al. | A secure and efficient cryptographic hash function based on NewFORK-256 | |
| CN102594566A (en) | Chaos message authentication code realization method for wireless sensor network | |
| CN103973439A (en) | Multivariable public key encryption method | |
| Wang et al. | An attack on hash function HAVAL-128 | |
| CN103490876A (en) | Data encryption method for constructing Hash function based on hyper-chaotic Lorenz system | |
| Souror et al. | Security analysis for SCKHA algorithm: stream cipher algorithm based on key hashing technique | |
| CN101262334A (en) | Encryption method for Bluetooth data transmission | |
| Elkamchouchi et al. | A new Secure Hash Dynamic Structure Algorithm (SHDSA) for public key digital signature schemes | |
| Noura et al. | Efficient and secure keyed hash function scheme based on RC4 stream cipher | |
| Rogobete et al. | Hashing and Message Authentication Code Implementation. An Embedded Approach. | |
| Abad et al. | Enhanced key generation algorithm of hashing message authentication code | |
| Nouri et al. | The parallel one-way hash function based on Chebyshev-Halley methods with variable parameter | |
| CA2642399C (en) | Collision-resistant elliptic curve hash functions | |
| KR100525124B1 (en) | Method for Verifying Digitally Signed Documents | |
| Shin et al. | A new hash function based on MDx-family and its application to MAC | |
| US11502818B2 (en) | System to secure encoding and mapping on elliptic curve cryptography (ECC) | |
| CN111756539B (en) | Identification encryption and decryption method capable of being repeated and random | |
| Li et al. | Hash function construction based on the chaotic look-up table with changeable parameter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20151207 |
|
| EXPY | Termination of patent right or utility model |