CN104065474B - Novel low-resource efficient lightweight Surge block cipher implementation method - Google Patents

Abstract

The invention discloses a novel low-resource efficient lightweight Surge block cipher implementation method. The method comprises the steps that the Surge block length is designed to be of a 64-bit type, and the secrete key length is designed to be of the 64-bit type, the 80-bit type and the 128-bit type on the basis of the SPN structure; a secrete key is in a non-extensible mode; five modules of a round function are combined in a new mode, the encryption sequence is constant addition, round key addition, S-box replacement, row shifting and column mixing transformation, and column mixing transformation does not exist in the last round; a constant addition transformation module operates a round constant in each round; according to the round constant selection combination, 0, 1, 2 and 3 are selected as the high bits, the combination of one odd number, one even number, one even number and one add number from 0 to 15 is selected as the low bits, and the obtained combinatorial numbers are randomly fixed into a permutation; a column mixing transformation module utilizes the (0,1,2 and 4) combination which facilitates hardware implementation for forming a matrix, and hardware is constructed on a galois field GF (24) to obtain the friendly matrix. The experimental result shows that the occupied area resources are smaller, meanwhile, the encryption performance is good and the known attacks can be resisted compared with existing lightweight ciphers of the SPN structure.

Description

A kind of lightweight Surge block cipher implementation method

Technical field

The present invention relates to a kind of lightweight Surge block cipher implementation method.

Background technology

Block cipher uses same key to carry out encryption and decryption, the speed of service is fast and be easy to realize, easy realization is synchronous, the error of transmission of a cipher code set can not have influence on other grouping, lose a ciphertext group to have an impact to the deciphering organized subsequently, namely error of transmission can not be spread, and is therefore widely used in various software and hardware safety system.Along with the development of technology of Internet of things is with universal, because the computing capability of equipment many in Internet of Things is lower, memory space is little, resource-constrained, such as smart card, RFID label tag, sensor node, pay-TV card, intelligent electric meter card etc.; Block encryption algorithm traditional in such devices can not well be applied.

Current block cipher mainly contains two kinds of structures: be respectively with DES be representative Feistel structure and take AES as the SPN structure of representative.DES is early stage block encryption standard, and Feistel structure is widely known by the people due to the announcement of DES, adopt by many block ciphers.The great advantage of Feistel structure easily ensures that encryption and decryption is similar, and this point is even more important in the implementation.Along with the fast development of computing capability, DES is no longer safe.Thus, in September, 1997, disclosed in American National Standard and technical research, advanced encryption algorithm (AES) is collected with alternative DES.In October, 2000, the Rijndael algorithm of Belgium cryptologist Daemen and Rijmen design was finally won.It has employed the gem-pure replacement of structure-displacement SPN structure, and each is taken turns by obscuring layer and diffusion layer forms.The great advantage of SPN structure is the boundary that can provide minimum Differential Characteristics probability and Best linear approximation advantage theoretically, and namely codon pair difference analysis and linear analysis are provable securities.The diffusivity of SPN structure is good.

More existing lightweight block ciphers at present, Typical Representative is as PRESENT, LED, KLEIN, LBlock, PRINCE etc.Current lightweight block cipher Problems existing comprises aspect: one be in order to ensure fail safe and resource occupation still excessive, encryption performance is lower, be not easy to realize on the smart card, sensor equipment of resource constraint; Two is to reduce resource occupation and sacrificing security and encryption efficiency, and the lightweight encryption algorithm therefore designed is too simple, easily by successful attack.

Summary of the invention

The invention provides a kind of lightweight Surge block cipher implementation method, its object is to, overcome that lightweight block cipher resource occupation of the prior art is many, efficiency is low and encryption performance is low and pregnable problem.

A kind of lightweight Surge block cipher implementation method, comprises the following steps:

Step 1: 64-bit plain/cipher text is loaded on register, carries out enciphering/deciphering computing;

Step 2: by described to be added/data decryption carries out N according to the following steps _rwheel wheel arithmetic operation, when wherein key length is 64-bit, N _rvalue is 32; When key length is 80-bit, N _rvalue is 36; When key length is 128-bit, N _rvalue is 40;

If input be-encrypted data be encrypted arithmetic operation, then in the first round to N _rcarry out constant to be-encrypted data successively in every rounds of computing in-1 wheel computing and add conversion, InvAddRoundKey conversion, S box replacement conversion, shiftrows and mixcolumns, the data obtained after mixcolumns are as the be-encrypted data of next round;

Last rounds of calculating process is carry out constant successively to the last round of be-encrypted data obtained to add conversion, InvAddRoundKey conversion, S box replacement conversion and shiftrows, completes cryptographic operation;

If input decrypt data to be decrypted operation, then treat data decryption in first round wheel computing to go displacement inverse transformation, S box successively and replace inverse transformation, InvAddRoundKey conversion and constant and add inverse transformation, using the data obtained after constant adds inverse transformation as the data to be decrypted of next round;

Take turns to N second _rwheel wheel computing in every rounds of computing in treat successively data decryption carry out row mixing inverse transformation, row displacement inverse transformation, S box replacement inverse transformation, InvAddRoundKey convert and constant add inverse transformation, using the data obtained after constant adds inverse transformation as the data to be decrypted of next round, complete decryption oprerations;

Described mixcolumns and row mix inverse transformation, shiftrows and row displacement inverse transformation, S box replace conversion and the replacement inverse transformation of S box and constant adds conversion and constant adds inverse transformation inverse operation all each other.

Described ciphering process is specific as follows:

Step 2.1: data to be encrypted are carried out constant and adds conversion;

Step 2.2: the operation result obtain step 2.1 and wheel for inputting key carry out InvAddRoundKey conversion;

Step 2.3: S box replacement conversion is carried out to the operation result that step 2.2 obtains;

Step 2.4: shiftrows is carried out to the operation result that step 2.3 obtains;

Step 2.5: mixcolumns is carried out to the operation result that step 2.4 obtains;

Step 2.6: the operation result that step 2.5 is obtained as the be-encrypted data of next round, if arrive N _r-1 takes turns computing, then enter step 3, otherwise returns step 2.1;

Step 3: carry out last and take turns cryptographic calculation;

Data to be encrypted are carried out constant and are added conversion by step 3.1;

The operation result that step 3.2 pair step 3.1 obtains and wheel for inputting key carry out InvAddRoundKey conversion;

The operation result that step 3.3 pair step 3.2 obtains carries out shiftrows;

Step 3.4 pair step 3.3 obtains result and exports, and completes cryptographic operation.

By described to be encrypted/deciphering 64-bit data from a high position to low level, be divided into 16 unit successively, each element length is 4-bit, is respectively state ₀, state ₁..., state ₁₅;

By state ₀, state ₈respectively with i-th (1≤i≤N _r) a wheel constant byte high position of taking turns carries out XOR and obtain state ₀', state ₈', by state ₄, state ₁₂the wheel constant byte low level of taking turns with i-th respectively carries out XOR and obtains state ₄', state ₁₂', the result of then each unit being carried out XOR replaces each former cell data, obtains operation result;

Wherein, taking turns constant RC specifically describes as follows:

Each is taken turns constant and immobilizes, and the every number of wheel constant RC is a byte, and represents with hexadecimal number.

1) when key length is 64-bit, wheel constant RC value has 32 numbers, and the arrangement of 32 wheel constants is as follows:

RC[32]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b}。

2) when key length is 80-bit, wheel constant RC value comprises 32 numbers when key length is 64-bit, and also comprise this 4 number of 0x 36,0x 30,0x 34,0x 32, totally 36 numbers, the arrangement of 36 wheel constants is as follows:

RC[36]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b，0x 36，0x 30，0x 34，0x 32}。

3) when key length is 128-bit, wheel constant RC value comprises 36 numbers when key length is 80-bit, and also comprise 0x 38,0x 3c, this 4 number of 0x 3e, 0x 3a, totally 40 numbers, the arrangement of 40 wheel constants is as follows:

RC[40]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b，0x 36，0x 30，0x 34，0x 32，0x 38，0x 3c，0x 3e，0x 3a}。

Described InvAddRoundKey conversion, refers to that employing is a kind of and obtains each round key of taking turns, by the following method constitution realization without cipher key spreading mode;

When key is 64-bit, primary key is divided into 16 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₁₅;

When key is 80-bit, primary key is divided into 20 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₁₉;

When key is 128-bit, primary key is divided into 32 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₃₁;

InvAddRoundKey conversion implementation method: by 64-bit expressly or each takes turns median and each is taken turns round key 64-bit and carries out XOR; Wherein, described each take turns round key formation rule and be:

1), when key length is for 64-bit, each round key of taking turns is exactly 64-bit primary key, round key Key _i(1≤i≤N _r) as shown in formula (1):

${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(1\right)$

2) key is long is 80-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key; When i is the computing of even number next round, round key is 64-bit after primary key, round key Key _i(1≤i≤N _r) as shown in formula (2) Yu (3):

When i is the computing of odd number next round, round key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(2\right)$

When i is the computing of even number next round, round key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_4\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& \mathrm{ke}{y}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\\ {\mathrm{key}}_{16}& {\mathrm{key}}_{17}& {\mathrm{key}}_{18}& {\mathrm{key}}_{19}\end{array}\right]---\left(3\right)$

3) key is long is 128-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key, and when i is the computing of even number next round, round key is 64-bit after primary key, round key Key _i(1≤i≤N _r) as shown in formula (4) Yu (5):

When i is the computing of odd number next round, round key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(4\right)$

When i is the computing of even number next round, round key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_{16}& {\mathrm{key}}_{17}& {\mathrm{key}}_{18}& {\mathrm{key}}_{19}\\ {\mathrm{key}}_{20}& {\mathrm{key}}_{21}& {\mathrm{key}}_{22}& {\mathrm{key}}_{23}\\ {\mathrm{key}}_{24}& {\mathrm{key}}_{25}& {\mathrm{key}}_{26}& {\mathrm{key}}_{27}\\ {\mathrm{key}}_{28}& {\mathrm{key}}_{29}& {\mathrm{key}}_{30}& {\mathrm{key}}_{31}\end{array}\right]---\left(5\right)$

The operation of described mixcolumns is by structure hardware implementing friendly mixcolumns matrix M, and by after needing the data transformation carrying out mixcolumns to be 4 × 4 matrixes, then by friendly mixcolumns matrix M and 4 × 4 matrixes at finite field gf (2 ⁴) on carry out multiplication transformations;

Wherein, friendly mixcolumns matrix M utilizes and is easy to hard-wired (0,1,2,4) combinatorial matrix m, through finite field gf (2 ⁴) upper 4 power computings construct, constructive formula is as formula (6):

${\left(m\right)}^4={\left(\begin{array}{cccc}4& 1& 2& 2\\ 1& 0& 0& 0\\ 0& 1& 0& 0\\ 0& 0& 1& 0\end{array}\right)}^4=\left(\begin{array}{cccc}5& 2& b& f\\ e& 8& c& 4\\ 2& 6& a& 8\\ 4& 1& 2& 2\end{array}\right)=M---\left(6\right)$

Data in above formula are 16 binary data.

Beneficial effect

The invention provides a kind of lightweight Surge block cipher implementation method.The method adopts SPN structure, and in order to adapt to different applied environments, Surge password employs 64,80 and 128-bit tri-kinds of key lengths, and user can select suitable key length under different resources.Key adopts without extended mode, and which is attacked in opposing and compared favourably with LED, PRINCE, there is not weak key, and saves a large amount of algorithm realization resource and improve algorithm performance; Algorithm round function is divided into 5 modules, round function 5 modules adopt new combination, its encryption order is followed successively by constant and adds conversion, InvAddRoundKey conversion, S box replacement conversion, shiftrows, mixcolumns, and encrypt last and take turns and there is no mixcolumns, make algorithm structure clear, obscure, diffusion property is good.Constant adds conversion module and often takes turns computing one wheel constant; Wheel selection of constant, combination principle, a high position is 0,1,2,3, and low level is odd, even between choosing 0 to 15 successively, the combination of idol, odd number, and the number of combinations obtained fixes an arrangement at random, constructs efficiently and highly obscure wheel constant to add conversion.Mixcolumns module utilizes and is easy to hard-wired (0,1,2,4) combinatorial matrix, thus can at finite field gf (2 ⁴) upper structure hardware implementing friendly matrix.Algorithm can be realized better on hardware.

In sum, the new lightweight Surge block cipher implementation method of novel low-resource of the present invention, high-performance and high security, in safety experiment proves, embodies good encryption performance, be highly resistant to difference with linearly attack, Algebraic Attacks; Take resource area greatly to reduce, efficiency is greatly improved.

Accompanying drawing explanation

Fig. 1 is the ciphering process schematic diagram of the method for the invention;

Fig. 2 is decrypting process schematic diagram corresponding to encryption method of the present invention;

Fig. 3 is that constant adds transform operation figure;

Fig. 4 is shiftrows operation relation figure;

Fig. 5 is row displacement transform operation graph of a relation.

Embodiment

Below in conjunction with drawings and Examples, the present invention is described further.

The implementation method of Surge block cipher adopts SPN structure, and block length is 64-bit, and key length is designed to 64-bit, 80-bit and 128-bit tri-kinds, is designated as Surge-64, Surge-80 and Surge-128 respectively.Surge-64, Surge-80 and Surge-128 iteration wheel number N _rbe respectively and 32 take turns, 36 take turns and take turns with 40.Surge cryptographic calculation flow process as shown in Figure 1, comprise constant in encryption round computing and add conversion (AddConstants), InvAddRoundKey conversion (AddRoundKey), conversion (SubCells) replaced by S box, shiftrows (ShiftRows), mixcolumns (MixColumns) five modules.Decrypt operation flow process is as Fig. 2, the computing of algorithm decryption round comprises row mixing inverse transformation (InvMixColumns), row displacement inverse transformation (InvShiftRows), inverse transformation (InvSubCells) replaced by S box, InvAddRoundKey conversion (AddRoundKey), constant adds inverse transformation (InvAddConstants) five modules.

Surge encryption is described below algorithm 1.

Algorithm 1:Surge encrypts

Input: Plaintext, KEY;

Export: Ciphertxet;

1.State←Plaintext；

2.for i＝1to N _R-1do

3.AddConstants(State)；

4.AddRoundKey(State,Key _i)；

5.SubCells(State)；

6.ShiftRows(State)；

7.MixColumns(State)；

8.end for

9.AddConstants(State)；

10.AddRoundKey(State,Key _i)；

11.SubCells(State)；

12.ShiftRows(State)；

13.Ciphertext←State；

Wherein: KEY is primary key, Key _ifor round key; When KEY is input as 64-bit, Key _i=KEY; When KEY is input as 80-bit and 128-bit, if i is odd number wheel, Key _ifor 64bits before KEY, if i is even number wheel, Key _ifor the rear 64bits of KEY.

Constant adds conversion: wheel selection of constant principle is chosen from 0,1,2,3 for high-order, and low level is chosen between 0 to 15.Wheel constant combination principle is that Surge-64 is when a high position is 0, and low level is the odd number combination between 0 to 15; When a high position is 1, low level is the even number combination between 0 to 15; When a high position is 2, low level is the even number combination between 0 to 1; When a high position is 3, low level is the odd number combination between 0 to 15; Be 32 number of combinations altogether, 32 coupling constants fix an arrangement at random, and each is taken turns constant and immobilizes, and wheel constant arrangement array is RC [32]={ 0x 22,0x 35,0x 07,0x 20,0x 0d, 0x 39,0x 3d, 0x 1e, 0x 1a, 0x 2e, 0x 31,0x 14,0x 37,0x, 26,0x 33,0x 12,0x 2a, 0x 18,0x 0f, 0x 24,0x 05,0x 1c, 0x 16,0x 2c, 0x 3f, 0x 10,0x 03,0x 0b, 0x 09,0x 01,0x 28,0x 3b}.

Surge-80 constant combination principle is front 32 number of combinations and puts in order consistent with Surge-64, also comprise 0x36 successively below, 0x 30, 0x 34, 0x 32 4 number of combinations, totally 36 number of combinations, wheel constant arrangement array is RC [36]={ 0x 22, 0x 35, 0x 07, 0x 20, 0x 0d, 0x 39, 0x 3d, 0x 1e, 0x 1a, 0x 2e, 0x 31, 0x 14, 0x 37, 0x 26, 0x 33, 0x 12, 0x 2a, 0x 18, 0x 0f, 0x 24, 0x 05, 0x 1c, 0x 16, 0x 2c, 0x 3f, 0x 10, 0x 03, 0x 0b, 0x 09, 0x 01, 0x 28, 0x 3b, 0x 36, 0x 30, 0x 34, 0x 32}.

Surge-128 constant combination principle is front 36 number of combinations and puts in order consistent with Surge-80, also comprise 0x 38 successively below, 0x 3c, 0x 3e, 0x 3a tetra-number of combinations, totally 40 number of combinations, wheel constant arrangement array is RC [40]={ 0x 22, 0x 35, 0x 07, 0x 20, 0x 0d, 0x 39, 0x 3d, 0x 1e, 0x 1a, 0x 2e, 0x 31, 0x 14, 0x 37, 0x 26, 0x 33, 0x 12, 0x 2a, 0x 18, 0x 0f, 0x 24, 0x 05, 0x 1c, 0x 16, 0x 2c, 0x 3f, 0x 10, 0x 03, 0x 0b, 0x 09, 0x 01, 0x 28, 0x 3b, 0x 36, 0x 30, 0x 34, 0x 32, 0x 38, 0x 3c, 0x 3e, 0x 3a}.

It is state0, state8 and i-th (1≤i≤N that constant adds transform method _r) a wheel constant byte high position carries out XOR, state4, state12 and i-th take turns constant byte low level and carry out XOR; Operation relation as shown in Figure 3.

InvAddRoundKey converts: 64-bit plaintext or each are taken turns median and i-th (1≤i≤N _r) wheel round key 64-bit carries out XOR, 64-bit expressly or each take turns median State (state ₀state ₁₅), i-th take turns round key the following formula of operation relation (1), wherein, when key is 64-bit, when key is 80-bit, i be odd number then i be even number then when key is 128-bit, i be odd number then i be even number then

${\mathrm{state}}_j\→{\mathrm{state}}_j\⊕k_j^i,(0\≤j\≤15)---\left(1\right)$

Wherein key structure rule is: Surge algorithm is divided into three kinds of key lengths 64-bit, 80-bit, 128-bit; When key length is for 64-bit, each round key of taking turns is exactly 64-bit primary key, and round key combination subitem is as formula (2).Key is long is 80-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key; When i is the computing of even number next round, round key is 64-bit after primary key, and round key combination subitem is as formula (3) and (4).Key is long is 128-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key, and when i is the computing of even number next round, round key is 64-bit after primary key, and round key combination subitem is as formula (5) and (6).

64-bit key K ey _i=key ₀key ₁₅(1≤i≤N _r) combination subitem as follows:

Key is ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(2\right)$

80-bit key K ey _i=key ₀key ₁₉(1≤i≤N _r) combination subitem as follows:

When i is odd number next round computing key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(3\right)$

When i is even number next round computing key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_4\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& \mathrm{ke}{y}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\\ {\mathrm{key}}_{16}& {\mathrm{key}}_{17}& {\mathrm{key}}_{18}& {\mathrm{key}}_{19}\end{array}\right]---\left(4\right)$

128-bit key K ey _i=key ₀key ₃₁(1≤i≤N _r) combination subitem as follows:

When i is odd number next round computing key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_0& {\mathrm{key}}_1& {\mathrm{key}}_2& {\mathrm{key}}_3\\ {\mathrm{key}}_4& {\mathrm{key}}_5& {\mathrm{key}}_6& {\mathrm{key}}_7\\ {\mathrm{key}}_8& {\mathrm{key}}_9& {\mathrm{key}}_{10}& {\mathrm{key}}_{11}\\ {\mathrm{key}}_{12}& {\mathrm{key}}_{13}& {\mathrm{key}}_{14}& {\mathrm{key}}_{15}\end{array}\right]---\left(5\right)$

When i is even number next round computing key ${\mathrm{Key}}_i=\left[\begin{array}{cccc}{\mathrm{key}}_{16}& {\mathrm{key}}_{17}& {\mathrm{key}}_{18}& {\mathrm{key}}_{19}\\ {\mathrm{key}}_{20}& {\mathrm{key}}_{21}& {\mathrm{key}}_{22}& {\mathrm{key}}_{23}\\ {\mathrm{key}}_{24}& {\mathrm{key}}_{25}& {\mathrm{key}}_{26}& {\mathrm{key}}_{27}\\ {\mathrm{key}}_{28}& {\mathrm{key}}_{29}& {\mathrm{key}}_{30}& {\mathrm{key}}_{31}\end{array}\right]---\left(6\right)$

Conversion replaced by S box: the conversion of S box is the unique non-linear component of Surge algorithm, and ciphering process adopts the S box of PRESENT decrypting process.S box array S [16]={ 0x 5,0x e, 0x f, 0x 8,0x c, 0x 1,0x 2,0x d, 0x b, 0x 4,0x6,0x 3,0x 0,0x, 7,0x 9,0x a}.16 encrypted data unit state ₀, state ₁... state ₁₅; Each unity element is replaced through S box, and operation relation is as formula (7).

state _j→S(state _j) (0≤j≤15) (7)

Shiftrows: for 16 unit composition 4 × 4 matrixes, the unit amount of moving that every a line of matrix circulates different left, the zero row unit amount of moving is ring shift left 3 unit, the first row unit amount of moving is ring shift left two unit, the second row unit amount of moving is ring shift left unit, the third line unit amount of moving remains unchanged, and shiftrows operation relation as shown in Figure 4.

Mixcolumns: adopt hardware implementing friendly transform matrix M, matrix M utilizes and is easy to hard-wired (0,1,2,4) combinatorial matrix m, through finite field gf (2 ⁴) upper 4 power computings construct, constructive formula is as (8), and wherein data represent with 16 systems.

${\left(m\right)}^4={\left(\begin{array}{cccc}4& 1& 2& 2\\ 1& 0& 0& 0\\ 0& 1& 0& 0\\ 0& 0& 1& 0\end{array}\right)}^4=\left(\begin{array}{cccc}5& 2& b& f\\ e& 8& c& 4\\ 2& 6& a& 8\\ 4& 1& 2& 2\end{array}\right)=M---\left(8\right)$

Mixcolumns computing is that in mixcolumns matrix M and State, 16 unit form 4 × 4 matrixes at finite field gf (2 ⁴) on multiplication transformations, transformation for mula (9), wherein data represent with 16 systems.

$\mathrm{State}=\left(\begin{array}{cccc}5& 2& b& f\\ e& 8& c& 4\\ 2& 6& a& 8\\ 4& 1& 2& 2\end{array}\right)\×\left(\begin{array}{cccc}{\mathrm{state}}_0& {\mathrm{state}}_1& {\mathrm{state}}_2& {\mathrm{state}}_3\\ {\mathrm{state}}_4& {\mathrm{state}}_5& {\mathrm{state}}_6& {\mathrm{state}}_7\\ {\mathrm{state}}_8& {\mathrm{state}}_9& {\mathrm{state}}_{10}& {\mathrm{state}}_{11}\\ {\mathrm{state}}_{12}& {\mathrm{state}}_{13}& {\mathrm{state}}_{14}& {\mathrm{state}}_{15}\end{array}\right)---\left(9\right)$

During Surge encryption, last is taken turns and is not had mixcolumns.

Surge decipherment algorithm is described below algorithm 2.

Input: Ciphertxet, KEY;

Export: Plaintext;

1.State←Ciphertxet；

2.InvShiftRows(State)；

3.InvSubCells(State)；

4.AddRoundKey(State,Key _i)；

5.InvAddConstants(State)；

6.for i＝2to N _Rdo

7.InvMixColumns(State)；

8.InvShiftRows(State)；

9.InvSubCells(State)；

10.AddRoundKey(State,Key _i)；

11.InvAddConstants(State)；

12.end for

13.Plaintext←State；

Wherein: KEY is primary key, Key _ifor round key; When KEY is input as 64-bit, Key _i=KEY; When KEY is input as 80-bit and 128-bit, if i is odd number wheel, Key _ifor 64bits before KEY, if i is even number wheel, Key _ifor the rear 64bits of KEY.

Surge deciphering employs four kinds of inverse transformations and InvAddRoundKey in cryptographic calculation conversion and converts, and wherein InvAddRoundKey is inversely transformed into himself; Be decrypted ciphertext with the order that cryptographic calculation is contrary, the key that decrypting process uses is identical with ciphering process.

Constant adds inverse transformation: each is taken turns constant and immobilizes, and Surge-64, Surge-80 and Surge-128 decrypt operation is the inverted sequence of cryptographic calculation; The decryption round constant that Surge-64 often takes turns is RC ^-1[32]={ 0x 3b, 0x 28,0x 01,0x 09,0x 0b, 0x 03,0x 10,0x 3f, 0x 2c, 0x 16,0x 1c, 0x 05,0x 24,0x 0f, 0x 18,0x 2a, 0x 12,0x 33,0x 26,0x 37,0x 14,0x 31,0x 2e, 0x 1a, 0x 1e, 0x 3d, 0x 39,0x 0d, 0x 20,0x 07,0x 35,0x 22};

The decryption round constant that Surge-80 often takes turns is RC ^-1[36]={ 0x 32,0x 34,0x 30,0x 36,0x3b, 0x 28,0x 01,0x 09,0x 0b, 0x 03,0x 10,0x 3f, 0x 2c, 0x 16,0x 1c, 0x 05,0x 24,0x 0f, 0x 18,0x 2a, 0x 12,0x 33,0x 26,0x 37,0x 14,0x 31,0x 2e, 0x 1a, 0x 1e, 0x 3d, 0x 39,0x 0d, 0x 20,0x 07,0x 35,0x 22};

The decryption round constant that Surge-128 often takes turns is RC ^-1[40]={ 0x 3a, 0x 3e, 0x 3c, 0x 38,0x32,0x 34,0x30,0x 36,0x3b, 0x 28,0x 01,0x 09,0x 0b, 0x 03,0x 10,0x 3f, 0x 2c, 0x 16,0x 1c, 0x 05,0x 24,0x 0f, 0x 18,0x 2a, 0x 12,0x 33,0x 26,0x 37,0x 14,0x 31,0x 2e, 0x 1a, 0x 1e, 0x 3d, 0x 39,0x 0d, 0x 20,0x 07,0x 35,0x 22};

Inverse transformation replaced by S box: the deciphering of Surge algorithm adopts the S box of PRESENT algorithm for encryption process.S ^-1box array S ^-1[16]={ 0x c, 0x 5,0x 6,0x b, 0x 9,0x 0,0x a, 0x d, 0x 3,0x e, 0x f, 0x 8,0x 4,0x7,0x 1,0x 2}.16 data decryption unit are state ₀, state ₁... state ₁₅; Each unity element is replaced through inverse S box element, represents operation method with formula (10).

state _j→S ^-1(state _j) (0≤j≤15) (10)

Row displacement inverse transformation: for 16 unit composition 4 × 4 matrixes, the unit amount of moving that every a line of matrix circulates different to the right, zero row ring shift right 3 unit, the first row ring shift right two unit, second row ring shift right one unit, the third line unit amount of moving remains unchanged, and row displacement transform operation relation as shown in Figure 5.

Row mixing inverse transformation: row hybrid matrix is inverse matrix, matrix M ^-1by matrix m ^-1at finite field gf (2 ⁴) 4 powers in computing construct, constructive formula is as (11), and wherein data represent with 16 systems.

${\left(m^{-1}\right)}^4={\left(\begin{array}{cccc}0& 1& 0& 0\\ 0& 0& 1& 0\\ 0& 0& 0& 1\\ 9& 2& 9& 1\end{array}\right)}^4=\left(\begin{array}{cccc}9& 2& 9& 1\\ 9& b& b& 8\\ 4& a& f& 3\\ 8& 2& 2& c\end{array}\right)=M^{-1}---\left(11\right)$

Row mixing transform operation is element 4 × 4 matrix and mixcolumns matrix M in State ^-1at finite field gf (2 ⁴) on multiplication transformations, transformation for mula (12), wherein data represent with 16 systems.

$\mathrm{State}=\left(\begin{array}{cccc}9& 2& 9& 1\\ 9& b& b& 8\\ 4& a& f& 3\\ 8& 2& 2& c\end{array}\right)\×\left(\begin{array}{cccc}{\mathrm{state}}_0& {\mathrm{state}}_1& {\mathrm{state}}_2& {\mathrm{state}}_3\\ {\mathrm{state}}_4& {\mathrm{state}}_5& {\mathrm{state}}_6& {\mathrm{state}}_7\\ {\mathrm{state}}_8& {\mathrm{state}}_9& {\mathrm{state}}_{10}& {\mathrm{state}}_{11}\\ {\mathrm{state}}_{12}& {\mathrm{state}}_{13}& {\mathrm{state}}_{14}& {\mathrm{state}}_{15}\end{array}\right)---\left(12\right)$

During Surge deciphering, the first round does not arrange mixing inverse transformation.

Surge-64 test of heuristics vector:

(1) expressly: 0000_0000_0000_0000

(1) key: 0000_0000_0000_0000

(1) ciphertext: 1667_72B1_6ACA_8D7D

(2) expressly: FFFF_FFFF_FFFF_FFFF

(2) key: FFFF_FFFF_FFFF_FFFF

(2) ciphertext: 4721_8C72_22A2_8318

Surge-80 test of heuristics vector:

(1) expressly: 0000_0000_0000_0000

(1) key: 0000_0000_0000_0000_0000

(1) ciphertext: ECC6_4C62_4B97_4EF5

(2) expressly: FFFF_FFFF_FFFF_FFFF

(2) key: FFFF_FFFF_FFFF_FFFF_FFFF

(2) ciphertext: 1C26_2492_CEE2_C386

Surge-128 test of heuristics vector:

(1) expressly: 0000_0000_0000_0000

(1) key: 0000_0000_0000_0000_0000_0000_0000_0000

(1) ciphertext: 4D84_EF62_37C9_ED42

(2) expressly: FFFF_FFFF_FFFF_FFFF

(2) key: FFFF_FFFF_FFFF_FFFF_FFFF_FFFF_FFFF_FFFF

(2) ciphertext: B484_B920_8C12_A2F6

According to implementation method proposed by the invention, utilize the test vector provided, implementor, to being expressly encrypted the ciphertext obtained described in test vector, is decrypted process to ciphertext and obtains the plaintext described in test vector.

Surge block cipher implementation method of the present invention is at Xilinx Virtex-5LX50T FPGA hardware implementing, resource area shared by Surge-64 algorithm is 9985Slices, clock cycle is 9.734ns, clock frequency is 102.733MHz, throughput is resource area shared by 199.240Mbps, Surge-80 algorithm is 10074Slices, and the clock cycle is 9.710ns, clock frequency 102.987MHz, throughput is 178.140Mbps.Resource area shared by Surge-128 encryption method is 10169Slices, and the clock cycle is 9.741ns, clock frequency 102.659MHz, and throughput is 160.248Mbps.

Table 1 is the typical lightweight cryptographic algorithm FPGA hardware implementing of minimum key length, obtain area and performance test data, shown by Data Comparison in table 1, Surge algorithm is that in current SPN structure lightweight cryptographic algorithm, area takies little, and encryption period, frequency, throughput keep quite high performance simultaneously.

Table 1 each lightweight cryptographic algorithm FPGA experimental data

Below in conjunction with specific embodiments to invention has been detailed description, these are not construed as limiting the invention.Without departing from the principles of the present invention, those skilled in the art can also make many distortion and improvement, and these also should belong to protection scope of the present invention.

Claims (1)

1. a lightweight Surge block cipher implementation method, is characterized in that, comprise the following steps:

Step 1: 64-bit plain/cipher text is loaded on register, carries out enciphering/deciphering computing;

Step 2: by described to be added/data decryption carries out N according to the following steps _rwheel wheel arithmetic operation, when wherein key length is 64-bit, N _rvalue is 32; When key length is 80-bit, N _rvalue is 36; When key length is 128-bit, N _rvalue is 40;

If input be-encrypted data be encrypted arithmetic operation, then in the first round to N _rcarry out constant to be-encrypted data successively in every rounds of computing in-1 wheel computing and add conversion, InvAddRoundKey conversion, S box replacement conversion, shiftrows and mixcolumns, the data obtained after mixcolumns are as the be-encrypted data of next round;

Last rounds of calculating process is carry out constant successively to the last round of be-encrypted data obtained to add conversion, InvAddRoundKey conversion, S box replacement conversion and shiftrows, completes cryptographic operation;

If input decrypt data to be decrypted operation, then treat data decryption in first round wheel computing to go displacement inverse transformation, S box successively and replace inverse transformation, InvAddRoundKey conversion and constant and add inverse transformation, using the data obtained after constant adds inverse transformation as the data to be decrypted of next round;

Take turns to N second _rwheel wheel computing in every rounds of computing in treat successively data decryption carry out row mixing inverse transformation, row displacement inverse transformation, S box replacement inverse transformation, InvAddRoundKey convert and constant add inverse transformation, using the data obtained after constant adds inverse transformation as the data to be decrypted of next round, complete decryption oprerations;

Described mixcolumns and row mix inverse transformation, shiftrows and row displacement inverse transformation, S box replace conversion and the replacement inverse transformation of S box and constant adds conversion and constant adds inverse transformation inverse operation all each other;

By described to be encrypted/deciphering 64-bit data from a high position to low level, be divided into 16 unit successively, each element length is 4-bit, is respectively state ₀, state ₁..., state ₁₅;

It is by state that constant adds map function ₀, state ₈a wheel constant byte high position of taking turns with i-th is respectively carried out XOR and is obtained state ₀', state ₈', by state ₄, state ₁₂the wheel constant byte low level of taking turns with i-th respectively carries out XOR and obtains state ₄', state ₁₂', wherein, 1≤i≤N _r; The result of then each unit being carried out XOR replaces each former cell data, obtains operation result;

Wherein, taking turns constant RC specifically describes as follows:

Each is taken turns constant and immobilizes, and the every number of wheel constant RC is a byte, and represents with hexadecimal number;

1) when key length is 64-bit, wheel constant RC value has 32 numbers, and the arrangement of 32 wheel constants is as follows:

RC[32]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b}；

2) when key length is 80-bit, wheel constant RC value comprises 32 numbers when key length is 64-bit, and also comprise this 4 number of 0x 36,0x 30,0x 34,0x 32, totally 36 numbers, the arrangement of 36 wheel constants is as follows:

RC[36]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b，0x 36，0x 30，0x 34，0x 32}；

3) when key length is 128-bit, wheel constant RC value comprises 36 numbers when key length is 80-bit, and also comprise 0x 38,0x 3c, this 4 number of 0x 3e, 0x 3a, totally 40 numbers, the arrangement of 40 wheel constants is as follows:

RC[40]＝{0x 22，0x 35，0x 07，0x 20，0x 0d，0x 39，0x 3d，0x 1e，0x 1a，0x 2e，0x 31，0x 14，0x 37，0x 26，0x 33，0x 12，0x 2a，0x 18，0x 0f，0x 24，0x 05，0x 1c，0x 16，0x 2c，0x 3f，0x 10，0x 03，0x 0b，0x 09，0x 01，0x 28，0x 3b，0x 36，0x 30，0x 34，0x 32，0x 38，0x 3c，0x 3e，0x 3a}；

Described InvAddRoundKey conversion, refers to that employing is a kind of and obtains each round key of taking turns, by the following method constitution realization without cipher key spreading mode;

When key is 64-bit, primary key is divided into 16 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₁₅;

When key is 80-bit, primary key is divided into 20 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₁₉;

When key is 128-bit, primary key is divided into 32 unit, and each unit 4-bit, is respectively key ₀, key ₁..., key ₃₁;

InvAddRoundKey conversion implementation method: by 64-bit expressly or each takes turns median and each is taken turns round key 64-bit and carries out XOR; Wherein, each round key formation rule of taking turns described is:

1), when key length is for 64-bit, each round key of taking turns is exactly 64-bit primary key, round key Key _i(1≤i≤N _r) as shown in formula (1):

2) key is long is 80-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key; When i is the computing of even number next round, round key is 64-bit after primary key, round key Key _i(1≤i≤N _r) as shown in formula (2) Yu (3):

When i is the computing of odd number next round, round key

When i is the computing of even number next round, round key

3) key is long is 128-bit, and when i is the computing of odd number next round, round key is 64-bit before primary key, and when i is the computing of even number next round, round key is 64-bit after primary key, round key Key _i(1≤i≤N _r) as shown in formula (4) Yu (5):

When i is the computing of odd number next round, round key

When i is the computing of even number next round, round key

Described mixcolumns operation is by structure hardware implementing friendly mixcolumns matrix M, and by after needing 16 cell datas of carrying out mixcolumns to be transformed to 4 × 4 matrixes, then by friendly mixcolumns matrix M and 4 × 4 matrixes at finite field gf (2 ⁴) on carry out multiplication transformations;

Wherein, friendly mixcolumns matrix M utilizes and is easy to hard-wired (0,1,2,4) combinatorial matrix m, through finite field gf (2 ⁴) upper 4 power computings construct, constructive formula is as formula (6):

Data in above formula are 16 binary data.