CN105162579A - Lightweight stream cipher LSNRR based on non-linear cyclic shift register - Google Patents

Abstract

Shift registers are cryptographic components used to generate pseudo-random sequences in the field of secure communications. There are linear feedback shift registers LFSR and nonlinear feedback shift registers NLFSR, etc., and their maximum period T≤2 ⁿ . The feedback mode of n-level nonlinear cyclic shift register NRR is: <maths num="0001"> </maths> In the above formula, i≥0, n≥2, and the word length m is the number of digits of the platform; <<<j means that the cycle is shifted to the left by j bits; Indicates modulo addition; c is an odd number between 1 and 2 ^m -1; the initial value of the input n words a ₀ to a _n-1 is not limited, and each word has any m digits. When the word length is m bits, the period of n-level NRR is larger than (2 ^m ) ⁿ , that is, the security is higher than that of traditional (N)LFSR; the efficiency of NRR is also higher than that of commonly used (N)LFSR. A lightweight stream cipher LSNRR is designed using 4 NRRs, in which the first NRR is used for key arrangement, and the outputs of the other 3 NRRs are modulo-added to generate the key stream of LSNRR. The efficiency of LSNRR is higher than that of commonly used symmetric ciphers, and it is suitable for environments with limited or unlimited resources, and is mainly used for data encryption and decryption.

Description

Lightweight stream cipher technique LSNRR based on nonlinear circular shift register

technical field

The lightweight stream cipher LSNRR based on the nonlinear cyclic shift register NRR is a symmetric cipher in the field of secure communication. It is mainly used for data encryption and decryption in network and information system security, and is suitable for terminals with unlimited resources and limited resources. Terminal interworking.

Background technique

Cryptography is divided into symmetric cryptography and asymmetric cryptography. Since the encryption speed of asymmetric ciphers is much lower than that of symmetric ciphers, symmetric ciphers are used as much as possible for data encryption and decryption in network and information system security to improve efficiency. Symmetric ciphers are divided into stream ciphers and block ciphers, both of which have advantages and disadvantages. A commonly used cryptographic component for designing stream ciphers is a shift register, such as a linear feedback shift register LFSR ^[1] and a nonlinear feedback shift register NLFSR ^[2] , etc., hereinafter collectively referred to as (N)LFSR. For example, the encryption standard A5 algorithm ^{[3, 4]} of the second generation mobile communication system GSM, the Bluetooth encryption standard E0 algorithm ^[4] and the stream cipher international standard SNOW2 algorithm ^[3] all use LFSR; the Hash function standards SHA1 and SHA2 The Message Expansion Algorithm ^[3] and several candidate algorithms of the 3rd generation standard SHA3 employ (N)LFSR or other generators.

The current output bits of the n-level (N) LFSR are logic functions of the first n bits, and such logic functions have a total of , of which there are 2 ⁿ linear ones and non-linear ones indivual. LFSR adopts the following feedback mode to linearly recurse the next bit a _n+i from the first n bits a _i ～a _n+i-1 :

a _n+i ＝a _i ^c _n-1 a _i+1 ^...^c ₁ a _n+i-1

Wherein, the constant c _k =0 or 1, 1≦k≦n-1, ^ is XOR, that is, modulo 2 addition. If the initial n bits a ₀ ˜a _n-1 input are all 0, the output of the LFSR is always 0. Therefore, the maximum period of the n-stage LFSR is 2 ⁿ -1. If and only when the feedback polynomial of the LFSR is a primitive polynomial, the period of the LFSR reaches the maximum. Generating a primitive polynomial is not easy and requires the help of a math package. The message extension algorithm of SHA1 uses the following pattern to recursively deduce the next word w _t from the first 16 words w _t-16 ~w _t-1 : w _t = (w _t-3 ^w _t-8 ^w _t-14 ^w _t-16 )<<<1 Wherein, <<<1 represents a cyclic left shift by 1 bit, and the word length m is 32b (bits). This is equivalent to a 16-stage generator with a word length m of 32b. If the initial 16 words w ₀ ~w ₁₅ input are all 0, the output will always be 0. Therefore, its maximum period is less than or equal to (2 ³² ) ¹⁶ -1 . The maximum period of an n-stage NLFSR is 2 ⁿ . The nonlinear cyclic shift register NRR is a new type of feedback shift register. When the word length is m bits, the period of n-level NRR is greater than (2 ^m ) ⁿ . (N)LFSR software implementation is slow. The solution is to parallel m (N)LFSRs, which is equivalent to a word length of m bits, but the maximum period is still less than or equal to 2 ⁿ , unless a primitive polynomial modulo 2 ^m is used like SNOW2, The maximum period is less than or equal to (2 ^m ) ⁿ . That is to say, for different word lengths m and different stages n, (N)LFSR needs to find different feedback modes so that the period can reach the maximum. Regardless of the word length m and the number of series n, NRR has a unified feedback mode, and there is no need to find a feedback mode that reaches the maximum cycle, and can directly adapt to various platforms, including platforms with more than 128 bits in the future. Under the 32-bit platform (2.4GHz dual-core CPU, 2GB memory, WindowsXP, C language), the LFSR speed of SNOW2 is 630MB/s; the message extension algorithm speed of SHA1 and SHA256 is less than 400MB/s; the speed of NRR is 700MB/s . For the LFSR used by the A5 and E0 algorithms, unless 32 LFSRs are parallelized at the same time, the efficiency is equivalent to NRR. For the (N)LFSR whose period reaches the maximum, its output is absolutely uniform, and it will repeat after traversing all the states, and the unpredictability is poor. The test shows that the output generated by NRR is pseudo-random and uniform, and can traverse all states, with good unpredictability.

The present invention adopts four nonlinear cyclic shift registers NRR, and designs a light-weight stream cipher LSNRR.

[1] (USA) SchneierB. Applied Cryptography—Protocols, Algorithms and C Source Programs. Translated by Wu Shizhong, etc. Mechanical Industry Press, 2000-1.264～269

[2] (Middle) Wang Yumin, Liu Jianwei. Communication Network Security——Theory and Technology. Xidian University Press, 1999-04.81～82

[3] (Middle) Gu Lize, Zheng Shihui, Yang Yixian. Modern Cryptography Course. Beijing University of Posts and Telecommunications Press, 2009-08.169～175, 189～204

[4] (Middle) Xu Shengbo, Ma Wenping, Wang Xinmei. Security Technology in Wireless Communication Networks. People's Posts and Telecommunications Press, 2003-07.149～150, 183～187

Contents of the invention

【Purpose of the invention】

In order to design a safe and efficient symmetric cipher for data encryption and decryption in network and information system security, the lightweight stream cipher LSNRR based on the nonlinear cyclic shift register NRR expands the period of the output sequence compared with other symmetric ciphers , enhanced multi-platform adaptability and improved efficiency.

In particular, ordinary encryption technology is suitable for encryption and decryption of common terminals with unlimited resources, but not suitable for terminals with limited resources, that is, it is not suitable for intercommunication between terminals with unlimited resources and limited resources. The encryption and decryption of resource-constrained terminals in wireless networks such as the Internet of Things requires lightweight ciphers, but common lightweight ciphers are used for intercommunication between resource-unlimited terminals and resource-constrained terminals, and cannot take advantage of the resource advantages of resource-limited terminals. , which is inefficient and will increase the burden on unrestricted terminals. The biggest purpose of the present invention is to design a lightweight cipher that can make full use of the resource advantages of unrestricted terminals, is suitable for resource-constrained terminals, and can reach the level of common ciphers.

【Technical solutions】

The technical solution adopted by the nonlinear cyclic shift register NRR in the present invention is: when the word length is m bits, the n-level NRR adopts the following feedback mode by starting and ending 2 in the first n words a _i ~a _i+n-1 word recursion to the next word a _i+n

${\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}<span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; no</span>}}<span\; class="notranslate">\; =</span><span\; class="notranslate">\; \{</span><span\; class="notranslate">\; [</span><span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}<span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; no</span>}<span\; class="notranslate">\; -</span>\mathrm{<span\; class="notranslate">\; 1</span>}}<span\; class="notranslate">\; <</span><span\; class="notranslate">\; <</span><span\; class="notranslate">\; <</span>\mathrm{<span\; class="notranslate">\; j</span>}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}}<span\; class="notranslate">\; ]</span><span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; c</span>}<span\; class="notranslate">\; \}</span>\mathrm{<span\; class="notranslate">\; mod</span>}{\mathrm{<span\; class="notranslate">\; 2</span>}}^{\mathrm{<span\; class="notranslate">\; m</span>}}$

Among them, i≥0, n≥2, the word length m is the number of digits of the platform; the modulus operation mod means to find the remainder; <<<j means to rotate left by j bits, and j changes cyclically between 0 and m-1, that is j = imodm; Indicates modulo addition; c is an odd number between 1 and 2 ^m -1; the values of the initial n words a ₀ to a _n-1 input are not limited, and each input word is a number of any m-bit length.

The NRR in the present invention differs from the traditional (N)LFSR in that: (1) the number of cyclic shifts j changes cyclically; (2) counting plus c; (3) the initial value is not limited.

The encryption method of the stream cipher is: ciphertext C=P^KS; the decryption method is: plaintext P=C^KS. Among them, KS is the key stream, so the key is how to generate the key stream. LSNRR uses 4 NRRs. The word length m of the four NRRs is 32b (bits), and the number of stages n is 4, 5, 4, 3 respectively. The first NRR is used for key arrangement, and the outputs of the other three NRRs are modulo-added to generate the key stream. The process of LSNRR generating key stream is represented by KS=LSNRR(K, IV). The input parameter K is a key with a length of Lk≥16B (bytes); IV is an initial vector used for anti-replay attack in secure communication, which is the same length as the key K. For a 16B key and a 32-bit platform, the key K and the initial value IV are expressed as a concatenation of four 32-bit words: K=(K ₀ ||K ₁ ||K ₂ ||K ₃ ); IV=( IV ₀ ||IV ₁ ||IV ₂ ||IV ₃ ).

The initial value of the first NRR in the LSNRR is A ₀ =(a ₀ ||a ₁ ||a ₂ ||a ₃ )=K^IV. Its feedback mode is:

a _i+4 ＝{[(a _i+3 <<<j)^a _i ]+1}mod2 ³² , where i≥0, j=imod32, and ^ represents a bitwise XOR operation.

The initial values of the other 3 NRRs are:

B ₀ ＝(b ₀ ||b ₁ ||b ₂ ||b ₃ ||b ₄ )＝(a _i+64 +K ₁ ||a _i+67 +K ₂ ||a _i+70 +K ₃ ||a _i+73 +K ₀ )||(a _i+75 +K ₂ );

D ₀ ＝(d ₀ ||d ₁ ||d ₂ ||d ₃ )＝(a _i+65 +K ₂ )||(a _i+68 +K ₃ )||(a _i+71 +K ₀ )||(a _i+74 +K ₁ );

E ₀ =(e ₀ ||e ₁ ||e ₂ )=(a _i+66 +K ₃ )||(a _i+69 +K ₀ )||(a _i+72 +K ₁ ).

For i≥0, the feedback modes of the last three NRRs are respectively

b _i+5 ={[(b _i+4 <<<j ₁ )+b _i ]+3}mod2 ³² , where j ₁ =imod32;

d _i+4 ={[(d _i+3 <<<j ₂ )+d _i ]+5}mod2 ³² , where j ₂ =i+11mod32;

e _i+3 ={[(e _i+2 <<<j ₃ )+e _i ]+7}mod2 ³² , where j ₃ =i+23mod32

The output key stream of LSNRR is generated by modulo-adding the outputs of the last three NRRs:

【Beneficial effect】

Compared with common symmetric ciphers, stream cipher LSNRR has the following advantages:

(1) The cycle is longer and the security is higher. Since the multiplication coefficient b and the cyclic shift number j are not fixed, when the word length is m bits, the period of n-level NRR is greater than (2 ^m ) ⁿ . For the feedback mode a _i+n =[(a _i+n-1 <<<j)+a _i +1]mod2 ^m , when the word length is 8b (bit), the period of the 2-level NRSR is tested to be 484192> 2 ¹⁶ B (bytes); the period of level 3 NRR is 81,782456 > 2 ²⁴ (16MB); the period of level 4 NRR is 27,251403552 > 2 ³² (4GB). When the word length is 16b, the period of the 2-level NRR is 37,540033008>4G short integers. For the feedback mode a _i+n =[(b×a _i+n-1 )+(a _i <<<j)+1]mod2 ^m , when the word length is 8b, b takes one of 1 to 2 ^m -1 The odd number of cyclical changes in the interval, the test shows that the period of the 2-level NRR is 4,765440>2 ¹⁶ (64KB). If b is an odd number that changes cyclically between 3 and 2 ^m -1, the period is even greater. The test shows that the period has nothing to do with the initial value of the register, the initial value of the cyclic shift number j and the initial value of the multiplication coefficient b.

For the LFSR whose period reaches the maximum, its output state 1~2 ⁿ -1 is absolutely uniform; for the NLFSR whose period reaches the maximum, its output state 0~2 ⁿ -1 is absolutely uniform, and it will repeat after traversing all the states. Poor unpredictability. Tests have shown that the output generated by NRR is pseudo-random and uniform, and duplication may occur without traversing all states. The repetition of the register state is not necessarily periodic repetition. When the state of the register, the state of the cyclic shift number j and the state of the multiplication coefficient b are repeated at the same time, it is a periodic repetition. Therefore, the unpredictability and security of NRR is better than (N)LFSR.

The values of the initial n words a ₀ to a _n-1 input by the NRR are not limited. For the message extension algorithms of hash (Hash) function standards SHA1 and SHA2, if the initial message is all 0, the extended message is also all 0. NRR does not have this problem.

In addition, there is a block cipher called RC6, which requires 5 rounds of encryption to achieve pseudo-randomness. Its encryption round function f(i, a, b, c, d) is:

{u=[d(2d+1)]<<<5; t=[b(2b+1)]<<<5; a=[(a^t)<<<u]+k[i]; c=[(c^u)<<<t]+k[i+1];}

Use NRR to directly replace the two cache variables u and t, and reversibly update d and b:

{t=d; d=[(t+1)<<<i]+b; b=(d<<<i)+t+1; a=[(a^d)<<<b]+k [i];c=[(c^b)<<<d]+k[i+1];}

5-round encryption also achieves pseudo-randomness, which also shows that NRR has good cryptographic properties.

Therefore, the period of the stream cipher LSNRR is larger than that of common symmetric ciphers. In this respect, the security of LSNRR is higher than that of commonly used symmetric ciphers.

(2) Higher efficiency. Under the 32-bit platform (2.4GHz dual-core CPU, 2GB memory, WindowsXP, C language), the NRR speed is 700MB/s. Commonly used (N)LFSR speed does not exceed 630MB/s.

For single-core, the speed of common symmetric ciphers does not exceed 50MB/s; for dual-core, it does not exceed 100MB/s. At 2GHz single core, the encryption speed of RC6-ECB, that is, the speed of RC6-CTR and RC6-OFB to generate the key stream is 45MB/s; the speed of RC4, AES-CTR and AES-OFB to generate the key stream is 30MB/s . At 2.4GHz dual-core, the speed of AES-CTR and AES-OFB to generate key stream is 75MB/s. When the 2GHz single core is used, the speed of LSNRR to generate the key stream is 70MB/s; when the 2.4GHz dual-core is used, the speed of LSNRR to generate the key stream is 118MB/s. The three NRRs of LSNRR can be processed in parallel, and the efficiency reaches the best when the three cores are used, which is suitable for the dual-core computers commonly used at present.

(3) Multi-platform adaptability is more flexible. (N)LFSR software implementation is slow. The solution is that when the number of bits of the platform is m, parallel m (N)LFSRs are equivalent to a word length of m bits, but the maximum period is still less than or equal to 2 ⁿ , unless it is the same as SNOW2 Using the primitive polynomial modulo 2 ^m , the maximum period is less than or equal to (2 ^m ) ⁿ . That is to say, for different word lengths m and different stages n, (N)LFSR needs to find different feedback modes. Regardless of the word length m and the number of stages n, there is a fixed feedback mode in NRR $a_{i+\mathrm{no}}=\left\{\right[(a_{i+\mathrm{no}-1}<<<$ $j)\&CirclePlus;a_i]+c\}\mathrm{mod}{2}^m$ and $a_{i+\mathrm{no}}=\left\{\right[(b\&times;a_{i+\mathrm{no}-1})\&CirclePlus;(a_i<<<j)]+c\}\mathrm{mod}{2}^m,$ There is no need to find the feedback mode that reaches the maximum period, and it can directly adapt to various platforms, including platforms above 128 bits in the future.

LSNRR can be directly extended to a cryptographic algorithm for platforms above 64 bits, and can also be directly changed to an algorithm for 8-bit platforms.

(4) Applicable to both resource-constrained and unrestricted environments. Ordinary encryption technology is suitable for encryption and decryption of ordinary terminals with unlimited resources, but not suitable for terminals with limited resources, that is, it is not suitable for intercommunication between terminals with unlimited resources and limited resources. The encryption and decryption of resource-constrained terminals in wireless networks such as the Internet of Things requires lightweight ciphers, but common lightweight ciphers are used for intercommunication between resource-unlimited terminals and resource-constrained terminals, and cannot take advantage of the resource advantages of resource-limited terminals. , which is inefficient and will increase the burden on unrestricted terminals. The greatest advantage of the present invention is that it designs a light-weight cipher that can fully utilize the resource advantages of terminals with unlimited resources, is suitable for terminals with limited resources, and is more efficient than ordinary ciphers. The number of logic gates (GE) required for LSNRR hardware implementation is about 3284, which meets the requirements of lightweight cryptography.

Description of drawings

Figure 1 Lightweight stream cipher LSNRR based on nonlinear circular shift register

illustrate: Indicates modulo addition.

Detailed ways

The specific implementation of the nonlinear cyclic shift register NRR in the present invention is: when the word length is m bits, the n-level NRR adopts the following feedback mode by the first and last 2 in the first n words a _i ~a _i+n-1 word recursion to the next word a _i+n

${\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}<span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; no</span>}}<span\; class="notranslate">\; =</span><span\; class="notranslate">\; \{</span><span\; class="notranslate">\; [</span><span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}<span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; no</span>}<span\; class="notranslate">\; -</span>\mathrm{<span\; class="notranslate">\; 1</span>}}<span\; class="notranslate">\; <</span><span\; class="notranslate">\; <</span><span\; class="notranslate">\; <</span>\mathrm{<span\; class="notranslate">\; j</span>}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; a</span>}}_{\mathrm{<span\; class="notranslate">\; i</span>}}<span\; class="notranslate">\; ]</span><span\; class="notranslate">\; +</span>\mathrm{<span\; class="notranslate">\; c</span>}<span\; class="notranslate">\; \}</span>\mathrm{<span\; class="notranslate">\; mod</span>}{\mathrm{<span\; class="notranslate">\; 2</span>}}^{\mathrm{<span\; class="notranslate">\; m</span>}}$

Among them, n≥2, the word length m takes the number of digits of the platform; <<<j means a cyclic left shift of j bits, and j changes cyclically between 0 and m-1, that is, j=imodm; Indicates modulo addition; c is an odd number between 1 and 2 ^m -1; the values of the initial n words a ₀ to a _n-1 input are not limited, and each input word is a number of any m-bit length.

LSNRR uses 4 NRRs. The word length m of the four NRRs is 32b (bits), and the number of stages n is 4, 5, 4, 3 respectively. The first NRR is used for key arrangement, and the outputs of the other three NRRs are modulo-added to generate the key stream. The process of LSNRR generating key stream is represented by KS=LSNRR(K, IV). The input parameter K is a key with a length of Lk≥16B (bytes); IV is an initial vector used for anti-replay attack in secure communication, which is the same length as the key K. For a 16B key and a 32-bit platform, the key K and the initial value IV are expressed as a concatenation of four 32-bit words: K=(K ₀ ||K ₁ ||K ₂ ||K ₃ ); IV=( IV ₀ ||IV ₁ ||IV ₂ ||IV ₃ )

The initial value of the first NRR in the LSNRR is A ₀ =(a ₀ ||a ₁ ||a ₂ ||a ₃ )=K^IV. Its feedback mode is:

a _i+4 ＝{[(a _i+3 <<<j)^a _i ]+1}mod2 ³² , where i≥0, j=imod32, and ^ represents a bitwise XOR operation.

The initial values of the other 3 NRRs are:

B ₀ ＝(b ₀ ||b ₁ ||b ₂ ||b ₃ ||b ₄ )＝(a _i+64 +K ₁ ||a _i+67 +K ₂ ||a _i+70 +K ₃ ||a _i+73 +K ₀ )||(a _i+75 +K ₂ );

D ₀ ＝(d ₀ ||d ₁ ||d ₂ ||d ₃ )＝(a _i+65 +K ₂ )||(a _i+68 +K ₃ )||(a _i+71 +K ₀ )||(a _i+74 +K ₁ );

E ₀ =(e ₀ ||e ₁ ||e ₂ )=(a _i+66 +K ₃ )||(a _i+69 +K ₀ )||(a _i+72 +K ₁ ).

For i≥0, the feedback modes of the last three NRRs are respectively

b _i+5 ={[(b _i+4 <<<j ₁ )+b _i ]+3}mod2 ³² , where j ₁ =imod32;

d _i+4 ={[(d _i+3 <<<j ₂ )+d _i ]+5}mod2 ³² , where j ₂ =i+11mod32;

e _i+3 ={[(e _i+2 <<<j ₃ )+e _i ]+7}mod2 ³² , where j ₃ =i+23mod32

The output key stream of LSNRR is generated by modulo-adding the outputs of the last three NRRs:

The encryption method of the stream cipher LSNRR is: ciphertext C=P^KS; the decryption method is: plaintext P=C^KS.

Claims (5)

1. based on the lightweight stream cipher LSNRR of non-linear circulating register NRR, its general characteristic is: have employed 4 NRR; The word length m of 4 NRR is 32b (bit), and progression n is respectively 4,5,4,3; Wherein the 1st NRR is used for key schedule, and the output of another 3 NRR is carried out mould Calais and produced key stream KS, namely

${\mathrm{KS}}_i=(b_{i+5}\&CirclePlus;d_{i+4}\&CirclePlus;e_{i+3})$

Wherein i>=0, b _i+5, d _i+4, e _i+3be respectively the output of 3 NRR, KS _iand b _i+5, d _i+4, e _i+3all 32 figure places.

2. the feature of lightweight stream cipher LSNRR according to claim 1, its non-linear circulating register NRR adopted is: when word length is m bit, and n level NRR adopts following feedback model by front n word a _i~ a _i+n-1in the next word a of head and the tail 2 word recursion _i+n

$a_{i+n}=\left\{\right[(a_{i+n-1}<<<j)\&CirclePlus;a_i]+c\}\mathrm{mod}{2}^m$

In above formula, i>=0, n>=2, word length m makes even the figure place of platform; Modular arithmetic mod represents and rems; < < < j represents ring shift left j position, and j is circulation change between 0 ~ m-1, i.e. j=imodm; represent that mould adds; C is 1 ~ 2 ^modd number between-1; Initial n word a of input ₀~ a _n-1value is not limit, and each word of input is the number of any m bit long.

3. lightweight stream cipher LSNRR according to claim 1, its process producing key stream KS represents with KS=LSNRR (K, IV); Wherein input parameter K is the key of length Lk >=16B (byte); IV is the initial vector for preventing playback attack in secure communication, isometric with key K; For key and 32 bit platforms of 16B, key K and initial value IV are expressed as 4 32 word cascades:

K＝(K ₀||K ₁||K ₂||K ₃)；IV＝(IV ₀||IV ₁||IV ₂||IV ₃)

In SNRR algorithm, the feature of the 1st NRR is: initial value is A ₀=(a ₀|| a ₁|| a ₂|| a ₃)=K^IV; Its feedback model is:

A _i+4={ [(a _i+3< < < j) ^a _i]+1}mod2 ³², wherein i>=0, j=imod32, ^ represent XOR by turn.

4. lightweight stream cipher LSNRR according to claim 3, the feature for generation of rear 3 NRR of key stream KS is:

Its initial value is respectively B ₀=(b ₀|| b ₁|| b ₂|| b ₃|| b ₄)=(a _i+64+ K ₁|| a _i+67+ K ₂|| a _i+70+ K ₃|| a _i+73+ K ₀) || (a _i+75+ K ₂);

D ₀＝(d ₀||d ₁||d ₂||d ₃)＝(a _i+65+K ₂)||(a _i+68+K ₃)||(a _i+71+K ₀)||(a _i+74+K ₁)；

E ₀＝(e ₀||e ₁||e ₂)＝(a _i+66+K ₃)||(a _i+69+K ₀)||(a _i+72+K ₁)。

5. lightweight stream cipher LSNRR according to claim 4, the feature for generation of rear 3 NRR of key stream KS is:

For i >=0, the feedback model of rear 3 NRR is respectively

B _i+5={ [(b _i+4< < < j ₁)+b _i]+3}mod2 ³², wherein j ₁=imod32;

D _i+4={ [(d _i+3< < < j ₂)+d _i]+5}mod2 ³², wherein j ₂=i+11mod32;

E _i+3={ [(e _i+2< < < j ₃)+e _i]+7}mod2 ³², wherein j ₃=i+23mod32

The output key stream of LSNRR carries out the generation of mould Calais by the output of rear 3 NRR: