CN103684748A

CN103684748A - Symmetric encryption and decryption method, and symmetric encryption and decryption system

Info

Publication number: CN103684748A
Application number: CN201210364424.7A
Authority: CN
Inventors: 胡永波; 郭丽敏; 郑业扬; 张志敏; 俞军
Original assignee: Shanghai Fudan Microelectronics Group Co Ltd
Current assignee: Shanghai Fudan Microelectronics Group Co Ltd
Priority date: 2012-09-26
Filing date: 2012-09-26
Publication date: 2014-03-26
Anticipated expiration: 2032-09-26
Also published as: CN103684748B

Abstract

A symmetric encryption and decryption method and a symmetric encryption and decryption system. The method includes providing data to be processed, a key, and a first random number; performing a first operation and a first linear operation on the data to be processed, a key, and the first random number to obtain first data; and performing a second operation on the first random number performing a linear operation and a second operation to obtain second data; performing a nonlinear operation on the first data to obtain third data; performing a first operation and a second linear operation on the third data and the second data to obtain encryption and decryption data; The nonlinear operation includes providing the initial SBOX; performing the second operation on the first random number to obtain the fourth data; performing the first operation on the initial SBOX and the fourth data to obtain the fifth data; adjusting the fifth data according to the first random number The position of the element in the new SBOX is obtained; the nonlinear byte data corresponding to the first data is selected from the new SBOX as the third data. The invention can not only improve the security of encryption and decryption, but also improve the efficiency of encryption and decryption.

Description

Symmetrical expression encipher-decipher method, symmetrical expression encrypting and deciphering system

Technical field

The present invention relates to technical field of information processing, in particular a kind of symmetrical expression encipher-decipher method and symmetrical expression encrypting and deciphering system.

Background technology

In order to guarantee message safety, need to message be encrypted and be deciphered, conventional encryption and decryption technology comprises symmetrical expression encryption and decryption technology and asymmetric encryption and decryption side technology.Wherein, in symmetrical expression encryption and decryption technology, data transmission side, by after expressly (initial data) and encryption key pass through encryption together, makes it become complicated ciphertext and sends out; Destination receives after ciphertext, uses contrary processing of identical key and encryption to be decrypted ciphertext, just can make it revert to readable plaintext.Symmetrical expression encryption and decryption has advantages of that algorithm is open, amount of calculation is little, enciphering rate is fast and encryption efficiency is high.But, because both parties use identical key, therefore need further to improve its fail safe.

Symmetrical expression encryption and decryption technology all in prior art is all very similar, comprises one or many interative computation, and each interative computation comprises two linear operations and a nonlinear operation.Particularly, shown in figure 1, the symmetrical expression encrypting and deciphering system that can defend single order side line signal to attack in prior art comprises:

Data input module 10, for inputting plaintext to be encrypted or ciphertext to be deciphered;

Key input module 20, for inputting key;

Randomizer 30, for generation of arbitrary random number, the bit wide of described random number is corresponding identical with the bit wide of described plaintext or ciphertext;

The first exclusive-OR operator 40, the output that connects the output of described data input module 10, the output of key input module 20 and randomizer 30, for described plaintext or ciphertext, key and random number are carried out to XOR processing, obtain first xor data relevant to described plaintext or ciphertext;

The first linear operator 50, connects the output of described the first exclusive-OR operator 40, for described the first XOR result is carried out to the first linear operation, obtains the first linear data A relevant to described plaintext or ciphertext;

The first linear operator 60, connects the output of described randomizer 40, for described random number is carried out to the first linear operation, obtains the first linear data B relevant to described random number;

Nonlinear operation device 70, connects the output of the first linear operator 50 and the output of randomizer 30, for according to described random number, described the first linear data A being carried out to nonlinear operation, obtains nonlinear data;

The second exclusive-OR operator 80, connects the output of described nonlinear operation device 70 and the output of the first linear operator 60, for described nonlinear data and described the first linear data B are carried out to XOR, obtains the second xor data;

The second linear operator 90, the output that connects described the second exclusive-OR operator 80, for described the second xor data is carried out to the second linear operation, obtain second linear data relevant to described plaintext or ciphertext, thereby complete the plain text encryption of input or the deciphering of ciphertext.

At present conventional symmetrical expression encryption and decryption technology comprises: DES(data encryption standard) technology, AES(Advanced Encryption Standard) technology and SM4 technology etc.For different symmetrical expression encrypting and deciphering systems, the first

linear operator

50 and 60 in said system, nonlinear operation device 70 are different with the concrete processing method of the second linear operator 90, and in addition, iterations also can be different.

The Chinese patent that more documents about encryption and decryption technology can be CN100561911C with reference to notification number.

In encrypting and deciphering system shown in Fig. 1, most important and the most difficult realization be non-linear operator 70.Due to nonlinear operation more complicated, therefore described nonlinear operation device more than 70 adopts the non-linear byte substitution table of SBOX() realize, before being each encryption and decryption, first according to described random number, recalculate corresponding SBOX, due in calculating the process of new SBOX, may expose plaintext or ciphertext, therefore new SBOX need to be stored in memory, and then by lookup table mode, from memory, select the non-linear byte data corresponding with described the first linear data A as nonlinear data.

Particularly, the course of work of described nonlinear operation device 70 comprises: initial SBOX is provided, according to random number and the initial SBOX of input, utilize 512 SBOX that clock calculation is new, thereby obtain new SBOX, and new SBOX is stored in memory, finally from new SBOX, select the non-linear byte data corresponding with the first linear data A receiving as described nonlinear data.

But there is following defect in above-mentioned technology:

1) in described nonlinear operation device 70, all need to comprise that memory is to store new SBOX, thereby increased the area of hardware, be unfavorable for the miniaturization of ciphering and deciphering device;

2) due to before each encryption and decryption, all need to recalculate according to new random number the value of corresponding SBOX, thereby need extra clock, increased the clock number of encryption and decryption;

3) implementation of described nonlinear operation device 70 is single, easily meets with side line signal and attacks, and fail safe is poor;

4) different symmetrical expression encrypting and deciphering systems can not be realized compatibility.

Summary of the invention

The problem that the present invention solves is to provide a kind of symmetrical expression encipher-decipher method and symmetrical expression encrypting and deciphering system, and the fail safe that both can improve encryption and decryption can improve again the efficiency of encryption and decryption.

For addressing the above problem, the invention provides a kind of symmetrical expression encipher-decipher method, comprise one or many interative computation, each interative computation comprises:

Pending data, key and the first random number are provided, and the bit wide correspondence of described pending data, key and the first random number is identical;

Described pending data, key and the first random number are carried out to the first computing and the first linear operation, obtain the first data, described the first computing meets law of communication and associative law;

Described the first random number is carried out to the first linear operation and the second computing, obtain the second data;

Described the first data are carried out to nonlinear operation, obtain the 3rd data;

Described the 3rd data and described the second data are carried out to the first computing and the second linear operation, obtain the encryption and decryption data of pending data;

Described nonlinear operation comprises:

Initial SBOX is provided;

Described the first random number is carried out to the second computing, obtain the 4th data;

Described initial SBOX and described the 4th data are carried out to the first computing, obtain the 5th data;

According to described the first random number, adjust the position of element in the 5th data, obtain new SBOX;

From described new SBOX, select the non-linear byte data corresponding with described the first data as the 3rd data.

Alternatively, described the first computing, the first linear operation, the second computing, the second linear operation or nonlinear operation adopt pipeline processing mode between any two.

Alternatively, described nonlinear operation also comprises: before carrying out described the second computing, described initial SBOX is carried out to the inverse operation of the 3rd linear operation and the 3rd linear operation.

Alternatively, before described the 3rd data and described the second data are carried out to the first computing and the second linear operation, provide the second random number, described the second random number is identical with the bit wide of the first random number; To described the 3rd data with described the second data carry out the first computing and the second linear operation comprises: described the 3rd data, described the second data and described the second random number are carried out to the first computing and the second linear operation, obtain the 13 data; Described the 13 data and described the second random number are carried out to the inverse operation of described the first computing, obtain the encryption and decryption data of pending data.

Alternatively, described interative computation is for repeatedly; Before described the 3rd data and described the second data are carried out to the first computing and the second linear operation, the second random number is provided, described the second random number is identical with the bit wide of the first random number; To described the 3rd data with described the second data carry out the first computing and the second linear operation comprises: described the 3rd data, described the second data and described the second random number are carried out to the first computing and the second linear operation, obtain the encryption and decryption data of pending data, and in next interative computation, before described nonlinear operation, the inverse operation that the data after described the first computing and described the second random number are carried out to described the first computing.

In order to address the above problem, the present invention also provides a kind of symmetrical expression encrypting and deciphering system, for bright ciphertext is carried out to one or many interative computation, comprising:

Data input module, for providing pending data;

Key input module, for providing key;

The first randomizer, for the first random number is provided, the bit wide correspondence of described pending data, key and the first random number is identical;

The first processing module, connect described data input module, key input module and the first randomizer, for described pending data, key and the first random number are carried out to the first computing and the first linear operation, obtain the first data, described the first computing meets law of communication and associative law;

The second processing module, connects described the first randomizer, for described the first random number is carried out to the first linear operation and the second computing, obtains the second data;

Nonlinear block, connects described the first processing module and the first randomizer, for described the first data are carried out to nonlinear operation, obtains the 3rd data;

The 3rd processing module, connects described the second processing module and nonlinear block, for described the 3rd data and described the second data are carried out to the first computing and the second linear operation, obtains the encryption and decryption data of pending data;

Described nonlinear block comprises:

Memory cell, for providing initial SBOX;

First processor, connects described the first randomizer, for described the first random number is carried out to the second computing, obtains the 4th data;

The second processor, connects described memory cell and described first processor, for described initial SBOX and described the 4th data are carried out to the first computing, obtains the 5th data;

Adjustment unit, connects described the first randomizer and described the second processor, for according to described the first random number, adjusts the position of element in the 5th data, obtains new SBOX;

Selected cell, connects described the first processing module and adjustment unit, for selecting the non-linear byte data corresponding with described the first data as the 3rd data from described new SBOX.

Alternatively, described nonlinear block all consists of combinational logic device.

Alternatively, between described the first linear calculator and described the first computing calculator, also comprise memory, for realizing pipeline organization.

Alternatively, between described the first computing calculator and described the second linear calculator, also comprise memory, for realizing pipeline organization.

Alternatively, described nonlinear block also comprises:

The 3rd computing calculator, connects described memory cell, for described initial SBOX is carried out to the 3rd linear operation;

The 4th computing calculator, connects described the 4th computing calculator and described the second processor, for the data after the 3rd linear operation are carried out to the 3rd linear inverse computing, and the data after the 3rd linear inverse computing is sent to described the second processor.

Alternatively, described symmetrical expression encrypting and deciphering system also comprises: the second randomizer and the 5th computing calculator;

The second randomizer connects described the 3rd processing module, and for the second random number is provided, described the second random number is identical with the bit wide of described the first random number;

Described the 3rd processing module is carried out the first computing and the second linear operation to described the 3rd data, described the second data and described the second random number, obtains the 13 data;

Described the 5th computing calculator connects described the 3rd processing module, for described the 13 data and described the second random number being carried out to the inverse operation of described the first computing, obtains the encryption and decryption data of pending data.

Alternatively, described symmetrical expression encrypting and deciphering system also comprises: the second randomizer and the 6th computing calculator;

Described the 3rd processing module is carried out the first computing and the second linear operation to described the 3rd data, described the second data and described the second random number, obtains the encryption and decryption data of pending data;

Described the 6th computing calculator connects the output of described the first computing calculator and the input of the first linear calculator, the inverse operation of carrying out described the first computing for the data to after described the first computing and described the second random number, and the data after inverse operation are sent to the first linear calculator.

Compared with prior art, technical solution of the present invention has the following advantages:

1) in the present invention, in nonlinear operation, use mask technology (having increased the processing to the first random number), guaranteed the fail safe of data in nonlinear operation, thereby can effectively defend the attack of side line signal, the fail safe that has further improved encryption and decryption.Owing to storing without the SBOX to new in nonlinear operation, therefore both can save the area of hardware, be beneficial to Highgrade integration and the miniaturization of ciphering and deciphering device; Can reduce again the needed clock number of encryption and decryption, thereby improve the efficiency of encryption and decryption.

In addition the encryption and decryption technology that, the present invention proposes is applicable to all symmetrical expression encryption and decryption technology, applied range.

Further, the encryption and decryption technology proposing due to the present invention is applicable to all symmetrical expression encryption and decryption technology, so can realize the compatibility of different symmetrical expression encryption and decryption technology on hardware.

2) in possibility, described the first computing, the first linear operation, the second computing, the second linear operation or nonlinear operation adopt pipeline processing mode between any two, thereby can further save the time of encryption and decryption, have improved the encryption and decryption efficiency of data.

3), in possibility, before carrying out described the second computing, described initial SBOX is carried out to the inverse operation of the 3rd linear operation and the 3rd linear operation, thereby can further improve the fail safe of encryption and decryption.

4) in possibility, before the 3rd data and described the second data are carried out to the first computing and the second linear operation, the second random number is first provided, thereby to described the 3rd data, described the second data and described the second random number are carried out the first computing and the second linear operation, obtain the 13 data, again to described the 13 data with described the second random number is carried out the inverse operation of described the first computing or the data after described the first computing and described the second random number are carried out the inverse operation of described the first computing in next interative computation before described nonlinear operation, thereby by increasing the step of mask (i.e. the second random number) and removal mask, further improve the fail safe of encryption and decryption.

5) in possibility, described the first computing, described the second computing, described the first linear operation, the second linear operation, described the first random number or described the second random number all have multiple choices, thereby it is free that user can carry out, further improved fail safe and the flexibility of encryption and decryption.

Accompanying drawing explanation

Fig. 1 is the structural representation of symmetrical expression encrypting and deciphering system in prior art;

Fig. 2 is the schematic flow sheet of symmetrical expression encipher-decipher method in one embodiment of the invention;

Fig. 3 is the schematic flow sheet of nonlinear operation in Fig. 2;

Fig. 4 is the schematic flow sheet of symmetrical expression encipher-decipher method in another embodiment of the present invention;

Fig. 5 is the structural representation of symmetrical expression encrypting and deciphering system in one embodiment of the invention;

Fig. 6 is the structural representation of symmetrical expression encrypting and deciphering system in another embodiment of the present invention;

Fig. 7 is the structural representation of symmetrical expression encrypting and deciphering system in another embodiment of the present invention.

Embodiment

For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.

Set forth in the following description a lot of details so that fully understand the present invention, but the present invention can also adopt other to be different from alternate manner described here, implement, so the present invention has not been subject to the restriction of following public specific embodiment.

Just as described in the background section, in prior art the fail safe of symmetrical expression encryption and decryption technology lower, and in the process of encryption and decryption, need many clock numbers to carry out nonlinear operation, thereby the efficiency of encryption and decryption is very low.

For above-mentioned defect, the invention provides a kind of symmetrical expression encipher-decipher method and symmetrical expression encrypting and deciphering system, in nonlinear operation wherein, the first random number is carried out to the second computing, obtain the 4th data, and initial SBOX and the 4th data are carried out to the first computing, obtain the 5th data, and according to the first random number, adjust the position of element in the 5th data, thereby obtained new SBOX.Owing to having used mask technology in nonlinear operation, and without memory, thus have safe, encryption/decryption speed fast, save the advantages such as hardware area.

Below in conjunction with accompanying drawing, be described in detail.

Shown in figure 2, present embodiment an embodiment provide a kind of symmetrical expression encipher-decipher method, comprises one or many interative computation, and each interative computation comprises:

Step S11, provides pending data, key and the first random number;

Step S12, carries out the first computing and the first linear operation to described pending data, key and the first random number, obtains the first data;

Step S13, carries out the first linear operation and the second computing to described the first random number, obtains the second data;

Step S14, carries out nonlinear operation to described the first data, obtains the 3rd data;

Step S15, carries out the first computing and the second linear operation to described the 3rd data and described the second data, obtains the encryption and decryption data of pending data.

The present embodiment method can be applied in arbitrary symmetrical expression encipher-decipher methods such as DES technology, AES technology or SM4 technology.

First perform step S11, pending data, key and the first random number are provided.

When interative computation is one time, described pending data are plaintext to be encrypted or ciphertext to be deciphered (hereinafter to be referred as bright ciphertext).

When interative computation is for repeatedly time, pending data described in interative computation are bright ciphertexts for the first time, and described in interative computation and follow-up interative computation, pending data are the encryption and decryption datas after a front interative computation for the second time.

It should be noted that, the present invention does not limit the bit wide of pending data.Described bit wide comprises data format, as: binary system; Also comprise element number, as: 128.

Guaranteeing that under the prerequisite that the bit wide of the first random number is identical with the bit wide of key, described key can be set arbitrarily by user, and the key in encryption and decryption is identical.

Guaranteeing, under the prerequisite that the bit wide of the first random number is identical with the bit wide of pending data, can to set arbitrarily described the first random number.

Then perform step S12, described pending data, key and the first random number are carried out to the first computing and the first linear operation, obtain the first data.

Described the first computing need to meet law of communication and associative law simultaneously.Described law of communication can be expressed as: t (x, y)=t (y, x); Described associative law can be expressed as: (wherein, t represents the functional expression of the first computing to t (x, y, z)=t for t (x, y), x)=t (x, t (y, z)); X, y and z represent respectively variable.

Particularly, described the first computing can be XOR, can be also the add operation in territory, can be also the subtraction in territory, can also be other arbitrary function that meets law of communication and associative law.

Described the first linear operation can be corresponding with concrete encipher-decipher method.

The present invention does not limit the concrete execution sequence of the first computing and the first linear operation.

In an object lesson, described pending data, key and the first random number are carried out to the first computing and the first linear operation can comprise: first described pending data, key and the first random number are carried out to the first computing, obtain the 6th data; Again described the 6th data are carried out to the first linear operation, obtain the first data.In this example, only need to carry out first linear operation, fairly simple, efficiency is high.

In another object lesson, described pending data, key and the first random number are carried out to the first computing and the first linear operation can comprise: first respectively described pending data, key and the first random number are carried out to the first linear operation, obtain the 7th data, the 8th data and the 9th data; Again described the 7th data, the 8th data and the 9th data are carried out to the first computing, obtain the first data.

Preferably, in above-mentioned two examples, between the first computing and the first linear operation, can adopt pipeline processing mode, increase the step of storage data, its specific implementation is known for those skilled in the art, does not repeat them here.

Then perform step S13, described the first random number is carried out to the first linear operation and the second computing, obtain the second data.

Described the second computing can be arbitrary linear operation, can be also arbitrary nonlinear operation.As: as described in the second computing identical with the first computing, the first linear operation or the second linear operation.

The present invention does not limit the concrete execution sequence of the second computing and the first linear operation.

Preferably, in above-mentioned two examples, between the first computing and the second linear operation, can adopt pipeline processing mode, increase the step of storage data, its specific implementation is known for those skilled in the art, does not repeat them here.

Then perform step S14, described the first data are carried out to nonlinear operation, obtain the 3rd data.

Particularly, shown in figure 3, described nonlinear operation comprises:

Step S141, provides initial SBOX;

Step S142, carries out the second computing to described the first random number, obtains the 4th data;

Step S143, carries out the first computing to described initial SBOX and described the 4th data, obtains the 5th data;

Step S144, according to described the first random number, adjusts the position of element in the 5th data, obtains new SBOX;

Step S145 selects the non-linear byte data corresponding with described the first data as the 3rd data from described new SBOX.

Described initial SBOX comprises a plurality of non-linear byte datas, and non-linear byte data is at least corresponding with the first data, and it is corresponding with concrete encipher-decipher method.Particularly, described initial SBOX can realize by the mode of combinational logic bracing wire, thereby corresponding hardware area is smaller.

Between the second computing in described nonlinear operation and the first computing, can adopt pipeline processing mode, to improve the speed of encryption and decryption.

Preferably, before carrying out described the second computing, can also carry out to described initial SBOX the inverse operation of the 3rd linear operation and the 3rd linear operation, thus the fail safe that can further improve encryption and decryption.Now, between described the second computing and described the 3rd linear operation, between described the 3rd linear operation and the inverse operation of the 3rd linear operation, also can adopt pipeline processing mode, to improve the speed of encryption and decryption.

Take binary data below as example, how to illustrate according to the first random number, adjust the position of element in the 5th data.Because initial SBOX comprises a plurality of data, therefore described initial SBOX and described the 4th data are carried out to the first computing and refer to each data in initial SBOX and described the 4th data are carried out to the first computing, thereby obtain a plurality of the 5th data.

Particularly, described the first random number comprises i+1 element, m[i] be the highest address bit element of the first random number, m[0] be the lowest address bit element of the first random number; Described the 5th data comprise n element, adopt Dx ₁x ₂... x _nrepresent, wherein x _i=1 represents that i element of the 5th data is 1, x _i=0 represents that i element of the 5th data is 0,2 ⁱ⁺¹=n.According to described the first random number, the position of adjusting element in the 5th data comprises:

According to the difference of highest addresses in the 5th data, the data in described the 5th data are divided into two first order set; As m[i]=0 time, the position of two first order set of transposing; As m[i]=1 time, without changing;

According to the difference of in the 5th data high addresses, respectively the data in described first order set are divided into two second level set; As m[i-1]=0 time, change the positions of two second level set in same first order set; As m[i-1]=1 time, without changing;

Adopt aforesaid way, according to the difference of remaining bit address in the 5th data and the value of the first random number corresponding element, division and transposing that the 5th data are gathered, until obtain 2 successively ⁱ⁺¹individual i+1 level set, and as m[0]=0 time, change the position of two i+1 level set in the set of same i level.

In an object lesson, described the first random number comprises 2 elements, is specially: 10.Described the 5th data comprise 4 elements, are specially: 1011.According to the position of element in the first random number adjustment the 5th data, comprise:

1) according to the difference of highest addresses in the 5th data, it is 1 first order set A that the 5th data are divided into highest addresses: 11 and first order set B that superlatively location is 0: 01.

2) due to m[1]=1, therefore without the position of changing first order set A and first order set B.

3) according to the difference of in the 5th data high addresss, first order set A is divided into the second level set D:1 that second level set C:1 that time high address is 1 and time high address are 0, and first order set B is divided into the second level set F:1 that second level set E:0 that time high address is 1 and time high address are 0.

4) due to m[0]=0, therefore need to change the position of second level set C and second level set D, and change the position of second level set E and second level set F, thereby obtain the 5th new data 1110.

5) all the 5th new data form the non-linear byte data of new SBOX.What now, in new SBOX, still comprise is the corresponding relation of new non-linear byte data and the first data.

After obtaining new SBOX, just can from new SBOX, select the non-linear byte data corresponding with the first data as the 3rd data.

It should be noted that, in other embodiments of the invention, can also adjust successively from low to high according to the address of the 5th data, can to the element in the 5th data, adjust according to the order of other confusion, it does not limit the scope of the invention yet.

In the nonlinear operation of the present embodiment, consider the first random number, used mask technology, can guarantee the fail safe of data in nonlinear operation, thereby can effectively defend the attack of side line signal, the fail safe that has further improved encryption and decryption.Owing to storing without the SBOX to new in nonlinear operation, therefore both can save the area of hardware, be beneficial to Highgrade integration and the miniaturization of ciphering and deciphering device; Can reduce again the needed clock number of encryption and decryption, thereby improve the efficiency of encryption and decryption.

Then perform step S15, described the 3rd data and described the second data are carried out to the first computing and the second linear operation, obtain the encryption and decryption data of pending data.

Described the second linear operation is corresponding with the concrete encipher-decipher method adopting.

Preferably, between described the first computing and described the second linear operation, can adopt pipeline processing mode, increase the step of storage data, its specific implementation is known for those skilled in the art, does not repeat them here.

The present invention does not limit the concrete execution sequence of the first computing and the second linear operation.

In an object lesson, to described the 3rd data with described the second data carry out the first computing and the second linear operation can comprise: first described the 3rd data and described the second data are carried out to the first computing, obtain the tenth data; Again described the tenth data are carried out to the second linear operation, obtain the encryption and decryption data of pending data.In this example, only need to carry out second linear operation, fairly simple, efficiency is high.

In another object lesson, to described the 3rd data with described the second data carry out the first computing and the second linear operation can comprise: first respectively described the 3rd data and described the second data are carried out to the second linear operation, obtain the 11 data and the 12 data; Again described the 11 data and described the 12 data are carried out to the first computing, obtain the encryption and decryption data of pending data.

So far, complete an interative computation or complete the encryption and decryption processing to bright ciphertext.

In the present embodiment, improving on the basis of fail safe and encryption and decryption efficiency, can be applied to all symmetrical expression encryption and decryption technology, expand the scope of application.In addition, described the first computing, described the second computing, described the first linear operation, the second linear operation, described the first random number or described the second random number all have multiple choices, thereby it is free that user can carry out, further improved fail safe and the flexibility of encryption and decryption.

Shown in figure 4, the symmetrical expression encipher-decipher method providing in another embodiment of present embodiment comprises the following steps:

Step S21, provides pending data, key and the first random number;

Step S22, carries out the first computing and the first linear operation to described pending data, key and the first random number, obtains the first data;

Step S23, carries out the first linear operation and the second computing to described the first random number, obtains the second data;

Step S24, carries out nonlinear operation to described the first data, obtains the 3rd data;

Step S25, provides the second random number;

Step S26, carries out the first computing and the second linear operation to described the 3rd data, described the second data and described the second random number, obtains the 13 data;

Step S27, carries out the inverse operation of described the first computing to described the 13 data and described the second random number, obtain the encryption and decryption data of pending data.

Compare with the method shown in Fig. 2, in the present embodiment, increased by the second random number, many heavy mask technology, thereby the fail safe that can further improve encryption and decryption.

Under the bit wide that guarantees the second random number prerequisite identical with the bit wide of the first random number, can set arbitrarily described the second random number.Described the second random number can be identical with described the first random number, also can be different.

In the present embodiment, the first computing and the second linear operation are carried out for described the 3rd data, described the second data and described the second random number simultaneously, but the present embodiment does not still limit the sequencing of the first computing and the second linear operation.

Because the present embodiment has increased the step that adds mask, therefore also need to remove the step of mask, after obtaining described the 13 data, also need described the 13 data and described the second random number to carry out the inverse operation of described the first computing, to obtain the encryption and decryption data of pending data, thereby finish this interative computation.

It should be noted that, the present embodiment method can be applied to only comprise in the encipher-decipher method of an interative computation, also can be applied to comprise repeatedly in the encipher-decipher method of interative computation.

In addition, in other embodiments, when interative computation is for repeatedly time, the step of described removal mask can be placed in next interative computation.Particularly, described the 3rd data, described the second data and described the second random number are carried out to the first computing and the second linear operation, obtain the encryption and decryption data of pending data, and in next interative computation, before described nonlinear operation, the inverse operation that data after described the first computing and described the second random number are carried out to described the first computing, to complete the step of mask the second random number.Now, the fail safe of encryption and decryption is higher.

Correspondingly, present embodiment an embodiment provide a kind of symmetrical expression encrypting and deciphering system, for bright ciphertext is carried out to one or many interative computation, comprising:

Data input module 110, for providing pending data;

Key input module 120, for providing key;

The first randomizer 130, for the first random number is provided, the bit wide correspondence of described pending data, key and the first random number is identical;

The first processing module 140, connect described data input module 110, key input module 120 and the first randomizer 130, for described pending data, key and the first random number are carried out to the first computing and the first linear operation, obtain the first data, described the first computing meets law of communication and associative law;

The second processing module 150, connects described the first randomizer 130, for described the first random number is carried out to the first linear operation and the second computing, obtains the second data;

Nonlinear block 160, connects described the first processing module 140 and the first randomizer 130, for described the first data are carried out to nonlinear operation, obtains the 3rd data;

The 3rd processing module 170, connects described the second processing module 150 and nonlinear block 160, for described the 3rd data and described the second data are carried out to the first computing and the second linear operation, obtains the encryption and decryption data of pending data;

Described nonlinear block 160 comprises:

Memory cell 161, for providing initial SBOX;

First processor 162, connects described the first randomizer 130, for described the first random number is carried out to the second computing, obtains the 4th data;

The second processor 163, connects described memory cell 161 and described first processor 162, for described initial SBOX and described the 4th data are carried out to the first computing, obtains the 5th data;

Adjustment unit 164, connects described the first randomizer 130 and described the second processor 163, for according to described the first random number, adjusts the position of element in the 5th data, obtains new SBOX;

Selected cell 165, connects described the first processing module 140 and adjustment unit 164, for selecting the non-linear byte data corresponding with described the first data as the 3rd data from described new SBOX.

Described pending data can be bright ciphertexts, can be also the encryption and decryption datas after a front interative computation.Therefore, the present embodiment can also comprise first selector (not shown), connects the input of described data input module 110, for the encryption and decryption data after bright ciphertext or a front interative computation is inputed to data input module 110.

Preferably, described nonlinear block 160 is all comprised of combinational logic device, thereby can save hardware area, is conducive to miniaturization and the Highgrade integration of encrypting and deciphering system.

The first computing and the first linear operation described in the present embodiment in the first processing module 140 can exchange sequences.

In an object lesson, described the first processing module 140 can comprise: the first computing calculator and the first linear calculator (not shown);

Described the first computing calculator connects described data input module 110, key input module 120 and the first randomizer 130, for described pending data, key and the first random number are carried out to the first computing, obtains the 6th data;

Described the first linear calculator connects described the first computing calculator and nonlinear block 160, for described the 6th data are carried out to the first linear operation, obtains the first data.

In another object lesson, described the first processing module 140 can comprise: three the first linear calculators and a first computing calculator;

Described three the first linear calculators are connection data input module 110, key input module 120 and the first randomizer 130 respectively, for respectively described pending data, key and the first random number being carried out to the first linear operation, obtain the 7th data, the 8th data and the 9th data;

Described the first computing calculator, connects described three the first linear calculators and nonlinear block 160, for described the 7th data, the 8th data and the 9th data are carried out to the first computing, obtains the first data.

In above-mentioned two object lessons, between described the first linear calculator and described the first computing calculator, can also comprise memory, for realizing pipeline organization, it is known for those skilled in the art, does not repeat them here.

The first computing and the second linear operation described in the present embodiment in the 3rd processing module 170 can exchange sequences.

In an object lesson, described the 3rd processing module 170 can comprise: the first computing calculator and the second linear calculator (not shown);

Described the first computing calculator connects described the second processing module 150 and nonlinear block 160, for described the 3rd data and described the second data are carried out to the first computing, obtains the tenth data;

Described the second linear calculator connects described the first computing calculator, for described the tenth data are carried out to the second linear operation, obtains the encryption and decryption data of pending data.

In another object lesson, described the 3rd processing module 170 can comprise: two the second linear calculators and a first computing calculator;

Described two the second linear calculators connect respectively described the second processing module 150 and nonlinear block 160, for respectively described the 3rd data and described the 4th data being carried out to the second linear operation, obtain the 11 data and the 12 data;

Described the first computing calculator connects described two the second linear calculators, for described the 11 data and described the 12 data are carried out to the first computing, obtains the encryption and decryption data of pending data.

In above-mentioned two object lessons, between described the first computing calculator and described the second linear calculator, can also comprise memory, for realizing pipeline organization, it is known for those skilled in the art, does not repeat them here.

Described the second linear calculator can be arbitrary linear calculator or arbitrary nonlinear calculator.

Described the first computing calculator can be the adder calculator in exclusive-OR operator, territory or the subtraction device in territory, can also be other calculators that meet arbitrarily law of communication and associative law.

Particularly, described the first computing calculator can comprise: the first loader, second selector and a plurality of the first arithmetic element, described second selector connects described the first loader and described the first arithmetic element, in each first arithmetic element, all store first operation function, the corresponding numbering of each first operation function, user can be by a numbering of the first loader input, and then described second selector is selected that first arithmetic element corresponding with described numbering from a plurality of the first arithmetic elements, thereby realize the free of the first operation function, improved the flexibility of encryption and decryption.

Described the second computing calculator can be arbitrary linear calculator, can be also arbitrary nonlinear calculator.

Particularly, described the second computing calculator can comprise: the second loader, third selector and a plurality of the second arithmetic element, described third selector connects described the second loader and described the second arithmetic element, in each second arithmetic element, all store second operation function, the corresponding numbering of each second operation function, user can be by a numbering of the second loader input, and then described third selector is selected that second arithmetic element corresponding with described numbering from a plurality of the second arithmetic elements, thereby realize the free of the second operation function, improved the flexibility of encryption and decryption.

In addition, described nonlinear block 160 can also comprise:

The 3rd computing calculator (not shown), connects described memory cell, for described initial SBOX is carried out to the 3rd linear operation;

The 4th computing calculator (not shown), connect described the 3rd computing calculator and described the second processor 163, for the data after the 3rd linear operation are carried out to the 3rd linear inverse computing, and the data after the 3rd linear inverse computing are sent to described the second processor 163.

Before carrying out described the second computing, by described initial SBOX being carried out to the inverse operation of the 3rd linear operation and the 3rd linear operation, the fail safe that can further improve encryption and decryption.

Take binary data below as example, illustrate that how adjustment unit 164 is according to the first random number, adjust the position of element in the 5th data.Because initial SBOX comprises a plurality of data, therefore described initial SBOX and described the 4th data are carried out to the first computing and refer to each data in initial SBOX and described the 4th data are carried out to the first computing, thereby obtain a plurality of the 5th data.

Described the first random number comprises i+1 element, m[i] be the highest address bit element of the first random number, m[0] be the lowest address bit element of the first random number; Described the 5th data comprise n element, adopt Dx ₁x ₂... x _nrepresent, wherein x _i=1 represents that i element of the 5th data is 1, x _i=0 represents that i element of the 5th data is 0,2 ⁱ⁺¹=n;

Described adjustment unit 164 can comprise: divide subelement, an i+1 reception subelement and i+1 transposing subelement for i+1;

First divides subelement according to the difference of highest addresses in the 5th data, and the data in described the 5th data are divided into two first order set;

The first input subelement connects described the first randomizer 130, for inputting m[i];

The first transposing subelement, connects described first and divides subelement and described the first input subelement, as m[i]=0 time, the position of two first order set of transposing, and the data after transposing are sent to the second division subelement; Otherwise, described two first order set are sent to the second division subelement;

Second divides subelement connects the first transposing subelement, for according to the difference of the 5th data time high address, respectively the data in described first order set is divided into two second level set;

The second input subelement connects described the first randomizer 130, for inputting m[i-1];

The second transposing subelement, connects described second and divides subelement and described the second input subelement, as m[i-1]=0 time, change the positions of two second level set in same first order set, and send to the 3rd to divide subelement the data after transposing; Otherwise, send to the 3rd to divide subelement the set of described two second level;

I+1 divides subelement and connects described i transposing subelement, for according to the difference of the 5th data lowest order address, respectively the data in the set of i level is divided into two i+1 level set;

I+1 input subelement connects described the first randomizer 130, for inputting m[0];

I+1 changes subelement, connects described i+1 and divides subelement and described i+1 input subelement, as m[0]=0 time, change the position of two i+1 level set in the set of same i level, and the data after transposing are sent to the 3rd processing module 170; Otherwise, by 2 ⁱ⁺¹the set of i+1 level sends to the 3rd processing module 170.

The specific works process of above-mentioned encrypting and deciphering system can be shown in Figure 2 encipher-decipher method, do not repeat them here.

The symmetrical expression encrypting and deciphering system that the present embodiment provides is applicable to all symmetrical expression encryption and decryption technology, can realize the compatibility of different symmetrical expression encryption and decryption technology on hardware, and safe, and speed is fast, and area occupied is little.

Compare with the encrypting and deciphering system shown in Fig. 5, shown in figure 6, in another embodiment of present embodiment, symmetrical expression encrypting and deciphering system can also comprise: the second randomizer 180 and the 5th computing calculator 190;

The second randomizer 180 connects described the 3rd processing module 170, and for the second random number is provided, described the second random number is identical with the bit wide of described the first random number;

Described the 3rd processing module 170 pairs of described the 3rd data, described the second data and described the second random numbers are carried out the first computing and the second linear operation, obtain the 13 data;

Described the 5th computing calculator 190 connects described the 3rd processing module 170 and the second randomizers 180, for described the 13 data and described the second random number being carried out to the inverse operation of described the first computing, obtains the encryption and decryption data of pending data.

In the present embodiment, the specific works process of encrypting and deciphering system can, with reference to the encipher-decipher method shown in figure 4, not repeat them here.

Compare with the encrypting and deciphering system shown in Fig. 5, shown in figure 7, in another embodiment of present embodiment, symmetrical expression encrypting and deciphering system can also comprise: the second randomizer 180 and the 6th computing calculator 200;

Described the 3rd processing module 170 pairs of described the 3rd data, described the second data and described the second random numbers are carried out the first computing and the second linear operation, obtain the encryption and decryption data of pending data;

Described the 6th computing calculator 200 connects output, the second randomizer 180 and the nonlinear block 160 of the first computing calculator, the inverse operation of carrying out described the first computing for the data to after described the first computing and described the second random number, and the data after inverse operation are sent to selected cell 165.

Compare with Fig. 6, the operation of removing mask in the present embodiment is placed in next interative computation, now, can guarantee that encryption and decryption fail safe is higher.

New SBOX of every structure in prior art, needs 64*8=512 extra clock.When interative computation number of times is 16, and while adopting different random numbers in each interative computation, need altogether 512*16=8192 clock to calculate 16 new SBOX.Correspondingly, under identical interative computation number of times, the present invention can save the clock of this part, thereby has improved the efficiency of encryption and decryption.

In addition, in prior art, new SBOX of every structure needs the memory of 4*64*8=2048bit, and the present invention adopts combinational logic, therefore omits this memory, thereby has saved hardware area.

Although the present invention discloses as above with preferred embodiment, the present invention is not defined in this.Any those skilled in the art, without departing from the spirit and scope of the present invention, all can make various changes or modifications, so protection scope of the present invention should be as the criterion with claim limited range.

Claims

1. A symmetrical encryption and decryption method, comprising one or more iterative operations, characterized in that each iterative operation comprises:

Provide the data to be processed, the key and the first random number, and the bit widths of the data to be processed, the key and the first random number are correspondingly the same;

performing a first operation and a first linear operation on the data to be processed, the key, and the first random number to obtain the first data, and the first operation satisfies the commutative law and the associative law;

performing a first linear operation and a second operation on the first random number to obtain second data;

performing a non-linear operation on the first data to obtain third data;

performing a first operation and a second linear operation on the third data and the second data to obtain encryption and decryption data of the data to be processed;

The non-linear operations include:

Provide initial SBOX;

performing a second operation on the first random number to obtain fourth data;

performing a first operation on the initial SBOX and the fourth data to obtain fifth data;

According to the first random number, adjust the position of the element in the fifth data to obtain a new SBOX;

Select non-linear byte data corresponding to the first data from the new SBOX as third data.

2. The symmetric encryption and decryption method according to claim 1, wherein performing the first operation and the first linear operation on the data to be processed, the key and the first random number comprises: first performing the first operation on the data to be processed performing a first operation on the data, the key, and the first random number to obtain sixth data; and then performing a first linear operation on the sixth data to obtain first data.

3. The symmetric encryption and decryption method according to claim 1, wherein performing the first operation and the first linear operation on the data to be processed, the key, and the first random number comprises: first performing the first operation on the data to be processed respectively. performing the first linear operation on the processed data, the key, and the first random number to obtain the seventh data, the eighth data, and the ninth data; and then performing the first operation on the seventh data, the eighth data, and the ninth data to obtain first data.

4. The symmetric encryption and decryption method according to claim 1, wherein performing the first operation and the second linear operation on the third data and the second data comprises: first performing the first operation on the third data and the second data performing a first operation on the second data to obtain tenth data; and then performing a second linear operation on the tenth data to obtain encryption and decryption data of the data to be processed.

5. The symmetric encryption and decryption method according to claim 1, wherein performing the first operation and the second linear operation on the third data and the second data comprises: first performing the first operation on the third data respectively performing a second linear operation with the second data to obtain eleventh data and twelfth data; then performing a first operation on the eleventh data and the twelfth data to obtain encryption and decryption of the data to be processed data.

6. The symmetric encryption and decryption method according to claim 1, characterized in that pipeline processing is adopted between the first operation, the first linear operation, the second operation, the second linear operation or the nonlinear operation .

7. The symmetric encryption and decryption method according to claim 1, wherein the first operation is an exclusive OR operation, an addition operation within a domain, or a subtraction operation within a domain.

8. The symmetric encryption and decryption method according to claim 1, wherein the nonlinear operation further comprises: performing a third linear operation and a third linear operation on the initial SBOX before performing the second operation. The inverse of the operation.

9. The symmetric encryption and decryption method according to claim 1, wherein, before performing the first operation and the second linear operation on the third data and the second data, a second random number is provided, so The second random number and the first random number have the same bit width; performing the first operation and the second linear operation on the third data and the second data includes: performing the first operation and the second linear operation on the third data and the second data performing the first operation and the second linear operation with the second random number to obtain the thirteenth data; performing the inverse operation of the first operation on the thirteenth data and the second random number to obtain the to-be-processed Data encryption and decryption data.

10. The symmetric encryption and decryption method according to claim 1, wherein the iterative operation is multiple times; before performing the first operation and the second linear operation on the third data and the second data , providing a second random number, the bit width of the second random number is the same as that of the first random number; performing the first operation and the second linear operation on the third data and the second data includes: performing the first operation on the second data Perform the first operation and the second linear operation on the three data, the second data and the second random number to obtain the encryption and decryption data of the data to be processed, and in the next iterative operation, before the nonlinear operation, the An inverse operation of the first operation is performed on the data after the first operation and the second random number.

11. The symmetric encryption and decryption method according to claim 1, wherein the first random number comprises i+1 elements, m[i] is the highest address bit element of the first random number, m[0 ] is the lowest address bit element of the first random number; the fifth data includes n elements, represented by Dx ₁ x ₂ ... x _n , where x _i =1 represents the i-th element of the fifth data is 1, x _i =0 means that the i-th element of the fifth data is 0, 2 ⁱ⁺¹ =n;

According to the first random number, adjusting the position of the element in the fifth data includes:

According to the difference of the highest bit address in the fifth data, the data in the fifth data is divided into two first-level sets; when m[i]=0, the positions of the two first-level sets are exchanged;

According to the difference of the second highest address in the fifth data, the data in the first-level set are divided into two second-level sets respectively; when m[i-1]=0, exchange the two sets in the same first-level set The location of the second-level collection;

Using the above method, according to the difference of the remaining bit addresses in the fifth data and the value of the element corresponding to the first random number, the fifth data is divided and exchanged until 2 ⁱ⁺¹ i+1th level sets are obtained , and when m[0]=0, exchange the positions of the two i+1th level sets in the same ith level set.

12. A symmetric encryption and decryption system, characterized in that it is used to perform one or more iterative operations on plaintext, including:

A data input module for providing data to be processed;

A key input module is used to provide a key;

The first random number generator is used to provide a first random number, and the bit widths of the data to be processed, the key and the first random number are correspondingly the same;

The first processing module is connected to the data input module, the key input module and the first random number generator, and is used to perform the first operation and the first linear operation on the data to be processed, the key and the first random number, Obtaining the first data, the first operation satisfies the commutative law and the associative law;

A second processing module, connected to the first random number generator, for performing a first linear operation and a second operation on the first random number to obtain second data;

A non-linear module, connected to the first processing module and the first random number generator, for performing non-linear operations on the first data to obtain third data;

The third processing module is connected to the second processing module and the nonlinear module, and is used to perform a first operation and a second linear operation on the third data and the second data to obtain encryption and decryption data of the data to be processed;

The nonlinear modules include:

a storage unit for providing an initial SBOX;

a first processor, connected to the first random number generator, for performing a second operation on the first random number to obtain fourth data;

a second processor, connected to the storage unit and the first processor, and configured to perform a first operation on the initial SBOX and the fourth data to obtain fifth data;

An adjusting unit, connected to the first random number generator and the second processor, is used to adjust the position of elements in the fifth data according to the first random number to obtain a new SBOX;

A selection unit is connected to the first processing module and the adjustment unit, and is configured to select non-linear byte data corresponding to the first data from the new SBOX as the third data.

13. The symmetric encryption and decryption system according to claim 12, wherein all the nonlinear modules are composed of combinational logic devices.

14. The symmetric encryption and decryption system according to claim 12, wherein the first processing module comprises: a first arithmetic calculator and a first linear calculator;

The first operation calculator is connected to the data input module, the key input module and the first random number generator, and is used to perform the first operation on the data to be processed, the key and the first random number to obtain the sixth data;

The first linear calculator is connected to the first calculation calculator and a nonlinear module, and is used to perform a first linear calculation on the sixth data to obtain first data.

15. The symmetric encryption and decryption system according to claim 12, wherein the first processing module comprises: three first linear calculators and one first arithmetic calculator;

The three first linear calculators are respectively connected to the data input module, the key input module and the first random number generator, and are used to perform the first linear operation on the data to be processed, the key and the first random number respectively, Obtain the seventh data, the eighth data and the ninth data;

The first operation calculator is connected to the three first linear calculators and the nonlinear module, and is used to perform a first operation on the seventh data, the eighth data and the ninth data to obtain the first data.

16. The symmetric encryption and decryption system according to claim 14 or 15, characterized in that, a memory is further included between the first linear calculator and the first operation calculator for implementing a pipeline structure.

17. The symmetric encryption and decryption system according to claim 12, wherein the third processing module comprises: a first arithmetic calculator and a second linear calculator;

The first operation calculator is connected to the second processing module and the nonlinear module, and is used to perform a first operation on the third data and the second data to obtain tenth data;

The second linear calculator is connected to the first calculation calculator, and is used to perform a second linear calculation on the tenth data to obtain encrypted and decrypted data of the data to be processed.

18. The symmetric encryption and decryption system according to claim 12, wherein the third processing module comprises: two second linear calculators and a first arithmetic calculator;

The two second linear calculators are respectively connected to the second processing module and the nonlinear module, and are used to perform a second linear operation on the third data and the fourth data to obtain the eleventh data and the fourth data. twelve data;

The first operation calculator is connected to the two second linear calculators, and is used to perform a first operation on the eleventh data and the twelfth data, to obtain encrypted and decrypted data of the data to be processed.

19. The symmetric encryption and decryption system according to claim 17 or 18, characterized in that, a memory is further included between the first arithmetic calculator and the second linear calculator for implementing a pipeline structure.

20. The symmetric encryption and decryption system according to claim 14, 15, 17 or 18, wherein the first operation calculator is an exclusive OR operator, an adder in a field or a subtraction in a field.

21. The symmetric encryption and decryption system according to claim 12, wherein the nonlinear module further comprises:

A third operation calculator, connected to the storage unit, for performing a third linear operation on the initial SBOX;

The fourth operation calculator, connected to the third operation calculator and the second processor, is used to perform the third linear inverse operation on the data after the third linear operation, and send the data after the third linear inverse operation to the second processor.

22. The symmetric encryption and decryption system according to claim 12, further comprising: a second random number generator and a fifth operation calculator;

The second random number generator is connected to the third processing module, and is used to provide a second random number, and the bit width of the second random number is the same as that of the first random number;

The third processing module performs a first operation and a second linear operation on the third data, the second data, and the second random number to obtain thirteenth data;

The fifth operation calculator is connected to the third processing module and the second random number generator, and is used to perform the inverse operation of the first operation on the thirteenth data and the second random number to obtain Encrypt and decrypt data for processing data.

23. The symmetric encryption and decryption system according to claim 14, further comprising: a second random number generator and a sixth operation calculator;

The third processing module performs a first operation and a second linear operation on the third data, the second data, and the second random number to obtain encrypted and decrypted data of the data to be processed;

The sixth operation calculator is connected to the output end of the first operation calculator, the second random number generator and the input end of the first linear calculator, and is used for calculating the data after the first operation and the second operation calculator. Perform the inverse operation of the first operation with two random numbers, and send the data after the inverse operation to the first linear calculator.

24. The symmetric encryption and decryption system according to claim 12, wherein the first random number includes i+1 elements, m[i] is the highest address bit element of the first random number, m[0 ] is the lowest address bit element of the first random number; the fifth data includes n elements, represented by Dx ₁ x ₂ ... x _n , where x _i =1 represents the i-th element of the fifth data is 1, x _i =0 means that the i-th element of the fifth data is 0, 2 ⁱ⁺¹ =n;

The adjustment unit includes: i+1 dividing subunits, i+1 receiving subunits and i+1 exchanging subunits;

The first dividing subunit divides the data in the fifth data into two first-level sets according to the difference of the highest bit address in the fifth data;

The first input subunit is connected to the first random number generator for inputting m[i];

The first exchange subunit connects the first division subunit and the first input subunit, and when m[i]=0, exchanges the positions of the two first-level sets, and sends the exchanged data to The second division subunit; otherwise, sending the two first-level sets to the second division subunit;

The second division subunit is connected to the first exchange subunit, and is used to divide the data in the first-level set into two second-level sets respectively according to the difference of the second highest address in the fifth data;

The second input subunit is connected to the first random number generator for inputting m[i-1];

The second exchange subunit connects the second division subunit and the second input subunit, and when m[i-1]=0, exchanges the positions of two second-level sets in the same first-level set, and sending the swapped data to the third division subunit; otherwise, sending the two second-level sets to the third division subunit;

The i+1 division subunit is connected to the i swap subunit, and is used to divide the data in the i-th level set into two i+1-th level sets respectively according to the difference of the lowest bit address in the fifth data;

The i+1th input subunit is connected to the first random number generator for inputting m[0];

The i+1th exchange subunit connects the i+1th division subunit and the i+1th input subunit, when m[0]=0, exchange two i+th level sets in the same i+th level set The position of the level 1 set, and send the swapped data to the third processing module; otherwise, send the 2 ⁱ⁺¹ i+1th level set to the third processing module.