+

CN110166223A - A kind of Fast Software implementation method of the close SM4 of state - Google Patents

A kind of Fast Software implementation method of the close SM4 of state Download PDF

Info

Publication number
CN110166223A
CN110166223A CN201910428748.4A CN201910428748A CN110166223A CN 110166223 A CN110166223 A CN 110166223A CN 201910428748 A CN201910428748 A CN 201910428748A CN 110166223 A CN110166223 A CN 110166223A
Authority
CN
China
Prior art keywords
data
bit
groups
implementation method
bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910428748.4A
Other languages
Chinese (zh)
Other versions
CN110166223B (en
Inventor
王闯
郭华
张笑从
郜雅
高莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201910428748.4A priority Critical patent/CN110166223B/en
Publication of CN110166223A publication Critical patent/CN110166223A/en
Application granted granted Critical
Publication of CN110166223B publication Critical patent/CN110166223B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供了一种国密SM4的快速软件实现方法,该方法包括:数据编排步骤,密钥编排步骤,迭代计算步骤,数据反编排步骤,反序计算步骤。本发明使用比特切片技术、SIMD技术和复合域技术,实现256组明文消息的并行加密,将SM4中的非线性变换在复合域中实现,并将非线性变换和线性变换压缩合并,使得SM4加密算法中的合成置换T的计算由原先的一次GF(28)上的求逆运算、两次仿射变换、4次循环左移以及4次异或运算简化为一次GF(24)上的求逆运算、两次仿射变换、三次有限域GF(24)上的乘法运算以及4次以后运算,降低了计算复杂度,提高了执行效率。

The invention provides a rapid software implementation method of the national secret SM4, which comprises: a data arrangement step, a key arrangement step, an iterative calculation step, a data reverse arrangement step, and a reverse order calculation step. The present invention uses bit slice technology, SIMD technology and composite domain technology to realize the parallel encryption of 256 groups of plaintext messages, implement the nonlinear transformation in SM4 in the composite domain, and combine the nonlinear transformation and linear transformation compression to make SM4 encryption The calculation of the synthetic permutation T in the algorithm is simplified from the original inverse operation on GF(2 8 ), two affine transformations, 4 circular left shifts and 4 XOR operations to one time on GF(2 4 ). The inverse operation, two affine transformations, three multiplication operations on the finite field GF(2 4 ) and four subsequent operations reduce the computational complexity and improve the execution efficiency.

Description

一种国密SM4的快速软件实现方法A Fast Software Implementation Method of National Secret SM4

技术领域technical field

本发明涉及计算机安全技术领域,特别是一种SM4加密方法The present invention relates to the technical field of computer security, in particular to an SM4 encryption method

背景技术Background technique

数据加密时密码系统的基本任务。按加密密钥与解密密钥的关系,目前的各种数据加密体制可以分为两大类:对称密码加密体制和公钥密码加密体制。常用的对称密码方法有DES、AES、IDEA、RC6等。The fundamental task of cryptosystems is when data is encrypted. According to the relationship between encryption key and decryption key, various data encryption systems can be divided into two categories: symmetric encryption system and public key encryption system. Commonly used symmetric encryption methods include DES, AES, IDEA, RC6, etc.

SM4是一个分组密码算法,明文、密钥、密文都是128比特,加密和解密密钥相同。通过32次循环的非线性迭代轮函数来实现加密和解密。其中包括非线性变换s盒,以及由循环异或构成的线性变换。除了256字节的s盒之外,还定义了另外两组参数FK以及cK(具体数据参考密码局网站)。基本过程是首先把128比特密钥按照32比特一组分成4组,然后根据密钥扩展算法,生成32组32比特轮密钥;再把输入的128比特数据也按照32比特一组分成4组进行循环运算。SM4 is a block cipher algorithm, the plaintext, key, and ciphertext are all 128 bits, and the encryption and decryption keys are the same. Encryption and decryption are realized through a nonlinear iterative round function of 32 cycles. These include non-linear transformation s-boxes, and linear transformations consisting of circular XORs. In addition to the 256-byte s box, another two sets of parameters FK and cK are defined (refer to the website of the Cryptography Bureau for specific data). The basic process is to first divide the 128-bit key into 4 groups according to the 32-bit group, and then generate 32 groups of 32-bit round keys according to the key expansion algorithm; then divide the input 128-bit data into 4 groups according to the 32-bit group Perform a loop operation.

发明内容Contents of the invention

本发明针对目前软件实现方法中的缺陷,提出了如下改进的软件优化方法。Aiming at the defects in the current software implementation method, the present invention proposes the following improved software optimization method.

一种国密SM4的快速软件实现方法,包括:A rapid software implementation method of national secret SM4, comprising:

数据编排步骤,将256组128比特的数据表示为X[256][128],X[i]表示第i组数据,i=0,1,..,255,存在比特矩阵转置变换TRANS256(·):X[128][256]=TRANS(X[256][128]),特征在于,输入为256*128比特,输出为128*256比特,实现将256组数据的同一比特聚集在同一内存块中;Data arrangement step, 256 groups of 128-bit data are represented as X [256] [128] , X [i] represents the i-th group of data, i=0, 1, . . ., 255, and there is bit matrix transposition transformation TRANS256( ): X [128][256] =TRANS(X [256][128] ), characterized in that the input is 256*128 bits, and the output is 128*256 bits, so that the same bits of 256 sets of data are gathered in the same in memory block;

密钥编排步骤,将第k轮加密密钥记为RKk,[32],k=0,1,...,31,存在变换TRANS32(·):TRKk,[32][256]=TRANS32(RKk,[32]),其特征在于,定义{·}256表示将元素重复256次并拼接在一起,则TRKk,[i]={RKk,[i]}256,实现将密钥RK的第i个比特复制256次存入TRK的第i项;In the key arrangement step, the k-th round encryption key is recorded as RK k, [32] , k=0, 1, ..., 31, there is a transformation TRANS32(·): TRK k, [32] [256] = TRANS32 (RK k, [32] ), is characterized in that, the definition { } 256 means that elements are repeated 256 times and spliced together, then TRK k, [i] = {RK k, [i] } 256 , the realization will be The i-th bit of the key RK is copied 256 times and stored in the i-th item of TRK;

迭代计算步骤,将经过数据编排后的数据记为X256表示二维数组X[128][256]指向X[128][256]的第i*32项,i=0,1,2,3,将经过密钥编排后的第k轮加密密钥记为进行32次迭代计算: 其中,为异或运算;Iterative calculation steps, and record the data after data arrangement as X 256 represents a two-dimensional array X [128][256] , Point to the i*32th item of X [128][256] , i=0, 1, 2, 3, record the k-th round encryption key after key arrangement as Perform 32 iterative calculations: in, is an XOR operation;

数据反编排步骤,存在相同的比特矩阵转置TRANS256(·):X[256][128]=TRANS256(X[1286][256]),其特征在于,将经过迭代计算后的数据从切片后的128组256比特数据组织方式恢复到正常256组128比特数据;Data anti-arranging step, there is the same bit matrix transposition TRANS256( ): X [256][128] =TRANS256(X [1286][256] ), it is characterized in that the data after iterative calculation is obtained from the sliced The 128 groups of 256-bit data organization methods are restored to the normal 256 groups of 128-bit data;

反序计算步骤,令则输出的256组128比特的加密数据表示为 Reversing the calculation steps, let Then the output 256 groups of 128-bit encrypted data are expressed as

其中,合成置换T的输入和输出都是32*256比特,由非线性变换τ和线性变换L复合而成T(·)=L(τ(·))。Wherein, the input and output of the combined permutation T are both 32*256 bits, and T(·)=L(τ(·)) is formed by combining the nonlinear transformation τ and the linear transformation L.

更进一步地,将256组128比特数据看做两个128组128比特数据,使用SIMD思想并行实现数据编排和数据反编排,利用7组掩码完成比特矩阵转置。7组掩码的16进制表示为:Furthermore, 256 sets of 128-bit data are regarded as two 128 sets of 128-bit data, and the SIMD idea is used to implement data arrangement and data reverse arrangement in parallel, and 7 sets of masks are used to complete the bit matrix transposition. The hexadecimal representation of the 7 groups of masks is:

MASK0=5555555555555555555555555555555555555555555555555555555555555555MASK0=55555555555555555555555555555555555555555555555555555555555555

MASK1=3333333333333333333333333333333333333333333333333333333333333333MASK1=3333333333333333333333333333333333333333333333333333333333333

MASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0FMASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F

MASK3=00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FFMASK3 = 00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF

MASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFFMASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF

MASK5=00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFFMASK5 = 00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF

MASK6=0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFFMASK6 = 0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF

每组掩码为128比特。Each mask is 128 bits.

更进一步地,将256组32比特输入数据表示为:其中,均为8*256比特,则 Further, 256 sets of 32-bit input data are expressed as: in, Both are 8*256 bits, then

更进一步地,合成变换T中的非线性变换τ中的函数s(·)为:s(x256)=I(x256*A1+C1)*A2+C2,其中,I(·)为复合域GF((24)2)上的求逆运算,x256为8*256比特的行向量,A1,C1,A2,C2的形式如下:Furthermore, the function s(·) in the nonlinear transformation τ in the synthesis transformation T is: s(x 256 )=I(x 256 *A 1 +C 1 )*A 2 +C 2 , where, I( ) is the inverse operation on the composite field GF((2 4 ) 2 ), x 256 is a row vector of 8*256 bits, A 1 , C 1 , A 2 , and C 2 are in the following form:

C1={1 0 0 0 1 1 1 0}C 1 ={1 0 0 0 1 1 1 0}

C2={1 1 0 1 0 0 1 1}C 2 ={1 1 0 1 0 0 1 1}

更进一步地, go a step further,

选择h,g∈GF((24)2),h=(h1*x+h0)是g=(g1*x+g0)的逆元,其中,h1,h0,g1,g0∈GF(24)。那么有Select h, g∈GF((2 4 ) 2 ), h=(h 1 *x+h 0 ) is the inverse element of g=(g 1 *x+g 0 ), where, h 1 , h 0 , g 1 , g 0 ∈GF(2 4 ). then there is

其中,h,g的大小是8*256比特,为异或运算,乘法和求逆为有限域GF(24)上的运算,从而将复合域GF((24)2)上的求逆转换为有限域GF(24)上的乘法和求逆。Among them, the size of h and g is 8*256 bits, is an XOR operation, and the multiplication and inversion are operations on the finite field GF(2 4 ), thus converting the inversion on the composite field GF((2 4 ) 2 ) into multiplication and summing on the finite field GF(2 4 ) inverse.

定义 <<<表示循环左移操作,表示异或运算;已知 令B256=τ(A256),则 可得:definition <<< means circular left shift operation, Represents an XOR operation; known make but Let B 256 =τ(A 256 ), then Available:

其中,为异或加,从而可将线性变换优化掉。in, XOR plus, so that the linear transformation can be optimized away.

更进一步地,令a256,b256,c256∈GF(24),且c256=a256*b256则GF(24)上的乘法运算为:Furthermore, let a 256 , b 256 , c 256 ∈GF(2 4 ), and c 256 =a 256 *b 256 , then the multiplication operation on GF(2 4 ) is:

其中,为异或加法,与运算缺省表示。in, It is XOR addition, and the default representation of AND operation.

更进一步地,令a256,c256∈GF(24),且c256=(a256)-1则GF(24)上的求逆运算为:Furthermore, let a 256 , c 256 ∈GF(2 4 ), and c 256 =(a 256 ) -1 , then the inverse operation on GF(2 4 ) is:

其中,+为或或运算,~为非运算,与运算缺省表示。Among them, + is an OR operation, ~ is a NOT operation, and the AND operation is represented by default.

本发明的技术效果为:结合SIMD思想,使用比特切片技术,利用AVX2指令并行处理256组数据,使用复合域分解技术,将SM4中合成置换T中的计算进行分解,使得SM4加密算法中的非线性变换计算由原先的一次GF(2^8)求逆、两次仿射变换简化为一次GF(2^4)求逆、两次仿射变换、三次GF(2^4)上的乘法运算,降低了计算复杂度,最大化并行处理数据,提高了执行效率。The technical effects of the present invention are: combining SIMD thought, using bit slice technology, using AVX2 instruction to process 256 groups of data in parallel, using compound domain decomposition technology to decompose the calculation in the synthetic permutation T in SM4, so that non- The linear transformation calculation is simplified from the original GF(2^8) inversion and two affine transformations to one GF(2^4) inversion, two affine transformations, and three multiplication operations on GF(2^4). , reducing computational complexity, maximizing parallel processing of data, and improving execution efficiency.

附图说明Description of drawings

图1是本发明设计的SM4加密方法的系统架构图;Fig. 1 is a system architecture diagram of the SM4 encryption method designed by the present invention;

图2是本发明中复合域求逆算法的图示。Fig. 2 is an illustration of the compound field inversion algorithm in the present invention.

具体实施方式Detailed ways

下面结合附图1和2进行具体说明Describe in detail below in conjunction with accompanying drawings 1 and 2

图1示出了本发明设计的SM4加密方法,该方法包括:Fig. 1 shows the SM4 encryption method that the present invention designs, and this method comprises:

数据编排步骤,将256组128比特的数据表示为X[256][128],X[i]表示第i组数据,i=0,1,..,255,存在比特矩阵转置变换TRANS256(·):X[128][256]=TRANS(X[256][128]),特征在于,输入为256*128比特,输出为128*256比特,实现将256组数据的同一比特聚集在同一内存块中;Data arrangement step, 256 groups of 128-bit data are represented as X [256] [128] , X [i] represents the i-th group of data, i=0, 1, . . ., 255, and there is bit matrix transposition transformation TRANS256( ): X [128][256] =TRANS(X [256][128] ), characterized in that the input is 256*128 bits, and the output is 128*256 bits, so that the same bits of 256 sets of data are gathered in the same in memory block;

密钥编排步骤,将第k轮加密密钥记为RKk,[32],k=0,1,...,31,存在变换TRANS32(·):TRKk,[32][256]=TRANS32(RKk,[32]),其特征在于,定义{·}256表示将元素重复256次并拼接在一起,则TRKk,[i]={RKk,[i]}256,实现将密钥RK的第i个比特复制256次存入TRK的第i项;In the key arrangement step, the k-th round encryption key is recorded as RK k, [32] , k=0, 1, ..., 31, there is a transformation TRANS32(·): TRK k, [32] [256] = TRANS32 (RK k, [32] ), is characterized in that, the definition { } 256 means that elements are repeated 256 times and spliced together, then TRK k, [i] = {RK k, [i] } 256 , the realization will be The i-th bit of the key RK is copied 256 times and stored in the i-th item of TRK;

迭代计算步骤,将经过数据编排后的数据记为X256表示二维数组X[128][256]指向X[128][256]的第i*32项,i=0,1,2,3,将经过密钥编排后的第k轮加密密钥记为进行32次迭代计算: 其中,为异或运算;Iterative calculation steps, and record the data after data arrangement as X 256 represents a two-dimensional array X [128][256] , Point to the i*32th item of X [128][256] , i=0, 1, 2, 3, record the k-th round encryption key after key arrangement as Perform 32 iterative calculations: in, is an XOR operation;

数据反编排步骤,存在相同的比特矩阵转置TRANS256(·):X[256][128]=TRANS256(X[1286][256]),其特征在于,将经过迭代计算后的数据从切片后的128组256比特数据组织方式恢复到正常256组128比特数据;Data anti-arranging step, there is the same bit matrix transposition TRANS256( ): X [256][128] =TRANS256(X [1286][256] ), it is characterized in that the data after iterative calculation is obtained from the sliced The 128 groups of 256-bit data organization methods are restored to the normal 256 groups of 128-bit data;

反序计算步骤,令则输出的256组128比特的加密数据表示为 Reversing the calculation steps, let Then the output 256 groups of 128-bit encrypted data are expressed as

其中,合成置换T的输入和输出都是32*256比特,由非线性变换τ和线性变换L复合而成T(·)=L(τ(·))。Wherein, the input and output of the combined permutation T are both 32*256 bits, and T(·)=L(τ(·)) is formed by combining the nonlinear transformation τ and the linear transformation L.

在数据编排步骤中,需要借助7组掩码完成比特矩阵转置。将256组128比特数据看做两个128组128比特数据,使用SIMD思想并行实现数据编排和数据反编排,利用7组掩码完成比特矩阵转置。7组掩码的16进制表示为:In the data arrangement step, it is necessary to complete the bit matrix transposition with the help of 7 groups of masks. Treat 256 sets of 128-bit data as two 128 sets of 128-bit data, use SIMD idea to realize data arrangement and data reverse arrangement in parallel, and use 7 sets of masks to complete bit matrix transposition. The hexadecimal representation of the 7 groups of masks is:

MASK0=5555555555555555555555555555555555555555555555555555555555555555MASK0=55555555555555555555555555555555555555555555555555555555555555

MASK1=3333333333333333333333333333333333333333333333333333333333333333MASK1=3333333333333333333333333333333333333333333333333333333333333

MASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0FMASK2=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F

MASK3=00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FFMASK3 = 00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF

MASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFFMASK4=0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF

MASK5=00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFFMASK5 = 00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF

MASK6=0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFFMASK6 = 0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF

每组掩码为128比特。Each mask is 128 bits.

在实际加密计算中,将256组32比特输入数据表示为:其中,均为8*256比特,则 In the actual encryption calculation, 256 sets of 32-bit input data are expressed as: in, Both are 8*256 bits, then

下面是本发明的重点,将有限域GF(28)上的求逆转换为复合域GF((24)2)上的求逆,降低计算复杂度。合成变换T中的非线性变换τ中的函数s(·)为:s(x256)=I(x256*A1+C1)*A2+C2,其中,I(·)为复合域GF((24)2)上的求逆运算,x256为8*256比特的行向量,A1,C1,A2,C2的形式如下:The following is the key point of the present invention, which converts the inversion on the finite field GF(2 8 ) to the inversion on the composite field GF((2 4 ) 2 ), reducing the computational complexity. The function s(·) in the nonlinear transformation τ in the synthetic transformation T is: s(x 256 )=I(x 256 *A 1 +C 1 )*A 2 +C 2 , where I(·) is the composite The inversion operation on the field GF((2 4 ) 2 ), x 256 is an 8*256-bit row vector, and the forms of A 1 , C 1 , A 2 , and C 2 are as follows:

C1={1 0 0 0 1 1 1 0}C 1 ={1 0 0 0 1 1 1 0}

C2={1 1 0 1 0 0 1 1}C 2 ={1 1 0 1 0 0 1 1}

更进一步地, go a step further,

选择h,g∈GF((24)2),h=(h1*x+h0)是g=(g1*x+g0)的逆元,其中,h1,h0,g1,g0∈GF(24)。那么有Select h, g∈GF((2 4 ) 2 ), h=(h 1 *x+h 0 ) is the inverse element of g=(g 1 *x+g 0 ), where, h 1 , h 0 , g 1 , g 0 ∈GF(2 4 ). then there is

其中,h,g的大小是8*256比特,为异或运算,乘法和求逆为有限域GF(24)上的运算,从而将复合域GF((24)2)上的求逆转换为有限域GF(24)上的乘法和求逆。Among them, the size of h and g is 8*256 bits, is an XOR operation, and the multiplication and inversion are operations on the finite field GF(2 4 ), thus converting the inversion on the composite field GF((2 4 ) 2 ) into multiplication and summing on the finite field GF(2 4 ) inverse.

由于使用比特切片,因此可直接将线性移位的结果与目标相异或,从而优化掉移位操作。定义<<<表示循环左移操作,表示异或运算;已知 令B256=τ(A256),则 可得:Due to the use of bit slices, the result of the linear shift can be directly XORed with the target, thus optimizing the shift operation. definition <<< means circular left shift operation, Represents an XOR operation; known make but Let B 256 =τ(A 256 ), then Available:

更进一步地,令a256,b256,c256∈GF(24),且c256=a256*b256则GF(24)上的乘法运算为:Furthermore, let a 256 , b 256 , c 256 ∈GF(2 4 ), and c 256 =a 256 *b 256 , then the multiplication operation on GF(2 4 ) is:

其中,为异或加法,与运算缺省表示。in, It is XOR addition, and the default representation of AND operation.

令a256,c256∈GF(24),且c256=(a256)-1则GF(24)上的求逆运算为:Let a 256 , c 256 ∈GF(2 4 ), and c 256 =(a 256 ) -1 , then the inverse operation on GF(2 4 ) is:

其中,+为或或运算,~为非运算,与运算缺省表示。Among them, + is an OR operation, ~ is a NOT operation, and the AND operation is represented by default.

软件实现分块密码算法的一种快捷技术是复合域分解法:将S盒的复杂有限域运算同构映射到复合域中实现,加解密运算时无需查表通过运算得到结果从而避免了内存开销。S盒查表算法的输入数据是8比特,输出数据也是8比特,SM4算法的软件查表算法需要在内存中占据256x 8比特=2048比特大小的空间。本发明将S盒运算映射到复合域中实现,无需预先存储任何查找表,通过逻辑运算完成S盒运算,极大降低了计算复杂度,提高了执行效率。A shortcut technology for software implementation of block cipher algorithm is the compound field decomposition method: the complex finite field operation of the S-box isomorphically mapped to the compound field for implementation, and the encryption and decryption operations do not need to look up the table to obtain the results through the operation, thereby avoiding memory overhead. . The input data of the S-box table lookup algorithm is 8 bits, and the output data is also 8 bits. The software lookup table algorithm of the SM4 algorithm needs to occupy a space of 256x 8 bits=2048 bits in the memory. The invention maps the S-box operation to the composite domain, without pre-storing any look-up table, and completes the S-box operation through logical operation, which greatly reduces the computational complexity and improves the execution efficiency.

最后所应说明的是:以上实施例仅以说明而非限制本发明的技术方案,尽管参照上述实施例对本发明进行了详细说明,本领域的普通技术人员应当理解:依然可以对本发明进行修改后者等同替换,而不脱离本发明的精神和范围的任何修改或局部替换,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that: the above embodiments are only to illustrate and not limit the technical solutions of the present invention, although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be modified Any modification or partial replacement without departing from the spirit and scope of the present invention shall fall within the scope of the claims of the present invention.

Claims (9)

1.一种国密SM4的快速软件实现方法,其特征在于,包括:1. A fast software implementation method of national secret SM4, characterized in that, comprising: 数据编排步骤:Data orchestration steps: 将256组128比特的数据表示为X[256][128],X[i]表示第i组数据,i=0,1,...,255,存在比特矩阵转置变换TRANS256(·):使得X[128][256]=TRANS(X[256][128]),输入为256*128比特,输出为128*256比特,实现将256组数据的同一比特聚集在同一内存块中;256 groups of 128-bit data are represented as X [256][128] , X [i] represents the i-th group of data, i=0, 1, ..., 255, there is a bit matrix transposition transformation TRANS256( ): Make X [128][256] =TRANS(X [256][128] ), the input is 256*128 bits, and the output is 128*256 bits, so that the same bits of 256 groups of data are gathered in the same memory block; 密钥编排步骤:Key orchestration steps: 将第k轮加密密钥记为RKk,[32],k=0,1,...,31,存在变换TRANS32(·):TRKk,[32][256]=TRANS32(RKk,[32]),定义{·}256表示将元素重复256次并拼接在一起,则TRKk,[i]={RKk,[i]}256,实现将密钥RK的第i个比特复制256次存入TRK的第i项;Denote the k-th round encryption key as RK k, [32] , k=0, 1, ..., 31, there is a transformation TRANS32(·): TRK k, [32][256] = TRANS32(RK k, [32] ), the definition { } 256 means to repeat the elements 256 times and splicing them together, then TRK k, [i] = {RK k, [i] } 256 , to realize the copying of the i-th bit of the key RK 256 deposits into the i-th item of TRK; 迭代计算步骤:Iterative calculation steps: 将经过数据编排后的数据记为X256表示二维数组X[128][256]指向X[128][256]的第i*32项,i=0,1,2,3,将经过密钥编排后的第k轮加密密钥记为进行32次迭代计算: 其中,为异或运算;Record the data after data arrangement as X 256 represents a two-dimensional array X [128][256] , Point to the i*32th item of X [128][256] , i=0, 1, 2, 3, record the k-th round encryption key after key arrangement as Perform 32 iterative calculations: in, is an XOR operation; 数据反编排步骤:Data de-arranging steps: 存在比特矩阵转置TRANS256(·):X[256][128]=TRANS256(X[128][256]),将经过迭代计算后的数据从切片后的128组256比特数据组织方式恢复到正常256组128比特数据;There is a bit matrix transposition TRANS256( ): X [256][128] = TRANS256(X [128][256] ), the data after iterative calculation is restored to normal from the 128 groups of 256-bit data organization after slicing 256 sets of 128-bit data; 反序计算步骤:Calculation steps in reverse order: 则输出的256组128比特的加密数据表示为 make Then the output 256 groups of 128-bit encrypted data are expressed as 其中,合成置换T的输入和输出都是32*256比特,由非线性变换τ和线性变换L复合而成T(·)=L(τ(·))。Wherein, the input and output of the combined permutation T are both 32*256 bits, and T(·)=L(τ(·)) is formed by combining the nonlinear transformation τ and the linear transformation L. 2.根据权利要求1所述的国密SM4的快速软件实现方法,其特征在于,将256组128比特数据看做两个128组128比特数据,实现数据编排和数据反编排,利用7组掩码完成比特矩阵转置;7组掩码的16进制表示为:2. the fast software implementation method of national secret SM4 according to claim 1 is characterized in that, 256 groups of 128-bit data are regarded as two 128 groups of 128-bit data to realize data arrangement and data reverse arrangement, and utilize 7 groups of masks The code completes the bit matrix transposition; the hexadecimal representation of the 7 groups of masks is: MASK0=5555555555555555555555555555555555555555555555555555555555555555MASK0=55555555555555555555555555555555555555555555555555555555555555 MASK1=3333333333333333333333333333333333333333333333333333333333333333MASK1=3333333333333333333333333333333333333333333333333333333333333 MASK2=OFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFMASK2=OFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFOFO MASK3=OOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFMASK3=OOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFFOOFF MASK4=OOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFMASK4=OOOOFFFFOOOOFFFFOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFFOOOOFFFF MASK5=OOOOOOOOFFFFFFFFOOOOOOOOFFFFFFFFOOOOOOOOFFFFFFFFOOOOOOOOFFFFFFFFMASK5=OOOOOOOOFFFFFFFOOOOOOOFFFFFFFOOOOOOOFFFFFFFFFOOOOOOOFFFFFFFF MASK6=OOOOOOOOOOOOOOOOFFFFFFFFFFFFFFFFOOOOOOOOOOOOOOOOFFFFFFFFFFFFFFFFMASK6=OOOOOOOOOOOOOOOOFFFFFFFFFFFFFFFOOOOOOOOOOOOOOOOFFFFFFFFFFFFFFFF 每组掩码为128比特。Each mask is 128 bits. 3.根据权利要求1所述的国密SM4的快速软件实现方法,其特征在于,在迭代计算步骤中:将256组32比特输入数据表示为:其中,均为8*256比特,则 3. the fast software implementation method of national secret SM4 according to claim 1, is characterized in that, in iterative calculation step: 256 groups of 32 bit input data are represented as: in, Both are 8*256 bits, then 4.根据权利要求3所述的国密SM4的快速软件实现方法,其特征在于,将有限域GF(28)上的仿射变换与同构映射矩阵结合,从而将有限域GF(28)上的两次仿射变换变换为复合域GF((24)2)上的仿射变换,合成变换T中的非线性变换τ中的函数S(·)为:S(x256)=I(x256*A1+C1)*A2+C2,其中,I(·)为复合域GF((24)2)上的求逆运算,x256为8*256比特的行向量,A1,C1,A2,C2的形式如下:4. The fast software implementation method of the national secret SM4 according to claim 3 is characterized in that the affine transformation on the finite field GF(2 8 ) is combined with the isomorphic mapping matrix, thereby the finite field GF(2 8 ) is transformed into an affine transformation on the complex domain GF((2 4 ) 2 ), the function S(·) in the nonlinear transformation τ in the synthetic transformation T is: S(x 256 )= I(x 256 *A 1 +C 1 )*A 2 +C 2 , where I(·) is the inverse operation on the composite field GF((2 4 ) 2 ), and x 256 is a row of 8*256 bits The vectors, A 1 , C 1 , A 2 , C 2 are of the form: C1={1 0 0 0 1 1 1 0}C 1 ={1 0 0 0 1 1 1 0} C2={1 1 0 1 0 0 1 1}。C 2 ={1 1 0 1 0 0 1 1}. 5.根据权利要4所述的国密SM4的快速软件实现方法,其特征在于, 5. according to the fast software implementation method of national secret SM4 described in claim 4, it is characterized in that, 6.根据权利要求4所述的国密SM4的快速软件实现方法,其特征在于,选择h,g∈GF((24)2),h=(h1*x+h0)是g=(g1*x+g0)的逆元,其中,h1,h0,g1,g0∈GF(24);那么有6. the fast software implementation method of national secret SM4 according to claim 4 is characterized in that, select h, g∈GF((2 4 ) 2 ), h=(h 1 *x+h 0 ) is g= The inverse of (g 1 *x+g 0 ), where, h 1 , h 0 , g 1 , g 0 ∈GF(2 4 ); then we have 其中,h,g的大小是8*256比特,为异或运算,乘法和求逆为有限域GF(24)上的运算,从而进一步将复合域GF((24)2)上的一次求逆转换为有限域GF(24)上的一次求逆和三次乘法。Among them, the size of h and g is 8*256 bits, is an XOR operation, and multiplication and inversion are operations on the finite field GF(2 4 ), thus further transforming an inversion on the composite field GF((2 4 ) 2 ) into an operation on the finite field GF(2 4 ) One inversion and three multiplications. 7.根据权利要求5所述的国密SM4的快速软件实现方法,其特征在于,定义 <<<表示循环左移操作,表示异或运算;已知 令B256=τ(A256),则其中,0≤k≤31,可得:7. the fast software implementation method of national secret SM4 according to claim 5, is characterized in that, defines <<< means circular left shift operation, Represents an XOR operation; known make but Let B 256 =τ(A 256 ), then Among them, 0≤k≤31, can get: 其中,为异或加,经过切片操作,可以实现将线性变换由原先的四次循环左移和四次异或简化为四次异或,循环左移可通过直接索引优化掉。in, For XOR addition, after slicing operations, the linear transformation can be simplified from the original four times of circular left shift and four times of XOR to four times of XOR, and the circular left shift can be optimized by direct indexing. 8.根据权利要求6所述的国密SM4的快速软件实现方法,其特征在于,令 a256,b256,c256∈GF(24)且c256=a256*b256,则GF(24)上的乘法运算为:8. the fast software implementation method of national secret SM4 according to claim 6, is characterized in that, order a 256 , b 256 , c 256 ∈GF(2 4 ) and c 256 =a 256 *b 256 , then the multiplication operation on GF(2 4 ) is: 其中,为异或加法,与运算缺省表示。in, It is XOR addition, and the default representation of AND operation. 9.根据权利要求6所述的国密SM4的快速软件实现方法,其特征在于,令 a256,c256∈GF(24),且c256=(a256)-1,则GF(24)上的求逆运算为:9. the fast software implementation method of national secret SM4 according to claim 6, is characterized in that, order a 256 , c 256 ∈GF(2 4 ), and c 256 =(a 256 ) -1 , then the inverse operation on GF(2 4 ) is: 其中,+为或或运算,~为非运算,与运算缺省表示。Among them, + is an OR operation, ~ is a NOT operation, and the AND operation is represented by default.
CN201910428748.4A 2019-05-22 2019-05-22 A Fast Implementation Method of National Secret Block Cipher Algorithm SM4 Expired - Fee Related CN110166223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910428748.4A CN110166223B (en) 2019-05-22 2019-05-22 A Fast Implementation Method of National Secret Block Cipher Algorithm SM4

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910428748.4A CN110166223B (en) 2019-05-22 2019-05-22 A Fast Implementation Method of National Secret Block Cipher Algorithm SM4

Publications (2)

Publication Number Publication Date
CN110166223A true CN110166223A (en) 2019-08-23
CN110166223B CN110166223B (en) 2021-08-13

Family

ID=67631792

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910428748.4A Expired - Fee Related CN110166223B (en) 2019-05-22 2019-05-22 A Fast Implementation Method of National Secret Block Cipher Algorithm SM4

Country Status (1)

Country Link
CN (1) CN110166223B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111736902A (en) * 2020-07-16 2020-10-02 北京炼石网络技术有限公司 Parallel computing method and device of SM4 based on SIMD (Single instruction multiple data) instructions and readable storage medium
CN111865559A (en) * 2020-06-16 2020-10-30 郑州信大捷安信息技术股份有限公司 Rapid realization method and device for SM4 algorithm
CN112507644A (en) * 2020-12-03 2021-03-16 湖北大学 Optimized SM4 algorithm linear layer circuit
CN112543096A (en) * 2020-12-16 2021-03-23 北京马赫谷科技有限公司 Data processing method, device, equipment and medium based on SIMD (Single instruction multiple data) instruction
CN113922948A (en) * 2021-10-13 2022-01-11 中国人民解放军国防科技大学 National secret algorithm SM4 data encryption method and system based on compound domain round function
CN114091086A (en) * 2022-01-14 2022-02-25 麒麟软件有限公司 Rapid realization method of SM4 algorithm based on bit slice
CN114143413A (en) * 2021-11-26 2022-03-04 佛山芯珠微电子有限公司 Image data PUF (physical unclonable function) security encryption system and encryption method
CN114244496A (en) * 2021-12-01 2022-03-25 华南师范大学 Parallelization Implementation Method of SM4 Encryption and Decryption Algorithm Based on Tower Domain Optimization S-box
CN114710285A (en) * 2022-05-19 2022-07-05 北京大学 High-performance SM4 bit slice optimization method for heterogeneous parallel architecture
CN115102692A (en) * 2022-06-30 2022-09-23 阿里巴巴(中国)有限公司 A method, device and device for implementing a block cipher algorithm
CN115499152A (en) * 2022-07-27 2022-12-20 北京航空航天大学 SM4 rapid software implementation method based on register optimization

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 Parallel Encryption and Decryption Communication Method Based on GPU
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
US20160231991A1 (en) * 2015-02-05 2016-08-11 Weng Tianxiang Systematic method of coding wave-pipelined circuits in HDL
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN104639314A (en) * 2014-12-31 2015-05-20 深圳先进技术研究院 Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
US20160231991A1 (en) * 2015-02-05 2016-08-11 Weng Tianxiang Systematic method of coding wave-pipelined circuits in HDL
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 Parallel Encryption and Decryption Communication Method Based on GPU
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN106712930A (en) * 2017-01-24 2017-05-24 北京炼石网络技术有限公司 SM4 encryption method and device
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李军 等: "SM4分组密码算法可编程实现研究", 《通信技术》 *
梁浩 等: "基于复合域的SM4算法的设计与实现", 《微电子学与计算机》 *
郎欢 等: "SM4的快速软件实现技术", 《中国科学院大学学报》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865559A (en) * 2020-06-16 2020-10-30 郑州信大捷安信息技术股份有限公司 Rapid realization method and device for SM4 algorithm
CN111865559B (en) * 2020-06-16 2022-02-18 郑州信大捷安信息技术股份有限公司 Rapid realization method and device for SM4 algorithm
CN111736902B (en) * 2020-07-16 2022-04-19 北京炼石网络技术有限公司 Parallel computing method and device of SM4 based on SIMD (Single instruction multiple data) instructions and readable storage medium
CN111736902A (en) * 2020-07-16 2020-10-02 北京炼石网络技术有限公司 Parallel computing method and device of SM4 based on SIMD (Single instruction multiple data) instructions and readable storage medium
CN112507644A (en) * 2020-12-03 2021-03-16 湖北大学 Optimized SM4 algorithm linear layer circuit
CN112507644B (en) * 2020-12-03 2021-05-14 湖北大学 Optimized SM4 algorithm linear layer circuit
CN112543096A (en) * 2020-12-16 2021-03-23 北京马赫谷科技有限公司 Data processing method, device, equipment and medium based on SIMD (Single instruction multiple data) instruction
CN112543096B (en) * 2020-12-16 2024-11-22 北京马赫谷科技有限公司 Data processing method, device, equipment and medium based on SIMD instructions
CN113922948A (en) * 2021-10-13 2022-01-11 中国人民解放军国防科技大学 National secret algorithm SM4 data encryption method and system based on compound domain round function
CN113922948B (en) * 2021-10-13 2023-10-03 中国人民解放军国防科技大学 National secret algorithm SM4 data encryption method and system based on composite domain round function
CN114143413A (en) * 2021-11-26 2022-03-04 佛山芯珠微电子有限公司 Image data PUF (physical unclonable function) security encryption system and encryption method
CN114143413B (en) * 2021-11-26 2023-11-03 佛山芯珠微电子有限公司 Image data PUF (physical unclonable function) secure encryption system and encryption method
CN114244496B (en) * 2021-12-01 2023-07-18 华南师范大学 Parallel Implementation Method of SM4 Encryption and Decryption Algorithm Based on Optimal S-box in Tower Domain
CN114244496A (en) * 2021-12-01 2022-03-25 华南师范大学 Parallelization Implementation Method of SM4 Encryption and Decryption Algorithm Based on Tower Domain Optimization S-box
CN114091086A (en) * 2022-01-14 2022-02-25 麒麟软件有限公司 Rapid realization method of SM4 algorithm based on bit slice
CN114710285A (en) * 2022-05-19 2022-07-05 北京大学 High-performance SM4 bit slice optimization method for heterogeneous parallel architecture
CN115102692A (en) * 2022-06-30 2022-09-23 阿里巴巴(中国)有限公司 A method, device and device for implementing a block cipher algorithm
CN115499152A (en) * 2022-07-27 2022-12-20 北京航空航天大学 SM4 rapid software implementation method based on register optimization
CN115499152B (en) * 2022-07-27 2025-01-03 北京航空航天大学 SM4 rapid software implementation method based on register optimization

Also Published As

Publication number Publication date
CN110166223B (en) 2021-08-13

Similar Documents

Publication Publication Date Title
CN110166223B (en) A Fast Implementation Method of National Secret Block Cipher Algorithm SM4
Chen et al. Differential cryptanalysis of a novel image encryption algorithm based on chaos and Line map
Singh et al. Image encryption and decryption using blowfish algorithm in MATLAB
US11546135B2 (en) Key sequence generation for cryptographic operations
US7532721B2 (en) Implementation of a switch-box using a subfield method
TWI571091B (en) Technologies for modifying a first cryptographic cipher with operations of a second cryptographic cipher
US20060023875A1 (en) Enhanced stream cipher combining function
JP2008523728A (en) Method and apparatus for improving the speed of encryption processing
CN106712930A (en) SM4 encryption method and device
CN102035641A (en) Device and method for implementing AES encryption and decryption
Aparna et al. Implementation of AES algorithm on text and image using MATLAB
Zhang et al. The probabilistic image encryption algorithm based on galois field GF (257)
Zhang et al. A unified improvement of the AES algorithm
CN114244496B (en) Parallel Implementation Method of SM4 Encryption and Decryption Algorithm Based on Optimal S-box in Tower Domain
Acharya Image encryption using a new chaos based encryption algorithm
JP2002510058A (en) Method for cryptographic conversion of binary data blocks
Hussain et al. Efficient video encryption using lightweight cryptography algorithm
Parihar et al. Blowfish algorithm: a detailed study
Buell Modern symmetric ciphers—Des and Aes
RU2738321C1 (en) Cryptographic transformation method and device for its implementation
Venkatesha et al. AES based algorithm for image encryption and decryption
Chen et al. A novel pseudo-random number assisted fast image encryption algorithm
Bajaj et al. AES algorithm for encryption
Dalakoti et al. Hardware efficient AES for image processing with high throughput
Manish et al. Secure Image Encryption using AES Algorithm with Dynamic Key Generation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210813

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载