[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116388963B - Method, device and system for encrypting packet - Google Patents

Method, device and system for encrypting packet Download PDF

Info

Publication number
CN116388963B
CN116388963B CN202310333086.9A CN202310333086A CN116388963B CN 116388963 B CN116388963 B CN 116388963B CN 202310333086 A CN202310333086 A CN 202310333086A CN 116388963 B CN116388963 B CN 116388963B
Authority
CN
China
Prior art keywords
module
data
cyclic shift
logic unit
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310333086.9A
Other languages
Chinese (zh)
Other versions
CN116388963A (en
Inventor
朱雪琼
胡成博
张子阳
路永玲
杨景刚
孙蓉
王真
贾骏
刘子全
薛海
付慧
黄强
李双伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202310333086.9A priority Critical patent/CN116388963B/en
Publication of CN116388963A publication Critical patent/CN116388963A/en
Application granted granted Critical
Publication of CN116388963B publication Critical patent/CN116388963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种分组加密方法、装置及系统,所述方法包括将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;将原始数据进行分组,获得若干组数据;分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据。本发明能够提高加密效率和降低所需能耗和内存,本发明的子密钥生成过程和数据加密过程具备一致性,能够抵抗相关密钥攻击。

The present invention discloses a group encryption method, device and system, the method comprising: inputting an original key and a round number as input data into a first round function to obtain a number of subkeys related to the round number; grouping the original data to obtain a number of groups of data; and inputting each group of data and all subkeys related to the round number as input data into a second round function to obtain a number of groups of encrypted data. The present invention can improve encryption efficiency and reduce required energy consumption and memory. The subkey generation process and data encryption process of the present invention are consistent and can resist related key attacks.

Description

一种分组加密方法、装置及系统A block encryption method, device and system

技术领域Technical Field

本发明属于网络环境下数据安全传输技术领域,具体涉及一种分组加密方法、装置及系统。The present invention belongs to the technical field of data security transmission in a network environment, and specifically relates to a packet encryption method, device and system.

背景技术Background Art

为防止数据在网络传输中的机密性,通常会利用一种加密算法将发送的消息加密成乱码后进行传输,接收者接收后通过解密将乱码还原回原本的消息。现有的标准加密算法有国际加密标准AES,中国加密标准SM4等。在物联网等资源受限环境下,中国尚未有标准的轻量级加密标准,而国际上出现了ISO标准轻量级加密算法HIGHT、PRESENT、CLEFIA以及美国NIST提出的SIMON、SPECK等。In order to prevent the confidentiality of data during network transmission, an encryption algorithm is usually used to encrypt the message to be sent into garbled code before transmission. After receiving the message, the receiver can decrypt the garbled code to restore it to the original message. The existing standard encryption algorithms include the international encryption standard AES and the Chinese encryption standard SM4. In resource-constrained environments such as the Internet of Things, China does not yet have a standard lightweight encryption standard, while the international ISO standard lightweight encryption algorithms HIGHT, PRESENT, CLEFIA and SIMON and SPECK proposed by the US NIST have emerged.

轻量级加密算法的研究尚不成熟,当前标准加密算法软硬件实现代价往往较大,甚至难以直接应用于资源极为受限的环境下;当前中国没有标准的轻量级加密算法;国际上提出的各种轻量级加密标准算法也存在各种各样的问题,如HIGHT存在全轮攻击、PRESENT算法存在非随机区分器、CLEFIA硬件实现仍然过重、以及不SIMON和SPECK没有安全性自评估结果等。The research on lightweight encryption algorithms is still immature. The current standard encryption algorithms are often expensive to implement in software and hardware, and are even difficult to directly apply in environments with extremely limited resources. China currently does not have a standard lightweight encryption algorithm. The various lightweight encryption standard algorithms proposed internationally also have various problems, such as the full-round attack of HIGHT, the non-random distinguisher of the PRESENT algorithm, the heavy weight of CLEFIA hardware implementation, and the lack of security self-assessment results of SIMON and SPECK.

发明内容Summary of the invention

针对上述问题,本发明提出一种分组加密方法、装置及系统,能够提高加密效率和降低所需能耗和内存。In view of the above problems, the present invention proposes a block encryption method, device and system, which can improve encryption efficiency and reduce required energy consumption and memory.

为了实现上述技术目的,达到上述技术效果,本发明通过以下技术方案实现:In order to achieve the above technical objectives and the above technical effects, the present invention is implemented through the following technical solutions:

第一方面,本发明提供了一种分组加密方法,包括:In a first aspect, the present invention provides a block encryption method, comprising:

将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;The original key and the round number are used as input data and input into the first round function to obtain a number of sub-keys related to the round number;

将原始数据进行分组,获得若干组数据;Group the original data to obtain several groups of data;

分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据。Each group of data and all subkeys related to the round number are respectively input as input data to the second round function to obtain several groups of encrypted data.

可选地,所述第一轮函数和第二轮函数的结构相同,均包括N个顺次相连的逻辑单元;Optionally, the first round function and the second round function have the same structure, both comprising N logical units connected in sequence;

各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;The structures of the logic units are the same, and all include a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module;

所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module;

所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit;

所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit;

所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module;

所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端。The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit.

可选地,在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:将原始密钥分为k0和t0两支密钥;Optionally, before the original key is input as input data to the first round function, the method further includes: dividing the original key into two keys, k 0 and t 0 ;

所述第一轮函数中的各逻辑单元的输出表达式为:The output expressions of each logic unit in the first round function are:

式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N。Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, <<< represents left cyclic shift, represents XOR, Represents bit modular addition, i=1,2,…N.

可选地,所述第二轮函数中的各逻辑单元的输出表达式为:Optionally, the output expression of each logic unit in the second round function is:

式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, and <<< represents left cyclic shift. represents XOR, Represents bit modular addition, i=0,2,…N-1.

可选地,在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。Optionally, when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, a padding operation is performed on the last group of data so that the length of the padded data is equal to the group length.

第二方面,本发明提供了一种分组加密装置,包括:In a second aspect, the present invention provides a block encryption device, comprising:

子密钥获取模块,用于将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;A subkey acquisition module, used to input the original key and the round number as input data into the first round function to obtain a number of subkeys related to the round number;

分组模块,用于将原始数据进行分组,获得若干组数据;A grouping module is used to group the original data to obtain several groups of data;

加密模块,用于分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据。The encryption module is used to input each group of data and all subkeys related to the round number as input data to the second round function to obtain several groups of encrypted data.

可选地,所述第一轮函数和第二轮函数的结构相同,均包括N个顺次相连的逻辑单元;Optionally, the first round function and the second round function have the same structure, both comprising N logical units connected in sequence;

各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;The structures of the logic units are the same, and all include a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module;

所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module;

所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit;

所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit;

所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module;

所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端。The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit.

可选地,在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:将原始密钥分为k0和t0两支密钥;Optionally, before the original key is input as input data to the first round function, the method further includes: dividing the original key into two keys, k 0 and t 0 ;

所述第一轮函数中的各逻辑单元的输出表达式为:The output expressions of each logic unit in the first round function are:

式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N。Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, <<< represents left cyclic shift, represents XOR, Represents bit modular addition, i=1,2,…N.

可选地,所述第二轮函数中的各逻辑单元的输出表达式为:Optionally, the output expression of each logic unit in the second round function is:

式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, <<< represents left cyclic shift, represents XOR, Represents bit modular addition, i=0,2,…N-1.

可选地,在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。Optionally, when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, a padding operation is performed on the last group of data so that the length of the padded data is equal to the group length.

第三方面,本发明提供了一种分组加密系统,包括存储介质和处理器;In a third aspect, the present invention provides a block encryption system, including a storage medium and a processor;

所述存储介质用于存储指令;The storage medium is used to store instructions;

所述处理器用于根据所述指令进行操作以执行根据第一方面中任一项所述的方法。The processor is configured to operate according to the instructions to execute the method according to any one of the first aspects.

与现有技术相比,本发明的有益效果:Compared with the prior art, the present invention has the following beneficial effects:

本发明利用第一轮函数生成若干个子密钥,利用第二轮函数和所有与轮数相关的子密钥实现数据加密,不仅能够提高加密效率,还能够降低所需能耗和内存。The present invention utilizes a first round function to generate a plurality of subkeys, and utilizes a second round function and all subkeys related to the round number to implement data encryption, which can not only improve encryption efficiency but also reduce required energy consumption and memory.

本发明中第一轮函数和第二轮函数的逻辑单元均只包含两个循环移位模块、一个模加模块和两个异或模块,结构简单,尽可能地实现轻量化。In the present invention, the logic units of the first round function and the second round function only include two cyclic shift modules, one modular addition module and two XOR modules, and the structure is simple and lightweight as much as possible.

本发明采用模加操作代替S盒(对称密钥算法执行置换计算的基本结构)操作作为算法的非线性组件,相对带S盒的传统算法而言,软件实现效率具有明显的优势,且防护侧信道攻击的代价小。The present invention adopts modular addition operation instead of S-box (the basic structure of symmetric key algorithm to perform permutation calculation) operation as the nonlinear component of the algorithm. Compared with the traditional algorithm with S-box, the software implementation efficiency has obvious advantages and the cost of protecting against side channel attacks is low.

本发明的子密钥生成过程和数据加密过程具备一致性,能够抵抗相关密钥攻击。The subkey generation process and data encryption process of the present invention are consistent and can resist related key attacks.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了使本发明的内容更容易被清楚地理解,下面根据具体实施例并结合附图,对本发明作进一步详细的说明,其中:In order to make the content of the present invention more clearly understood, the present invention is further described in detail below according to specific embodiments and in conjunction with the accompanying drawings, wherein:

图1为本发明一种实施例的分组加密方法的流程图;FIG1 is a flow chart of a block encryption method according to an embodiment of the present invention;

图2为本发明一种实施例的第一轮函数的结构示意图;FIG2 is a schematic diagram of the structure of a first round function according to an embodiment of the present invention;

图3为本发明一种实施例的第二轮函数的结构示意图。FIG3 is a schematic diagram of the structure of a second round function according to an embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明的保护范围。In order to make the purpose, technical solution and advantages of the present invention more clear, the present invention is further described in detail below in conjunction with the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not intended to limit the scope of protection of the present invention.

下面结合附图对本发明的应用原理作详细的描述。The application principle of the present invention is described in detail below in conjunction with the accompanying drawings.

实施例1Example 1

本发明提供了一种分组加密方法,如图1所示,包括以下步骤:The present invention provides a block encryption method, as shown in FIG1 , comprising the following steps:

(1)将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;(1) The original key and the round number are input into the first round function to obtain a number of subkeys related to the round number;

(3)将原始数据进行分组,获得若干组数据;(3) Grouping the original data to obtain several groups of data;

(3)分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据。(3) Each group of data and all subkeys related to the round number are input as input data to the second round function to obtain several groups of encrypted data.

在本发明实施例的一种具体实施方式中,如图2-3所示,所述第一轮函数和第二轮函数的结构相同,但是所述第一轮函数和第二轮函数的输入和输出数据是不同的;所述第一轮函数和第二轮函数均包括N个顺次相连的逻辑单元;各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;In a specific implementation of the embodiment of the present invention, as shown in FIG2-3, the first round function and the second round function have the same structure, but the input and output data of the first round function and the second round function are different; the first round function and the second round function both include N logical units connected in sequence; the structures of the logical units are the same, including a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module;

所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module;

所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit;

所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit;

所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module;

所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端。The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit.

在本发明实施例的一种具体实施方式中,在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:将原始密钥分为k0和t0两支密钥;In a specific implementation of the embodiment of the present invention, before the original key is used as input data and input into the first round function, it also includes: dividing the original key into two keys, k 0 and t 0 ;

在执行将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥步骤时,所述第一轮函数中的各逻辑单元的输出表达式为:When the step of inputting the original key and the round number as input data into the first round function to obtain a plurality of subkeys related to the round number is executed, the output expression of each logic unit in the first round function is:

式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N。在具体实施过程中,所述x1和x2可以设置为13和22,也可设置其他参数以达到相似的安全性,如2和21、22和13等。所述N可以取值为24。各子密钥的长度可以设置为64,N和各子密钥的长度也可以设置为其他合适的值。Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, <<< represents left cyclic shift, represents XOR, represents bitwise modular addition, i=1,2,…N. In a specific implementation, x1 and x2 can be set to 13 and 22, or other parameters can be set to achieve similar security, such as 2 and 21, 22 and 13, etc. N can be set to 24. The length of each subkey can be set to 64, and N and the length of each subkey can also be set to other appropriate values.

在执行分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据步骤时,所述第二轮函数中的各逻辑单元的输出表达式为:When executing the step of inputting each group of data and all subkeys related to the round number as input data to the second round function to obtain a plurality of groups of encrypted data, the output expression of each logic unit in the second round function is:

式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。在具体实施过程中,所述x1和x2可以设置为13和22,也可设置其他参数以达到相似的安全性,如2和21、22和13等。所述N可以取值为24。各组数据的长度可以设置为64,N和各子密钥的长度也可以设置为其他合适的值。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, <<< represents left cyclic shift, represents XOR, represents bit modular addition, i=0,2,…N-1. In the specific implementation process, x1 and x2 can be set to 13 and 22, and other parameters can also be set to achieve similar security, such as 2 and 21, 22 and 13, etc. N can be set to 24. The length of each group of data can be set to 64, and N and the length of each subkey can also be set to other appropriate values.

在本发明实施例的一种具体实施方式中,在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。In a specific implementation of an embodiment of the present invention, when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, the last group of data is padded so that the length of the padded data is equal to the group length.

特别地,本发明中,为提高算法的安全性,轮函数中两个循环左移操作的参数设定为13和22。In particular, in the present invention, in order to improve the security of the algorithm, the parameters of the two cyclic left shift operations in the round function are set to 13 and 22.

除了上述参数外,也可设置其他参数以达到相似的安全性,如2和21、22和13。In addition to the above parameters, other parameters can also be set to achieve similar security, such as 2 and 21, 22 and 13.

按照本发明的分组加密方法,在数据传输过程中具有轻量化、高效性、低功耗和少量内存等优势。本发明实施例中的分组加密方法可用于计算、存储资源受限的电力物联传感设备等小型器件。The packet encryption method of the present invention has the advantages of light weight, high efficiency, low power consumption and small amount of memory during data transmission. The packet encryption method in the embodiment of the present invention can be used for small devices such as power IoT sensor equipment with limited computing and storage resources.

下面结合一具体实施方式对本发明实施例中的分组加密方法进行详细说明。The block encryption method in the embodiment of the present invention is described in detail below in conjunction with a specific implementation manner.

设定分组长度为64比特,循环次数设定为24。Set the packet length to 64 bits and the number of cycles to 24.

若原始数据大于64比特,则将原始数据进行分组,并对不足64比特的分组数据进行补零,然后将每组数据分为左右两支按如下过程生成64比特输出 If the original data is larger than 64 bits, the original data is grouped and the grouped data less than 64 bits are padded with zeros, and then each group of data is divided into two left and right branches. To generate 64-bit output, proceed as follows

若原始数据正好为64比特,则直接将原始数据分为左右两支按如下过程生成64比特输出 If the original data is exactly 64 bits, the original data is directly divided into left and right branches To generate 64-bit output, proceed as follows

从64比特明文开始,该过程需要更新23次,即i=0,1,…,22。From 64-bit plaintext Initially, the process requires 23 updates, i.e., i=0,1,…,22.

最后,执行Finally, execute

生成64比特密文其中,ki是第i=0,1,…,23轮的子密钥,其生成过程如下:Generate 64-bit ciphertext Where k i is the subkey of round i=0,1,…,23, and its generation process is as follows:

假设64比特主密钥分为左右两支由(ki,ti)生成(ki+1,ti+1),i=0,1,…,23的更新过程如下:Assume that the 64-bit master key is divided into two parts: left and right The update process from (k i ,t i ) to (k i+1 ,t i+1 ), i=0,1,…,23 is as follows:

测试向量:Test vector:

明文:0x0123456789abcdefPlain text: 0x0123456789abcdef

密钥:0x0123456789abcdefKey: 0x0123456789abcdef

密文:0x8441cbc2ea3eff46。Ciphertext: 0x8441cbc2ea3eff46.

实施例2Example 2

本发明实施例中提供了一种分组加密装置,包括:An embodiment of the present invention provides a packet encryption device, including:

子密钥获取模块,用于将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;A subkey acquisition module, used to input the original key and the round number as input data into the first round function to obtain a number of subkeys related to the round number;

分组模块,用于将原始数据进行分组,获得若干组数据;A grouping module is used to group the original data to obtain several groups of data;

加密模块,用于分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据。The encryption module is used to input each group of data and all subkeys related to the round number as input data to the second round function to obtain several groups of encrypted data.

在本发明实施例的一种具体实施方式中,如图2-3所示,所述第一轮函数和第二轮函数的结构相同,但是所述第一轮函数和第二轮函数的输入和输出数据是不同的;所述第一轮函数和第二轮函数均包括N个顺次相连的逻辑单元;各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;In a specific implementation of the embodiment of the present invention, as shown in FIG2-3, the first round function and the second round function have the same structure, but the input and output data of the first round function and the second round function are different; the first round function and the second round function both include N logical units connected in sequence; the structures of the logical units are the same, including a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module;

所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module;

所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit;

所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit;

所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module;

所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端。The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit.

在本发明实施例的一种具体实施方式中,在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:将原始密钥分为k0和t0两支密钥;In a specific implementation of the embodiment of the present invention, before the original key is used as input data and input into the first round function, it also includes: dividing the original key into two keys, k 0 and t 0 ;

在执行将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥步骤时,所述第一轮函数中的各逻辑单元的输出表达式为:When the step of inputting the original key and the round number as input data into the first round function to obtain a plurality of subkeys related to the round number is executed, the output expression of each logic unit in the first round function is:

式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N。在具体实施过程中,所述x1和x2可以设置为13和22,也可设置其他参数以达到相似的安全性,如2和21、22和13等。所述N可以取值为24。各子密钥的长度可以设置为64,N和各子密钥的长度也可以设置为其他合适的值。Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, respectively, <<< represents left cyclic shift, represents XOR, represents bitwise modular addition, i=1,2,…N. In a specific implementation, x1 and x2 can be set to 13 and 22, or other parameters can be set to achieve similar security, such as 2 and 21, 22 and 13, etc. N can be set to 24. The length of each subkey can be set to 64, and N and the length of each subkey can also be set to other appropriate values.

在执行分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据步骤时,所述第二轮函数中的各逻辑单元的输出表达式为:When executing the step of inputting each group of data and all subkeys related to the round number as input data to the second round function to obtain a plurality of groups of encrypted data, the output expression of each logic unit in the second round function is:

式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。在具体实施过程中,所述x1和x2可以设置为13和22,也可设置其他参数以达到相似的安全性,如2和21、22和13等。所述N可以取值为24。各组数据的长度可以设置为64,N和各子密钥的长度也可以设置为其他合适的值。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, and <<< represents left cyclic shift. represents XOR, represents bit modular addition, i=0,2,…N-1. In the specific implementation process, x1 and x2 can be set to 13 and 22, and other parameters can also be set to achieve similar security, such as 2 and 21, 22 and 13, etc. N can be set to 24. The length of each group of data can be set to 64, and N and the length of each subkey can also be set to other appropriate values.

在本发明实施例的一种具体实施方式中,在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。In a specific implementation of an embodiment of the present invention, when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, the last group of data is padded so that the length of the padded data is equal to the group length.

下面结合一具体实施方式对本发明实施例中的分组加密装置的工作过程进行详细说明。The working process of the block encryption device in the embodiment of the present invention is described in detail below in conjunction with a specific implementation method.

设定分组长度为64比特,循环次数设定为24。Set the packet length to 64 bits and the number of cycles to 24.

若原始数据大于64比特,则将原始数据进行分组,并对不足64比特的分组数据进行补零,然后将每组数据分为左右两支按如下过程生成64比特输出 If the original data is larger than 64 bits, the original data is grouped and the grouped data less than 64 bits are padded with zeros, and then each group of data is divided into two left and right branches. To generate 64-bit output, proceed as follows

若原始数据正好为64比特,则直接将原始数据分为左右两支按如下过程生成64比特输出 If the original data is exactly 64 bits, the original data is directly divided into left and right branches To generate 64-bit output, proceed as follows

从64比特明文开始,该过程需要更新23次,即i=0,1,…,22。From 64-bit plaintext Initially, the process requires 23 updates, i.e., i=0,1,…,22.

最后,执行Finally, execute

生成64比特密文其中,ki是第i=0,1,…,23轮的子密钥,其生成过程如下:Generate 64-bit ciphertext Where k i is the subkey of round i=0,1,…,23, and its generation process is as follows:

假设64比特主密钥分为左右两支由(ki,ti)生成(ki+1,ti+1),i=0,1,…,23的更新过程如下:Assume that the 64-bit master key is divided into two parts: left and right The update process from (k i ,t i ) to (k i+1 ,t i+1 ), i=0,1,…,23 is as follows:

测试向量:Test vector:

明文:0x0123456789abcdefPlain text: 0x0123456789abcdef

密钥:0x0123456789abcdefKey: 0x0123456789abcdef

密文:0x8441cbc2ea3eff46。Ciphertext: 0x8441cbc2ea3eff46.

实施例3Example 3

基于与实施例1相同的发明构思,本发明提供了一种分组加密系统,包括存储介质和处理器;Based on the same inventive concept as that of Embodiment 1, the present invention provides a block encryption system, including a storage medium and a processor;

所述存储介质用于存储指令;The storage medium is used to store instructions;

所述处理器用于根据所述指令进行操作以执行根据实施例1中任一项所述的方法。The processor is configured to operate according to the instructions to execute the method according to any one of the embodiments 1.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment in combination with software and hardware. Moreover, the present application may adopt the form of a computer program product implemented in one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that include computer-usable program code.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to the flowchart and/or block diagram of the method, device (system) and computer program product according to the embodiment of the present application. It should be understood that each process and/or box in the flowchart and/or block diagram, and the combination of the process and/or box in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for realizing the function specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

以上结合附图对本发明的实施例进行了描述,但是本发明并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本发明的启示下,在不脱离本发明宗旨和权利要求所保护的范围情况下,还可做出很多形式,这些均属于本发明的保护之内。The embodiments of the present invention are described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the enlightenment of the present invention, ordinary technicians in this field can also make many forms without departing from the scope of protection of the purpose of the present invention and the claims, which all fall within the protection of the present invention.

以上显示和描述了本发明的基本原理和主要特征和本发明的优点。本行业的技术人员应该了解,本发明不受上述实施例的限制,上述实施例和说明书中描述的只是说明本发明的原理,在不脱离本发明精神和范围的前提下,本发明还会有各种变化和改进,这些变化和改进都落入要求保护的本发明范围内。本发明要求保护范围由所附的权利要求书及其等效物界定。The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention. It should be understood by those skilled in the art that the present invention is not limited to the above embodiments. The above embodiments and descriptions are only for explaining the principles of the present invention. Without departing from the spirit and scope of the present invention, the present invention may have various changes and improvements, which fall within the scope of the present invention to be protected. The scope of protection of the present invention is defined by the attached claims and their equivalents.

Claims (5)

1.一种分组加密方法,其特征在于,包括:1. A block encryption method, comprising: 将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;The original key and the round number are used as input data and input into the first round function to obtain a number of sub-keys related to the round number; 将原始数据进行分组,获得若干组数据;Group the original data to obtain several groups of data; 分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据;Each group of data and all subkeys related to the round number are input as input data to the second round function to obtain several groups of encrypted data; 所述第一轮函数和所述第二轮函数的结构相同,均包括N个顺次相连的逻辑单元;The first round function and the second round function have the same structure, both comprising N logical units connected in sequence; 各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;The structures of the logic units are the same, and all include a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module; 所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module; 所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit; 所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit; 所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module; 所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端;The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit; 在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:Before the original key is input as input data to the first round function, it also includes: 将原始密钥分为k0和t0两支密钥;Divide the original key into two keys, k 0 and t 0 ; 所述第一轮函数中的各逻辑单元的输出表达式为:The output expressions of each logic unit in the first round function are: 式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N;Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, respectively, <<< represents left cyclic shift, represents XOR, Represents bitwise addition, i = 1, 2, ... N; 所述第二轮函数中的各逻辑单元的输出表达式为:The output expression of each logic unit in the second round function is: 式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, and <<< represents left cyclic shift. represents XOR, Represents bit modular addition, i=0,2,…N-1. 2.根据权利要求1所述的一种分组加密方法,其特征在于:在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。2. According to claim 1, a packet encryption method is characterized in that: when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, the last group of data is padded so that the length of the padded data is equal to the group length. 3.一种分组加密装置,其特征在于,包括:3. A block encryption device, comprising: 子密钥获取模块,用于将原始密钥和轮数作为输入数据,输入至第一轮函数,获得若干个与轮数相关的子密钥;A subkey acquisition module, used to input the original key and the round number as input data into the first round function to obtain a number of subkeys related to the round number; 分组模块,用于将原始数据进行分组,获得若干组数据;A grouping module is used to group the original data to obtain several groups of data; 加密模块,用于分别将各组数据和所有与轮数相关的子密钥作为输入数据,输入至第二轮函数,得到若干组加密数据;The encryption module is used to input each group of data and all subkeys related to the round number as input data to the second round function to obtain a plurality of groups of encrypted data; 所述第一轮函数和第二轮函数的结构相同,均包括N个顺次相连的逻辑单元;The first round function and the second round function have the same structure, both comprising N logical units connected in sequence; 各逻辑单元的结构相同,均包括第一循环移位模块、第二循环移位模块、第一异或模块、第二异或模块和模加模块;The structures of the logic units are the same, and all include a first cyclic shift module, a second cyclic shift module, a first XOR module, a second XOR module and a modular addition module; 所述第一循环移位模块的一端与所述第一异或模块的一端相连,且用于作为逻辑单元的其中一个输入端,另一端与所述第二异或模块的一端相连;One end of the first cyclic shift module is connected to one end of the first XOR module and is used as one of the input ends of the logic unit, and the other end is connected to one end of the second XOR module; 所述第二异或模块的另一端用于作为逻辑单元的另一个输入端;The other end of the second XOR module is used as another input end of the logic unit; 所述第一异或模块的另一端与所述第二循环移位模块的一端相连,且用于作为逻辑单元的其中一个输出端;The other end of the first XOR module is connected to one end of the second cyclic shift module and is used as one of the output ends of the logic unit; 所述第二循环移位模块的另一端与所述模加模块的其中一端相连;The other end of the second cyclic shift module is connected to one end of the modular addition module; 所述模加模块的另一端与所述第二异或模块的另一端相连,且用于作为逻辑单元的另一个输出端;The other end of the analog addition module is connected to the other end of the second XOR module and is used as another output end of the logic unit; 在将原始密钥作为输入数据,输入至第一轮函数之前,还包括:将原始密钥分为k0和t0两支密钥;Before the original key is input as input data to the first round function, the method further includes: dividing the original key into two keys, k 0 and t 0 ; 所述第一轮函数中的各逻辑单元的输出表达式为:The output expressions of each logic unit in the first round function are: 式中,ki+1和ti+1分别表示第i逻辑单元的两支输出子密钥,ki和ti分别表示第i逻辑单元的两支输入子密钥,ci表示第i轮,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=1,2,…N;Wherein, k i+1 and t i+1 represent the two output subkeys of the ith logic unit, k i and t i represent the two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module, respectively, <<< represents left cyclic shift, represents XOR, Indicates bitwise addition, i = 1, 2, ... N; 所述第二轮函数中的各逻辑单元的输出表达式为:The output expression of each logic unit in the second round function is: 式中,分别表示第i逻辑单元的两支输出数据,分别表示第i逻辑单元的两支输入数据,ki表示第i轮的密钥,x1和x2分别表示第一循环移位模块、第二循环移位模块的移位位数,<<<表示左循环移位,表示异或,表示位模加,i=0,2,…N-1。In the formula, and Respectively represent the two output data of the i-th logic unit, and They represent two input data of the i-th logic unit, k i represents the key of the i-th round, x1 and x2 represent the shift bits of the first cyclic shift module and the second cyclic shift module respectively, and <<< represents left cyclic shift. represents XOR, Represents bit modular addition, i=0,2,…N-1. 4.根据权利要求3所述的一种分组加密装置,其特征在于,在将原始数据进行分组,获得若干组数据时,若最后一组数据的长度小于分组长度,则对最后一组数据进行填充操作,使得填充后的数据的长度等于分组长度。4. A group encryption device according to claim 3, characterized in that when the original data is grouped to obtain several groups of data, if the length of the last group of data is less than the group length, the last group of data is padded so that the length of the padded data is equal to the group length. 5.一种分组加密系统,其特征在于:包括存储介质和处理器;5. A block encryption system, characterized in that: it includes a storage medium and a processor; 所述存储介质用于存储指令;The storage medium is used to store instructions; 所述处理器用于根据所述指令进行操作以执行根据权利要求1~2中任一项所述的方法。The processor is configured to operate according to the instructions to execute the method according to any one of claims 1 to 2.
CN202310333086.9A 2023-03-30 2023-03-30 Method, device and system for encrypting packet Active CN116388963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310333086.9A CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310333086.9A CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Publications (2)

Publication Number Publication Date
CN116388963A CN116388963A (en) 2023-07-04
CN116388963B true CN116388963B (en) 2024-08-27

Family

ID=86966909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310333086.9A Active CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Country Status (1)

Country Link
CN (1) CN116388963B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10742405B2 (en) * 2016-12-16 2020-08-11 The Boeing Company Method and system for generation of cipher round keys by bit-mixers
WO2020008446A2 (en) * 2019-09-25 2020-01-09 Symbiosis International (Deemed University) A system and method for encryption and decryption of text
CN111431697B (en) * 2020-03-31 2022-06-21 衡阳师范学院 A New Lightweight Block Cipher CORL Implementation Method
CN113645615B (en) * 2021-08-12 2023-12-22 衡阳师范学院 Lightweight block cipher encryption and decryption method
CN114513298A (en) * 2022-02-18 2022-05-17 江苏大学 A Lightweight Encryption Method Accepting Any Plaintext Length
CN115694796A (en) * 2022-10-08 2023-02-03 国网江苏省电力有限公司电力科学研究院 Internet of things security encryption method and device, storage medium and electronic equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Also Published As

Publication number Publication date
CN116388963A (en) 2023-07-04

Similar Documents

Publication Publication Date Title
US8155306B2 (en) Method and apparatus for increasing the speed of cryptographic processing
CN110880967B (en) Method for parallel encryption and decryption of multiple messages by adopting packet symmetric key algorithm
CN107147487B (en) Symmetric key random block cipher
Gupta et al. An enhanced AES algorithm using cascading method on 400 bits key size used in enhancing the safety of next generation internet of things (IOT)
CN109861809B (en) Practical grouping random encryption and decryption method
CN101383703A (en) Dynamic Encryption System and Method Based on Generalized Information Domain
CN108476132A (en) Key for an encrypting operation sequence generates
CN116684071A (en) Method and system for realizing acceleration of white box protection scheme based on Boolean circuit
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
Abbas et al. An efficient implementation of PBKDF2 with RIPEMD-160 on multiple FPGAs
Chugunkov et al. Three-dimensional data stochastic transformation algorithms for hybrid supercomputer implementation
CN115314211A (en) Privacy protection machine learning training and reasoning method and system based on heterogeneous computing
CN112737767B (en) Method and system for generating message authentication code resisting differential power analysis and time attack
CN103873229B (en) Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment
CN109936437B (en) An anti-power attack method based on d+1 order mask
Goswami et al. FPGA implementation of modified SNOW 3G stream ciphers using fast and resource efficient substitution box
CN116388963B (en) Method, device and system for encrypting packet
Singh et al. Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish
CN107124267A (en) A kind of fixation bit wide key generation method on crypto chip
Rais et al. A novel FPGA implementation of AES-128 using reduced residue of prime numbers based S-Box
KR101240243B1 (en) Encryption apparatus and method according to CTR mode of AES(advanced encryption standard)
CN114244496B (en) Parallel Implementation Method of SM4 Encryption and Decryption Algorithm Based on Optimal S-box in Tower Domain
CN116318669A (en) A Lightweight Encryption Method Based on NB-IoT
CN114513298A (en) A Lightweight Encryption Method Accepting Any Plaintext Length
CN111262685A (en) Novel method and device for realizing Shield block cipher generated by secret key and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant