[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116388963B - Method, device and system for encrypting packet - Google Patents

Method, device and system for encrypting packet Download PDF

Info

Publication number
CN116388963B
CN116388963B CN202310333086.9A CN202310333086A CN116388963B CN 116388963 B CN116388963 B CN 116388963B CN 202310333086 A CN202310333086 A CN 202310333086A CN 116388963 B CN116388963 B CN 116388963B
Authority
CN
China
Prior art keywords
module
data
cyclic shift
round
exclusive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310333086.9A
Other languages
Chinese (zh)
Other versions
CN116388963A (en
Inventor
朱雪琼
胡成博
张子阳
路永玲
杨景刚
孙蓉
王真
贾骏
刘子全
薛海
付慧
黄强
李双伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202310333086.9A priority Critical patent/CN116388963B/en
Publication of CN116388963A publication Critical patent/CN116388963A/en
Application granted granted Critical
Publication of CN116388963B publication Critical patent/CN116388963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a block encryption method, a device and a system, wherein the method comprises the steps of taking an original secret key and a round number as input data, inputting the input data into a first round function, and obtaining a plurality of subsecret keys related to the round number; grouping the original data to obtain a plurality of groups of data; and respectively taking each group of data and all subkeys related to the round number as input data, and inputting the input data into a second round function to obtain a plurality of groups of encrypted data. The invention can improve encryption efficiency and reduce required energy consumption and memory, and the sub-key generation process and the data encryption process of the invention have consistency and can resist relevant key attacks.

Description

Method, device and system for encrypting packet
Technical Field
The invention belongs to the technical field of data security transmission in a network environment, and particularly relates to a method, a device and a system for encrypting a packet.
Background
To prevent confidentiality of data in network transmission, a message to be sent is generally encrypted into a messy code by using an encryption algorithm and then transmitted, and after receiving, a receiver restores the messy code to the original message by decrypting. The existing standard encryption algorithm comprises an international encryption standard AES, a Chinese encryption standard SM4 and the like. In the environment of resource limitation such as the internet of things, china does not have a standard lightweight encryption standard, and an ISO standard lightweight encryption algorithm HIGHT, PRESENT, CLEFIA, SIMON, SPECK and the like proposed by NIST in the United states appear internationally.
Research on lightweight encryption algorithms is still immature, and the implementation cost of software and hardware of the current standard encryption algorithm is often relatively high, and even the current standard encryption algorithm is difficult to directly apply to environments with extremely limited resources; there is no standard lightweight encryption algorithm in China at present; various problems exist in various lightweight encryption standard algorithms proposed internationally, such as HIGHT full round attacks, presence of non-random differentiators in the presence of the presnt algorithm, CLEFIA hardware implementation is still too heavy, and no security self-evaluation results are available in SIMON and spec.
Disclosure of Invention
Aiming at the problems, the invention provides a method, a device and a system for encrypting a packet, which can improve encryption efficiency and reduce required energy consumption and memory.
In order to achieve the technical purpose and achieve the technical effect, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides a packet encryption method, including:
the original secret key and the round number are used as input data, and are input into a first round function to obtain a plurality of sub secret keys related to the round number;
Grouping the original data to obtain a plurality of groups of data;
And respectively taking each group of data and all subkeys related to the round number as input data, and inputting the input data into a second round function to obtain a plurality of groups of encrypted data.
Optionally, the first round function and the second round function have the same structure and each comprise N logic units connected in sequence;
Each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit.
Optionally, before inputting the original key as input data to the first round of functions, the method further comprises: dividing an original key into two keys of k 0 and t 0;
the output expression of each logic unit in the first round of function is:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < < < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N.
Optionally, the output expression of each logic unit in the second round function is:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic cell, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift block, the second cyclic shift block respectively, < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1.
Optionally, when the original data is grouped to obtain a plurality of groups of data, if the length of the last group of data is smaller than the grouping length, the padding operation is performed on the last group of data, so that the length of the padded data is equal to the grouping length.
In a second aspect, the present invention provides a packet encryption apparatus comprising:
the sub-key acquisition module is used for taking the original key and the round number as input data, inputting the input data into the first round function, and obtaining a plurality of sub-keys related to the round number;
The grouping module is used for grouping the original data to obtain a plurality of groups of data;
And the encryption module is used for respectively inputting each group of data and all the subkeys related to the round number as input data to the second round function to obtain a plurality of groups of encrypted data.
Optionally, the first round function and the second round function have the same structure and each comprise N logic units connected in sequence;
Each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit.
Optionally, before inputting the original key as input data to the first round of functions, the method further comprises: dividing an original key into two keys of k 0 and t 0;
the output expression of each logic unit in the first round of function is:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < < < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N.
Optionally, the output expression of each logic unit in the second round function is:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic unit, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift module and the second cyclic shift module respectively, < < < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1.
Optionally, when the original data is grouped to obtain a plurality of groups of data, if the length of the last group of data is smaller than the grouping length, the padding operation is performed on the last group of data, so that the length of the padded data is equal to the grouping length.
In a third aspect, the present invention provides a packet encryption system comprising a storage medium and a processor;
the storage medium is used for storing instructions;
The processor is configured to operate in accordance with the instructions to perform the method according to any one of the first aspects.
Compared with the prior art, the invention has the beneficial effects that:
the invention uses the first round function to generate a plurality of sub-keys, and uses the second round function and all sub-keys related to the round number to realize data encryption, thereby not only improving encryption efficiency, but also reducing required energy consumption and memory.
The logic units of the first round function and the second round function only comprise two cyclic shift modules, one modulo addition module and two exclusive OR modules, and the invention has simple structure and realizes light weight as far as possible.
The invention adopts modulo addition operation to replace S box (basic structure of symmetric key algorithm to execute substitution calculation) operation as nonlinear component of algorithm, and compared with traditional algorithm with S box, the invention has obvious advantage of software realization efficiency and low cost of protecting side channel attack.
The sub-key generation process and the data encryption process have consistency and can resist relevant key attacks.
Drawings
In order that the invention may be more readily understood, a more particular description of the invention will be rendered by reference to specific embodiments that are illustrated in the appended drawings, in which:
FIG. 1 is a flow chart of a packet encryption method according to one embodiment of the present invention;
FIG. 2 is a schematic diagram of a first round function according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a second round function according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the detailed description and specific examples are intended for purposes of illustration only and are not intended to limit the scope of the invention.
The principle of application of the invention is described in detail below with reference to the accompanying drawings.
Example 1
The invention provides a packet encryption method, as shown in figure 1, comprising the following steps:
(1) The original secret key and the round number are used as input data, and are input into a first round function to obtain a plurality of sub secret keys related to the round number;
(3) Grouping the original data to obtain a plurality of groups of data;
(3) And respectively taking each group of data and all subkeys related to the round number as input data, and inputting the input data into a second round function to obtain a plurality of groups of encrypted data.
In a specific implementation manner of the embodiment of the present invention, as shown in fig. 2 to 3, the first round function and the second round function have the same structure, but the input and output data of the first round function and the second round function are different; the first round function and the second round function comprise N logic units which are connected in sequence; each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit.
In a specific implementation manner of the embodiment of the present invention, before the original key is input as the input data to the first round of functions, the method further includes: dividing an original key into two keys of k 0 and t 0;
When the original secret key and the round number are used as input data and are input into a first round function to obtain a plurality of round number-related subsecret key steps, the output expression of each logic unit in the first round function is as follows:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < < < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N. In the implementation, the x1 and x2 may be set to 13 and 22, and other parameters may be set to achieve similar security, such as 2 and 21, 22 and 13, etc. The N may take a value of 24. The length of each subkey may be set to 64, n and the length of each subkey may be set to other suitable values.
When each group of data and all subkeys related to the number of rounds are respectively used as input data to be input into a second round function to obtain a plurality of groups of encrypted data, the output expression of each logic unit in the second round function is as follows:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic unit, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift module and the second cyclic shift module respectively, < < < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1. In the implementation, the x1 and x2 may be set to 13 and 22, and other parameters may be set to achieve similar security, such as 2 and 21, 22 and 13, etc. The N may take a value of 24. The length of each set of data may be set to 64, n and the length of each subkey may be set to other suitable values.
In a specific implementation manner of the embodiment of the present invention, when the original data is grouped to obtain a plurality of groups of data, if the length of the last group of data is smaller than the grouping length, the filling operation is performed on the last group of data, so that the length of the filled data is equal to the grouping length.
In particular, in the present invention, to improve the security of the algorithm, the parameters of the two-cycle left shift operation in the round function are set to 13 and 22.
In addition to the above parameters, other parameters may be set to achieve similar security, such as 2 and 21, 22 and 13.
The packet encryption method has the advantages of light weight, high efficiency, low power consumption, small amount of memory and the like in the data transmission process. The packet encryption method in the embodiment of the invention can be used for small devices such as electric Internet of things sensing equipment with limited computing and storage resources.
The packet encryption method in the embodiment of the present invention will be described in detail with reference to a specific implementation manner.
The packet length is set to 64 bits and the number of cycles is set to 24.
If the original data is larger than 64 bits, the original data is grouped, zero padding is carried out on the grouping data with less than 64 bits, and then each group of data is divided into left and right branchesGenerating a 64 bit output as follows
If the original data is exactly 64 bits, the original data is directly divided into left and right branchesGenerating a 64 bit output as follows
From 64-bit plaintextInitially, the process needs to be updated 23 times, i.e. i=0, 1, …,22.
Finally, execute
Generating 64-bit ciphertextWhere k i is the sub-key of the i=0, 1, …,23 rounds, the generation process is as follows:
assume that a 64-bit master key is divided into left and right branches Generated by (k i,ti) (k i+1,ti+1), the update procedure for i=0, 1, …,23 is as follows:
Test vector:
Plaintext: 0x0123456789abcdef
Key: 0x0123456789abcdef
Ciphertext: 0x8441cbc2ea3eff46.
Example 2
The embodiment of the invention provides a packet encryption device, which comprises:
the sub-key acquisition module is used for taking the original key and the round number as input data, inputting the input data into the first round function, and obtaining a plurality of sub-keys related to the round number;
The grouping module is used for grouping the original data to obtain a plurality of groups of data;
And the encryption module is used for respectively inputting each group of data and all the subkeys related to the round number as input data to the second round function to obtain a plurality of groups of encrypted data.
In a specific implementation manner of the embodiment of the present invention, as shown in fig. 2 to 3, the first round function and the second round function have the same structure, but the input and output data of the first round function and the second round function are different; the first round function and the second round function comprise N logic units which are connected in sequence; each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit.
In a specific implementation manner of the embodiment of the present invention, before the original key is input as the input data to the first round of functions, the method further includes: dividing an original key into two keys of k 0 and t 0;
When the original secret key and the round number are used as input data and are input into a first round function to obtain a plurality of round number-related subsecret key steps, the output expression of each logic unit in the first round function is as follows:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N. In the implementation, the x1 and x2 may be set to 13 and 22, and other parameters may be set to achieve similar security, such as 2 and 21, 22 and 13, etc. The N may take a value of 24. The length of each subkey may be set to 64, n and the length of each subkey may be set to other suitable values.
When each group of data and all subkeys related to the number of rounds are respectively used as input data to be input into a second round function to obtain a plurality of groups of encrypted data, the output expression of each logic unit in the second round function is as follows:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic cell, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift block, the second cyclic shift block respectively, < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1. In the implementation, the x1 and x2 may be set to 13 and 22, and other parameters may be set to achieve similar security, such as 2 and 21, 22 and 13, etc. The N may take a value of 24. The length of each set of data may be set to 64, n and the length of each subkey may be set to other suitable values.
In a specific implementation manner of the embodiment of the present invention, when the original data is grouped to obtain a plurality of groups of data, if the length of the last group of data is smaller than the grouping length, the filling operation is performed on the last group of data, so that the length of the filled data is equal to the grouping length.
The following describes the operation of the packet encryption device in the embodiment of the present invention in detail with reference to a specific implementation manner.
The packet length is set to 64 bits and the number of cycles is set to 24.
If the original data is larger than 64 bits, the original data is grouped, zero padding is carried out on the grouping data with less than 64 bits, and then each group of data is divided into left and right branchesGenerating a 64 bit output as follows
If the original data is exactly 64 bits, the original data is directly divided into left and right branchesGenerating a 64 bit output as follows
From 64-bit plaintextInitially, the process needs to be updated 23 times, i.e. i=0, 1, …,22.
Finally, execute
Generating 64-bit ciphertextWhere k i is the sub-key of the i=0, 1, …,23 rounds, the generation process is as follows:
assume that a 64-bit master key is divided into left and right branches Generated by (k i,ti) (k i+1,ti+1), the update procedure for i=0, 1, …,23 is as follows:
Test vector:
Plaintext: 0x0123456789abcdef
Key: 0x0123456789abcdef
Ciphertext: 0x8441cbc2ea3eff46.
Example 3
Based on the same inventive concept as embodiment 1, the present invention provides a packet encryption system including a storage medium and a processor;
the storage medium is used for storing instructions;
The processor is configured to operate in accordance with the instructions to perform the method according to any one of embodiment 1.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are all within the protection of the present invention.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (5)

1. A method of packet encryption, comprising:
the original secret key and the round number are used as input data, and are input into a first round function to obtain a plurality of sub secret keys related to the round number;
Grouping the original data to obtain a plurality of groups of data;
Respectively taking each group of data and all subkeys related to the round number as input data, and inputting the input data into a second round function to obtain a plurality of groups of encrypted data;
the first round function and the second round function have the same structure and each comprise N logic units which are connected in sequence;
Each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit;
before the original key is input as the input data to the first round of functions, the method further comprises:
Dividing an original key into two keys of k 0 and t 0;
the output expression of each logic unit in the first round of function is:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N;
the output expression of each logic unit in the second round of function is:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic cell, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift block, the second cyclic shift block respectively, < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1.
2. A method of packet encryption as claimed in claim 1, wherein: when the original data are grouped to obtain a plurality of groups of data, if the length of the last group of data is smaller than the grouping length, filling operation is carried out on the last group of data, so that the length of the filled data is equal to the grouping length.
3. A packet encryption apparatus, comprising:
the sub-key acquisition module is used for taking the original key and the round number as input data, inputting the input data into the first round function, and obtaining a plurality of sub-keys related to the round number;
The grouping module is used for grouping the original data to obtain a plurality of groups of data;
The encryption module is used for respectively inputting each group of data and all subkeys related to the number of rounds as input data to a second round function to obtain a plurality of groups of encryption data;
the first round function and the second round function have the same structure and each comprise N logic units which are connected in sequence;
Each logic unit has the same structure and comprises a first cyclic shift module, a second cyclic shift module, a first exclusive-or module, a second exclusive-or module and a modulo addition module;
one end of the first cyclic shift module is connected with one end of the first exclusive-or module and is used as one input end of the logic unit, and the other end of the first cyclic shift module is connected with one end of the second exclusive-or module;
The other end of the second exclusive-or module is used as the other input end of the logic unit;
The other end of the first exclusive-or module is connected with one end of the second cyclic shift module and is used as one output end of the logic unit;
The other end of the second cyclic shift module is connected with one end of the modular addition module;
the other end of the modulo adding module is connected with the other end of the second exclusive OR module and is used as the other output end of the logic unit;
Before the original key is input as the input data to the first round of functions, the method further comprises: dividing an original key into two keys of k 0 and t 0;
the output expression of each logic unit in the first round of function is:
Wherein k i+1 and t i+1 respectively represent two output subkeys of the ith logic unit, k i and t i respectively represent two input subkeys of the ith logic unit, c i represents the ith round, x1 and x2 respectively represent shift numbers of the first cyclic shift module and the second cyclic shift module, < represents left cyclic shift, Representing the exclusive or,Representing bit modulo addition, i=1, 2, … N;
the output expression of each logic unit in the second round of function is:
In the method, in the process of the invention, AndTwo output data respectively representing the ith logic cell,AndTwo input data respectively representing the ith logic cell, k i representing the key of the ith round, x1 and x2 representing the shift bits of the first cyclic shift block, the second cyclic shift block respectively, < representing the left cyclic shift,Representing the exclusive or,Representing bit modulo addition, i=0, 2, … N-1.
4. A packet encryption apparatus according to claim 3, wherein when the original data is packetized to obtain a plurality of sets of data, if the length of the last set of data is smaller than the packet length, the padding operation is performed on the last set of data so that the length of the padded data is equal to the packet length.
5. A packet encryption system characterized by: including a storage medium and a processor;
the storage medium is used for storing instructions;
The processor is operative according to the instructions to perform the method according to any one of claims 1-2.
CN202310333086.9A 2023-03-30 2023-03-30 Method, device and system for encrypting packet Active CN116388963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310333086.9A CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310333086.9A CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Publications (2)

Publication Number Publication Date
CN116388963A CN116388963A (en) 2023-07-04
CN116388963B true CN116388963B (en) 2024-08-27

Family

ID=86966909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310333086.9A Active CN116388963B (en) 2023-03-30 2023-03-30 Method, device and system for encrypting packet

Country Status (1)

Country Link
CN (1) CN116388963B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10742405B2 (en) * 2016-12-16 2020-08-11 The Boeing Company Method and system for generation of cipher round keys by bit-mixers
WO2020008446A2 (en) * 2019-09-25 2020-01-09 Symbiosis International (Deemed University) A system and method for encryption and decryption of text
CN111431697B (en) * 2020-03-31 2022-06-21 衡阳师范学院 Novel method for realizing lightweight block cipher CORL
CN113645615B (en) * 2021-08-12 2023-12-22 衡阳师范学院 Lightweight block cipher encryption and decryption method
CN114513298A (en) * 2022-02-18 2022-05-17 江苏大学 Lightweight encryption method capable of accepting any plaintext length
CN115694796A (en) * 2022-10-08 2023-02-03 国网江苏省电力有限公司电力科学研究院 Internet of things security encryption method and device, storage medium and electronic equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314187A (en) * 2022-10-08 2022-11-08 湖南密码工程研究中心有限公司 Method and device for realizing lightweight block cipher algorithm RainSP and electronic equipment

Also Published As

Publication number Publication date
CN116388963A (en) 2023-07-04

Similar Documents

Publication Publication Date Title
Liu et al. Image encryption algorithm based on hyper-chaotic system and dynamic S-box
CN109660555A (en) Content safety sharing method and system based on proxy re-encryption
CN110880967B (en) Method for parallel encryption and decryption of multiple messages by adopting packet symmetric key algorithm
CN109861809B (en) Practical grouping random encryption and decryption method
CN114172651B (en) SM9 public key encryption algorithm and decryption algorithm GPU acceleration implementation method
Guo et al. A complexity-reduced block encryption algorithm suitable for internet of things
CN109145624A (en) A kind of more chaos text encryption algorithms based on Hadoop platform
CN111314050A (en) Encryption and decryption method and device
Lam et al. An improved method for locating and extracting the eye in human face images
CN101826959B (en) Byte-oriented key stream generation method and encryption method
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
Goswami et al. FPGA Implementation of Modified SNOW 3G Stream Ciphers Using Fast and Resource Efficient Substitution Box
CN111614457B (en) P replacement improvement-based lightweight packet encryption and decryption method, device and storage medium
Hammood et al. Enhancing security and speed of RC4
CN116388963B (en) Method, device and system for encrypting packet
CN107124267A (en) A kind of fixation bit wide key generation method on crypto chip
Li et al. An implementation method for SM4-GCM on FPGA
Schneider Lean and fast secure multi-party computation: Minimizing communication and local computation using a helper
CN115694796A (en) Internet of things security encryption method and device, storage medium and electronic equipment
CN117439744A (en) Service data transmission method and device based on service security level
Pirzada et al. The implementation of AES-CMAC authenticated encryption algorithm on FPGA
LI et al. Privacy Preserving Function Evaluation using Lookup Tables with Word-Wise FHE
kadhim Bermani et al. Efficient cryptography techniques for image encryption in cloud storage
Thirer A pipelined FPGA implementation of an encryption algorithm based on genetic algorithm
Wang et al. Attack to an image encryption based on chaotic Logistic map

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant