Search

CN-120880640-B - Lightweight encryption method and device based on ARX module

CN120880640BCN 120880640 BCN120880640 BCN 120880640BCN-120880640-B

Abstract

The invention discloses a lightweight encryption method and device based on an ARX module. The method comprises the steps of storing a main key in a Linear Feedback Shift Register (LFSR), recording four beats of the LFSR as one round and generating a sub-key, forming a sub-key sequence by the 32 sub-keys generated in sequence, obtaining plaintext to be encrypted, grouping the plaintext to be encrypted, conducting 32 rounds of encryption on each group of plaintext based on the sub-key sequence, merging encrypted ciphertext of each group of plaintext to obtain integral encrypted ciphertext corresponding to the plaintext to be encrypted, obtaining the integral encrypted ciphertext by a decryption party, grouping the integral encrypted ciphertext, each group of the integral encrypted ciphertext comprises 128 bits, and conducting decryption operation on each group of ciphertext based on the sub-key sequence. The invention can not only meet the high efficiency in the scene of limited resources, but also resist the security threat brought by differential analysis and linear analysis.

Inventors

  • LI YANJUN
  • HUO SHANSHAN
  • LIU JIAN
  • HUANG DINGWEN
  • WANG YITING
  • Pei shuai
  • JIN XIA
  • ZHAO BAOJUN

Assignees

  • 中国电子科技集团公司第十五研究所

Dates

Publication Date
20260508
Application Date
20250716

Claims (7)

  1. 1. A lightweight encryption method based on an ARX module, comprising: Step S1, acquiring a 256-bit master key from a key storage area, and storing the master key in a Linear Feedback Shift Register (LFSR), wherein four beats of LFSR precession are recorded as one round and a sub-key is generated, and each time the LFSR precesses by one beat, one quarter of the sub-key corresponding to the round is generated based on the LFSR current state value and the current round constant, and the LFSR current state value is updated; Step S2, obtaining plaintext to be encrypted, grouping the plaintext to be encrypted, wherein each group comprises 128 bits, carrying out 32 rounds of encryption on each group of plaintext based on a sub-key sequence, and taking the current encryption result after 32 rounds of encryption as the encryption ciphertext of the group of plaintext; Wherein each round of encryption comprises: acquiring a current encryption result of the group of plaintext; The method comprises the steps of obtaining a subkey which is sequenced at the forefront and does not encrypt the group of plaintext according to the sequence of the subkeys, encrypting the current encryption result based on the subkey, and taking the encrypted result as the current encryption result of the group of plaintext; step S3, the decryption party obtains the whole encrypted ciphertext, groups the whole encrypted ciphertext, wherein each group comprises 128 bits; In the step S1, the LFSR precesses four beats as one round and generates a subkey, wherein, each time the LFSR precesses one beat, a quarter of the subkey corresponding to the round is generated based on the LFSR current state value and the current round constant, and updating the LFSR current state value includes: step S11, uniformly dividing the LFSR current state value into 8 sub-sequences, and recording the LFSR current state value as , wherein, , As a string of 32 bits, In order to link the symbols, For a sub-sequence of LFSR current state values, Bits in the LFSR current state value are higher than Bits in the LFSR current state value, i.e., the 256-bit LFSR current state value is arranged in the left according to the high bits; Step S12, acquiring the round count i, initializing the count num to be zero, initializing the subkey corresponding to the round, and recording as ; Step S13, if num is less than 3, proceeding to step S14, otherwise, outputting the sub-key of the ith round ; Step S14, connecting Assigned as The LFSR performs right shift operation on the LFSR current state value by 32 bits, outputs 32 bits at the rightmost end, and outputs the result Updated to , wherein, For the round-trip constant, The function is a linear transformation operation that is performed, The linear transformation operation performed by the function is: ; ; ; ; ; ; ; ; Wherein, the Respectively linear transformation operations The input of the function is provided by, Respectively linear transformation operations The output of the function is provided as, For the left cyclic shift operation, Is an exclusive or operation; Updating LFSR current state value to be And updating the data value of the data stored in the LFSR in real time based on the current state value of the LFSR, and making num equal to num plus 1 to enter step S13.
  2. 2. The method according to claim 1, wherein said step S2 is to obtain a current encryption result of the set of plaintext; The method comprises the steps of obtaining the subkeys which are ordered at the forefront and do not encrypt the group of plaintext according to the order of the subkey sequence, encrypting the current encryption result based on the subkeys, and taking the encrypted result as the current encryption result of the group of plaintext, wherein the method comprises the following steps: step S21, obtaining the current encryption result of the group of plaintext, wherein when the group of plaintext is not encrypted, the group of plaintext is used as the current encryption result, and the current encryption result is arranged at the left according to the upper bits and is recorded as , All are 32 bits and are stored in a register respectively, j is the encrypted round number; acquiring the top-ranked subkeys in the order of the sequence of subkeys, without encrypting the set of plaintext ; Left-hand cyclic shift by 5 bits and then Performing exclusive-or operation to obtain a first exclusive-or result, and maintaining Invariably, the first exclusive OR result is combined with The carry-in operation is performed such that, Left-hand cyclic shift of 7 bits and then Performing exclusive-or operation to obtain a second exclusive-or result, and maintaining Invariably, and the second exclusive OR result Carry adding operation is carried out, and a current encryption result of the group of plaintext is obtained; At this time, the current encryption result of the set of plaintext is updated as: ; step S22, circularly shifting the current encryption result of the group of plaintext by 32 bits to the left, and updating the current encryption result of the group of plaintext to be: ; Step S23, the current encryption result of the group of plaintext is added Left circularly shifting 11 bits and then Performing exclusive-or operation to obtain a third exclusive-or result, and maintaining Invariably, and the third exclusive OR result The carry-in operation is performed such that, Left cycle 13 bit shift and then Performing exclusive-or operation to obtain a fourth exclusive-or result, and maintaining Invariably, and the fourth exclusive OR result Carry adding operation is carried out, and a current encryption result of the group of plaintext is obtained; and step S24, circularly leftwards shifting the current encryption result of the group of plaintext by 32 bits to obtain the current encryption result of the group of plaintext.
  3. 3. The method of claim 2, wherein the step S3 comprises the decryption party obtaining the whole encrypted ciphertext, grouping the whole encrypted ciphertext into groups, each group comprising 128 bits, and decrypting each group of ciphertext based on the sub-key sequence, comprising: S31, the decryption party acquires the whole encrypted ciphertext and acquires the reverse sequence of the sub-key sequence, and the whole encrypted ciphertext is grouped, wherein each group comprises 128 bits; step S32, for each group of encrypted ciphertext 128 bits: The method comprises the steps of obtaining a sub-key which is sequenced at the last and does not decrypt the group of encrypted ciphertexts according to the sequence of the sub-key, decrypting the current decryption result based on the sub-key, and taking the decrypted result as the current decryption result of the group of encrypted ciphertexts; Taking the current decryption result after decryption of the subkey of the positive sequence first bit in the subkey sequence as the decryption result of the group of encrypted ciphertext; and step S33, combining the decryption results of the encrypted ciphertext into the decryption results of the encrypted ciphertext.
  4. 4. The method of claim 3, wherein the obtaining the subkeys ordered last in the sequence of subkeys and not decrypting the set of encrypted ciphertexts, decrypting the current decryption result based on the subkeys, the decrypted result being the current decryption result for the set of encrypted ciphertexts, comprises: Step S321, obtaining a current decryption result of the group of encrypted ciphertexts, wherein when the group of encrypted ciphertexts are not decrypted, the group of encrypted ciphertexts are used as the current decryption result; the sub-keys ordered last in the order of the sub-key sequence and not decrypting the bit string of the set of encrypted ciphertexts are obtained ; Step S322, arranging the current decryption result according to the upper bits at left, and recording as , 32 Bits each and each stored in a register, will Performing circular right shift operation to obtain the current decryption result of the group of encrypted ciphertext; step S323: Remain unchanged, will And (3) with Performing borrowing and subtracting operation to obtain a first borrowing and subtracting operation result, and combining the first borrowing and subtracting operation result with the first borrowing and subtracting operation result Performing exclusive-or operation to obtain a fifth exclusive-or result, right-circularly shifting the fifth exclusive-or result by 11 bits, Remain unchanged, will And (3) with Performing the borrowing and subtracting operation to obtain a second borrowing and subtracting operation result, and combining the second borrowing and subtracting operation result with the second borrowing and subtracting operation result Performing an exclusive-or operation to obtain a sixth exclusive-or result, further obtaining a current decryption result of the group of encrypted ciphertexts, and right-circularly shifting the current decryption result of the group of encrypted ciphertexts by 13 bits to obtain the current decryption result of the group of encrypted ciphertexts; at this time, the current decryption result of the set of encrypted ciphertexts is updated as: ; step S324, the current decryption result of the group of encrypted ciphertexts is circularly shifted to the right to obtain the current decryption result of the group of encrypted ciphertexts; Step S325: Remain unchanged, will And (3) with Performing borrowing and subtracting operation to obtain a third borrowing and subtracting operation result, and combining the third borrowing and subtracting operation result with the third borrowing and subtracting operation result Performing exclusive-or operation to obtain a seventh exclusive-or result, right-circularly shifting the seventh exclusive-or result by 5 bits, Remain unchanged, will And (3) with Performing borrowing and subtracting operation to obtain a fourth borrowing and subtracting operation result, and combining the fourth borrowing and subtracting operation result with the fourth borrowing and subtracting operation result Performing exclusive-or operation to obtain an eighth exclusive-or result, further obtaining a current decryption result of the group of encrypted ciphertexts, and right-circularly shifting the current decryption result of the group of encrypted ciphertexts by 7 bits to obtain the current decryption result of the group of encrypted ciphertexts.
  5. 5. Lightweight encryption device based on an ARX module for performing the method of any one of claims 1-4, characterized in that the lightweight encryption device comprises: The sub-key generation module is configured to acquire a 256-bit main key from the key storage area, store the main key in a Linear Feedback Shift Register (LFSR), record four beats of LFSR as one round and generate a sub-key, wherein each beat of LFSR, based on the LFSR current state value and the current round constant, generate one quarter of the sub-key corresponding to the round, update the LFSR current state value; The encryption module is configured to acquire plaintext to be encrypted, group the plaintext to be encrypted into groups, each group comprises 128 bits, carry out 32 rounds of encryption on each group of plaintext based on a sub-key sequence, and take the current encryption result after 32 rounds of encryption as the encryption ciphertext of the group of plaintext; Wherein each round of encryption comprises: acquiring a current encryption result of the group of plaintext; The method comprises the steps of obtaining a subkey which is sequenced at the forefront and does not encrypt the group of plaintext according to the sequence of the subkeys, encrypting the current encryption result based on the subkey, and taking the encrypted result as the current encryption result of the group of plaintext; The decryption module is configured to obtain the whole encrypted ciphertext by a decryption party, group the whole encrypted ciphertext into groups, each group comprises 128 bits, and decrypt each group of ciphertext based on the sub-key sequence.
  6. 6. A computer readable storage medium having stored therein a plurality of instructions for loading and executing the method of any one of claims 1-4 by a processor.
  7. 7. An electronic device, the electronic device comprising: a processor for executing a plurality of instructions; a memory for storing a plurality of instructions; Wherein the plurality of instructions are for storage by the memory and loading and executing by the processor the method of any of claims 1-4.

Description

Lightweight encryption method and device based on ARX module Technical Field The invention relates to the technical field of computer encryption, in particular to a lightweight encryption method and device based on an ARX module. Background The lightweight encryption method is needed in the scenes of the Internet of things, the wireless sensor network, the mobile application security and the like, so that the purposes of high efficiency, high security and low cost are achieved. Compared with the traditional encryption method, the lightweight encryption method has the advantages of simple and convenient calculation, low memory occupation, high-efficiency operation on low-power-consumption and small-memory equipment and the like. Therefore, the lightweight encryption method becomes one of the research hotspots of cryptography in recent years. However, many existing lightweight encryption methods still have the defects of insufficient security redundancy, weak attack resistance, poor standardized compatibility and the like. Therefore, a new lightweight encryption method is urgently needed to be designed, and the method can be efficiently realized in a scene with limited resources and can also be considered for safety. The ARX module has good safety performance, and the invention designs a novel lightweight encryption method based on the module combined with classical Feistel. Disclosure of Invention In view of the above, the present invention provides a lightweight encryption method and apparatus based on an ARX module, which can solve the above technical problems. The present invention is so implemented as to solve the above-mentioned technical problems. A lightweight encryption method based on an ARX module comprises the following steps: Step S1, acquiring a 256-bit master key from a key storage area, and storing the master key in a Linear Feedback Shift Register (LFSR), wherein four beats of LFSR precession are recorded as one round and a sub-key is generated, and each time the LFSR precesses by one beat, one quarter of the sub-key corresponding to the round is generated based on the LFSR current state value and the current round constant, and the LFSR current state value is updated; Step S2, obtaining plaintext to be encrypted, grouping the plaintext to be encrypted, wherein each group comprises 128 bits, carrying out 32 rounds of encryption on each group of plaintext based on a sub-key sequence, and taking the current encryption result after 32 rounds of encryption as the encryption ciphertext of the group of plaintext; Wherein each round of encryption comprises: acquiring a current encryption result of the group of plaintext; The method comprises the steps of obtaining a subkey which is sequenced at the forefront and does not encrypt the group of plaintext according to the sequence of the subkeys, encrypting the current encryption result based on the subkey, and taking the encrypted result as the current encryption result of the group of plaintext; and step S3, the decryption party acquires the whole encrypted ciphertext, groups the whole encrypted ciphertext, wherein each group comprises 128 bits, and performs decryption operation on each group of ciphertext based on the sub-key sequence. Preferably, in the step S1, the LFSR precesses four beats as one round and generates a subkey, wherein, for each beat of the LFSR precesses, generating a quarter of the subkey corresponding to the round based on the LFSR current state value and the current round constant, and updating the LFSR current state value includes: step S11, uniformly dividing the LFSR current state value into 8 sub-sequences, and recording the LFSR current state value as Wherein t is more than or equal to 0 and less than or equal to 7,For a 32-bit string, |is a link symbol, K 0,……,K7 is a subsequence of the LFSR current state value, and the bit of K 7 in the LFSR current state value is higher than the bit of K 0 in the LFSR current state value, namely the 256-bit LFSR current state value is arranged on the left according to the high bit; Step S12, acquiring the round count i, initializing the count num to be zero, initializing the subkey corresponding to the round, and recording as Step S13, if num is less than 3, proceeding to step S14, otherwise, outputting the sub-key of the ith round Step S14, connectingThe value is assigned as K 0, the LFSR performs right shift operation on the LFSR current state value by 32 bits, the rightmost end outputs 32 bits, and updates K 7 to A 3(K7)⊕3⊕K2⊕K0 (i×5), wherein i×5 is a round constant, the A function is a linear transformation operation, and the linear transformation operation performed by the A function is as follows: X′7=(X7<<<1)⊕X0; X′6=X7; X′5=X6⊕(X0<<<1); X′4=X5; X′3=X4; X′2=X3; X′1=X2; X′0=X1; Wherein X 0,……,X7 is the input of the linear transformation operation A function, X' 0,……,X′7 is the output of the linear transformation operation A function, respectively, the < < is left cyclic shift oper