Search

CN-122027125-A - Password hashing method and device for resisting quantum attack

CN122027125ACN 122027125 ACN122027125 ACN 122027125ACN-122027125-A

Abstract

The invention discloses a password hashing method and device for resisting quantum attack. The method comprises the steps of dividing plaintext into n groups with equal length, determining the state corresponding to each group of plaintext, calculating intermediate variables, calculating the intermediate variables by a conversion function to obtain the state corresponding to the subsequent group, determining an output abstract block based on the calculation result of the last group of plaintext, performing extrusion calculation on the output abstract block by the conversion function, splicing the first r bits of the calculated result with the output abstract block, taking the spliced result as the output abstract block, and taking the output abstract block as the final abstract of the plaintext. The invention is suitable for various security scenes such as data integrity verification, digital signature, key derivation and the like, and provides a core method for constructing an independently controllable post quantum time password infrastructure.

Inventors

  • LI YANJUN
  • LIU JIAN
  • HUO SHANSHAN
  • WANG YU
  • LV KEYI
  • ZHAO BAOJUN

Assignees

  • 中国电子科技集团公司第十五研究所

Dates

Publication Date
20260512
Application Date
20251223

Claims (9)

  1. 1. A cryptographic hashing method against quantum attacks, comprising: Step S1, acquiring a plaintext with any length, filling one bit 1 in the first bit of the plaintext when the length len of the plaintext is not an integer multiple of the bit rate r, filling a 64-bit message length field after the last bit of the plaintext, and filling a plurality of bits 0 after the new first bit so that the length of the filled plaintext is an integer multiple of the bit rate r; step S2, calculating Corresponding state , Wherein, the For the capacity parameter input by the conversion function F, To squeeze the digest blocks of the output of the computation, The function is a 32-bit representation of the input value, Splicing; Step S3, for each group of plaintext , : Obtaining plaintext Corresponding state Calculating intermediate variables ; The conversion function calculates the intermediate variable to obtain a state ; Wherein, the Is in state of Is the first r bits of (a) to be used, In order to be a bitwise exclusive or, Is in state of Last c bits of (a); State of the state As the output digest block S 0 '; step S4, if the length of the output abstract block is smaller than the target length of the output abstract block, entering a step S5, otherwise, entering a step S6; step S5, the conversion function performs extrusion calculation on the output abstract blocks, splices the first r bits of the calculated result with the output abstract blocks, takes the spliced result as the output abstract blocks, and enters step S4; and S6, taking the output digest block as a final digest of the plaintext.
  2. 2. The method of claim 1, wherein the conversion function F comprises a 15-round SH generalized Feistel transform, and the step of calculating the content of the input by the conversion function F comprises: S21, marking the INPUT content as INPUT, splitting the INPUT into 4 bit strings with equal length, and marking the 4 bit strings as respectively Recording the current SH generalized Feistel conversion number num as 1 and recording the current bit string group formed by bit strings as @ ); Step S22, if the current SH generalized Feistel conversion number is less than or equal to 15, entering step S23, otherwise, entering step S25; Step S23, inputting the result obtained by bitwise exclusive OR of the last three bit strings in the current bit string group into a round function A, wherein the round function A comprises 4 rounds of AES conversion, and each round of AES conversion comprises four operations of byte substitution, row displacement, column confusion and round constant addition, and the operations are expressed as follows: ; Wherein, the Is a 512 bit wheel constant; Step S24, performing cyclic left shift operation on the first bit string in the current bit string group by 7 bits, performing bit exclusive OR on the obtained result and the output of the round function A, and marking the obtained result as I.e. Updating a current string of bits to ; Assigning num to num+1, and proceeding to step S22; step S25, connecting And splicing, wherein the spliced result is used as an output result of the conversion function F.
  3. 3. The method of claim 2, wherein, The values of (2) are derived from a binary sequence from the 15 th bit after the decimal point of the circumference ratio pi, wherein the odd number bit is bit 1, and the even number bit is bit 0.
  4. 4. A method according to any one of claims 2-3, wherein in step S23, the round function a comprises 4 rounds of AES transformation, each round of AES transformation comprising byte substitution, row displacement, column confusion and round constant plus four operations; the bit string divided into 4 128 bits from left to right is recorded as the obtained 128 bit string , Th round AES conversion to round constants 。
  5. 5. The method of claim 4, wherein the input of the th round of AES conversion is denoted as Will be Conversion to a 4 x 4 matrix ; The byte substitution operation includes: step S2301, presetting a matrix of 16×16 bytes as an S box; Step S2302 for matrix Is defined by the following formula (i): Taking the upper 4 bits of the byte as row values, taking the lower 4 bits of the byte as column values, inquiring the S box through the combination of the row values and the column values, and taking elements in the S box determined by the row values and the column values together as contents for replacing the byte; step S2303, taking the replaced matrix as a byte replaced matrix, and marking as 。 The row displacement operation includes: Step S2311 of matrix alignment Row numbers of (a) are respectively assigned as 0 and 1 from top to bottom, wherein row is the matrix Maximum line number of (2); Step S2312 matrix Performs a shift operation for each element of (a): Shifting the element leftwards by k bytes, and supplementing k bytes at the rightmost end of the element with 0; step S2313, the matrix composed of the shifted elements is used as a matrix after row shifting, and is marked as 。 The column confusion operation includes mixing matrices Multiplying the mixed matrix with 4×4 coefficient matrix to obtain mixed matrix, and recording as 。 The round constant addition operation includes applying a th round AES transform to the round constants And matrix Performing bit-wise exclusive OR operation on the data in the first round to obtain a matrix after the round constant addition operation, and taking the matrix as the output of the th round AES conversion and marking the matrix as 。
  6. 6. The method of claim 5, wherein the round function A comprises 4 rounds of AES conversion, the input of the 1 st round of AES conversion is the result obtained by exclusive-or-pressing the last three bit strings in the current bit string group in the step S23, and the inputs of the 2 nd round to 4 th round of AES conversion are the outputs of the 1 st round to 3 rd round of AES conversion, respectively.
  7. 7. A cryptographic hash device that resists quantum attacks, comprising: The initialization module is configured to acquire a plaintext with any length, fill one bit 1 in the first bit of the plaintext when the length len of the plaintext is not an integer multiple of the bit rate r, fill a 64-bit message length field after the last bit of the plaintext, and fill a plurality of bits 0 after the new first bit so that the length of the filled plaintext is an integer multiple of the bit rate r; a first calculation module configured to calculate Corresponding state , Wherein, the For the capacity parameter input by the conversion function F, To squeeze the digest blocks of the output of the computation, The function is a 32-bit representation of the input value, Splicing; a second calculation module configured to, for each group of plaintext , : Obtaining plaintext Corresponding state Calculating intermediate variables ; The conversion function calculates the intermediate variable to obtain a state ; Wherein, the Is in state of Is the first r bits of (a) to be used, In order to be a bitwise exclusive or, Is in state of Last c bits of (a); State of the state As the output digest block S 0 '; the judging module is configured to trigger the third calculating module if the length of the output abstract block is smaller than the target length of the output abstract block, otherwise, trigger the output module; The third calculation module is configured to perform extrusion calculation on the output abstract blocks by the conversion function, splice the first r bits of the calculated result with the output abstract blocks, take the spliced result as the output abstract blocks, and trigger the judgment module; and the output module is configured to take the output digest block as a final digest of the plaintext.
  8. 8. A computer readable storage medium having stored therein a plurality of instructions for loading and executing the method of any one of claims 1-6 by a processor.
  9. 9. An electronic device, the electronic device comprising: A processor for executing a plurality of instructions; a memory for storing a plurality of instructions; wherein the plurality of instructions are for storage by the memory and loading and executing by the processor the method of any of claims 1-6.

Description

Password hashing method and device for resisting quantum attack Technical Field The invention relates to the technical field of cryptography and information security, in particular to a password hashing method and device for resisting quantum attack. Background The rapid development of quantum computing constitutes a potential threat to classical cryptographic systems based on traditional mathematical problems, contributing to the global accelerated research of anti-quantum cryptographic techniques. In the field of hash algorithms, although the direct impact is relatively small, in order to cope with the security challenges that may be brought by future quantum algorithms, it has become an urgent need to design and deploy hash algorithms that have both high classical security and prospective quantum resistance. The Sponge structure has become a standard framework for modern hash algorithms because of its security proving and design flexibility. The AES algorithm is used as an encryption standard widely verified worldwide, and its round function has excellent aliasing and diffusion characteristics. However, the existing algorithm still has room for improvement in terms of definitely meeting the post quantum security standard, realizing efficiency optimization and performance calibration with the mainstream algorithm. Therefore, a novel hash algorithm which integrates the mature design concept, has a definite quantum-resistant security level and is efficient is needed. Disclosure of Invention In view of the above, the present invention provides a cryptographic hash method and device for combating quantum attack, which can solve the above technical problems. The present invention is so implemented as to solve the above-mentioned technical problems. A cryptographic hashing method against quantum attacks, comprising: Step S1, acquiring a plaintext with any length, filling one bit 1 in the first bit of the plaintext when the length len of the plaintext is not an integer multiple of the bit rate r, filling a 64-bit message length field after the last bit of the plaintext, and filling a plurality of bits 0 after the new first bit so that the length of the filled plaintext is an integer multiple of the bit rate r; step S2, calculating Corresponding state, Wherein, the For the capacity parameter input by the conversion function F,To squeeze the digest blocks of the output of the computation,The function is a 32-bit representation of the input value,Splicing; Step S3, for each group of plaintext ,: Obtaining plaintextCorresponding stateCalculating intermediate variables; The conversion function calculates the intermediate variable to obtain a state; Wherein, the Is in state ofIs the first r bits of (a) to be used,In order to be a bitwise exclusive or,Is in state ofLast c bits of (a); State of the state As the output digest block S 0'; step S4, if the length of the output abstract block is smaller than the target length of the output abstract block, entering a step S5, otherwise, entering a step S6; step S5, the conversion function performs extrusion calculation on the output abstract blocks, splices the first r bits of the calculated result with the output abstract blocks, takes the spliced result as the output abstract blocks, and enters step S4; and S6, taking the output digest block as a final digest of the plaintext. Preferably, the conversion function F comprises 15 rounds of SH generalized Feistel transform, and the step of calculating the content of the input by the conversion function F comprises: S21, marking the INPUT content as INPUT, splitting the INPUT into 4 bit strings with equal length, and marking the 4 bit strings as respectively Recording the current SH generalized Feistel conversion number num as 1 and recording the current bit string group formed by bit strings as @); Step S22, if the current SH generalized Feistel conversion number is less than or equal to 15, entering step S23, otherwise, entering step S25; Step S23, inputting the result obtained by bitwise exclusive OR of the last three bit strings in the current bit string group into a round function A, wherein the round function A comprises 4 rounds of AES conversion, and each round of AES conversion comprises four operations of byte substitution, row displacement, column confusion and round constant addition, and the operations are expressed as follows: ; Wherein, the Is a 512 bit wheel constant; Step S24, performing cyclic left shift operation on the first bit string in the current bit string group by 7 bits, performing bit exclusive OR on the obtained result and the output of the round function A, and marking the obtained result as I.e. Updating a current string of bits to; Assigning num to num+1, and proceeding to step S22; step S25, connecting And splicing, wherein the spliced result is used as an output result of the conversion function F. Preferably, the method comprises the steps of,The values of (2) are derived from a binary sequenc