SM4为分组对称密码算法,明文、密文以及密钥长度均为
128
128
128 bits。SM4算法主要包括加解密算法和密钥扩展算法,采用
32
32
32 轮非线性迭代的数学结构,其中算法中每一次迭代运算为一轮非线性变换。主要操作包括异或、合成置换、非线性迭代、反序变换、循环移位以及S盒变换等。加密算法和解密算法的数学架构、运算法则、运算操作等都是完全相同的,解密运算只需要将加密算法中生成的轮密钥进行反序使用。其流程图如下图所示。
图1. SM4密码算法加密流程图
密钥扩展算法
设加密主密钥
M
K
=
(
M
K
0
,
M
K
1
,
M
K
2
,
M
K
3
)
MK = (MK_0, MK_1, MK_2, MK_3)
MK=(MK0,MK1,MK2,MK3),
M
K
i
∈
{
0
,
1
}
32
MK_i \in \{0,1\}^{32}
MKi∈{0,1}32
(
K
0
,
K
1
,
K
2
,
K
3
)
=
(
M
K
0
⊕
F
K
0
,
M
K
1
⊕
F
K
1
,
M
K
2
⊕
F
K
2
,
M
K
3
⊕
F
K
3
)
(K_0,K_1,K_2, K_3) = (MK_0 \oplus FK_0, MK_1 \oplus FK_1, MK_2 \oplus FK_2, MK_3 \oplus FK_3)
(K0,K1,K2,K3)=(MK0⊕FK0,MK1⊕FK1,MK2⊕FK2,MK3⊕FK3)
r
k
i
=
K
i
+
4
=
K
i
⊕
T
′
(
K
i
+
1
⊕
K
i
+
2
⊕
K
i
+
3
⊕
C
K
i
)
rk_i = K_{i+4} = K_i \oplus T^{'}(K_{i+1} \oplus K_{i+2} \oplus K_{i+3} \oplus CK_i)
rki=Ki+4=Ki⊕T′(Ki+1⊕Ki+2⊕Ki+3⊕CKi)
T
′
T^{'}
T′变换
T
′
(
B
)
=
B
⊕
(
B
<
<
<
13
)
⊕
(
B
<
<
<
23
)
T^{'}(B) = B \oplus (B <<< 13) \oplus (B <<< 23)
T′(B)=B⊕(B<<<13)⊕(B<<<23)
系统参数
F
K
FK
FK
F
K
i
FK_i
FKi十六进制取值
F
K
0
FK_0
FK0A3B1BAC6
F
K
1
FK_1
FK156AA3350
F
K
2
FK_2
FK2677D9197
F
K
3
FK_3
FK3B27022DC
固定参数
C
K
CK
CK
固定参数 CK 的取值 000070e151c232a31383f464d545b626970777e858c939aa1a8afb6bdc4cbd2d9e0e7eef5fc030a11181f262d343b424950575e656c737a81888f969da4abb2b9c0c7ced5dce3eaf1f8ff060d141b22293037aeb54c535a61686f767d848b9299a0a7aeb5bcc3cad1d8dfe6edf4fb020910171e252e333a41484f565d646b7279
加解密算法
设输入明文为:
(
X
0
,
X
1
,
X
2
,
X
3
)
∈
{
0
,
1
}
32
×
4
(X_0, X_1, X_2, X_3) \in \{0,1\}^{32 \times 4}
(X0,X1,X2,X3)∈{0,1}32×4, 密文输出为:
(
Y
0
,
Y
1
,
Y
2
,
Y
3
)
∈
{
0
,
1
}
32
×
4
(Y_0, Y_1, Y_2, Y_3) \in \{0,1\}^{32 \times 4}
(Y0,Y1,Y2,Y3)∈{0,1}32×4, 轮密钥
r
k
i
∈
{
0
,
1
}
32
×
4
rk_i \in \{0,1\}^{32 \times 4}
rki∈{0,1}32×4, 其中
i
∈
{
0
,
1
,
⋯
31
}
i \in \{0,1,\cdots 31\}
i∈{0,1,⋯31}.SM4密码算法的具体加密过程如下:
X
i
+
1
=
F
(
X
i
,
X
i
+
1
,
X
i
+
2
,
X
i
+
3
,
r
k
i
)
=
X
i
⊕
T
(
X
i
+
1
⊕
X
i
+
2
⊕
X
i
+
3
⊕
r
k
i
)
X_{i+1} = F(X_{i}, X_{i+1}, X_{i+2}, X_{i+3}, rk_i)=X_{i}\oplus T(X_{i+1}\oplus X_{i+2}\oplus X_{i+3}\oplus rk_i)
Xi+1=F(Xi,Xi+1,Xi+2,Xi+3,rki)=Xi⊕T(Xi+1⊕Xi+2⊕Xi+3⊕rki);
(
Y
0
,
Y
1
,
Y
2
,
Y
3
)
=
R
(
X
32
,
X
33
,
X
34
,
X
35
)
=
(
X
35
,
X
34
,
X
33
,
X
32
)
(Y_0, Y_1, Y_2, Y_3) = R(X_{32}, X_{33}, X_{34}, X_{35}) = (X_{35}, X_{34}, X_{33}, X_{32})
(Y0,Y1,Y2,Y3)=R(X32,X33,X34,X35)=(X35,X34,X33,X32)
合成置换 T
由非线性变换
τ
\tau
τ和线性变换
L
L
L的转换,
T
(
⋅
)
=
L
(
τ
(
⋅
)
)
T(\cdot)=L(\tau(\cdot))
T(⋅)=L(τ(⋅))
非线性变换
τ
\tau
τ : 长度为 32 bits, 由4 个并行的8位输入输出的S盒组成,表示为
S
b
o
x
(
⋅
)
Sbox(\cdot)
Sbox(⋅)
(
B
0
,
B
1
,
B
2
,
B
3
)
=
τ
(
A
)
=
(
S
b
o
x
(
A
0
)
,
S
b
o
x
(
A
1
)
,
S
b
o
x
(
A
2
)
,
S
b
o
x
(
A
3
)
)
(B_0, B_1, B_2, B_3) = \tau(A) = (Sbox(A_0), Sbox(A_1), Sbox(A_2), Sbox(A_3))
(B0,B1,B2,B3)=τ(A)=(Sbox(A0),Sbox(A1),Sbox(A2),Sbox(A3))
线性变换
L
L
L :
B
=
L
(
A
)
=
A
⊕
(
A
<
<
<
2
)
⊕
(
A
<
<
<
10
)
⊕
(
A
<
<
<
18
)
⊕
(
A
<
<
<
24
)
B = L(A) = A\oplus(A <<< 2)\oplus(A <<< 10)\oplus(A <<< 18)\oplus(A <<< 24)
B=L(A)=A⊕(A<<<2)⊕(A<<<10)⊕(A<<<18)⊕(A<<<24)
S盒
S盒是SM4算法中唯一的非线性逻辑单元,国家密码局公布的SM4密码时,直接给出了算法中S盒的查找表信息,输入为8 bits,其中,高4bits为查找表的行信息,后4bits为查找表的列信息。
-0123456789abcdef00xd60x900xc90xfe0xcc0xe10x3d0xb70x160xb60x140xc20x280xfb0x2c0x0510x2b0x670x9a0x760x2a0xbe0x040xc30xaa0x440x130x260x490x860x060x9920x9c0x420x500xf40x910xef0x980x7a0x330x540x0b0x430xed0xcf0xac0x6230xe40xb30x1c0xa90xc90x080xe80x950x800xdf0x940xfa0x750x8f0x3f0xa640x470x070xa70xfc0xf30x730x170xba0x830x590x3c0x190xe60x850x4f0xa850x680x6b0x810xb20x710x640xda0x8b0xf80xeb0x0f0x4b0x700x560x9d0x3560x1e0x240x0e0x5e0x630x580xd10xa20x250x220x7c0x3b0x010x210x780x8770xd40x000x460x570x9f0xd30x270x520x4c0x360x020xe70xa00xc40xc80x9e80xea0xbf0x8a0xd20x400xc70x380xb50xa30xf70xf20xce0xf90x610x150xa190xe00xae0x5d0xa40x9b0x340x1a0x550xad0x930x320x300xf50x8c0xb10xe3a0x1d0xf60xe20x2e0x820x660xca0x600xc00x290x230xab0x0d0x530x4e0x6fb0xd50xdb0x370x450xde0xfd0x8e0x2f0x030xff0x6a0x720x6d0x6c0x5b0x51c0x8d0x1b0xaf0x920xbb0xdd0xbc0x7f0x110xd90x5c0x410x1f0x100x5a0xd8d0x0a0xc10x310x880xa50xcd0x7b0xbd0x2d0x740xd00x120xb80xe50xb40xb0e0x890x690x970x4a0x0c0x960x770x7e0x650xb90xf10x090xc50x6e0xc60x84f0x180xf00x7d0xec0x3a0xdc0x4d0x200x790xee0x5f0x3e0xd70xcb0x390x48
版权归原作者 m0_74043383 所有, 如有侵权,请联系我们删除。